last executing test programs:

1m1.957095626s ago: executing program 0 (id=55):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) (async)

51.761499394s ago: executing program 0 (id=55):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) (async)

41.068226187s ago: executing program 0 (id=55):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) (async)

30.742016082s ago: executing program 0 (id=55):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) (async)

18.048698721s ago: executing program 0 (id=55):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) (async)

5.762989704s ago: executing program 1 (id=743):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}], 0x1c)
setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x78, 0x4)
recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000680)=[@in6={0xa, 0x4e22, 0x8, @remote}, @in={0x2, 0x4e23, @multicast2}, @in6={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0xfffffffc}], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r4, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a)
sendfile(r4, r5, 0x0, 0xffffffff000)
accept4$llc(r4, 0x0, 0x0, 0x0)
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x59, 0xea, &(0x7f00000000c0)="1ce3838820994e722929dab9c8037afea83b68a46be1c7f13be328c8aba53ea17d4356bbf5f5eb9fa2d26b2f06c371c9ea056b642a0141afd7f52c21019a1131cf922d3346abda4b6a8d5de06fc800df7ce26cdc1e91440176", &(0x7f0000000340)=""/234, 0x4, 0x0, 0xde, 0xa0, &(0x7f0000000440)="7fbb4d2e512768f956d65f959e3d72fe4b599e804bc834559ec87d106c9fd679426dafcd7275af95e0452b404d95c180686ed14e1cca5b4783688b49a96d7a5d523821964b535b4b1119302d569d74373c341db1e5f415d6e6d06fb8a8151690044fff71679fb734f244ce6c07f813d33a8ca219ebe332f6bad859c8845307f23a234d018faa85517e911ec7203659203f6d1f0c070c89b5a8d8fd6b4b2bf13aa0579549764084320b4763de98634b08dad9d7a9508ac42250d6edffec79bd90b27ecc86fab507e503f70b789b47a59adc232cd22bec301cd2a822336452", &(0x7f0000000540)="c642a6032f1f768914a5ef61ad66fd6b4f5d8cb20ffa70e9910772b9fa153b0db48c2ffdc66ea0c980a13ad079c496df302d63fc3bf6b7bb097d3407b94c287f6b30f8fb15de08c776250c523c04dfc134a872e62acd15f550ac41ee6f929088f90395637168570a44dbd3a49a06f2c522cb8d2bec982f7873d074f59ecac79efd02b73d49b515b9179029fa86452534260109130203c73c6e51dc37ec4c4a2c", 0x1, 0x0, 0xfffffffe}, 0x50)
write$tun(r3, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x20, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

5.442906925s ago: executing program 4 (id=745):
socket$kcm(0x11, 0xa, 0x300)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000700000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sock_rcvqueue_full\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000000c0)='sock_rcvqueue_full\x00', r1, 0x0, 0x80000000000}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
unshare(0x8040480)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48)

5.136158183s ago: executing program 2 (id=748):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'syztnl2\x00', &(0x7f0000000080)={'syztnl0\x00', <r0=>0x0, 0x4, 0x3, 0x3, 0x3, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, 0x0, 0x20, 0x380, 0xffffffff}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@ipv4_getnetconf={0x54, 0x52, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x3}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x1}, @NETCONFA_FORWARDING={0x8, 0x2, 0x6}, @NETCONFA_FORWARDING={0x8}, @NETCONFA_IFINDEX={0x8, 0x1, r0}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x4}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x5}]}, 0x54}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'veth0_to_bridge\x00', 0x400})

4.675137285s ago: executing program 4 (id=749):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="240000001800090000000000010000001c140000fe00000100000000080005"], 0x24}, 0x1, 0x0, 0x0, 0x4040800}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x1, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x420}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

4.532665848s ago: executing program 2 (id=750):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x7, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff8, @void, @value}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x1, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='memory.events.local\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0xa, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000010000000000000005000000db0703000400000085100000ffffffff18120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001ff6061eb6ffffffffe200029500000000000000"], &(0x7f0000000180)='GPL\x00', 0x81, 0x19, &(0x7f0000000240)=""/25, 0x40f00, 0x32, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000002c0)={0x1, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf9, @void, @value}, 0x94)
unshare(0x28040680)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000440)={@ipv4={'\x00', '\xff\xff', @private=0xa010102}, @ipv4={'\x00', '\xff\xff', @dev}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x0, 0x0, 0x0, 0x700, 0x0, 0x20c700a2})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r6, &(0x7f0000000200)=0x5, 0xfffffe97)
socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt(r4, 0x0, 0x82, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="80400100000001000c002b8008000100", @ANYRES32=r0, @ANYBLOB="08001b000000000c"], 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)

4.197487456s ago: executing program 4 (id=754):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
socket$rds(0x15, 0x5, 0x0)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x6a040000)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
socket$netlink(0x10, 0x3, 0x5)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r3}, 0x10)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmmsg$inet6(r2, &(0x7f0000000440), 0x0, 0x20008050)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0)
ioctl(r4, 0x8b22, &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES16=r2], 0x1000f)
ioctl$SIOCX25SCUDMATCHLEN(r0, 0x541b, 0x0)

4.195910193s ago: executing program 1 (id=755):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x22100, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2})
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18)
connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2}, 0x18)
sendmmsg(r1, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000004c0)="b875", 0x2}], 0x1}}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/186, 0xba}], 0x1}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$TUNSETOFFLOAD(r3, 0x400454c9, 0x8)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x1)
socket$can_raw(0x1d, 0x3, 0x1)

3.896492386s ago: executing program 3 (id=756):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket$inet(0xa, 0x801, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, 0x0}, 0x4048042)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000000c0), 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=[0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xd, 0x5a87, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x3c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @range={{0xa}, @void}}]}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x64}}, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'})
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000540)=@mangle={'mangle\x00', 0x44, 0x6, 0x3f8, 0x360, 0x230, 0x198, 0x230, 0x0, 0x360, 0x360, 0x2c8, 0x360, 0x360, 0x6, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1_macvtap\x00', 'pimreg\x00', {}, {}, 0x11, 0x0, 0x41}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@private=0xa010101, @multicast1, 0xffffffff, 0x0, 'veth1_to_bond\x00', '\x00', {0xff}, {0xff}, 0x62, 0x1, 0x48}, 0x0, 0xd8, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@set={{0x40}, {{0x0, [0x7, 0x1, 0x1, 0x4], 0x0, 0x6}}}]}, @ECN={0x28}}, {{@ip={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'macvlan1\x00', 'rose0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'nr0\x00'}, 0x0, 0x70, 0x98}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1b, 0x2, 0x101}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x458)
getsockopt$SO_COOKIE(r3, 0x1, 0x39, &(0x7f0000000180), 0x0)
bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
connect$llc(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0x2, r2, 0x0, 0x8000000}, 0x27)

3.895918112s ago: executing program 2 (id=757):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000000)=ANY=[], 0x6)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, &(0x7f0000000040), &(0x7f00000000c0)}, 0x20)
socket$inet_udp(0x2, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xa, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000074579fa5481f6f780095000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket(0x2a, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x4)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bind$unix(r3, &(0x7f00000003c0)=@file={0x1, './file0\x00'}, 0x6e)
pipe(&(0x7f0000000600)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
socket$netlink(0x10, 0x3, 0x0)
splice(r4, 0x0, r6, 0x0, 0x1100000000f336, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendmmsg$inet(r8, &(0x7f00000190c0)=[{{0x0, 0x0, &(0x7f0000019100)=[{&(0x7f0000000180)="e3", 0x1}], 0x1}}], 0x1, 0x24008804)

3.701605266s ago: executing program 3 (id=758):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbff, 0x100000}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbff, 0x200000}, 0xc)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
unshare(0x2c020400)
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000100)={0xa0002000})
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x3}, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x3, 0xc9}, @timestamp={0x44, 0xc, 0x5, 0x0, 0x0, [0x0, 0x0]}, @timestamp={0x44, 0x4}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x18, &(0x7f0000000080)=0x2, 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="780000ad7c91afb85fffa800008d6e6291599390e7e8ac525dcdd9bae5d009e1071882258e18ad0078", @ANYRES32=0x0, @ANYBLOB="0900000000000000580012800b0001006272696467650000480002800c00220037010000000000000800030028000000050026000000000008000100090000000500260000000000050026000000000005002c00800000000500250000000000"], 0x78}}, 0x0)

3.450254559s ago: executing program 3 (id=759):
unshare(0x22020400)
r0 = socket(0x2, 0x2, 0x1)
bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0xd8, 0x1403, 0x1, 0x0, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_macvtap\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syzkaller1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan0\x00'}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x200c08a5}, 0x8000)
unshare(0x22020400) (async)
socket(0x2, 0x2, 0x1) (async)
bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)={0xd8, 0x1403, 0x1, 0x0, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_macvtap\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syzkaller1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan0\x00'}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x200c08a5}, 0x8000) (async)

3.112703673s ago: executing program 3 (id=760):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r3, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x8, 0x0, 0x0}}, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e64000000080002400000000048000000160a0101000b000000000000010000000900020073797a32000000000900010073797a30000000001c0003801800010076"], 0xe8}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)={0x34, r4, 0x1, 0xfffffd, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'eth', 0x3a, 'gre0\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newlink={0x58, 0x10, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x17015527bab91328}, [@IFLA_IFNAME={0x14, 0x3, 'macvtap0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0x7ffffffe, 0xf37, 0x800003}}]}]}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x58}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000001400002c00128009000100626f6e64000000001c00028008000b0004200000050006000000000008000700"], 0x4c}}, 0x0)

2.730072232s ago: executing program 1 (id=761):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000300)='pids.current\x00', 0x275a, 0x0)
preadv(r1, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/20, 0x14}], 0x1, 0x4, 0x0)
accept4$ax25(r1, &(0x7f00000000c0)={{0x3, @bcast}, [@default, @rose, @remote, @rose, @remote, @netrom, @rose, @netrom]}, &(0x7f0000000140)=0x48, 0x800)

2.660806182s ago: executing program 3 (id=762):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000c40)=@migrate={0xec, 0x21, 0x1, 0x70bd28, 0x25dfdbfe, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@rand_addr=' \x01\x00', 0x4e23, 0x6, 0x4e20, 0x9, 0xa, 0x80, 0x0, 0x2f, 0x0, 0xee01}, 0x6e6bc0}, [@migrate={0x9c, 0x11, [{@in=@empty, @in=@rand_addr=0x64010100, @in=@private=0xa010100, @in=@multicast2, 0x2b, 0x3, 0x0, 0x0, 0xa, 0xa}, {@in6=@remote, @in=@remote, @in=@multicast1, @in=@empty, 0x32, 0x2, 0x0, 0x3501, 0x2, 0xa}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="74756fc47ce0cff996f7b5a90cbf0883f7632fc8b8a631a70587dcd0b37a37a118cf01192eb7fb8518b90823dc5ba0", 0x2f)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000009640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="1073eeda8705da74bc83496ee251e51e", 0x10}], 0x1}}], 0x1, 0x8810)
sendmsg$alg(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4040001}, 0x0)
recvmsg$unix(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$alg(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000340)="eb0f191da78ba32e0806fe98317e0289db982de217f6227219891600c01ddaf3dcbb43049f28c8afd3ad1919e996ef18b3041e7047b94462e3cf17b0ac4b3034a4658ffa9c1cb3e67b83bd336c154f8ffa39c89a99e93069973bbf914dfa07c96b5d415b9dcd99696f675e91b6d12ec577f50f607c23fc5aa1cb0d35267221f5f8ab07ebeea32558a6ba67fe64082e3aa38399cffabe69f2f1", 0x99}, {&(0x7f0000000180)="938f4732f0378a7c942ea018fc92c125cdae3e913be1bef230cfef06", 0x1c}, {&(0x7f0000000400)="ed4e0198e829098865dd9deb44c5afad6592c00d16e1d57788a1565426fb1959a3d1be590f022280237e477a70b5560bcf440486ff6cfbaedbf43f6617621dadb55f49fe32cc95d3cbda9b156abef21a05485f380df0b25823dbc7", 0x5b}], 0x3, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000017010000030000000100000000000000180000000000000017010000030000000100000000000000180000000000000017010000030000000000000000000000f8000000050000000000000002000000e00000002ec361fa1cc714a7f037c700371f130fae847ca42552ae026ab33d17b07a5a13e02ac66182b6e3206d1576757ad683b2fa5f47d832a1e7b1709821f403fb7f1b2eea079884314f28b9e876783c988b53b68219e8c85b4625fd7bacd3bc5f2bd8910926bd1aa59e1f8d8417e1bf5625ff6a368f9c0003e27aa71f419fc1dbfdeeff4fcf779c5ac50320eee2001c1b46307d1dc66e8ee63741c1fc2d5682a977c7a8f25828272c175d096632ee8f0ae9f5f538f28bef52bfd18885b70696f07f9517489e2ae175096b421eba072a1d614f281abf02dd168957706adeeb7f5d3f900000000018000000000000001701000004000000070000000000000007daf7750a2065a60ab47ccd9a36e65a56bd9199841ba79419f1b4ddd49cf10a9e70e01dc4dd86455c5361921838d95f4d92d000c8f8b8a47d80d41ce37862d0b4cacfcac867bb75407553c8e1b1264beab2a43d4c72319ccd7ab66cb7c00eb78b77dc85dd395a62803499bba938fd5d4214586b80851e973acc7d149150aa37fc9a8f3bfa5699e2"], 0x158, 0x84}, 0x0)
r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000000000000100000008000600e0000001050004000100000008000b0027"], 0x2c}, 0x1, 0x0, 0x0, 0x20048091}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0))
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000c40)=@migrate={0xec, 0x21, 0x1, 0x70bd28, 0x25dfdbfe, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@rand_addr=' \x01\x00', 0x4e23, 0x6, 0x4e20, 0x9, 0xa, 0x80, 0x0, 0x2f, 0x0, 0xee01}, 0x6e6bc0}, [@migrate={0x9c, 0x11, [{@in=@empty, @in=@rand_addr=0x64010100, @in=@private=0xa010100, @in=@multicast2, 0x2b, 0x3, 0x0, 0x0, 0xa, 0xa}, {@in6=@remote, @in=@remote, @in=@multicast1, @in=@empty, 0x32, 0x2, 0x0, 0x3501, 0x2, 0xa}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async)
socket$alg(0x26, 0x5, 0x0) (async)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="74756fc47ce0cff996f7b5a90cbf0883f7632fc8b8a631a70587dcd0b37a37a118cf01192eb7fb8518b90823dc5ba0", 0x2f) (async)
accept4(r1, 0x0, 0x0, 0x0) (async)
sendmmsg(r2, &(0x7f0000009640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="1073eeda8705da74bc83496ee251e51e", 0x10}], 0x1}}], 0x1, 0x8810) (async)
sendmsg$alg(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4040001}, 0x0) (async)
recvmsg$unix(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$alg(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000340)="eb0f191da78ba32e0806fe98317e0289db982de217f6227219891600c01ddaf3dcbb43049f28c8afd3ad1919e996ef18b3041e7047b94462e3cf17b0ac4b3034a4658ffa9c1cb3e67b83bd336c154f8ffa39c89a99e93069973bbf914dfa07c96b5d415b9dcd99696f675e91b6d12ec577f50f607c23fc5aa1cb0d35267221f5f8ab07ebeea32558a6ba67fe64082e3aa38399cffabe69f2f1", 0x99}, {&(0x7f0000000180)="938f4732f0378a7c942ea018fc92c125cdae3e913be1bef230cfef06", 0x1c}, {&(0x7f0000000400)="ed4e0198e829098865dd9deb44c5afad6592c00d16e1d57788a1565426fb1959a3d1be590f022280237e477a70b5560bcf440486ff6cfbaedbf43f6617621dadb55f49fe32cc95d3cbda9b156abef21a05485f380df0b25823dbc7", 0x5b}], 0x3, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000017010000030000000100000000000000180000000000000017010000030000000100000000000000180000000000000017010000030000000000000000000000f8000000050000000000000002000000e00000002ec361fa1cc714a7f037c700371f130fae847ca42552ae026ab33d17b07a5a13e02ac66182b6e3206d1576757ad683b2fa5f47d832a1e7b1709821f403fb7f1b2eea079884314f28b9e876783c988b53b68219e8c85b4625fd7bacd3bc5f2bd8910926bd1aa59e1f8d8417e1bf5625ff6a368f9c0003e27aa71f419fc1dbfdeeff4fcf779c5ac50320eee2001c1b46307d1dc66e8ee63741c1fc2d5682a977c7a8f25828272c175d096632ee8f0ae9f5f538f28bef52bfd18885b70696f07f9517489e2ae175096b421eba072a1d614f281abf02dd168957706adeeb7f5d3f900000000018000000000000001701000004000000070000000000000007daf7750a2065a60ab47ccd9a36e65a56bd9199841ba79419f1b4ddd49cf10a9e70e01dc4dd86455c5361921838d95f4d92d000c8f8b8a47d80d41ce37862d0b4cacfcac867bb75407553c8e1b1264beab2a43d4c72319ccd7ab66cb7c00eb78b77dc85dd395a62803499bba938fd5d4214586b80851e973acc7d149150aa37fc9a8f3bfa5699e2"], 0x158, 0x84}, 0x0) (async)
syz_genetlink_get_family_id$fou(&(0x7f0000000480), 0xffffffffffffffff) (async)
sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000000000000100000008000600e0000001050004000100000008000b0027"], 0x2c}, 0x1, 0x0, 0x0, 0x20048091}, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)) (async)

