last executing test programs:

28.535049995s ago: executing program 0 (id=3514):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2400000026000100000000000000000008000000", @ANYRESOCT=r0, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32], 0x24}], 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2400000026000100000000000000000008000000", @ANYRESOCT=r0, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32], 0x24}], 0x1, 0x0, 0x0, 0x20000000}, 0x0)

28.171846206s ago: executing program 0 (id=3517):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$IP_SET_OP_GET_FNAME(r2, 0x1, 0x53, &(0x7f0000000700)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000280)=0xffffffffffffff18)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) (async)
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
connect$can_bcm(r0, &(0x7f0000000000), 0x10) (async)
connect$can_bcm(r0, &(0x7f0000000000), 0x10)
bind$can_j1939(r3, &(0x7f0000000680)={0x1d, r1, 0x2, {0x2, 0xf0, 0x1}, 0xfd}, 0x18)

27.951543273s ago: executing program 0 (id=3518):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
write$tun(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="0000dada020327baa2ad9790efd805c2f7f59cf55500a527335f268e11ae4885e036ca0232cb19658467fdeda4d0360034549393bf5bbf86fa8ac9f90f97af5afb58d2325483e81cb4f0e38dbf7f991df855ee84a670bb14c90a7f317d11af2bbdcbc500007f8d05f4fe94800031caa570337e1e039567fceacfcd3fdf2a5ccd75a93c8a17c965658a66755357b4cecf9ca29a81d21f65b1a70b4f3183aa9d3c54569d258e3cf8cab36c25816035ac662f8004129385e3a640a198ff3ff8c644c5e03ea616fc45d2cf86db72a71d0206edc2722a113915c2f57929b192c12729067cd7121c7c48b12f70ffa7132fdd72e77a0f6cfacf310c9e637924c4daeef36a0f3df348f71c0e8fd507706c8b019189a7a0b9646fbeee3b697baf9f9e0f8104a35bc82ea520480cdcbc28db3b0d6e664f5ebe351ac3"], 0xd6)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2c, &(0x7f0000000200)={0x8, {{0xa, 0x4e21, 0x6de, @mcast2, 0xfffffffc}}, {{0xa, 0x0, 0x0, @local, 0xffffffff}}}, 0x108)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffc, 0x2, @ipv4={'\x00', '\xff\xff', @empty}, 0x80000}}}, 0x108)
close(r1)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000001200)={'wlan1\x00', &(0x7f0000001100)=@ethtool_rxnfc={0x2a, 0x8, 0x7e1ab084, {0x3, @usr_ip4_spec={@multicast1, @multicast1, 0x53, 0x7f, 0x1, 0x9}, {0x0, @random="7729ba522e59", 0xa, 0x0, [0x10000, 0x3]}, @hdata="a86b57371eff451fd353517f755532b803741b5b2aade83e68f35d937d79d8993111b4ca75f0612da64df99e636e9cb7eb62b35f", {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 0x9, 0x6, [0x6]}, 0x3, 0x6}}})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=0x0, @ANYBLOB="edda05b94a346739c592ad149877a6efc1bff1326e27ed1d3f0f1bcddefe2de122"], 0x1c}}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f0000001a00)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10)
recvmsg$kcm(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000100)=""/30, 0x1e}, {&(0x7f00000004c0)=""/82, 0x52}, {&(0x7f0000000540)=""/32, 0x20}, {&(0x7f0000000580)=""/98, 0x62}], 0x4}, 0x2020)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10)
setsockopt$inet_udp_int(r4, 0x11, 0x67, &(0x7f0000000080)=0x6, 0x4)
sendto$inet(r4, &(0x7f00000000c0)="8689d46205a341", 0x7, 0x4000080, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r6, &(0x7f0000000140)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e22, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=ANY=[], 0x18}}], 0x2, 0x4001)
sendmsg$DEVLINK_CMD_TRAP_GET(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000300)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x20000000)
sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0)