2.60870298s ago: executing program 1 (id=763):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x48084)

2.529876941s ago: executing program 2 (id=764):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f00000000c0)={'dummy0\x00', @random="0130210100ff"})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001c000100000000000000000007000000", @ANYRES32=r5, @ANYBLOB="8000020c08000200"], 0x30}}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001a80)=ANY=[@ANYRES32, @ANYRESOCT, @ANYRES8=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x30}, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001a00)=ANY=[@ANYBLOB="500000008ac559f73f4eaad11010cafbdf714420156472df5ce9bf0ba867f5ee732525a65ad8c77413cbf0472d", @ANYRES16=0x0, @ANYBLOB="00022abd7004fcdbdf250100000006000a004e24000014000700ff02000000000000000000000000000108000800e00000020400050014000900"/74], 0x50}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r8 = socket(0x10, 0x3, 0xc)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000040)={r9, &(0x7f0000000000), &(0x7f00000001c0)=""/4096}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000012c0)={{r9}, &(0x7f0000001780), &(0x7f00000017c0)='%pK    \x00'}, 0x20)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={&(0x7f0000000180)="76babc358f393ffac233f65960e5e8dcff055b7d33e24eab0b8bfdc78639fa53582eb70a1be065218b238a739457d9113e1a8c5c9d64", &(0x7f0000000a00)=""/4096, &(0x7f00000004c0)="97bb8c5d5db318de25d41c600277fc798fb51c1144e86d48140f53a66e79dbace26dcf571a36bed2ef8d104eb9921507041bf0161c53594a378e3312b18671d81f53a7bd24787890bf522b0c817ad9af798299f95f24f0aeeef7c5cf587362da5c8200ac36a5818954e262d865e0a58dd858b32c0179ed4c02a4f51c270fa6620ecedb6e7d9d0d7c4ae64e7fa43f228302c3504714ec415e222498005eac35647faefa09979564a0105596dcfee371eac1b1e1d0aa683aa7d62bf4b7d4afa6e4bf984eb14b8c4347f964d225271ab5ae6a9474e855c27cdf", &(0x7f00000003c0)="1c5931f19b4c8f4a6debf90c1f1cb634c6d620da4b6bd78e1fb4990c192f7e19a90f62a8bb599f4d3be846da23500513ad01d22f3281c691367b90b25fb65db993476ac80ce74f50889c9b2377ac5d4df60f37075f277888133c11b92b028ec17be20de7e9490b", 0x2, r9, 0x4}, 0x38)
write(r8, &(0x7f0000000040), 0x0)
unshare(0x40020000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

2.470453744s ago: executing program 1 (id=765):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="7800000002060104000000000000000002000005500007800800094000005529080008400000000408000b40000000000800064000000002053d140004000000050007006c00000005001400040000000c00028008000140ac1414bb08000a400000000911000300686173683a6e65742c6e657400000000"], 0x78}, 0x1, 0x0, 0x0, 0x40}, 0x40001) (async, rerun: 64)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (rerun: 64)
r1 = syz_genetlink_get_family_id$team(&(0x7f00000002c0), 0xffffffffffffffff) (async)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000300)={'ip6gre0\x00', &(0x7f00000003c0)={'ip6gre0\x00', <r2=>0x0, 0x4, 0x2, 0x1f, 0xfffffff7, 0x8, @rand_addr=' \x01\x00', @loopback, 0x7800, 0x8000, 0x1, 0x7f61}}) (async)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000440)={'ip6tnl0\x00', <r3=>0x0, 0x29, 0xac, 0xe, 0x9, 0x42, @loopback, @local, 0x7, 0x8000, 0xffffffff, 0xa1}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'veth1_to_batadv\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'team0\x00', <r5=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wg1\x00', <r6=>0x0}) (async)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f00000005c0)={@dev, @empty, <r7=>0x0}, &(0x7f0000000700)=0xc) (async, rerun: 32)
r8 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) (async)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0xffffffffffffff6e, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r10, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r8], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async)
r11 = socket(0x11, 0x3, 0x0)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r13=>0x0})
bind$packet(r11, &(0x7f0000000180)={0x11, 0x0, r13, 0x1, 0x0, 0x6, @remote}, 0x14) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000740)={'team0\x00', <r14=>0x0}) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000780)={'team0\x00', <r15=>0x0}) (rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000007c0)={'team0\x00', <r16=>0x0}) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'batadv0\x00', <r17=>0x0}) (async, rerun: 64)
r18 = socket(0x400000000010, 0x3, 0x0)
r19 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r19, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r20=>0x0})
sendmsg$nl_route_sched(r18, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd25, 0x25dfdc00, {0x0, 0x0, 0x0, r20, {0x0, 0x8}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x7, 0x24d417d6, 0x3, 0x800, 0xe26}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000940)={'ip_vti0\x00', &(0x7f0000000840)={'erspan0\x00', <r21=>0x0, 0x700, 0x49, 0x9, 0xf7f, {{0x2b, 0x4, 0x0, 0x0, 0xac, 0x68, 0x0, 0x3, 0x29, 0x0, @loopback, @empty, {[@ra={0x94, 0x4, 0x1}, @noop, @cipso={0x86, 0x41, 0x3, [{0x7, 0x6, "956d871c"}, {0x0, 0x9, "ae7903e993b08c"}, {0x0, 0x5, "9775bc"}, {0x1, 0xd, "bd14259e78ef1a7da4b065"}, {0x1, 0x2}, {0x5, 0xf, "b74a762095817793ee9f832682"}, {0x0, 0x9, "99f910ef0ddcae"}]}, @lsrr={0x83, 0x7, 0xb, [@multicast2]}, @timestamp_prespec={0x44, 0x2c, 0x7b, 0x3, 0xe, [{@empty, 0x81}, {@loopback, 0x3}, {@rand_addr=0x64010102, 0x401}, {@local, 0xb}, {@multicast1, 0x800}]}, @timestamp_prespec={0x44, 0x14, 0x5b, 0x3, 0x3, [{@broadcast, 0x4}, {@empty, 0xf}]}, @lsrr={0x83, 0xb, 0x57, [@rand_addr=0x64010102, @empty]}]}}}}})
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000001040)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001000)={&(0x7f0000000980)={0x644, r1, 0x300, 0x70bd27, 0x25dfdbfc, {}, [{{0x8}, {0x12c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r2}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffff7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7fffffff}}}]}}, {{0x8, 0x1, r5}, {0x104, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}]}}, {{0x8, 0x1, r7}, {0x100, 0x2, 0x0, 0x1, [{0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0xa, 0xf, 0x6}, {0x3, 0x55, 0x5, 0x2}, {0x3bf, 0x77}]}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x5, 0x40, 0xf, 0x8}, {0x8, 0x9, 0x7, 0x253}, {0x4, 0x0, 0xe6, 0x7}, {0x3, 0x6, 0x5, 0x8}, {0x4, 0x9, 0x6, 0x4}, {0x1, 0x3, 0x9, 0x8}]}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r10}, {0x7c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r14}, {0xe0, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0x2, 0x8, 0xfa, 0x66a1}, {0x3ff, 0x5, 0x7f, 0xd94c}, {0x7, 0x8, 0x6}, {0x3, 0x3, 0x2, 0x5}, {0x1, 0x2, 0x1, 0x401}, {0x0, 0x2, 0x81, 0x9}, {0x629, 0x0, 0xee, 0x1}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}]}}, {{0x8, 0x1, r15}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xd}}}]}}, {{0x8, 0x1, r16}, {0x130, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r17}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r20}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xc8}}, {0x8, 0x6, r21}}}]}}]}, 0x644}, 0x1, 0x0, 0x0, 0x20000058}, 0x4001)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0, <r22=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1f, 0x1d, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r22}}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

2.470271297s ago: executing program 3 (id=766):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000300), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) (async)
r4 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', <r5=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x58, r4, 0x1, 0x30bd28, 0x25dfdbfc, {}, [{{0x8, 0x1, r5}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffbfff9}}}]}}]}, 0x58}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840) (async)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x58, r4, 0x1, 0x30bd28, 0x25dfdbfc, {}, [{{0x8, 0x1, r5}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffbfff9}}}]}}]}, 0x58}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840)

2.320766012s ago: executing program 4 (id=767):
r0 = socket$inet6(0xa, 0x80002, 0x88) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.self_freezing\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000100)={'syztnl2\x00', <r2=>0x0, 0x4, 0x8, 0xf7, 0x8, 0xf0, @empty, @local, 0x7800, 0x10, 0xb9, 0x7}})
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x800, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x6, 0xb}, {0xffff, 0x8}, {0x7, 0xe}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20000880}, 0x9090)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) (async)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{0x2, 0x7, 0xa, 0x4800}, {0xb, 0xef, 0x80, 0x3ff}, {0x7, 0x0, 0x3, 0x97b}, {0x101, 0x81, 0x80, 0xfffffffb}, {0x5, 0x9, 0xa, 0x6}, {0x0, 0xd, 0x7, 0x2}, {0x8, 0x5, 0xff}, {0x4, 0x7, 0x7f, 0x6}]}, 0x10)
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000300)={0x1, &(0x7f00000002c0)=[{0x7, 0x56, 0x1}]}) (async)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000280)={0x1, 0x6}, 0x8)

1.99321754s ago: executing program 1 (id=768):
unshare(0x62040200)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000240)="94", 0x1)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000000c0)={<r2=>0x0, 0x2, 0x0, 0x6b1b}, &(0x7f0000000140)=0x10)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={r2}, 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0)=""/203, 0xcb}, 0x4}], 0x1, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4)
sendto$inet6(r0, 0x0, 0xffffff03, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x3, @mcast1, 0x9}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x40010, 0xffffffffffffffff, 0xfffff000)
writev(0xffffffffffffffff, 0x0, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_init_net_socket$ax25(0x3, 0x3, 0x0)
close(0x3)
syz_80211_inject_frame(&(0x7f0000000000)=@device_b, &(0x7f0000000040)=@ctrl_frame=@bar={{}, {0x7ff8}, @broadcast, @device_b, @multi={{0x0, 0x1, 0x1, 0x0, 0x7}, [{0x0, 0x1, {0x2, 0x6}, "1c77eedb0835438a"}, {0x0, 0xc, {0x0, 0xd}, "1f6297366b05d06a"}, {0x0, 0xc, {0x0, 0x7}, "73fd19a8bd90ff5b"}, {0x0, 0x6, {0x8, 0x7f}, "a608f4da8f0ab5d9"}, {0x0, 0x6, {0xc, 0x9}, "c746a1206e4b932b"}, {0x0, 0xb, {0x4, 0x7}, "3b4ceb7ae42a9eca"}, {0x0, 0x9, {0x2, 0x1}, "bf881aa8bde7199f"}]}}, 0x66)

1.847332569s ago: executing program 0 (id=55):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x0) (async)

476.234766ms ago: executing program 4 (id=769):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000001380)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x10, @empty, 0x7000}, 0x1c, 0x0, 0x0, &(0x7f0000000540)=[@pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @broadcast}}}}], 0x28}}], 0x1, 0x4008010)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000300)=[@in={0x2, 0x4e20, @loopback}], 0x10)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc0}}, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000010000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000116608000000000009180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0x4f7a, &(0x7f0000000180)=""/226, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)

332.748217ms ago: executing program 4 (id=770):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000080000000800000008000002000000006c063b3cc84040d76b3ba7a6e41f7899cd71161476a309116a4235c0d7627ff8f31c6c6afaf7174dc795690eefa45bc6f77ea9283c802125ecb6ccd56b219e16ba0c002faa1db96393acc3605fb66c30eabaaf3a0b43ca55837f7ad11f5bf0a12a2a4f776fda709c04bf5fea1930968af5e4df9c77448d92c22037aaf8b5d72a6a42f3111a00000000fbfe8e363c0c0f83f9", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000002c0)="bf", 0x1}], 0x1}, 0x20000000)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000400)={r2, r1})
sendmmsg$inet(r0, &(0x7f0000002c80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000acbeaad9b311d497769f4500000018110000", @ANYRESOCT=r1, @ANYRESOCT=r0], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

208.007673ms ago: executing program 2 (id=771):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c"], 0xd8}}, 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r0)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000eeff110000000a0004007778616e3300000008001500", @ANYRES32, @ANYBLOB="080001"], 0x30}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b402000000000000791100000000000085000000010000009500000000000000359bb9f43d86b136000000008762000000f3"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$NFC_CMD_GET_TARGET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c"], 0xd8}}, 0x0) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r0) (async)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000eeff110000000a0004007778616e3300000008001500", @ANYRES32, @ANYBLOB="080001"], 0x30}}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b402000000000000791100000000000085000000010000009500000000000000359bb9f43d86b136000000008762000000f3"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)

0s ago: executing program 2 (id=772):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r3, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x8, 0x0, 0x0}}, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e64000000080002400000000048000000160a0101000b000000000000010000000900020073797a32000000000900010073797a30000000001c0003801800010076"], 0xe8}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)={0x34, r4, 0x1, 0xfffffd, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'eth', 0x3a, 'gre0\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newlink={0x58, 0x10, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x17015527bab91328}, [@IFLA_IFNAME={0x14, 0x3, 'macvtap0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0x7ffffffe, 0xf37, 0x800003}}]}]}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x58}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000001400002c00128009000100626f6e64000000001c00028008000b0004200000050006000000000008000700"], 0x4c}}, 0x0)

kernel console output (not intermixed with test programs):

 cc 0x1003 length: 249 > 9
[   78.171638][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   78.184079][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   78.191935][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   78.201033][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   78.208807][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   78.216431][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   78.252895][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   78.260674][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   78.294671][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   78.302757][ T5155] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   78.316241][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   78.326133][ T5155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   78.334655][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   78.343508][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   78.343785][ T5155] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   78.358508][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   78.359227][ T5155] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   78.380274][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   78.750984][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   79.033901][ T5838] chnl_net:caif_netlink_parms(): no params data found
[   79.044823][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   79.114308][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.122119][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.130465][ T5833] bridge_slave_0: entered allmulticast mode
[   79.139108][ T5833] bridge_slave_0: entered promiscuous mode
[   79.148428][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.155565][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.162865][ T5833] bridge_slave_1: entered allmulticast mode
[   79.170130][ T5833] bridge_slave_1: entered promiscuous mode
[   79.191742][ T5839] chnl_net:caif_netlink_parms(): no params data found
[   79.252879][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   79.340168][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.352981][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.396494][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.403993][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.411635][ T5846] bridge_slave_0: entered allmulticast mode
[   79.419151][ T5846] bridge_slave_0: entered promiscuous mode
[   79.484139][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.491638][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.499622][ T5846] bridge_slave_1: entered allmulticast mode
[   79.506813][ T5846] bridge_slave_1: entered promiscuous mode
[   79.529032][ T5833] team0: Port device team_slave_0 added
[   79.535151][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.542478][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.549743][ T5838] bridge_slave_0: entered allmulticast mode
[   79.556816][ T5838] bridge_slave_0: entered promiscuous mode
[   79.596349][ T5833] team0: Port device team_slave_1 added
[   79.602633][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.609877][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.617023][ T5838] bridge_slave_1: entered allmulticast mode
[   79.624799][ T5838] bridge_slave_1: entered promiscuous mode
[   79.650508][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.657784][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.665195][ T5839] bridge_slave_0: entered allmulticast mode
[   79.672403][ T5839] bridge_slave_0: entered promiscuous mode
[   79.683086][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.726823][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.734103][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.741316][ T5839] bridge_slave_1: entered allmulticast mode
[   79.749707][ T5839] bridge_slave_1: entered promiscuous mode
[   79.770714][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.793768][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.800856][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.827844][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.878856][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.913628][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.923053][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.952387][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.965658][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.989976][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.014037][ T5846] team0: Port device team_slave_0 added
[   80.022968][ T5846] team0: Port device team_slave_1 added
[   80.037677][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.047356][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.054912][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.062799][ T5845] bridge_slave_0: entered allmulticast mode
[   80.070523][ T5845] bridge_slave_0: entered promiscuous mode
[   80.113822][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.121181][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.129070][ T5845] bridge_slave_1: entered allmulticast mode
[   80.136048][ T5845] bridge_slave_1: entered promiscuous mode
[   80.146540][ T5839] team0: Port device team_slave_0 added
[   80.159169][ T5155] Bluetooth: hci0: command tx timeout
[   80.197465][ T5838] team0: Port device team_slave_0 added
[   80.228754][ T5839] team0: Port device team_slave_1 added
[   80.236787][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.247362][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.254347][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.280340][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.305340][ T5838] team0: Port device team_slave_1 added
[   80.314097][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.323274][ T5155] Bluetooth: hci2: command tx timeout
[   80.323291][ T5836] Bluetooth: hci1: command tx timeout
[   80.351169][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.358158][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.384098][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.406119][ T5833] hsr_slave_0: entered promiscuous mode
[   80.412755][ T5833] hsr_slave_1: entered promiscuous mode
[   80.451767][ T5845] team0: Port device team_slave_0 added
[   80.468854][ T5836] Bluetooth: hci3: command tx timeout
[   80.472394][ T5155] Bluetooth: hci4: command tx timeout
[   80.482129][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.489182][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.515707][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.555597][ T5845] team0: Port device team_slave_1 added
[   80.562867][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.570255][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.596491][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.643223][ T5846] hsr_slave_0: entered promiscuous mode
[   80.649927][ T5846] hsr_slave_1: entered promiscuous mode
[   80.656720][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.664477][ T5846] Cannot create hsr debugfs directory
[   80.671334][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.678334][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.704972][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.763544][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.770599][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.797082][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.808808][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.815768][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.842204][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.854678][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.861968][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   80.888570][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.006538][ T5839] hsr_slave_0: entered promiscuous mode
[   81.013914][ T5839] hsr_slave_1: entered promiscuous mode
[   81.022572][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   81.030713][ T5839] Cannot create hsr debugfs directory
[   81.079140][ T5838] hsr_slave_0: entered promiscuous mode
[   81.085520][ T5838] hsr_slave_1: entered promiscuous mode
[   81.091767][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   81.099428][ T5838] Cannot create hsr debugfs directory
[   81.183261][ T5845] hsr_slave_0: entered promiscuous mode
[   81.190102][ T5845] hsr_slave_1: entered promiscuous mode
[   81.196203][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   81.204495][ T5845] Cannot create hsr debugfs directory
[   81.573026][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.617021][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.635030][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.666819][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.709502][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   81.720794][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   81.743336][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   81.753288][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   81.829165][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   81.844192][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   81.873762][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   81.885562][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   81.986985][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   82.002730][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   82.012567][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   82.023009][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   82.149498][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.180658][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.191389][ T5845] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   82.203743][ T5845] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   82.214977][ T5845] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   82.228250][ T5155] Bluetooth: hci0: command tx timeout
[   82.236583][ T5845] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   82.270271][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.299245][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   82.317782][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[   82.339995][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   82.384024][ T3012] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.391385][ T3012] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.399164][ T5155] Bluetooth: hci1: command tx timeout
[   82.403483][ T5836] Bluetooth: hci2: command tx timeout
[   82.407029][ T3012] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.417112][ T3012] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.429980][ T3012] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.437081][ T3012] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.446414][ T3012] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.453699][ T3012] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.510363][ T1321] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.517692][ T1321] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.542208][  T153] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.549377][  T153] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.558338][ T5836] Bluetooth: hci3: command tx timeout
[   82.558906][ T5155] Bluetooth: hci4: command tx timeout
[   82.683908][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.762351][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.805840][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[   82.868470][ T3012] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.875628][ T3012] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.932361][ T3012] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.939577][ T3012] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.992745][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   83.033504][   T77] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.040787][   T77] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.083300][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.104886][  T153] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.112182][  T153] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.163206][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.257615][ T5839] veth0_vlan: entered promiscuous mode
[   83.294080][ T5839] veth1_vlan: entered promiscuous mode
[   83.335038][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.421612][ T5846] veth0_vlan: entered promiscuous mode
[   83.431007][ T5839] veth0_macvtap: entered promiscuous mode
[   83.495247][ T5839] veth1_macvtap: entered promiscuous mode
[   83.514869][ T5846] veth1_vlan: entered promiscuous mode
[   83.604391][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.640688][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.671349][ T5846] veth0_macvtap: entered promiscuous mode
[   83.686179][ T1321] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.720210][ T1321] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.734111][ T5833] veth0_vlan: entered promiscuous mode
[   83.741291][ T5846] veth1_macvtap: entered promiscuous mode
[   83.753018][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.762502][ T1321] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.772006][ T1321] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.801049][ T5833] veth1_vlan: entered promiscuous mode
[   83.841714][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.852415][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.887234][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.959558][ T1342] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.985988][ T1342] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.006833][ T1342] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.043365][ T5833] veth0_macvtap: entered promiscuous mode
[   84.057491][ T5838] veth0_vlan: entered promiscuous mode
[   84.074690][ T1342] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.096806][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.116035][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.130806][ T5838] veth1_vlan: entered promiscuous mode
[   84.144518][ T5833] veth1_macvtap: entered promiscuous mode
[   84.226283][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.239965][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.271213][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.309702][ T5155] Bluetooth: hci0: command tx timeout
[   84.331360][ T5838] veth0_macvtap: entered promiscuous mode
[   84.343305][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.355161][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.358877][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.385421][ T5838] veth1_macvtap: entered promiscuous mode
[   84.400259][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   84.409685][ T1342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.424928][ T3012] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.456459][ T3012] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.468996][ T5155] Bluetooth: hci2: command tx timeout
[   84.474432][ T5155] Bluetooth: hci1: command tx timeout
[   84.482121][ T3012] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.562069][ T5845] veth0_vlan: entered promiscuous mode
[   84.577625][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.587641][ T3012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.605240][ T5845] veth1_vlan: entered promiscuous mode
[   84.607614][ T3012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.621063][ T5946] FAULT_INJECTION: forcing a failure.
[   84.621063][ T5946] name failslab, interval 1, probability 0, space 0, times 1
[   84.632051][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.638082][ T5155] Bluetooth: hci4: command tx timeout
[   84.646325][ T5155] Bluetooth: hci3: command tx timeout
[   84.656738][ T5946] CPU: 1 UID: 0 PID: 5946 Comm: syz.2.3 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) 
[   84.656761][ T5946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   84.656778][ T5946] Call Trace:
[   84.656786][ T5946]  <TASK>
[   84.656793][ T5946]  dump_stack_lvl+0x189/0x250
[   84.656834][ T5946]  ? __pfx____ratelimit+0x10/0x10
[   84.656863][ T5946]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.656891][ T5946]  ? __pfx__printk+0x10/0x10
[   84.656917][ T5946]  ? __pfx___might_resched+0x10/0x10
[   84.656944][ T5946]  ? fs_reclaim_acquire+0x7d/0x100
[   84.656970][ T5946]  should_fail_ex+0x414/0x560
[   84.656998][ T5946]  should_failslab+0xa8/0x100
[   84.657020][ T5946]  __kmalloc_cache_noprof+0x70/0x3d0
[   84.657038][ T5946]  ? ipv6_flowlabel_opt+0xe73/0x23a0
[   84.657069][ T5946]  ipv6_flowlabel_opt+0xe73/0x23a0
[   84.657099][ T5946]  ? rcu_is_watching+0x15/0xb0
[   84.657142][ T5946]  ? __kasan_check_byte+0x12/0x40
[   84.657163][ T5946]  ? is_bpf_text_address+0x26/0x2b0
[   84.657197][ T5946]  ? rcu_is_watching+0x15/0xb0
[   84.657238][ T5946]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[   84.657266][ T5946]  ? register_lock_class+0x51/0x320
[   84.657297][ T5946]  ? __lock_acquire+0xab9/0xd20
[   84.657333][ T5946]  ? __local_bh_enable_ip+0x12d/0x1c0
[   84.657361][ T5946]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.657390][ T5946]  ? __local_bh_enable_ip+0x12d/0x1c0
[   84.657429][ T5946]  do_ipv6_setsockopt+0xe8a/0x2fb0
[   84.657464][ T5946]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[   84.657488][ T5946]  ? __might_fault+0xb0/0x130
[   84.657506][ T5946]  ? _parse_integer_limit+0x1ae/0x1f0
[   84.657534][ T5946]  ? aa_label_sk_perm+0x413/0x560
[   84.657561][ T5946]  ? __pfx_aa_label_sk_perm+0x10/0x10
[   84.657599][ T5946]  ? __pfx___might_resched+0x10/0x10
[   84.657628][ T5946]  ? rcu_read_lock_any_held+0xb3/0x120
[   84.657646][ T5946]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   84.657666][ T5946]  ? vfs_write+0x8d8/0xa90
[   84.657702][ T5946]  ipv6_setsockopt+0x59/0x170
[   84.657731][ T5946]  rawv6_setsockopt+0x23b/0x5b0
[   84.657757][ T5946]  ? __lock_acquire+0xab9/0xd20
[   84.657782][ T5946]  ? __pfx_rawv6_setsockopt+0x10/0x10
[   84.657810][ T5946]  ? aa_sock_opt_perm+0x74/0x110
[   84.657833][ T5946]  ? sock_common_setsockopt+0x36/0xc0
[   84.657853][ T5946]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   84.657880][ T5946]  do_sock_setsockopt+0x257/0x3e0
[   84.657907][ T5946]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   84.657936][ T5946]  ? __fget_files+0x2a/0x420
[   84.657963][ T5946]  __x64_sys_setsockopt+0x18b/0x220
[   84.657994][ T5946]  do_syscall_64+0xfa/0x3b0
[   84.658010][ T5946]  ? lockdep_hardirqs_on+0x9c/0x150
[   84.658037][ T5946]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.658054][ T5946]  ? clear_bhb_loop+0x60/0xb0
[   84.658076][ T5946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.658093][ T5946] RIP: 0033:0x7f917138e929
[   84.658114][ T5946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.658129][ T5946] RSP: 002b:00007f916f1d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   84.658148][ T5946] RAX: ffffffffffffffda RBX: 00007f91715b6080 RCX: 00007f917138e929
[   84.658161][ T5946] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000004
[   84.658171][ T5946] RBP: 00007f916f1d5090 R08: 0000000000000020 R09: 0000000000000000
[   84.658182][ T5946] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[   84.658200][ T5946] R13: 0000000000000001 R14: 00007f91715b6080 R15: 00007ffd0319db08
[   84.658227][ T5946]  </TASK>
[   84.748919][ T1321] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.055897][ T1321] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.071307][ T5845] veth0_macvtap: entered promiscuous mode
[   85.097466][ T1321] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.136289][ T5845] veth1_macvtap: entered promiscuous mode
[   85.166339][ T1321] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.197068][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.213185][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.256768][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.299630][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.343302][ T1342] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.357270][ T1342] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.366133][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.376116][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.438163][ T1342] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.455265][ T1342] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.517761][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.541712][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.552139][ T5960] syz.3.6 uses obsolete (PF_INET,SOCK_PACKET)
[   85.563864][ T5959] Cannot find set identified by id 0 to match