26.361132909s ago: executing program 0 (id=3523):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040007000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)=@gettfilter={0x3c, 0x2e, 0x100, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x3, 0x9}, {0xfff2, 0x7}, {0x8, 0xc}}, [{0x8, 0xb, 0x7}, {0x8, 0xb, 0x69849858}, {0x8, 0xb, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc010}, 0x11)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r3, &(0x7f0000000080)='\f', 0xffffffffffffff9e, 0x12000841, 0x0, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000300)="c99bfa0018", 0x5) (async)
r6 = accept4(r5, 0x0, 0x0, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r6) (async)
getsockopt$inet_tcp_buf(r4, 0x6, 0xd, 0x0, &(0x7f0000000040)) (async, rerun: 32)
r8 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r9 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r10=>0x0}) (async)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c0001e003000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r10], 0xb4}}, 0x0) (async)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r8, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="29ccf3902004aa0009000000", @ANYRES16=r7, @ANYBLOB="200026bd7000fbdbdf251c00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000000000077000000"], 0x28}, 0x1, 0x0, 0x0, 0x24000004}, 0x10)

25.771811994s ago: executing program 0 (id=3529):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="74000000000101040000000000000000030000001800164000000000362a564500000046000000a60000000668000d8008000100ac1414bb0800020000000003140004000000000000000000000000000000000018001700ffffffff000000080000000300000005000000070800084000000006"], 0x74}, 0x1, 0x0, 0x0, 0x20004880}, 0x10)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x4c, &(0x7f0000000000)=0xc000000, 0x4)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, <r5=>0x0}, &(0x7f0000000080)=0xc)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f00000002c0)={0xffffffffffffffff, 0xd, 0x8, 0x4, @vifc_lcl_addr=@remote, @multicast1}, 0x10)
sendmsg$netlink(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)={0x24, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r5}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b64087c6030"]}]}, 0x24}], 0x1}, 0x84)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000050000000900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030069087a300000000060000000060a010400000000000000000500400008000b400000000038000480340001800b00010074756e6e656c0000240002800800034000000000080001400000000908000340000000f5080002400000000c0900010073797a3000"], 0xd4}}, 0x0)

25.375807822s ago: executing program 0 (id=3532):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}, {0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x94}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb4}}, 0x0)
close(0x3)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={<r1=>r0})
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, <r3=>0x0}, &(0x7f0000000080)=0xc)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28b1b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e1f}]}}}]}, 0x3c}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r4, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)="93bffce623851797a8dc7901f0048678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb600"/135, 0x87}, {&(0x7f0000000780)="029993440c7a1d95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e430bcb03", 0x3e}], 0x2}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="b1f56e", 0x3}, {&(0x7f00000002c0)="d2ae7fa9d4ee1d27ef3697a717c4792ff25f85f5cc7168515d8a2c93cf3463c0a99d6169418187791053e8f4c94f4603020303648b17f7ba32367e515f44745ee44f0b1712ef9841fa347f9a9ba3caca8c4bbd0aff8b3b685c1545f7f4a74e4101e3071af4a647c48be58830540234df20c327ffd770ee0f5b6da026ab2bdf77cce9afb80cf82c18e0c787f4a8a65a02656b8a812846caafd5b7ae015b0baf649604bd9dbd", 0xa5}, {&(0x7f0000000380)="ab71dffa3293d267676ad5e7ebd0253d9e5eafb11ee49225e6634c1f5373ebbf61dcb1672000b540485af2790ee1bc22a0bae18ece9a1fc60fc9ece736a71ab5d04ea9f5ce85b3e35258efe357d21d56dd33ecfe0c57d4dc0691f178272ddf90ddd1dcc68b0a078b117f22d6c9ce4153aa1955d0a623d9b67536a0d3474cbb153be4f04a182001985de4b142a31784ff458c336293ab8f0ee922bbdf7c2e702304491594ea903db31010b909b32a1b2acb05568f3424299df128294439c6481ea74f78b88f104115b2fc5a927fbbffc7957f8879b4822f9cc9cafe", 0xdb}, {&(0x7f00000006c0)="707c0bee7f77b88856935a8741867cbdf3b96a152a2db47428e4817867058ee75162be36f320994af0", 0x29}], 0x4}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000940)="ee41e16fcc", 0x5}], 0x1}}], 0x3, 0xc0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r4, &(0x7f0000000580)="17", 0x501, 0x10008095, 0x0, 0x0)
sendmsg$netlink(r2, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x24, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r3}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}]}, 0x24}], 0x1}, 0x0)
r8 = getpid()
sendmsg$nl_generic(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0x74, 0x3c, 0x200, 0x70bd2a, 0x25dfdbff, {0x15}, [@nested={0x40, 0x114, 0x0, 0x1, [@typed={0x8, 0xc7, 0x0, 0x0, @uid=r3}, @nested={0x4, 0xc7}, @typed={0x8, 0x5f, 0x0, 0x0, @pid=0xffffffffffffffff}, @typed={0x8, 0xd0, 0x0, 0x0, @fd=r0}, @typed={0xc, 0x5e, 0x0, 0x0, @u64=0x5d6}, @typed={0x8, 0x51, 0x0, 0x0, @ipv4=@multicast2}, @typed={0xc, 0x52, 0x0, 0x0, @u64=0x2031543d}]}, @nested={0x10, 0x101, 0x0, 0x1, [@nested={0x4, 0xa7}, @nested={0x4, 0x5}, @nested={0x4, 0x150}]}, @typed={0x8, 0xe1, 0x0, 0x0, @pid=r8}, @typed={0x8, 0x99, 0x0, 0x0, @fd}]}, 0x74}, 0x1, 0x0, 0x0, 0x8080}, 0x80)