[   85.655645][ T5960] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6'.
[   85.761842][ T3012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.824818][ T3012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.978239][ T5970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9'.
[   86.026676][ T3012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.063294][ T3012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.108296][ T5975] netlink: 'syz.3.10': attribute type 10 has an invalid length.
[   86.170626][ T5975] veth0_macvtap: left promiscuous mode
[   86.193199][ T5975] batman_adv: batadv0: Adding interface: macvtap0
[   86.197132][ T5983] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2'.
[   86.202095][ T5975] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.245716][ T5975] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active
[   86.310974][ T5979] netlink: 'syz.0.1': attribute type 2 has an invalid length.
[   86.321526][ T5987] trusted_key: syz.2.11 sent an empty control message without MSG_MORE.
[   86.388763][ T5836] Bluetooth: hci0: command tx timeout
[   86.517712][ T5984] warning: `syz.0.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   86.548504][ T5836] Bluetooth: hci2: command tx timeout
[   86.595200][ T5836] Bluetooth: hci1: command tx timeout
[   86.661954][ T5983] syzkaller1: tun_chr_ioctl cmd 1074025677
[   86.668028][ T3012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.689218][ T5983] syzkaller1: linktype set to 776
[   86.697683][ T3012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.710126][ T5836] Bluetooth: hci4: command tx timeout
[   86.719911][ T5836] Bluetooth: hci3: command tx timeout
[   86.798465][ T5984] syz.0.1 (5984) used greatest stack depth: 19928 bytes left
[   86.959541][ T5997] FAULT_INJECTION: forcing a failure.
[   86.959541][ T5997] name failslab, interval 1, probability 0, space 0, times 0
[   87.010130][ T5997] CPU: 0 UID: 0 PID: 5997 Comm: syz.3.14 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) 
[   87.010157][ T5997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.010168][ T5997] Call Trace:
[   87.010175][ T5997]  <TASK>
[   87.010183][ T5997]  dump_stack_lvl+0x189/0x250
[   87.010216][ T5997]  ? __pfx____ratelimit+0x10/0x10
[   87.010245][ T5997]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.010272][ T5997]  ? __pfx__printk+0x10/0x10
[   87.010297][ T5997]  ? __pfx___might_resched+0x10/0x10
[   87.010323][ T5997]  ? fs_reclaim_acquire+0x7d/0x100
[   87.010349][ T5997]  should_fail_ex+0x414/0x560
[   87.010376][ T5997]  should_failslab+0xa8/0x100
[   87.010396][ T5997]  __kmalloc_cache_noprof+0x70/0x3d0
[   87.010413][ T5997]  ? ipv6_flowlabel_opt+0x165c/0x23a0
[   87.010444][ T5997]  ipv6_flowlabel_opt+0x165c/0x23a0
[   87.010482][ T5997]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[   87.010510][ T5997]  ? register_lock_class+0x51/0x320
[   87.010540][ T5997]  ? __lock_acquire+0xab9/0xd20
[   87.010577][ T5997]  ? __local_bh_enable_ip+0x12d/0x1c0
[   87.010603][ T5997]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.010631][ T5997]  ? __local_bh_enable_ip+0x12d/0x1c0
[   87.010669][ T5997]  do_ipv6_setsockopt+0xe8a/0x2fb0
[   87.010704][ T5997]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[   87.010727][ T5997]  ? __might_fault+0xb0/0x130
[   87.010745][ T5997]  ? _parse_integer_limit+0x1ae/0x1f0
[   87.010773][ T5997]  ? aa_label_sk_perm+0x413/0x560
[   87.010799][ T5997]  ? __pfx_aa_label_sk_perm+0x10/0x10
[   87.010844][ T5997]  ? __pfx___might_resched+0x10/0x10
[   87.010872][ T5997]  ? rcu_read_lock_any_held+0xb3/0x120
[   87.010889][ T5997]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   87.010910][ T5997]  ? vfs_write+0x8d8/0xa90
[   87.010945][ T5997]  ipv6_setsockopt+0x59/0x170
[   87.010974][ T5997]  rawv6_setsockopt+0x23b/0x5b0
[   87.010999][ T5997]  ? __lock_acquire+0xab9/0xd20
[   87.011025][ T5997]  ? __pfx_rawv6_setsockopt+0x10/0x10
[   87.011052][ T5997]  ? aa_sock_opt_perm+0x74/0x110
[   87.011075][ T5997]  ? sock_common_setsockopt+0x36/0xc0
[   87.011095][ T5997]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   87.011117][ T5997]  do_sock_setsockopt+0x257/0x3e0
[   87.011144][ T5997]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   87.011173][ T5997]  ? __fget_files+0x2a/0x420
[   87.011201][ T5997]  __x64_sys_setsockopt+0x18b/0x220
[   87.011231][ T5997]  do_syscall_64+0xfa/0x3b0
[   87.011246][ T5997]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.011273][ T5997]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.011290][ T5997]  ? clear_bhb_loop+0x60/0xb0
[   87.011311][ T5997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.011329][ T5997] RIP: 0033:0x7feccd38e929
[   87.011344][ T5997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.011359][ T5997] RSP: 002b:00007feccb1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   87.011378][ T5997] RAX: ffffffffffffffda RBX: 00007feccd5b6080 RCX: 00007feccd38e929
[   87.011390][ T5997] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000004
[   87.011401][ T5997] RBP: 00007feccb1f6090 R08: 0000000000000020 R09: 0000000000000000
[   87.011411][ T5997] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[   87.011422][ T5997] R13: 0000000000000001 R14: 00007feccd5b6080 R15: 00007ffd2dfb9528
[   87.011450][ T5997]  </TASK>
[   87.481393][ T6005] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   87.501529][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.527004][ T6006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15'.
[   87.536566][ T6006] openvswitch: netlink: Invalid MD length 0 for MD type 0
[   87.544036][ T6006] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.560337][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.572744][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.583866][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.641239][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.652617][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.663332][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.675806][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.686602][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.697688][ T6005] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.754062][ T6009] netlink: 20 bytes leftover after parsing attributes in process `syz.0.17'.
[   88.315687][ T6026] netlink: 16 bytes leftover after parsing attributes in process `syz.4.22'.
[   88.620354][ T6033] netlink: 12 bytes leftover after parsing attributes in process `syz.1.24'.
[   88.664151][ T6033] tipc: Started in network mode
[   88.692878][ T6033] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   88.751245][ T6033] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000
[   88.760205][ T6033] tipc: Enabled bearer <udp:syz1>, priority 10
[   88.790012][ T5836] Bluetooth: hci4: command 0x0405 tx timeout
[   88.866571][ T6051] Zero length message leads to an empty skb
[   88.905115][ T6053] FAULT_INJECTION: forcing a failure.
[   88.905115][ T6053] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   88.971726][ T6050] netlink: 5676 bytes leftover after parsing attributes in process `syz.0.28'.
[   89.011666][ T6053] CPU: 1 UID: 0 PID: 6053 Comm: syz.2.29 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) 
[   89.011694][ T6053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   89.011706][ T6053] Call Trace:
[   89.011714][ T6053]  <TASK>
[   89.011722][ T6053]  dump_stack_lvl+0x189/0x250
[   89.011759][ T6053]  ? __pfx____ratelimit+0x10/0x10
[   89.011790][ T6053]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.011823][ T6053]  ? __pfx__printk+0x10/0x10
[   89.011858][ T6053]  should_fail_ex+0x414/0x560
[   89.011899][ T6053]  _copy_to_user+0x31/0xb0
[   89.011923][ T6053]  simple_read_from_buffer+0xe1/0x170
[   89.011949][ T6053]  proc_fail_nth_read+0x1df/0x250
[   89.011989][ T6053]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   89.012015][ T6053]  ? rw_verify_area+0x258/0x650
[   89.012043][ T6053]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   89.012068][ T6053]  vfs_read+0x200/0x980
[   89.012103][ T6053]  ? __pfx___mutex_lock+0x10/0x10
[   89.012123][ T6053]  ? __pfx_vfs_read+0x10/0x10
[   89.012153][ T6053]  ? __fget_files+0x2a/0x420
[   89.012177][ T6053]  ? __fget_files+0x3a0/0x420
[   89.012197][ T6053]  ? __fget_files+0x2a/0x420
[   89.012225][ T6053]  ksys_read+0x145/0x250
[   89.012252][ T6053]  ? __fget_files+0x2a/0x420
[   89.012274][ T6053]  ? __pfx_ksys_read+0x10/0x10
[   89.012310][ T6053]  ? do_syscall_64+0xbe/0x3b0
[   89.012332][ T6053]  do_syscall_64+0xfa/0x3b0
[   89.012349][ T6053]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.012377][ T6053]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.012396][ T6053]  ? clear_bhb_loop+0x60/0xb0
[   89.012431][ T6053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.012449][ T6053] RIP: 0033:0x7f917138d33c
[   89.012465][ T6053] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   89.012480][ T6053] RSP: 002b:00007f916f1d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   89.012499][ T6053] RAX: ffffffffffffffda RBX: 00007f91715b6080 RCX: 00007f917138d33c
[   89.012512][ T6053] RDX: 000000000000000f RSI: 00007f916f1d50a0 RDI: 0000000000000006
[   89.012523][ T6053] RBP: 00007f916f1d5090 R08: 0000000000000000 R09: 0000000000000000
[   89.012551][ T6053] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[   89.012563][ T6053] R13: 0000000000000001 R14: 00007f91715b6080 R15: 00007ffd0319db08
[   89.012592][ T6053]  </TASK>
[   89.399429][ T6061] ieee802154 phy0 wpan0: encryption failed: -22
[   89.473620][ T6058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.30'.
[   89.808460][ T5958] tipc: Node number set to 1
[   90.067638][ T6082] batman_adv: batadv0: Adding interface: ip6gretap1
[   90.108207][ T6082] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.143402][ T6082] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[   90.185213][ T6085] netlink: 8 bytes leftover after parsing attributes in process `syz.4.39'.
[   90.243847][ T6082] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.256971][ T6082] batman_adv: batadv0: Removing interface: batadv_slave_0
[   90.289644][ T6082] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.336560][ T6082] batman_adv: batadv0: Removing interface: batadv_slave_1
[   90.369533][ T6095] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   90.382244][ T6082] batman_adv: batadv0: Removing interface: ip6gretap1
[   91.026693][ T6120] 
@ÿ: renamed from veth0_vlan (while UP)
[   91.081726][ T5833] syz-executor (5833) used greatest stack depth: 19624 bytes left
[   91.311663][ T1321] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.416958][ T1321] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.533266][ T1321] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.685989][    T9] cfg80211: failed to load regulatory.db
[   91.834642][ T1321] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.898010][ T6148] __nla_validate_parse: 1 callbacks suppressed
[   91.898027][ T6148] netlink: 48 bytes leftover after parsing attributes in process `syz.2.60'.
[   92.028681][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   92.037423][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   92.045329][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   92.058235][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   92.066962][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   92.711669][ T1321] bridge_slave_1: left allmulticast mode
[   92.733453][ T1321] bridge_slave_1: left promiscuous mode
[   92.747739][ T6173] netlink: 72 bytes leftover after parsing attributes in process `syz.3.65'.
[   92.747823][ T1321] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.771969][ T1321] bridge_slave_0: left allmulticast mode
[   92.797942][ T1321] bridge_slave_0: left promiscuous mode
[   92.807299][ T1321] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.106356][ T1321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   93.117344][ T1321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   93.127798][ T1321] bond0 (unregistering): Released all slaves
[   93.214653][ T6183] veth2: entered allmulticast mode
[   93.309693][ T6183] veth3: entered promiscuous mode
[   93.608238][ T6199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.69'.
[   93.872233][ T6215] netlink: 48 bytes leftover after parsing attributes in process `syz.3.74'.
[   93.882127][ T6215] netlink: 'syz.3.74': attribute type 2 has an invalid length.
[   93.896443][ T6215] netlink: 'syz.3.74': attribute type 1 has an invalid length.
[   93.907611][ T6215] netlink: 'syz.3.74': attribute type 1 has an invalid length.
[   93.939465][ T6215] netlink: 'syz.3.74': attribute type 1 has an invalid length.
[   93.965415][ T6215] netlink: 'syz.3.74': attribute type 1 has an invalid length.
[   93.991746][ T6199] bridge_slave_1: left allmulticast mode
[   94.006386][ T6199] bridge_slave_1: left promiscuous mode
[   94.014937][ T6215] netlink: 'syz.3.74': attribute type 1 has an invalid length.
[   94.019772][ T6199] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.050937][ T6199] bridge_slave_0: left allmulticast mode
[   94.069884][ T6199] bridge_slave_0: left promiscuous mode
[   94.086508][ T6199] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.166394][ T5155] Bluetooth: hci0: command tx timeout
[   94.680817][ T1321] hsr_slave_0: left promiscuous mode
[   94.692314][ T1321] hsr_slave_1: left promiscuous mode
[   94.707352][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   94.734261][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_0
[   94.749845][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   94.757495][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_1
[   94.813079][ T1321] veth1_macvtap: left promiscuous mode
[   94.828536][ T1321] veth0_macvtap: left promiscuous mode
[   94.838301][ T1321] veth1_vlan: left promiscuous mode
[   94.849013][ T1321] veth0_vlan: left promiscuous mode
[   95.605227][ T1321] team0 (unregistering): Port device team_slave_1 removed
[   95.666212][ T1321] team0 (unregistering): Port device team_slave_0 removed
[   96.077740][ T6154] chnl_net:caif_netlink_parms(): no params data found
[   96.228330][ T5155] Bluetooth: hci0: command tx timeout
[   96.295113][ T6248] netlink: 28 bytes leftover after parsing attributes in process `syz.3.80'.
[   96.371383][ T6252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.80'.
[   96.461516][ T6256] netlink: 'syz.1.82': attribute type 14 has an invalid length.
[   96.469526][ T6256] netlink: 20 bytes leftover after parsing attributes in process `syz.1.82'.
[   96.598827][ T6256] bond0: option xmit_hash_policy: invalid value (8)
[   96.618788][ T6154] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.640269][ T6154] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.673274][ T6154] bridge_slave_0: entered allmulticast mode
[   96.711440][ T6154] bridge_slave_0: entered promiscuous mode
[   96.750231][ T6154] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.779250][ T6154] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.804013][ T6154] bridge_slave_1: entered allmulticast mode
[   96.854227][ T6154] bridge_slave_1: entered promiscuous mode
[   97.032480][ T6154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.081599][ T6154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.492552][ T6154] team0: Port device team_slave_0 added
[   97.730163][ T6285] netlink: 'syz.3.88': attribute type 4 has an invalid length.
[   97.885418][ T6154] team0: Port device team_slave_1 added
[   98.195065][ T6154] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.202260][ T6154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.230905][ T6154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.244249][ T6154] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.254249][ T6317] netlink: 'syz.4.94': attribute type 10 has an invalid length.
[   98.262098][ T6154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.289488][ T6154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.310248][ T5155] Bluetooth: hci0: command tx timeout
[   98.324930][ T6321] netlink: 24 bytes leftover after parsing attributes in process `syz.2.95'.
[   98.389254][ T6317] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   98.454709][   T30] audit: type=1800 audit(1750339562.765:2): pid=6331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.97" name="memory.events" dev="tmpfs" ino=135 res=0 errno=0
[   98.517663][ T6333] netlink: 'syz.2.97': attribute type 1 has an invalid length.
[   98.542676][ T6333] netlink: 224 bytes leftover after parsing attributes in process `syz.2.97'.
[   98.647557][ T6154] hsr_slave_0: entered promiscuous mode
[   98.664454][ T6154] hsr_slave_1: entered promiscuous mode
[   98.995533][ T6355] netlink: 60 bytes leftover after parsing attributes in process `syz.2.103'.
[   99.389947][ T6368] netlink: 12 bytes leftover after parsing attributes in process `syz.4.107'.
[   99.558259][ T6377] Illegal XDP return value 4294967294 on prog  (id 38) dev N/A, expect packet loss!
[   99.670851][ T6376] netlink: 24 bytes leftover after parsing attributes in process `syz.3.109'.
[   99.882731][ T6392] netlink: 'syz.3.113': attribute type 21 has an invalid length.
[   99.900073][ T6392] netlink: 128 bytes leftover after parsing attributes in process `syz.3.113'.
[   99.966804][ T6395] netlink: 'syz.4.114': attribute type 8 has an invalid length.
[   99.997510][ T6396] netlink: 20 bytes leftover after parsing attributes in process `syz.3.113'.
[  100.024662][ T6392] netlink: 3 bytes leftover after parsing attributes in process `syz.3.113'.
[  100.054814][ T6397] tipc: Enabling <eth:lo> not permitted
[  100.064443][ T6397] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  100.265311][ T6154] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.282486][ T6154] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.301627][ T6154] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.320066][ T6154] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.388181][ T5155] Bluetooth: hci0: command tx timeout
[  100.726681][ T6422] netlink: 24 bytes leftover after parsing attributes in process `syz.2.120'.
[  100.740561][ T6420] netlink: 4 bytes leftover after parsing attributes in process `syz.1.119'.
[  100.753213][ T6420] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  100.861985][ T6424] netlink: 'syz.2.121': attribute type 2 has an invalid length.
[  100.880071][ T6424] netlink: 'syz.2.121': attribute type 1 has an invalid length.
[  100.963772][ T6154] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.995655][ T6427] pim6reg: entered allmulticast mode
[  101.097428][ T6432] bond0: entered promiscuous mode
[  101.105068][ T6432] bond_slave_0: entered promiscuous mode
[  101.143258][ T6432] bond_slave_1: entered promiscuous mode
[  101.606298][ T6154] 8021q: adding VLAN 0 to HW filter on device team0
[  101.638605][ T6455] sctp: [Deprecated]: syz.2.129 (pid 6455) Use of struct sctp_assoc_value in delayed_ack socket option.
[  101.638605][ T6455] Use struct sctp_sack_info instead
[  101.691407][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.698608][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.750314][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.757521][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.809156][ T6459] xt_TCPMSS: Only works on TCP SYN packets
[  101.860849][ T6459] xt_hashlimit: size too large, truncated to 1048576
[  101.879846][ T6459] xt_hashlimit: max too large, truncated to 1048576
[  101.893972][ T6463] netlink: 'syz.3.131': attribute type 15 has an invalid length.
[  101.902400][ T6463] netlink: 'syz.3.131': attribute type 1 has an invalid length.
[  102.381118][ T6451] xfrm0: entered promiscuous mode
[  102.389307][ T6451] xfrm0: entered allmulticast mode
[  102.637540][ T6154] 8021q: adding VLAN 0 to HW filter on device batadv0
[  102.799787][ T6154] veth0_vlan: entered promiscuous mode
[  102.856052][ T6154] veth1_vlan: entered promiscuous mode
[  103.095766][ T6154] veth0_macvtap: entered promiscuous mode
[  103.108661][ T6154] veth1_macvtap: entered promiscuous mode
[  103.151604][ T6154] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.192565][ T6154] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.232378][ T3012] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.251319][ T3012] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.271420][   T77] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.293269][   T77] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.469796][ T6507] __nla_validate_parse: 9 callbacks suppressed
[  103.469814][ T6507] netlink: 4 bytes leftover after parsing attributes in process `syz.4.136'.
[  103.605156][ T6507] netlink: 12 bytes leftover after parsing attributes in process `syz.4.136'.
[  103.841866][ T6524] raw_sendmsg: syz.1.137 forgot to set AF_INET. Fix it!
[  103.992324][ T6528] netlink: 12 bytes leftover after parsing attributes in process `syz.2.140'.
[  104.142858][ T6528] pim6reg: entered allmulticast mode
[  104.164765][ T6530] pim6reg: left allmulticast mode
[  104.299402][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.348416][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.544683][ T6547] netlink: 52 bytes leftover after parsing attributes in process `syz.4.145'.
[  104.575024][ T6552] netlink: 8 bytes leftover after parsing attributes in process `syz.3.146'.
[  104.800553][   T43] IPVS: starting estimator thread 0...
[  104.918857][ T6565] IPVS: using max 28 ests per chain, 67200 per kthread
[  105.209814][ T6560] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.227715][ T6560] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.427081][ T6588] SET target dimension over the limit!
[  105.517933][ T3012] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  105.542771][ T3012] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  105.569680][ T3012] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  105.699013][ T6588] vlan2: entered promiscuous mode
[  105.704991][ T6588] bridge0: entered promiscuous mode
[  105.739484][ T6588] vlan2: entered allmulticast mode
[  105.744681][ T6588] bridge0: entered allmulticast mode
[  105.897830][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  105.923230][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  105.978318][ T3012] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  107.116036][   T77] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.360799][   T77] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.553707][   T77] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.835343][   T77] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.897954][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.2.167'.
[  108.312681][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  108.321067][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  108.329962][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  108.350055][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  108.358110][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.358303][ T6708] netlink: 12 bytes leftover after parsing attributes in process `syz.2.170'.
[  108.420766][ T6704] netlink: 'syz.4.169': attribute type 21 has an invalid length.
[  108.455151][ T6704] netlink: 132 bytes leftover after parsing attributes in process `syz.4.169'.
[  108.525665][   T77] bridge_slave_1: left allmulticast mode
[  108.557965][   T77] bridge_slave_1: left promiscuous mode
[  108.564312][   T77] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.685630][   T77] bridge_slave_0: left allmulticast mode
[  108.708154][   T77] bridge_slave_0: left promiscuous mode
[  108.713955][   T77] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.421842][   T77] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  109.451164][   T77] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  109.469892][   T77] bond0 (unregistering): Released all slaves
[  109.492698][ T6727] netlink: 'syz.4.174': attribute type 5 has an invalid length.
[  109.961948][ T6761] netlink: 96 bytes leftover after parsing attributes in process `syz.2.182'.
[  109.991919][ T6763] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.000529][ T6763] batman_adv: batadv0: Removing interface: batadv_slave_0
[  110.012848][ T6763] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.025513][ T6763] batman_adv: batadv0: Removing interface: batadv_slave_1
[  110.153951][   T77] hsr_slave_0: left promiscuous mode
[  110.171523][   T77] hsr_slave_1: left promiscuous mode
[  110.177701][   T77] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.200925][   T77] batman_adv: batadv0: Removing interface: batadv_slave_0
[  110.213770][   T77] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.229104][   T77] batman_adv: batadv0: Removing interface: batadv_slave_1
[  110.287340][   T77] veth1_macvtap: left promiscuous mode
[  110.306210][   T77] veth0_macvtap: left promiscuous mode
[  110.323409][   T77] veth1_vlan: left promiscuous mode
[  110.346491][   T77] veth0_vlan: left promiscuous mode
[  110.468279][ T5155] Bluetooth: hci0: command tx timeout
[  110.913388][   T77] team0 (unregistering): Port device team_slave_1 removed
[  110.944144][   T77] team0 (unregistering): Port device team_slave_0 removed
[  111.389524][ T6800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.186'.
[  111.770879][ T6702] chnl_net:caif_netlink_parms(): no params data found
[  111.917982][ T6817] netlink: 12 bytes leftover after parsing attributes in process `syz.3.191'.
[  112.002960][ T6828] dummy0: mtu less than device minimum
[  112.017746][ T6831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  112.169058][ T6836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  112.241775][ T6831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  112.554337][ T6850] xt_recent: hitcount (33554432) is larger than allowed maximum (65535)
[  112.558147][ T5155] Bluetooth: hci0: command tx timeout
[  112.589608][ T6702] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.597041][ T6702] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.605953][ T6702] bridge_slave_0: entered allmulticast mode
[  112.614530][ T6702] bridge_slave_0: entered promiscuous mode
[  112.640911][ T6702] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.648376][ T6702] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.655569][ T6702] bridge_slave_1: entered allmulticast mode
[  112.663663][ T6702] bridge_slave_1: entered promiscuous mode
[  112.815903][ T6702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.894224][ T6702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.219751][ T6702] team0: Port device team_slave_0 added
[  113.294067][ T6702] team0: Port device team_slave_1 added
[  113.481913][ T6702] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.510106][ T6702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.586920][ T6702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.808835][ T6702] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.828950][ T6702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.866939][ T6702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  114.134385][ T6893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.203'.
[  114.234646][ T6702] hsr_slave_0: entered promiscuous mode
[  114.280597][ T6702] hsr_slave_1: entered promiscuous mode
[  114.369078][ T6901] netlink: 20 bytes leftover after parsing attributes in process `syz.3.204'.
[  114.405168][ T6901] netlink: 68 bytes leftover after parsing attributes in process `syz.3.204'.
[  114.638121][ T5155] Bluetooth: hci0: command tx timeout
[  116.292147][ T6951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.214'.
[  116.301919][ T6951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.214'.
[  116.347500][ T6949] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  116.366969][ T6702] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  116.380323][ T6702] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  116.424031][ T6702] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  116.483172][ T6702] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  116.709056][ T5155] Bluetooth: hci0: command tx timeout
[  117.007672][ T6702] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.101544][ T6702] 8021q: adding VLAN 0 to HW filter on device team0
[  117.154156][ T6589] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.161376][ T6589] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.226012][ T1321] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.227625][ T6969] xt_CT: No such helper "snmp"
[  117.233185][ T1321] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.552412][ T6981] netlink: 256 bytes leftover after parsing attributes in process `syz.1.220'.
[  117.587103][ T6981] netlink: 132 bytes leftover after parsing attributes in process `syz.1.220'.
[  117.603766][ T6987] netlink: 24 bytes leftover after parsing attributes in process `syz.4.221'.
[  117.733809][ T6987] netlink: 4 bytes leftover after parsing attributes in process `syz.4.221'.
[  117.826064][ T6995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.223'.
[  118.065480][ T6702] 8021q: adding VLAN 0 to HW filter on device batadv0
[  118.077311][ T6995] syz.3.223 (6995) used greatest stack depth: 17992 bytes left
[  118.217579][ T6702] veth0_vlan: entered promiscuous mode
[  118.285026][ T6702] veth1_vlan: entered promiscuous mode
[  118.351531][ T7021] tun0: tun_chr_ioctl cmd 2147767520
[  118.457169][ T6702] veth0_macvtap: entered promiscuous mode
[  118.510195][ T6702] veth1_macvtap: entered promiscuous mode
[  118.566819][ T6702] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.660835][ T6702] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.743679][ T1342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.764268][ T1342] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.776235][ T1342] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.788156][ T5155] Bluetooth: hci0: command tx timeout
[  118.794421][ T7041] netlink: 'syz.2.235': attribute type 12 has an invalid length.
[  118.810257][ T7041] netlink: 132 bytes leftover after parsing attributes in process `syz.2.235'.
[  118.827508][ T1342] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  119.054630][ T7049] netlink: 68 bytes leftover after parsing attributes in process `syz.2.237'.
[  119.070267][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.091318][ T7049] netlink: 12 bytes leftover after parsing attributes in process `syz.2.237'.
[  119.098045][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.222808][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.258262][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.638005][ T7068] syzkaller1: entered promiscuous mode
[  119.657440][ T7068] syzkaller1: entered allmulticast mode
[  119.814974][ T7081] netlink: 'syz.4.247': attribute type 1 has an invalid length.
[  119.843866][ T7082] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  120.017343][ T7081] bond1: entered promiscuous mode
[  120.039987][ T7081] bond1: entered allmulticast mode
[  120.195892][ T6589] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.425149][ T6589] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.599487][ T7114] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  120.689899][ T6589] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.856071][ T7123] netlink: 'syz.4.259': attribute type 83 has an invalid length.
[  120.883808][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  120.884677][ T6589] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.912117][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  120.920078][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  120.928843][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  120.937211][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  121.341020][ T7143] team0: entered promiscuous mode
[  121.346172][ T7143] team_slave_0: entered promiscuous mode
[  121.353367][ T7143] team_slave_1: entered promiscuous mode
[  121.361934][ T7143] bond0: entered promiscuous mode
[  121.367166][ T7143] bond_slave_0: entered promiscuous mode
[  121.373295][ T7143] bond_slave_1: entered promiscuous mode
[  121.381844][ T7143] 8021q: adding VLAN 0 to HW filter on device hsr1
[  121.486187][ T6589] bridge_slave_1: left allmulticast mode
[  121.492790][ T6589] bridge_slave_1: left promiscuous mode
[  121.499832][ T6589] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.521736][ T6589] bridge_slave_0: left allmulticast mode
[  121.537683][ T6589] bridge_slave_0: left promiscuous mode
[  121.546096][ T6589] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.984261][ T6589] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  122.001412][ T6589] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  122.012717][ T6589] bond0 (unregistering): Released all slaves
[  122.293899][ T7165] Bluetooth: hci3: Opcode 0x0401 failed: -4
[  122.429819][ T7166] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  122.867250][ T7128] chnl_net:caif_netlink_parms(): no params data found
[  123.028166][ T5836] Bluetooth: hci0: command tx timeout
[  123.062019][ T6589] hsr_slave_0: left promiscuous mode
[  123.094560][ T6589] hsr_slave_1: left promiscuous mode
[  123.109219][ T6589] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.120558][ T6589] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.145015][ T6589] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.168813][ T6589] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.225405][ T6589] veth1_macvtap: left promiscuous mode
[  123.235992][ T6589] veth0_macvtap: left promiscuous mode
[  123.254605][   T10] IPVS: starting estimator thread 0...
[  123.265450][ T6589] veth1_vlan: left promiscuous mode
[  123.277511][ T6589] veth0_vlan: left promiscuous mode
[  123.348004][ T7214] IPVS: using max 29 ests per chain, 69600 per kthread
[  123.782565][ T6589] team0 (unregistering): Port device team_slave_1 removed
[  123.821281][ T6589] team0 (unregistering): Port device team_slave_0 removed
[  124.258190][ T7128] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.265354][ T7128] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.298468][ T7128] bridge_slave_0: entered allmulticast mode
[  124.307683][ T7128] bridge_slave_0: entered promiscuous mode
[  124.315568][ T5836] Bluetooth: hci3: command 0x0401 tx timeout
[  124.397579][ T1321] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  124.415180][ T1321] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  124.435360][ T7128] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.451392][ T7128] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.468172][ T7128] bridge_slave_1: entered allmulticast mode
[  124.481713][ T7128] bridge_slave_1: entered promiscuous mode
[  124.500897][ T1321] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  124.547816][ T1321] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  124.595267][ T7244] 8021q: adding VLAN 0 to HW filter on device bond1
[  124.787805][ T7128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.855446][ T7258] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  125.010645][ T7250] infiniband syz0: set active
[  125.015601][ T7250] infiniband syz0: added bond_slave_1
[  125.063304][ T7266] netlink: 'syz.3.298': attribute type 1 has an invalid length.
[  125.081067][ T7266] __nla_validate_parse: 12 callbacks suppressed
[  125.081082][ T7266] netlink: 224 bytes leftover after parsing attributes in process `syz.3.298'.
[  125.100635][ T7128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.110331][ T5155] Bluetooth: hci0: command tx timeout
[  125.160080][ T7250] RDS/IB: syz0: added
[  125.181920][ T7250] smc: adding ib device syz0 with port count 1
[  125.196922][ T7273] netlink: 20 bytes leftover after parsing attributes in process `syz.4.299'.
[  125.208889][ T7250] smc:    ib device syz0 port 1 has pnetid 
[  125.212397][ T7128] team0: Port device team_slave_0 added
[  125.224514][ T7269] netlink: 'syz.2.297': attribute type 10 has an invalid length.
[  125.250677][ T7128] team0: Port device team_slave_1 added
[  125.317452][ T7269] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  125.325118][ T7269] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  125.332978][ T7276] netlink: 'syz.4.301': attribute type 4 has an invalid length.
[  125.357728][ T7276] netlink: 17 bytes leftover after parsing attributes in process `syz.4.301'.
[  125.390590][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.397560][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.479197][ T7128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.521954][ T7128] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.538850][ T7128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.567346][ T7128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  125.640048][ T7284] syzkaller1: entered promiscuous mode
[  125.673721][ T7284] syzkaller1: entered allmulticast mode
[  125.787588][ T7128] hsr_slave_0: entered promiscuous mode
[  125.796013][ T7128] hsr_slave_1: entered promiscuous mode
[  127.025149][ T7128] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  127.066679][ T7128] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  127.114396][ T7128] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  127.133723][ T7128] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  127.193859][ T5155] Bluetooth: hci0: command tx timeout
[  127.293501][ T7340] netlink: 132 bytes leftover after parsing attributes in process `syz.3.318'.
[  127.311320][ T7128] 8021q: adding VLAN 0 to HW filter on device bond0
[  127.320559][ T7340] netlink: 'syz.3.318': attribute type 9 has an invalid length.
[  127.328522][ T7340] netlink: 212260 bytes leftover after parsing attributes in process `syz.3.318'.
[  127.362329][ T7128] 8021q: adding VLAN 0 to HW filter on device team0
[  127.385630][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.392900][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.434724][ T7343] netlink: 8 bytes leftover after parsing attributes in process `syz.4.320'.
[  127.476319][ T6589] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.483549][ T6589] bridge0: port 2(bridge_slave_1) entered forwarding state
[  127.624674][ T7347] netlink: 36 bytes leftover after parsing attributes in process `syz.4.321'.
[  127.634042][ T7347] netlink: 24 bytes leftover after parsing attributes in process `syz.4.321'.
[  127.797469][ T7128] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.872448][ T7128] veth0_vlan: entered promiscuous mode
[  127.887554][ T7128] veth1_vlan: entered promiscuous mode
[  127.959850][ T7128] veth0_macvtap: entered promiscuous mode
[  127.982735][ T7128] veth1_macvtap: entered promiscuous mode
[  128.003467][ T7128] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.030357][ T7128] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.036613][ T7358] netlink: 'syz.2.324': attribute type 1 has an invalid length.
[  128.046322][ T7358] netlink: 224 bytes leftover after parsing attributes in process `syz.2.324'.
[  128.067393][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.131902][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.142622][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.155644][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.266460][ T7361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.326'.
[  128.316220][ T7363] chnl_net:caif_netlink_parms(): no params data found
[  128.374899][ T3012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.412657][ T3012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.500620][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.504525][ T7367] tipc: Can't bind to reserved service type 0
[  128.538966][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.897555][ T7382] netlink: 'syz.4.333': attribute type 1 has an invalid length.
[  129.405164][ T7395] ipvlan2: entered promiscuous mode
[  129.471279][ T7395] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  129.923803][ T7421] netlink: 'syz.4.344': attribute type 2 has an invalid length.
[  129.947951][ T7421] netlink: 'syz.4.344': attribute type 2 has an invalid length.
[  129.955791][ T7421] netlink: 'syz.4.344': attribute type 2 has an invalid length.
[  129.963681][ T7421] netlink: 'syz.4.344': attribute type 2 has an invalid length.
[  130.137284][   T77] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.325879][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  131.338881][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  131.347612][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  131.358412][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  131.369764][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  131.480795][   T77] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.572657][   T77] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.665089][   T77] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.005039][   T77] bridge_slave_1: left allmulticast mode
[  132.020918][   T77] bridge_slave_1: left promiscuous mode
[  132.026745][   T77] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.040896][   T77] bridge_slave_0: left allmulticast mode
[  132.046703][   T77] bridge_slave_0: left promiscuous mode
[  132.054774][   T77] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.391240][   T77] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  132.402824][   T77] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  132.414616][   T77] bond0 (unregistering): Released all slaves
[  132.634536][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  132.903527][ T7462] chnl_net:caif_netlink_parms(): no params data found