17.460827674s ago: executing program 2 (id=3538):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES16=r2, @ANYRES8=<r4=>r0, @ANYRESOCT=r0], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095", @ANYRESOCT=r4, @ANYRESDEC=0x0, @ANYBLOB="3c264b238317451bb097ab0dfe8c663a06415c38db64d6702c8d7b0ce1316af322fe3ab7498fa99f92eb2a64ca2423b4d998a69a8b5f11a0c9ab661dba3e9157a8422131e7e6ce768a74a66de86efa794d512cf69a774fe4454abd37200a5a31a6820b4a88b1ce908ef8b2ce3d446499d69a7aebfca638", @ANYRES32, @ANYBLOB="3d467a2d953f8145946bea8149c3e81067745ae3d9d467fa891533370f4e2f3240f82e1b98f151b940e8144064db16519328da30fd211cf397e31d30fe2ccc07a62f5b3c179a20186ccfe8c3d79c03d8dcafb6e1faad6dcf84f439f79fe9fb590aa0a8c07e37b490c9b76df285d54ef59607b325b857894aeaf9fd5bade03922f08d6368115751a3635183fe5e23ca18bc78194fd5c30f708b4ae57f7f0a465d75bce3cbbef5658e42f10554c7efbc"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'geneve0\x00', <r6=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000280)="f4416eb4e8d263afa99fefa78848", 0xe, 0x0, &(0x7f0000002780)={0x11, 0x0, r6, 0x1, 0x4, 0x6, @remote}, 0x14)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000340)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000400)={'ip6tnl0\x00', &(0x7f0000000380)={'ip6_vti0\x00', <r8=>0x0, 0x4, 0x0, 0xff, 0x9, 0x42, @mcast1, @empty, 0x1, 0x700, 0x723, 0x8}})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r10=>0x0})
r11 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r11, &(0x7f0000000080)={0x1d, r10, 0x3, {0x2, 0xff, 0x4}}, 0x18)
sendmsg$can_j1939(r11, &(0x7f0000000400)={&(0x7f00000000c0)={0x1d, r10, 0x1, {0x1, 0xff, 0x1}}, 0x18, &(0x7f0000000200)={&(0x7f0000000180)="95ca0763accf4b6a47ae12a081dab743db", 0x11}, 0x1, 0x0, 0x0, 0x20004081}, 0x1)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000580)={r3, 0x58, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'wg0\x00', <r13=>0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r14, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', <r15=>0x0})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40}, 0x94)
r16 = socket(0x400000000010, 0x3, 0x0)
r17 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r17, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r18=>0x0})
sendmsg$nl_route_sched(r16, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r18, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20050000}, 0x0)
sendmsg$nl_route_sched(r16, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r18, {0x4, 0xa}, {}, {0xfff2, 0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_IPV6_DST={0x14, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @TCA_FLOWER_KEY_IPV6_DST_MASK={0x14, 0x11, [0x0, 0xff, 0xff, 0xff000000]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'batadv0\x00', <r19=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xf35b0339d0ec654a}, 0xc, &(0x7f0000000800)={&(0x7f0000000880)=ANY=[@ANYBLOB="98010000", @ANYRES16=0x0, @ANYBLOB="00012dbd7000fbdbdf25110000002c000180080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="080003000200000008000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="500001800800010098e1df2526ce7e8c2124cd817b960787a9f4481cb2ab87469b73ae8d3705b43908cf33f29e6a4bb5326278726e7336a25e1b0548f788b454b000cb8dd6b48434fb1cc29a8fdd6c0ce2b8221f51eb3311525657210605d91ce7d82ca959b86ddcc7fb7dc9b88dfe6d4e8c8f0cf7429de020b7530224fb764da5845eb09648248de428b59eb5", @ANYRES32=0x0, @ANYBLOB="0800030001000000140002007866726d3000000000000000000000000800030000000000080003000000000008000100", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="08000100", @ANYRES32=r12, @ANYBLOB="4c0001800800030001000000080003000200000008000300040000001400020076657468315f746f5f62726964676500080003000300000014000200626f6e645f736c6176655f30000000006800018008000100", @ANYRES32=r13, @ANYBLOB="1400020076657468315f746f5f626f6e64000000140002006e696376663000000000000000000000080003000100000014000200626f6e645f736c6176655f300000000008000100", @ANYRES32=r15, @ANYBLOB="080003000200000008000300020000000c00018008000300020000004800018008000100", @ANYRES32=r18, @ANYBLOB="08000100", @ANYRES32=r19, @ANYBLOB="08000300000000000800030003000000080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="140002006873723000"/20], 0x198}, 0x1, 0x0, 0x0, 0x24000885}, 0x54)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
r20 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r20, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)