[  132.910442][ T7511] sctp: [Deprecated]: syz.3.367 (pid 7511) Use of struct sctp_assoc_value in delayed_ack socket option.
[  132.910442][ T7511] Use struct sctp_sack_info instead
[  133.094133][ T7517] xt_hashlimit: size too large, truncated to 1048576
[  133.277187][   T77] hsr_slave_0: left promiscuous mode
[  133.301225][   T77] hsr_slave_1: left promiscuous mode
[  133.312095][   T77] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  133.323063][   T77] batman_adv: batadv0: Removing interface: batadv_slave_0
[  133.331935][   T77] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.343241][   T77] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.397584][   T77] veth1_macvtap: left promiscuous mode
[  133.439462][ T5155] Bluetooth: hci0: command tx timeout
[  133.489649][   T77] veth0_macvtap: left promiscuous mode
[  133.497788][   T77] veth1_vlan: left promiscuous mode
[  133.504767][   T77] veth0_vlan: left promiscuous mode
[  133.899684][ T7537] __nla_validate_parse: 4 callbacks suppressed
[  133.899702][ T7537] netlink: 32 bytes leftover after parsing attributes in process `syz.3.374'.
[  134.269746][   T77] team0 (unregistering): Port device team_slave_1 removed
[  134.312554][   T77] team0 (unregistering): Port device team_slave_0 removed
[  134.904684][ T7462] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.918440][ T7462] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.928051][ T7462] bridge_slave_0: entered allmulticast mode
[  134.936474][ T7462] bridge_slave_0: entered promiscuous mode
[  134.945985][ T7546] netlink: 16 bytes leftover after parsing attributes in process `syz.1.376'.
[  134.955632][ T7546] netlink: 16 bytes leftover after parsing attributes in process `syz.1.376'.
[  134.964821][ T7546] netlink: 16 bytes leftover after parsing attributes in process `syz.1.376'.
[  134.988814][ T7462] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.996089][ T7462] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.003712][ T7462] bridge_slave_1: entered allmulticast mode
[  135.016301][ T7462] bridge_slave_1: entered promiscuous mode
[  135.187102][ T7462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  135.211636][ T7462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  135.396730][ T7462] team0: Port device team_slave_0 added
[  135.407174][ T7567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.381'.
[  135.433011][ T7462] team0: Port device team_slave_1 added
[  135.510005][ T5155] Bluetooth: hci0: command tx timeout
[  135.533807][ T7562] netlink: 2 bytes leftover after parsing attributes in process `syz.1.382'.
[  135.620449][ T7462] batman_adv: batadv0: Adding interface: batadv_slave_0
[  135.637627][ T7462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  135.694487][ T7462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  135.764583][ T7462] batman_adv: batadv0: Adding interface: batadv_slave_1
[  135.784085][ T7462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  135.856058][ T7462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  136.155850][ T7462] hsr_slave_0: entered promiscuous mode
[  136.186759][ T7593] netlink: 20 bytes leftover after parsing attributes in process `syz.3.389'.
[  136.189316][ T7462] hsr_slave_1: entered promiscuous mode
[  136.232115][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.389'.
[  136.268843][ T7593] netlink: 4 bytes leftover after parsing attributes in process `syz.3.389'.
[  136.502042][ T7598] sctp: [Deprecated]: syz.3.390 (pid 7598) Use of struct sctp_assoc_value in delayed_ack socket option.
[  136.502042][ T7598] Use struct sctp_sack_info instead
[  136.804672][ T7609] netlink: 8 bytes leftover after parsing attributes in process `syz.2.395'.
[  136.933646][ T7612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  137.039598][ T7612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  137.132160][ T7612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  137.324112][ T7462] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  137.361843][ T7462] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  137.400094][ T7462] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  137.437235][ T7462] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  137.589085][ T5155] Bluetooth: hci0: command tx timeout
[  137.595017][ T7634] validate_nla: 1 callbacks suppressed
[  137.595032][ T7634] netlink: 'syz.4.403': attribute type 1 has an invalid length.
[  137.646242][ T7634] netlink: 'syz.4.403': attribute type 1 has an invalid length.
[  137.656052][ T7651] !
: renamed from dummy0 (while UP)
[  137.743071][ T7657] netlink: 'syz.4.407': attribute type 1 has an invalid length.
[  137.803091][ T7462] 8021q: adding VLAN 0 to HW filter on device bond0
[  137.843025][ T7462] 8021q: adding VLAN 0 to HW filter on device team0
[  137.873087][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.880324][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.915888][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.923109][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.201110][ T7679] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  138.604255][ T7462] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.003160][ T7462] veth0_vlan: entered promiscuous mode
[  139.019467][ T7462] veth1_vlan: entered promiscuous mode
[  139.064461][ T7462] veth0_macvtap: entered promiscuous mode
[  139.079701][ T7462] veth1_macvtap: entered promiscuous mode
[  139.105252][ T7462] batman_adv: batadv0: Interface activated: batadv_slave_0
[  139.130331][ T7462] batman_adv: batadv0: Interface activated: batadv_slave_1
[  139.155794][ T6589] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  139.164825][ T6589] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  139.183102][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  139.193401][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  139.274402][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  139.291262][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  139.326725][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  139.338860][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  139.395549][ T7711] __nla_validate_parse: 4 callbacks suppressed
[  139.395568][ T7711] netlink: 12 bytes leftover after parsing attributes in process `syz.3.422'.
[  139.558748][ T7714] xt_connbytes: Forcing CT accounting to be enabled
[  139.574323][ T7716] netlink: 24 bytes leftover after parsing attributes in process `syz.3.424'.
[  139.626572][ T7721] netlink: 8 bytes leftover after parsing attributes in process `syz.1.425'.
[  139.792469][ T7725] netlink: 'syz.1.426': attribute type 1 has an invalid length.
[  139.803455][ T7725] netlink: 224 bytes leftover after parsing attributes in process `syz.1.426'.
[  140.318775][ T7756] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  140.485497][ T7762] geneve2: entered allmulticast mode
[  140.497804][   T49] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  140.498921][ T7765] netlink: 32 bytes leftover after parsing attributes in process `syz.4.439'.
[  140.517022][   T49] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  140.526795][   T49] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  140.556388][   T49] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  140.871417][ T1342] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.411052][ T1342] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.621414][ T7796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.449'.
[  141.635987][ T7800] bond0: left promiscuous mode
[  141.643940][ T7800] bond_slave_0: left promiscuous mode
[  141.653085][ T7800] bond_slave_1: left promiscuous mode
[  141.661849][ T7800] mac80211_hwsim hwsim3 wlan1: left promiscuous mode
[  141.785020][ T1342] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.940127][ T7815] x_tables: duplicate underflow at hook 2
[  141.968080][ T7815] x_tables: duplicate underflow at hook 2
[  141.980461][ T7815] x_tables: duplicate underflow at hook 2
[  142.001709][ T1342] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  142.006940][ T7815] x_tables: duplicate underflow at hook 2
[  142.025896][ T7820] netlink: 4 bytes leftover after parsing attributes in process `syz.3.455'.
[  142.043021][ T7815] x_tables: duplicate underflow at hook 2
[  142.055722][ T7815] x_tables: duplicate underflow at hook 2
[  142.095301][ T7815] x_tables: duplicate underflow at hook 2
[  142.112546][ T7815] x_tables: duplicate underflow at hook 2
[  142.135766][ T7815] x_tables: duplicate underflow at hook 2
[  142.159381][ T7815] x_tables: duplicate underflow at hook 2
[  142.292612][ T1342] bridge_slave_1: left allmulticast mode
[  142.312273][ T1342] bridge_slave_1: left promiscuous mode
[  142.326550][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  142.326574][ T1342] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.356879][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  142.364905][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  142.373008][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  142.382550][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  142.411267][ T1342] bridge_slave_0: left allmulticast mode
[  142.442908][ T1342] bridge_slave_0: left promiscuous mode
[  142.465405][ T1342] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.517608][ T7847] netlink: 4 bytes leftover after parsing attributes in process `syz.4.465'.
[  143.063457][ T7857] netlink: 'syz.3.467': attribute type 9 has an invalid length.
[  143.071460][ T7857] netlink: 212260 bytes leftover after parsing attributes in process `syz.3.467'.
[  143.109424][ T1342] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  143.123717][ T1342] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  143.134888][ T1342] bond0 (unregistering): Released all slaves
[  143.445292][ T7873] netlink: 'syz.1.472': attribute type 1 has an invalid length.
[  143.456532][ T7876] netlink: 'syz.4.473': attribute type 1 has an invalid length.
[  143.498282][ T7876] netlink: 224 bytes leftover after parsing attributes in process `syz.4.473'.
[  143.743792][ T7885] Cannot find add_set index 4 as target
[  143.759626][ T7885] netlink: 'syz.1.476': attribute type 2 has an invalid length.
[  144.377295][ T1342] hsr_slave_0: left promiscuous mode
[  144.391324][ T1342] hsr_slave_1: left promiscuous mode
[  144.398945][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  144.406580][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_0
[  144.416744][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  144.426464][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_1
[  144.450715][ T7912] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  144.466840][ T1342] veth1_macvtap: left promiscuous mode
[  144.468469][ T5836] Bluetooth: hci0: command tx timeout
[  144.475668][ T1342] veth0_macvtap: left promiscuous mode
[  144.484010][ T1342] veth1_vlan: left promiscuous mode
[  144.492237][ T1342] veth0_vlan: left promiscuous mode
[  144.876297][ T1342] team0 (unregistering): Port device team_slave_1 removed
[  144.911237][ T1342] team0 (unregistering): Port device team_slave_0 removed
[  145.388351][ T7831] chnl_net:caif_netlink_parms(): no params data found
[  145.502339][ T5916] IPVS: starting estimator thread 0...
[  145.603862][ T7923] IPVS: using max 29 ests per chain, 69600 per kthread
[  145.841065][   T30] audit: type=1804 audit(1750339610.165:3): pid=7929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.488" name="/newroot/107/cgroup.controllers" dev="tmpfs" ino=563 res=1 errno=0
[  145.891460][   T30] audit: type=1800 audit(1750339610.165:4): pid=7929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.488" name="cgroup.controllers" dev="tmpfs" ino=563 res=0 errno=0
[  145.933095][ T7831] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.942897][ T7831] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.950197][ T7831] bridge_slave_0: entered allmulticast mode
[  145.957641][ T7831] bridge_slave_0: entered promiscuous mode
[  145.980770][ T7831] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.988622][ T7831] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.996185][ T7831] bridge_slave_1: entered allmulticast mode
[  146.004663][ T7831] bridge_slave_1: entered promiscuous mode
[  146.087327][ T7933] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  146.091133][ T7831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.094847][ T7933] IPv6: NLM_F_CREATE should be set when creating new route
[  146.094952][ T7933] IPv6: NLM_F_CREATE should be set when creating new route
[  146.131188][ T7831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.233331][ T7831] team0: Port device team_slave_0 added
[  146.245832][ T7831] team0: Port device team_slave_1 added
[  146.317276][ T7831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  146.326575][ T7831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.352990][ T7831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.367197][ T7831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.377752][ T7831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.404235][ T7831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  146.548496][ T5836] Bluetooth: hci0: command tx timeout
[  146.560224][ T7831] hsr_slave_0: entered promiscuous mode
[  146.571081][ T7831] hsr_slave_1: entered promiscuous mode
[  146.649069][ T7953] syz_tun: entered promiscuous mode
[  146.661210][ T7953] syz_tun: left promiscuous mode
[  146.727509][ T7957] netlink: 'syz.1.499': attribute type 1 has an invalid length.
[  146.735310][ T7957] __nla_validate_parse: 2 callbacks suppressed
[  146.735324][ T7957] netlink: 144 bytes leftover after parsing attributes in process `syz.1.499'.
[  146.752858][ T7957] netlink: 'syz.1.499': attribute type 1 has an invalid length.
[  146.760608][ T7957] netlink: 76 bytes leftover after parsing attributes in process `syz.1.499'.
[  146.805135][ T7963] netlink: 20 bytes leftover after parsing attributes in process `syz.4.498'.
[  147.155262][ T7983] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  147.294469][ T7991] netlink: 'syz.3.511': attribute type 1 has an invalid length.
[  147.336558][ T7991] 8021q: adding VLAN 0 to HW filter on device bond3
[  147.380104][ T7999] hsr0: entered promiscuous mode
[  147.388043][ T7999] macvtap1: entered promiscuous mode
[  147.393540][ T7999] macvtap1: entered allmulticast mode
[  147.400703][ T7999] hsr0: entered allmulticast mode
[  147.405746][ T7999] hsr_slave_0: entered allmulticast mode
[  147.414708][ T7999] hsr_slave_1: entered allmulticast mode
[  147.436613][ T7999] hsr0: left allmulticast mode
[  147.442286][ T7999] hsr_slave_0: left allmulticast mode
[  147.447802][ T7999] hsr_slave_1: left allmulticast mode
[  147.586487][ T8006] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  147.779524][ T7831] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  147.804159][ T7831] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  147.834450][ T7831] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  147.850318][ T7831] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  148.085323][ T7831] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.165263][ T7831] 8021q: adding VLAN 0 to HW filter on device team0
[  148.204012][ T1342] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.211281][ T1342] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.264330][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.271611][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.634401][ T5836] Bluetooth: hci0: command tx timeout
[  148.926187][ T8067] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  148.971996][ T8067] netlink: 28 bytes leftover after parsing attributes in process `syz.1.527'.
[  149.000656][ T7831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.176063][ T7831] veth0_vlan: entered promiscuous mode
[  149.204996][ T7831] veth1_vlan: entered promiscuous mode
[  149.319062][ T7831] veth0_macvtap: entered promiscuous mode
[  149.370206][ T7831] veth1_macvtap: entered promiscuous mode
[  149.483604][ T7831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.531743][ T7831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.574990][ T1342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.603643][ T1342] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.614264][ T1342] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.639472][ T1342] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.648907][ T8088] netlink: 4 bytes leftover after parsing attributes in process `syz.1.533'.
[  149.874502][ T8093] IPv6: addrconf: prefix option has invalid lifetime
[  149.945959][ T8096] netlink: 'syz.3.536': attribute type 1 has an invalid length.
[  149.972285][ T1342] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  149.999469][ T1342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.076812][ T1342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.090501][ T1342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.419430][ T8121] netlink: 'syz.1.543': attribute type 4 has an invalid length.
[  150.419682][ T8119] netlink: 4 bytes leftover after parsing attributes in process `syz.4.544'.
[  150.664760][ T8129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.546'.
[  151.192642][ T8146] netlink: 12 bytes leftover after parsing attributes in process `syz.1.552'.
[  151.244031][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.269445][ T8156] netlink: 176 bytes leftover after parsing attributes in process `syz.4.554'.
[  151.480450][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.640614][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.752923][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.925955][   T36] bridge_slave_1: left allmulticast mode
[  151.932785][   T36] bridge_slave_1: left promiscuous mode
[  151.942629][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.953353][   T36] bridge_slave_0: left allmulticast mode
[  151.961767][   T36] bridge_slave_0: left promiscuous mode
[  151.967658][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.141212][ T8164] x_tables: ip_tables: osf match: only valid for protocol 6
[  152.474268][ T8176] netlink: 'syz.2.559': attribute type 1 has an invalid length.
[  152.490249][ T8176] netlink: 224 bytes leftover after parsing attributes in process `syz.2.559'.
[  152.499486][ T8176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.559'.
[  152.531132][ T8176] netlink: 36 bytes leftover after parsing attributes in process `syz.2.559'.
[  152.636872][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  152.653083][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  152.668715][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  152.692106][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  152.704932][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  152.722763][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.735254][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.751233][   T36] bond0 (unregistering): Released all slaves
[  152.779742][ T8169] netlink: 'syz.3.557': attribute type 1 has an invalid length.
[  153.306511][ T8200] 8021q: VLANs not supported on lo
[  153.354807][ T5842] Bluetooth: hci4: command 0x0405 tx timeout
[  153.821184][ T8221] netlink: 'syz.3.569': attribute type 1 has an invalid length.
[  153.851596][ T8221] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  154.137632][   T30] audit: type=1107 audit(1750339618.455:5): pid=8237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='
ö}¹ç=궾ülyÜŒF™Òè1õ!ɵ(]Ò».e«I{Jϳû
[  154.137632][   T30] ã®!Cx‚ÔÝÏŠc~³Â8eÞC㊣<™î#	¨„w­�‡ døûõØ;@¢Ô9c¤¤¶´èHÎÎÑ}4dÌÙYó÷…ÍNŠ'
[  154.194204][   T36] hsr_slave_0: left promiscuous mode
[  154.227358][   T36] hsr_slave_1: left promiscuous mode
[  154.243955][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  154.262780][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  154.295038][ T8246] netlink: 'syz.1.578': attribute type 1 has an invalid length.
[  154.295598][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  154.315896][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  154.342614][   T36] veth1_macvtap: left promiscuous mode
[  154.348454][   T36] veth0_macvtap: left promiscuous mode
[  154.354239][   T36] veth1_vlan: left promiscuous mode
[  154.362127][   T36] veth0_vlan: left promiscuous mode
[  154.737029][   T36] team0 (unregistering): Port device team_slave_1 removed
[  154.772763][   T36] team0 (unregistering): Port device team_slave_0 removed
[  154.790980][ T5836] Bluetooth: hci0: command tx timeout
[  155.098702][ T8244] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  155.155242][ T8246] 8021q: adding VLAN 0 to HW filter on device bond1
[  155.171052][ T8249] netlink: 'syz.2.579': attribute type 12 has an invalid length.
[  155.212627][ T8258] netlink: 'syz.4.580': attribute type 1 has an invalid length.
[  155.227034][ T8252] bond1: (slave gretap1): making interface the new active one
[  155.235655][ T8258] NCSI netlink: No device for ifindex 0
[  155.248937][ T8252] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  155.404419][ T8267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.583'.
[  155.516028][ T8277] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  155.527024][ T8276] netlink: 'syz.3.585': attribute type 1 has an invalid length.
[  155.607485][ T8180] chnl_net:caif_netlink_parms(): no params data found
[  155.608828][    C0] vcan0: j1939_tp_rxtimer: 0xffff888033e2c400: rx timeout, send abort
[  155.703926][ T8286] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.587'.
[  155.763486][ T8279] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.587'.
[  155.811383][ T8180] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.825374][ T8180] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.832991][ T8180] bridge_slave_0: entered allmulticast mode
[  155.882242][ T8180] bridge_slave_0: entered promiscuous mode
[  155.886817][ T8292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.589'.
[  155.909145][ T8180] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.916284][ T8180] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.932263][ T8180] bridge_slave_1: entered allmulticast mode
[  155.946686][ T8180] bridge_slave_1: entered promiscuous mode
[  155.982304][ T8292] geneve2: entered promiscuous mode
[  155.987695][ T8292] geneve2: entered allmulticast mode
[  156.016313][   T13] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 45448 - 0
[  156.047251][ T8180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.057126][   T13] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 45448 - 0
[  156.070802][ T8180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.123105][    C0] vcan0: j1939_tp_rxtimer: 0xffff888033e2c400: abort rx timeout. Force session deactivation
[  156.251173][   T13] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 45448 - 0
[  156.299959][ T8180] team0: Port device team_slave_0 added
[  156.362434][ T8180] team0: Port device team_slave_1 added
[  156.386087][   T13] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 45448 - 0
[  156.412359][ T8313] tipc: Started in network mode
[  156.427944][ T8313] tipc: Node identity , cluster identity 4711
[  156.448000][ T8313] tipc: Failed to set node id, please configure manually
[  156.464040][ T8313] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  156.504589][ T8320] netlink: 8 bytes leftover after parsing attributes in process `syz.3.598'.
[  156.527146][ T8320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.598'.
[  156.554733][ T8320] netlink: 'syz.3.598': attribute type 14 has an invalid length.
[  156.607053][ T8320] netlink: 'syz.3.598': attribute type 11 has an invalid length.
[  156.676761][ T8180] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.704843][ T8180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.758106][ T8180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.786655][ T8321] netlink: 'syz.3.598': attribute type 1 has an invalid length.
[  156.817838][ T8180] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.839716][ T8180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.868073][ T5836] Bluetooth: hci0: command tx timeout
[  156.927345][ T8180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.053725][ T8334] bridge_slave_0: left allmulticast mode
[  157.076692][ T8334] bridge_slave_0: left promiscuous mode
[  157.084766][ T8334] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.133737][ T8334] bridge_slave_1: left allmulticast mode
[  157.141754][ T8334] bridge_slave_1: left promiscuous mode
[  157.150143][ T8334] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.184816][ T8334] bond0: (slave bond_slave_0): Releasing backup interface
[  157.197561][ T8334] bond0: (slave bond_slave_1): Releasing backup interface
[  157.220546][ T8334] team0: Port device team_slave_0 removed
[  157.241618][ T8334] team0: Port device team_slave_1 removed
[  157.270260][ T8334] bond0: (slave wlan1): Releasing backup interface
[  157.287110][ T8342] team0: Mode changed to "broadcast"
[  157.317636][ T8350] vlan0: entered promiscuous mode
[  157.375666][ T8350] team0: Port device vlan0 added
[  157.578389][ T8180] hsr_slave_0: entered promiscuous mode
[  157.584953][ T8180] hsr_slave_1: entered promiscuous mode
[  157.628877][ T8367] xt_hashlimit: size too large, truncated to 1048576
[  157.771844][ T8370] 
: renamed from batadv0
[  157.865801][ T8369] team0: Port device vlan0 removed
[  158.045774][ T8376] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (64)
[  158.055755][ T8381] netlink: 'syz.2.615': attribute type 1 has an invalid length.
[  158.134767][ T8386] netlink: 8 bytes leftover after parsing attributes in process `syz.4.616'.
[  158.172723][ T8386] netlink: 8 bytes leftover after parsing attributes in process `syz.4.616'.
[  158.200179][ T8384] tipc: Started in network mode
[  158.209464][ T8384] tipc: Node identity , cluster identity 4711
[  158.226937][ T8384] tipc: Failed to obtain node identity
[  158.238071][ T8384] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[  158.282767][ T8386] Cannot find add_set index 0 as target
[  158.348187][ T8381] veth0_macvtap: left promiscuous mode
[  158.353963][ T8381] macvtap0: entered promiscuous mode
[  158.362616][ T8381] macvtap0: entered allmulticast mode
[  158.373571][ T8381] A link change request failed with some changes committed already. Interface macvtap0 may have been left with an inconsistent configuration, please check.
[  158.414762][ T8388] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  158.949500][ T5836] Bluetooth: hci0: command tx timeout
[  159.139704][ T8417] netlink: 'syz.1.622': attribute type 1 has an invalid length.
[  159.298639][ T8417] 8021q: adding VLAN 0 to HW filter on device bond2
[  159.348614][ T8437] netlink: 16 bytes leftover after parsing attributes in process `syz.2.627'.
[  159.352079][ T8424] bond2: (slave veth0_to_bond): making interface the new active one
[  159.374998][ T8424] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  159.692749][ T8459] sctp: [Deprecated]: syz.4.633 (pid 8459) Use of int in max_burst socket option.
[  159.692749][ T8459] Use struct sctp_assoc_value instead
[  159.828543][ T8467] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc
[  159.877649][ T8461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.919332][ T8477] netlink: 48 bytes leftover after parsing attributes in process `syz.4.636'.
[  159.938695][ T8477] netlink: 4 bytes leftover after parsing attributes in process `syz.4.636'.
[  159.958881][ T8461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  160.008965][ T8180] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  160.030879][ T8180] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  160.051718][ T8180] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  160.081489][ T8469] syzkaller1: entered promiscuous mode
[  160.102589][ T8469] syzkaller1: entered allmulticast mode
[  160.262068][ T8461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.275018][ T8461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  160.311305][ T8180] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  160.372404][ T8479] syz_tun: refused to change device tx_queue_len
[  160.379348][ T8479] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  160.429698][ T8481] syz_tun: refused to change device tx_queue_len
[  160.436295][ T8481] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  160.524826][ T8461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.548005][ T8461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  160.625962][ T8492] netlink: 1041 bytes leftover after parsing attributes in process `syz.4.638'.
[  160.732891][ T8461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.751458][ T8461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  160.892875][ T8180] 8021q: adding VLAN 0 to HW filter on device bond0
[  160.908676][ T6589] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  160.916978][ T6589] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  160.954361][   T49] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  160.965916][   T49] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  160.995659][ T6589] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  161.007168][ T6589] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  161.021123][ T8180] 8021q: adding VLAN 0 to HW filter on device team0
[  161.028731][ T5836] Bluetooth: hci0: command tx timeout
[  161.047386][   T36] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  161.058306][   T36] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  161.083029][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.090247][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.139008][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.146223][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.529091][ T8520] openvswitch: netlink: IPv4 tun info is not correct
[  161.562871][ T8520] IPv6: NLM_F_CREATE should be specified when creating new route
[  161.745886][ T8180] 8021q: adding VLAN 0 to HW filter on device batadv0
[  161.957332][ T8180] veth0_vlan: entered promiscuous mode
[  162.020059][ T8536] netlink: 'syz.3.651': attribute type 1 has an invalid length.
[  162.035973][ T8180] veth1_vlan: entered promiscuous mode
[  162.046415][ T8536] netlink: 'syz.3.651': attribute type 2 has an invalid length.
[  162.149082][ T8180] veth0_macvtap: entered promiscuous mode
[  162.175555][ T8180] veth1_macvtap: entered promiscuous mode
[  162.231675][ T8180] batman_adv: batadv0: Interface activated: batadv_slave_0
[  162.276778][ T8180] batman_adv: batadv0: Interface activated: batadv_slave_1
[  162.320154][ T1321] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  162.323156][ T8543] netlink: 24 bytes leftover after parsing attributes in process `syz.3.653'.
[  162.338622][ T1321] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  162.368374][ T1321] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  162.397893][ T1321] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  162.600201][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.633339][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.795706][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.818079][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.845127][ T8553] netlink: 40 bytes leftover after parsing attributes in process `syz.4.657'.
[  162.860339][ T8553] netlink: 40 bytes leftover after parsing attributes in process `syz.4.657'.
[  162.908056][ T8553] netlink: 11 bytes leftover after parsing attributes in process `syz.4.657'.
[  162.946596][ T8553] Bluetooth: MGMT ver 1.23
[  163.828512][ T8569] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.141103][ T1342] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.296690][ T8569] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.403499][ T8569] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.575276][ T8569] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.681255][ T1342] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.818937][ T6589] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  164.891009][ T1342] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.938690][ T6589] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.948106][   T36] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.973249][ T6589] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.076847][ T1342] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.171320][ T8594] __nla_validate_parse: 3 callbacks suppressed
[  165.171336][ T8594] netlink: 8 bytes leftover after parsing attributes in process `syz.3.666'.
[  165.506230][ T8599] netlink: 'syz.1.668': attribute type 1 has an invalid length.
[  165.695708][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  165.704289][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  165.712456][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  165.720680][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  165.730474][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  165.736015][ T8600] 8021q: adding VLAN 0 to HW filter on device bond4
[  165.760581][ T8599] netlink: 28 bytes leftover after parsing attributes in process `syz.1.668'.
[  165.772312][ T8600] bond3: (slave bond4): making interface the new active one
[  165.781538][ T8600] bond3: (slave bond4): Enslaving as an active interface with an up link
[  165.801633][ T8609] netlink: 'syz.2.669': attribute type 1 has an invalid length.
[  165.809492][ T8609] netlink: 224 bytes leftover after parsing attributes in process `syz.2.669'.
[  165.819065][ T1342] bridge_slave_1: left allmulticast mode
[  165.827567][ T1342] bridge_slave_1: left promiscuous mode
[  165.830174][ T8609] netlink: 8 bytes leftover after parsing attributes in process `syz.2.669'.
[  165.840466][ T1342] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.857285][ T1342] bridge_slave_0: left allmulticast mode
[  165.865459][ T1342] bridge_slave_0: left promiscuous mode
[  165.877809][ T1342] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.136981][ T8619] netlink: 16 bytes leftover after parsing attributes in process `syz.4.671'.
[  166.397236][ T1342] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  166.411779][ T1342] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  166.423102][ T1342] bond0 (unregistering): Released all slaves
[  166.441922][ T8604] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744072284733443)
[  166.454202][ T8604] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647
[  166.494474][ T8599] 8021q: adding VLAN 0 to HW filter on device bond3
[  166.509990][ T8621] netdevsim netdevsim3: Direct firmware load for ÈöníñÆgkNšÄq>ä*x(Oˆ@ failed with error -2
[  166.538767][ T8621] netdevsim netdevsim3: Falling back to sysfs fallback for: ÈöníñÆgkNšÄq>ä*x(Oˆ@
[  167.635812][ T1342] hsr_slave_0: left promiscuous mode
[  167.673016][ T1342] hsr_slave_1: left promiscuous mode
[  167.699210][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  167.714013][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_0
[  167.735942][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  167.755534][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_1
[  167.792804][ T1342] veth1_macvtap: left promiscuous mode
[  167.802527][ T1342] veth0_macvtap: left promiscuous mode
[  167.816711][ T1342] veth1_vlan: left promiscuous mode
[  167.822310][ T1342] veth0_vlan: left promiscuous mode
[  167.828813][ T5842] Bluetooth: hci0: command tx timeout
[  167.911879][ T8670] netlink: 8 bytes leftover after parsing attributes in process `syz.3.688'.
[  167.969866][ T8671] Cannot find add_set index 2 as target
[  167.998843][ T8671] ip6t_srh: unknown srh invflags 4449
[  168.434510][ T1342] team0 (unregistering): Port device team_slave_1 removed
[  168.484576][ T1342] team0 (unregistering): Port device team_slave_0 removed
[  169.550981][ T8695] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551615)
[  169.561608][ T8695] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[  169.815204][ T8606] chnl_net:caif_netlink_parms(): no params data found
[  169.908371][ T5842] Bluetooth: hci0: command tx timeout
[  170.109013][ T8711] syz0: rxe_newlink: already configured on bond_slave_1
[  170.279877][ T8606] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.290233][ T8606] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.297430][ T8606] bridge_slave_0: entered allmulticast mode
[  170.310287][ T8606] bridge_slave_0: entered promiscuous mode
[  170.345083][ T8606] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.345373][ T8716] netlink: 'syz.1.701': attribute type 10 has an invalid length.
[  170.366432][ T8606] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.377358][ T8606] bridge_slave_1: entered allmulticast mode
[  170.385914][ T8606] bridge_slave_1: entered promiscuous mode
[  170.530594][ T8716] bond0: (slave wlan1): Enslaving as an active interface with a down link
[  170.975771][ T8606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.058246][ T8606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  171.377760][ T8606] team0: Port device team_slave_0 added
[  171.702909][ T8745] netlink: 36 bytes leftover after parsing attributes in process `syz.3.708'.
[  171.815160][ T8606] team0: Port device team_slave_1 added
[  171.988099][ T5842] Bluetooth: hci0: command tx timeout
[  172.018215][ T8748] netlink: 'syz.3.709': attribute type 1 has an invalid length.
[  172.050666][ T8748] netlink: 224 bytes leftover after parsing attributes in process `syz.3.709'.
[  172.083070][ T8751] netlink: 44 bytes leftover after parsing attributes in process `syz.4.711'.
[  172.083516][ T8748] netlink: 8 bytes leftover after parsing attributes in process `syz.3.709'.
[  172.135155][ T8747] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[  172.191637][ T8606] batman_adv: batadv0: Adding interface: batadv_slave_0
[  172.231210][ T8606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.289912][ T8761] netlink: 'syz.1.710': attribute type 1 has an invalid length.
[  172.291733][ T8606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  172.343544][ T8606] batman_adv: batadv0: Adding interface: batadv_slave_1
[  172.368187][ T8606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.420697][ T8606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  172.473768][ T8761] 8021q: adding VLAN 0 to HW filter on device bond5
[  172.563787][ T8765] bond5: (slave geneve3): making interface the new active one
[  172.610862][ T8765] bond5: (slave geneve3): Enslaving as an active interface with an up link
[  172.638364][ T8776] netlink: 20 bytes leftover after parsing attributes in process `syz.3.717'.
[  172.779028][ T8776] netlink: 20 bytes leftover after parsing attributes in process `syz.3.717'.
[  172.780217][ T8606] hsr_slave_0: entered promiscuous mode
[  172.797564][ T8606] hsr_slave_1: entered promiscuous mode
[  173.262822][ T8791] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  173.383808][ T8796] netlink: 9 bytes leftover after parsing attributes in process `syz.1.724'.
[  173.431214][ T8796] gretap0: entered promiscuous mode
[  173.526852][ T8791] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  173.729970][ T8804] netlink: 'syz.2.725': attribute type 1 has an invalid length.
[  173.737676][ T8804] netlink: 'syz.2.725': attribute type 11 has an invalid length.
[  173.790105][ T8804] netlink: 220 bytes leftover after parsing attributes in process `syz.2.725'.
[  174.068198][ T5842] Bluetooth: hci0: command tx timeout
[  174.258908][ T8815] netlink: 4 bytes leftover after parsing attributes in process `syz.1.729'.
[  174.324592][ T8815] geneve4: entered promiscuous mode
[  174.364087][ T8815] geneve4: entered allmulticast mode
[  174.551333][   T12] netdevsim netdevsim1 eth0: set [1, 2] type 2 family 0 port 50676 - 0
[  174.568481][   T12] netdevsim netdevsim1 eth1: set [1, 2] type 2 family 0 port 50676 - 0
[  174.626324][ T8823] netlink: 'syz.2.731': attribute type 11 has an invalid length.
[  174.634830][   T12] netdevsim netdevsim1 eth2: set [1, 2] type 2 family 0 port 50676 - 0
[  174.651151][   T12] netdevsim netdevsim1 eth3: set [1, 2] type 2 family 0 port 50676 - 0
[  174.729699][ T8829] netlink: 4 bytes leftover after parsing attributes in process `syz.3.733'.
[  174.758784][ T8825] netlink: 'syz.3.733': attribute type 4 has an invalid length.
[  175.021745][ T8606] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  175.068992][ T8606] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  175.099331][ T8606] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  175.447987][ T8606] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  175.548458][ T8855] lo speed is unknown, defaulting to 1000
[  175.660604][ T8855] lo speed is unknown, defaulting to 1000
[  175.713838][ T8855] lo speed is unknown, defaulting to 1000
[  175.725048][ T8855] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  175.775291][ T8855] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  175.831790][ T8855] lo speed is unknown, defaulting to 1000
[  175.861158][ T8855] lo speed is unknown, defaulting to 1000
[  175.870445][ T8855] lo speed is unknown, defaulting to 1000
[  175.876594][ T8606] 8021q: adding VLAN 0 to HW filter on device bond0
[  175.935153][ T8855] lo speed is unknown, defaulting to 1000
[  175.968426][ T8855] lo speed is unknown, defaulting to 1000
[  175.982517][ T8606] 8021q: adding VLAN 0 to HW filter on device team0
[  176.010304][ T8865] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[  176.113561][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.120741][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.170832][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.178015][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.663364][ T8888] netlink: 'syz.3.747': attribute type 5 has an invalid length.