16.566780317s ago: executing program 2 (id=3544):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000480)=@bpf_lsm={0x1d, 0x1d, &(0x7f00000002c0)=@raw=[@map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x101}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x2}, @generic={0x2, 0x9, 0x3, 0x4, 0x40a0}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @alu={0x4, 0x1, 0x9, 0x8, 0x8, 0x6, 0xfffffffffffffff0}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x47, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000003c0)={0x3, 0x7, 0x0, 0x6}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000400)=[0x1], &(0x7f0000000440)=[{0x5, 0x3, 0x7}, {0x4, 0x5, 0x5, 0x8}], 0x10, 0x1}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@newlink={0x2e4, 0x10, 0x801, 0x43, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x2202e}, [@IFLA_VFINFO_LIST={0x2a0, 0x16, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x2, 0x69c4}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x1f71, 0x55f}}, @IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x1, 0x9}}, @IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x2, 0x2}}]}, {0xe4, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x62, 0x4}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x8, 0x8}}, @IFLA_VF_RATE={0x10, 0x6, {0x2, 0x8, 0x9}}, @IFLA_VF_MAC={0x28, 0x1, {0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}}, @IFLA_VF_MAC={0x28, 0x1, {0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}}, @IFLA_VF_MAC={0x28, 0x1, {0xff, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}}, @IFLA_VF_VLAN={0x10, 0x2, {0x2, 0x231, 0x5bcf1f68}}, @IFLA_VF_VLAN={0x10, 0x2, {0x7, 0xfd4, 0x7}}, @IFLA_VF_TRUST={0xc, 0x9, {0x4, 0x142}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x73d, 0x2}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x2, 0x74b}}]}, {0x58, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0x7, 0x400, 0x8}}, @IFLA_VF_MAC={0x28, 0x1, {0xd75a, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}}, @IFLA_VF_RATE={0x10, 0x6, {0x162e3d49, 0x401, 0xcf28}}, @IFLA_VF_TRUST={0xc, 0x9, {0x8, 0x30f319ce}}]}, {0x30, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0x2, 0x48c, 0x6}}, @IFLA_VF_VLAN={0x10, 0x2, {0x9, 0x639, 0xb}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x2}}]}, {0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x7, @broadcast}}]}, {0x70, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0xffffffff, 0x22d, 0x428}}, @IFLA_VF_VLAN_LIST={0x40, 0xc, 0x0, 0x1, [{0x14, 0x1, {0xfffffff8, 0x1dc, 0xa5f, 0x88a8}}, {0x14, 0x1, {0x6, 0xe14, 0xffffffff, 0x88a8}}, {0x14, 0x1, {0x83f, 0x487}}]}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x1ff, 0x6}}, @IFLA_VF_RATE={0x10, 0x6, {0xb2d5, 0x4, 0xf9ee0000}}]}, {0x20, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0x1, 0x1, 0xa3}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x9, 0x81}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x2, 0xfffffffd}}]}]}, @IFLA_PHYS_SWITCH_ID={0x22, 0x24, "c9147d585d413b82bd337ab9c87f9ae4b1c17861a6b8e114070dda61a039"}]}, 0x2e4}, 0x1, 0x0, 0x0, 0x20048050}, 0x40014)