[  176.884625][ T8892] Bluetooth: MGMT ver 1.23
[  177.256013][ T8606] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.448923][ T8895] bond1: left promiscuous mode
[  177.453835][ T8895] bond1: left allmulticast mode
[  177.474758][ T8895] ipvlan2: left promiscuous mode
[  177.485567][ T8895] geneve2: left promiscuous mode
[  177.491875][ T8895] geneve2: left allmulticast mode
[  177.512207][ T1342] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 45448 - 0
[  177.521663][   T77] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 45448 - 0
[  177.542904][   T77] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 45448 - 0
[  177.592907][   T77] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 45448 - 0
[  177.721643][ T8606] veth0_vlan: entered promiscuous mode
[  177.772373][ T8606] veth1_vlan: entered promiscuous mode
[  177.866749][ T8606] veth0_macvtap: entered promiscuous mode
[  177.903528][ T8606] veth1_macvtap: entered promiscuous mode
[  177.924729][ T8910] netlink: 'syz.4.754': attribute type 10 has an invalid length.
[  177.958431][ T8910] __nla_validate_parse: 5 callbacks suppressed
[  177.958451][ T8910] netlink: 40 bytes leftover after parsing attributes in process `syz.4.754'.
[  178.038675][ T8606] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.067709][ T8910] batman_adv: 
: Adding interface: virt_wifi0
[  178.107809][ T8910] batman_adv: 
: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  178.136357][ T8910] batman_adv: 
: Interface activated: virt_wifi0
[  178.174575][ T8606] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.241273][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.267932][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.373625][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.402341][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.481456][ T8924] ip6gretap0: entered promiscuous mode
[  178.497119][ T8924] vlan2: entered promiscuous mode
[  178.555416][ T8931] netlink: 176 bytes leftover after parsing attributes in process `syz.2.757'.
[  178.585555][ T8909] lo speed is unknown, defaulting to 1000
[  178.604815][ T8926] siw: device registration error -23
[  178.794155][ T8934] netlink: 'syz.3.760': attribute type 1 has an invalid length.
[  178.826037][ T6589] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  178.858171][ T6589] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  178.954068][ T8935] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  179.006642][ T8934] tipc: Started in network mode
[  179.022221][ T8934] tipc: Node identity , cluster identity 4711
[  179.062692][ T8934] tipc: Failed to obtain node identity
[  179.082926][ T8934] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[  179.162417][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.190996][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.643203][ T8950] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  179.680809][ T8950] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.725110][ T8958] netlink: 12 bytes leftover after parsing attributes in process `syz.2.764'.
[  180.001320][ T8976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.124049][ T8950] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  180.160417][ T8950] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.519783][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.783097][ T8950] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  180.868334][ T8950] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.031096][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.100943][ T8950] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  181.127946][ T8950] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.206071][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.451332][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.542127][ T8973] lo speed is unknown, defaulting to 1000
[  181.587647][ T6589] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  181.618127][ T6589] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  181.659468][ T6589] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  181.668000][ T6589] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  181.707600][ T8999] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  181.737321][ T8999] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  181.757079][ T9014] netlink: 'syz.2.771': attribute type 4 has an invalid length.
[  181.774696][ T8999] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  181.786904][ T9014] netlink: 'syz.2.771': attribute type 4 has an invalid length.
[  181.803244][ T8999] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  181.894674][ T9018] netlink: 'syz.2.772': attribute type 1 has an invalid length.
[  181.939331][ T8953] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  181.980381][ T8953] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.997213][ T8999] ==================================================================
[  182.005324][ T8999] BUG: KASAN: slab-use-after-free in __mutex_lock+0x144/0xe80
[  182.012820][ T8999] Read of size 8 at addr ffff88802c71a4b0 by task kworker/u8:12/8999
[  182.020899][ T8999] 
[  182.023247][ T8999] CPU: 1 UID: 0 PID: 8999 Comm: kworker/u8:12 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) 
[  182.023270][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  182.023283][ T8999] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  182.023316][ T8999] Call Trace:
[  182.023324][ T8999]  <TASK>
[  182.023331][ T8999]  dump_stack_lvl+0x189/0x250
[  182.023361][ T8999]  ? __virt_addr_valid+0x1c8/0x5c0
[  182.023378][ T8999]  ? rcu_is_watching+0x15/0xb0
[  182.023404][ T8999]  ? __kasan_check_byte+0x12/0x40
[  182.023422][ T8999]  ? __pfx_dump_stack_lvl+0x10/0x10
[  182.023448][ T8999]  ? rcu_is_watching+0x15/0xb0
[  182.023475][ T8999]  ? lock_release+0x4b/0x3e0
[  182.023501][ T8999]  ? __virt_addr_valid+0x1c8/0x5c0
[  182.023519][ T8999]  ? __virt_addr_valid+0x4a5/0x5c0
[  182.023537][ T8999]  print_report+0xd2/0x2b0
[  182.023560][ T8999]  ? __mutex_lock+0x144/0xe80
[  182.023575][ T8999]  kasan_report+0x118/0x150
[  182.023592][ T8999]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  182.023619][ T8999]  ? __mutex_lock+0x144/0xe80
[  182.023650][ T8999]  __mutex_lock+0x144/0xe80
[  182.023664][ T8999]  ? __lock_acquire+0xab9/0xd20
[  182.023685][ T8999]  ? __mutex_lock+0x51b/0xe80
[  182.023702][ T8999]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  182.023722][ T8999]  ? __pfx___mutex_lock+0x10/0x10
[  182.023739][ T8999]  ? __lock_acquire+0xab9/0xd20
[  182.023792][ T8999]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  182.023814][ T8999]  ? process_scheduled_works+0x9ef/0x17b0
[  182.023838][ T8999]  ? process_scheduled_works+0x9ef/0x17b0
[  182.023862][ T8999]  process_scheduled_works+0xae1/0x17b0
[  182.023898][ T8999]  ? __pfx_process_scheduled_works+0x10/0x10
[  182.023929][ T8999]  worker_thread+0x8a0/0xda0
[  182.023964][ T8999]  kthread+0x70e/0x8a0
[  182.023982][ T8999]  ? __pfx_worker_thread+0x10/0x10
[  182.024008][ T8999]  ? __pfx_kthread+0x10/0x10
[  182.024025][ T8999]  ? _raw_spin_unlock_irq+0x23/0x50
[  182.024047][ T8999]  ? lockdep_hardirqs_on+0x9c/0x150
[  182.024070][ T8999]  ? __pfx_kthread+0x10/0x10
[  182.024087][ T8999]  ret_from_fork+0x3fc/0x770
[  182.024110][ T8999]  ? __pfx_ret_from_fork+0x10/0x10
[  182.024134][ T8999]  ? __switch_to_asm+0x39/0x70
[  182.024150][ T8999]  ? __switch_to_asm+0x33/0x70
[  182.024165][ T8999]  ? __pfx_kthread+0x10/0x10
[  182.024182][ T8999]  ret_from_fork_asm+0x1a/0x30
[  182.024205][ T8999]  </TASK>
[  182.024211][ T8999] 
[  182.254267][ T8999] Allocated by task 8950:
[  182.258587][ T8999]  kasan_save_track+0x3e/0x80
[  182.263278][ T8999]  __kasan_kmalloc+0x93/0xb0
[  182.267868][ T8999]  __kmalloc_noprof+0x27a/0x4f0
[  182.272708][ T8999]  udp_tunnel_nic_netdevice_event+0x854/0x19f0
[  182.278864][ T8999]  notifier_call_chain+0x1b3/0x3e0
[  182.283989][ T8999]  register_netdevice+0x1608/0x1ae0
[  182.289196][ T8999]  nsim_create+0xb19/0xef0
[  182.293622][ T8999]  __nsim_dev_port_add+0x70a/0xb20
[  182.298729][ T8999]  nsim_dev_port_add_all+0x35/0xe0
[  182.303849][ T8999]  nsim_dev_reload_up+0x451/0x780
[  182.308868][ T8999]  devlink_reload+0x4ec/0x8d0
[  182.313542][ T8999]  devlink_nl_reload_doit+0xb35/0xd50
[  182.318911][ T8999]  genl_family_rcv_msg_doit+0x215/0x300
[  182.324465][ T8999]  genl_rcv_msg+0x60e/0x790
[  182.328972][ T8999]  netlink_rcv_skb+0x205/0x470
[  182.333740][ T8999]  genl_rcv+0x28/0x40
[  182.337728][ T8999]  netlink_unicast+0x758/0x8d0
[  182.342488][ T8999]  netlink_sendmsg+0x805/0xb30
[  182.347251][ T8999]  __sock_sendmsg+0x219/0x270
[  182.351922][ T8999]  ____sys_sendmsg+0x505/0x830
[  182.356691][ T8999]  ___sys_sendmsg+0x21f/0x2a0
[  182.361380][ T8999]  __x64_sys_sendmsg+0x19b/0x260
[  182.366322][ T8999]  do_syscall_64+0xfa/0x3b0
[  182.370818][ T8999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.376711][ T8999] 
[  182.379037][ T8999] Freed by task 8953:
[  182.383010][ T8999]  kasan_save_track+0x3e/0x80
[  182.387692][ T8999]  kasan_save_free_info+0x46/0x50
[  182.392721][ T8999]  __kasan_slab_free+0x62/0x70
[  182.397478][ T8999]  kfree+0x18e/0x440
[  182.401373][ T8999]  udp_tunnel_nic_netdevice_event+0x1332/0x19f0
[  182.407609][ T8999]  notifier_call_chain+0x1b3/0x3e0
[  182.412723][ T8999]  unregister_netdevice_many_notify+0x15d8/0x2320
[  182.419599][ T8999]  unregister_netdevice_queue+0x33c/0x380
[  182.425323][ T8999]  nsim_destroy+0x1f6/0x670
[  182.429830][ T8999]  __nsim_dev_port_del+0x14d/0x1b0
[  182.434936][ T8999]  nsim_dev_reload_destroy+0x288/0x490
[  182.440395][ T8999]  nsim_dev_reload_down+0x8a/0xc0
[  182.445428][ T8999]  devlink_reload+0x1b3/0x8d0
[  182.450099][ T8999]  devlink_nl_reload_doit+0xb35/0xd50
[  182.455469][ T8999]  genl_family_rcv_msg_doit+0x215/0x300
[  182.461019][ T8999]  genl_rcv_msg+0x60e/0x790
[  182.465518][ T8999]  netlink_rcv_skb+0x205/0x470
[  182.470277][ T8999]  genl_rcv+0x28/0x40
[  182.474254][ T8999]  netlink_unicast+0x758/0x8d0
[  182.479008][ T8999]  netlink_sendmsg+0x805/0xb30
[  182.483774][ T8999]  __sock_sendmsg+0x219/0x270
[  182.488445][ T8999]  ____sys_sendmsg+0x505/0x830
[  182.493213][ T8999]  ___sys_sendmsg+0x21f/0x2a0
[  182.497885][ T8999]  __x64_sys_sendmsg+0x19b/0x260
[  182.502817][ T8999]  do_syscall_64+0xfa/0x3b0
[  182.507312][ T8999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.513205][ T8999] 
[  182.515524][ T8999] Last potentially related work creation:
[  182.521230][ T8999]  kasan_save_stack+0x3e/0x60
[  182.525907][ T8999]  kasan_record_aux_stack+0xbd/0xd0
[  182.531104][ T8999]  insert_work+0x3d/0x330
[  182.535444][ T8999]  __queue_work+0xbd9/0xfe0
[  182.540029][ T8999]  queue_work_on+0x181/0x270
[  182.544608][ T8999]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  182.550231][ T8999]  udp_tunnel_push_rx_port+0x180/0x200
[  182.555688][ T8999]  geneve_offload_rx_ports+0xd7/0x160
[  182.561067][ T8999]  geneve_netdevice_event+0x6a/0x80
[  182.566257][ T8999]  notifier_call_chain+0x1b3/0x3e0
[  182.571372][ T8999]  call_netdevice_notifiers+0x88/0xc0
[  182.576740][ T8999]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[  182.582973][ T8999]  notifier_call_chain+0x1b3/0x3e0
[  182.588087][ T8999]  register_netdevice+0x1608/0x1ae0
[  182.593283][ T8999]  nsim_create+0xb19/0xef0
[  182.597702][ T8999]  __nsim_dev_port_add+0x70a/0xb20
[  182.602842][ T8999]  nsim_dev_port_add_all+0x35/0xe0
[  182.607952][ T8999]  nsim_dev_reload_up+0x451/0x780
[  182.612993][ T8999]  devlink_reload+0x4ec/0x8d0
[  182.617660][ T8999]  devlink_nl_reload_doit+0xb35/0xd50
[  182.623023][ T8999]  genl_family_rcv_msg_doit+0x215/0x300
[  182.628574][ T8999]  genl_rcv_msg+0x60e/0x790
[  182.633085][ T8999]  netlink_rcv_skb+0x205/0x470
[  182.637843][ T8999]  genl_rcv+0x28/0x40
[  182.641831][ T8999]  netlink_unicast+0x758/0x8d0
[  182.646591][ T8999]  netlink_sendmsg+0x805/0xb30
[  182.651361][ T8999]  __sock_sendmsg+0x219/0x270
[  182.656042][ T8999]  ____sys_sendmsg+0x505/0x830
[  182.660887][ T8999]  ___sys_sendmsg+0x21f/0x2a0
[  182.665559][ T8999]  __x64_sys_sendmsg+0x19b/0x260
[  182.670491][ T8999]  do_syscall_64+0xfa/0x3b0
[  182.674987][ T8999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.680876][ T8999] 
[  182.683190][ T8999] Second to last potentially related work creation:
[  182.689760][ T8999]  kasan_save_stack+0x3e/0x60
[  182.694437][ T8999]  kasan_record_aux_stack+0xbd/0xd0
[  182.699635][ T8999]  insert_work+0x3d/0x330
[  182.703976][ T8999]  __queue_work+0xcfc/0xfe0
[  182.708483][ T8999]  queue_work_on+0x181/0x270
[  182.713070][ T8999]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  182.718699][ T8999]  udp_tunnel_push_rx_port+0x180/0x200
[  182.724166][ T8999]  vxlan_offload_rx_ports+0x139/0x200
[  182.729547][ T8999]  vxlan_netdevice_event+0x111/0x470
[  182.734838][ T8999]  notifier_call_chain+0x1b3/0x3e0
[  182.739976][ T8999]  call_netdevice_notifiers+0x88/0xc0
[  182.745354][ T8999]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[  182.751669][ T8999]  notifier_call_chain+0x1b3/0x3e0
[  182.756798][ T8999]  register_netdevice+0x1608/0x1ae0
[  182.762019][ T8999]  nsim_create+0xb19/0xef0
[  182.766441][ T8999]  __nsim_dev_port_add+0x70a/0xb20
[  182.771544][ T8999]  nsim_dev_port_add_all+0x35/0xe0
[  182.776662][ T8999]  nsim_dev_reload_up+0x451/0x780
[  182.781697][ T8999]  devlink_reload+0x4ec/0x8d0
[  182.786368][ T8999]  devlink_nl_reload_doit+0xb35/0xd50
[  182.791744][ T8999]  genl_family_rcv_msg_doit+0x215/0x300
[  182.797301][ T8999]  genl_rcv_msg+0x60e/0x790
[  182.801808][ T8999]  netlink_rcv_skb+0x205/0x470
[  182.806569][ T8999]  genl_rcv+0x28/0x40
[  182.810544][ T8999]  netlink_unicast+0x758/0x8d0
[  182.815303][ T8999]  netlink_sendmsg+0x805/0xb30
[  182.820079][ T8999]  __sock_sendmsg+0x219/0x270
[  182.824770][ T8999]  ____sys_sendmsg+0x505/0x830
[  182.829542][ T8999]  ___sys_sendmsg+0x21f/0x2a0
[  182.834253][ T8999]  __x64_sys_sendmsg+0x19b/0x260
[  182.839206][ T8999]  do_syscall_64+0xfa/0x3b0
[  182.843716][ T8999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  182.849616][ T8999] 
[  182.851935][ T8999] The buggy address belongs to the object at ffff88802c71a400
[  182.851935][ T8999]  which belongs to the cache kmalloc-256 of size 256
[  182.865982][ T8999] The buggy address is located 176 bytes inside of
[  182.865982][ T8999]  freed 256-byte region [ffff88802c71a400, ffff88802c71a500)
[  182.879779][ T8999] 
[  182.882098][ T8999] The buggy address belongs to the physical page:
[  182.888499][ T8999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c71a
[  182.897258][ T8999] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  182.905744][ T8999] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  182.913312][ T8999] page_type: f5(slab)
[  182.917286][ T8999] raw: 00fff00000000040 ffff88801a441b40 dead000000000100 dead000000000122
[  182.925869][ T8999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  182.934457][ T8999] head: 00fff00000000040 ffff88801a441b40 dead000000000100 dead000000000122
[  182.943126][ T8999] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  182.951796][ T8999] head: 00fff00000000001 ffffea0000b1c681 00000000ffffffff 00000000ffffffff
[  182.960468][ T8999] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  182.969133][ T8999] page dumped because: kasan: bad access detected
[  182.975556][ T8999] page_owner tracks the page as allocated
[  182.981274][ T8999] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8523, tgid 8522 (syz.1.646), ts 162226946370, free_ts 81974581683
[  183.002468][ T8999]  post_alloc_hook+0x240/0x2a0
[  183.007235][ T8999]  get_page_from_freelist+0x21e4/0x22c0
[  183.012813][ T8999]  __alloc_frozen_pages_noprof+0x181/0x370
[  183.018625][ T8999]  alloc_pages_mpol+0x232/0x4a0
[  183.023475][ T8999]  allocate_slab+0x8a/0x3b0
[  183.027977][ T8999]  ___slab_alloc+0xbfc/0x1480
[  183.032655][ T8999]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  183.039077][ T8999]  krealloc_noprof+0x124/0x340
[  183.043841][ T8999]  copy_array+0x63/0xf0
[  183.047993][ T8999]  copy_verifier_state+0x848/0xed0
[  183.053107][ T8999]  do_check+0x4c44/0xd450
[  183.057433][ T8999]  do_check_common+0x168d/0x20b0
[  183.062367][ T8999]  bpf_check+0x13664/0x19c60
[  183.066950][ T8999]  bpf_prog_load+0x1318/0x1930
[  183.071709][ T8999]  __sys_bpf+0x5f1/0x860
[  183.075958][ T8999]  __x64_sys_bpf+0x7c/0x90
[  183.080369][ T8999] page last free pid 5839 tgid 5839 stack trace:
[  183.086684][ T8999]  __free_frozen_pages+0xc71/0xe70
[  183.091789][ T8999]  __put_partials+0x161/0x1c0
[  183.096462][ T8999]  put_cpu_partial+0x17c/0x250
[  183.101218][ T8999]  __slab_free+0x2f7/0x400
[  183.105629][ T8999]  qlist_free_all+0x97/0x140
[  183.110222][ T8999]  kasan_quarantine_reduce+0x148/0x160
[  183.115693][ T8999]  __kasan_slab_alloc+0x22/0x80
[  183.120536][ T8999]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  183.126419][ T8999]  kmalloc_reserve+0xbd/0x290
[  183.131092][ T8999]  __alloc_skb+0x142/0x2d0
[  183.135504][ T8999]  netlink_ack+0x146/0xa50
[  183.139916][ T8999]  netlink_rcv_skb+0x28c/0x470
[  183.144679][ T8999]  netlink_unicast+0x758/0x8d0
[  183.149437][ T8999]  netlink_sendmsg+0x805/0xb30
[  183.154204][ T8999]  __sock_sendmsg+0x219/0x270
[  183.158877][ T8999]  __sys_sendto+0x3bd/0x520
[  183.163386][ T8999] 
[  183.165716][ T8999] Memory state around the buggy address:
[  183.171334][ T8999]  ffff88802c71a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  183.179478][ T8999]  ffff88802c71a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  183.187540][ T8999] >ffff88802c71a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  183.195600][ T8999]                                      ^
[  183.201224][ T8999]  ffff88802c71a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  183.209276][ T8999]  ffff88802c71a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  183.217333][ T8999] ==================================================================
[  183.261360][ T8999] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  183.268691][ T8999] CPU: 1 UID: 0 PID: 8999 Comm: kworker/u8:12 Not tainted 6.16.0-rc1-syzkaller-00436-g253833da4e56 #0 PREEMPT(full) 
[  183.280949][ T8999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.291018][ T8999] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  183.298319][ T8999] Call Trace:
[  183.301603][ T8999]  <TASK>
[  183.304537][ T8999]  dump_stack_lvl+0x99/0x250
[  183.309147][ T8999]  ? __asan_memcpy+0x40/0x70
[  183.313759][ T8999]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.318973][ T8999]  ? __pfx__printk+0x10/0x10
[  183.323590][ T8999]  panic+0x2db/0x790
[  183.327517][ T8999]  ? __pfx_panic+0x10/0x10
[  183.331955][ T8999]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  183.337877][ T8999]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  183.344236][ T8999]  ? print_memory_metadata+0x314/0x400
[  183.349715][ T8999]  ? __mutex_lock+0x144/0xe80
[  183.354397][ T8999]  check_panic_on_warn+0x89/0xb0
[  183.359355][ T8999]  ? __mutex_lock+0x144/0xe80
[  183.364047][ T8999]  end_report+0x78/0x160
[  183.368300][ T8999]  kasan_report+0x129/0x150
[  183.372821][ T8999]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  183.378731][ T8999]  ? __mutex_lock+0x144/0xe80
[  183.383428][ T8999]  __mutex_lock+0x144/0xe80
[  183.387933][ T8999]  ? __lock_acquire+0xab9/0xd20
[  183.392796][ T8999]  ? __mutex_lock+0x51b/0xe80
[  183.397500][ T8999]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  183.403756][ T8999]  ? __pfx___mutex_lock+0x10/0x10
[  183.408793][ T8999]  ? __lock_acquire+0xab9/0xd20
[  183.413681][ T8999]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  183.419758][ T8999]  ? process_scheduled_works+0x9ef/0x17b0
[  183.425491][ T8999]  ? process_scheduled_works+0x9ef/0x17b0
[  183.431227][ T8999]  process_scheduled_works+0xae1/0x17b0
[  183.436804][ T8999]  ? __pfx_process_scheduled_works+0x10/0x10
[  183.442805][ T8999]  worker_thread+0x8a0/0xda0
[  183.447421][ T8999]  kthread+0x70e/0x8a0
[  183.451501][ T8999]  ? __pfx_worker_thread+0x10/0x10
[  183.456642][ T8999]  ? __pfx_kthread+0x10/0x10
[  183.461252][ T8999]  ? _raw_spin_unlock_irq+0x23/0x50
[  183.466462][ T8999]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.471677][ T8999]  ? __pfx_kthread+0x10/0x10
[  183.476280][ T8999]  ret_from_fork+0x3fc/0x770
[  183.480883][ T8999]  ? __pfx_ret_from_fork+0x10/0x10
[  183.486008][ T8999]  ? __switch_to_asm+0x39/0x70
[  183.490777][ T8999]  ? __switch_to_asm+0x33/0x70
[  183.495545][ T8999]  ? __pfx_kthread+0x10/0x10
[  183.500239][ T8999]  ret_from_fork_asm+0x1a/0x30
[  183.505020][ T8999]  </TASK>
[  183.508354][ T8999] Kernel Offset: disabled
[  183.512677][ T8999] Rebooting in 86400 seconds..