15.693035472s ago: executing program 2 (id=3550):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
accept4$unix(r4, &(0x7f0000000180), &(0x7f0000000100)=0x6e, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

14.814063533s ago: executing program 3 (id=3555):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000000000000100000000000000000000000018ab2c66b48f59637297882a95835ba46404b4a4f3cae82518afe1dfca197d2b569c257971b77a105cb18d3bcb1a6d1e646e6981af97052a5ca4e39c7a51f67270ed93a3729c0eb3f6cd07180a230b9a2d5fbad9dea8cd93196cee27b59ea4c6201166b5c930e9be176a36cd4ee4dfdd6d1d85822aebe841159ac0059f650112b82aed352d6a010b0ede476c425ee66512557a2626187b57b3dd01f129b8cf377dc45d8439c75486e619dbc7640dd476e1c8314a682e2816a482eb4477d410cc86694ce04614225a5828cc48318f54070097012f67697a9400"/255, @ANYRES32=0x0, @ANYBLOB="00000000001400001c00128009000100626f6e64000000000c0002800500060000000000"], 0x3c}}, 0x0)

14.586301893s ago: executing program 4 (id=3557):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@policy_type={0xa, 0x10, {0x2}}]}, 0x1c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="4000000010000100000000000000400000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000a000100aaaaaaaaaabb0000140035006d616373656330"], 0x40}}, 0x0)

14.479161529s ago: executing program 3 (id=3558):
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="500100001000130429bd70000000000000000000000000000000000000000000e0000002000000000000000000000000000000004e2400000200002021000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="640101020000000000000000000000000000000032000000e0000001000000800000000000000000000000000000001a0000000000000000000000000000000000000000000000000800000000000000000008000000000081000000000000000000000000000000000000000000000005000000000000000400000000000000060000040000000000000000f9ffffff00000800000000000000000002000481680000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000080"], 0x150}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x0)

14.24062107s ago: executing program 3 (id=3559):
syz_emit_ethernet(0x2e, &(0x7f00000004c0)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x7, 0x0, @void}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xa, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000004000000bca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002600000000ff000e61143c00000000001d430000000000007a0a00fe00581c1f6114630000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fdb6153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff46248843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae543d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80aba439772bf60a1db18c472dafc5569adc2c406f39f82928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08a1a4b94cb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f1d2156befec432e8e993c79027b7ef285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdc0500000000000000b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb87d9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e28488b0522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b669615f2710eb8df39fc8c04d2c9c196fa6facfea613569a35cde6451f2edf55ce25c7d72ec7ea85a92458c0559ca3a94727d495bd4671a55a70bc544d71d8e0257707a31936f1adf224077310a86bf447ec92c650acca8c6b0721020894b06178c32f4472d17174d6eb2b067030c5d2c12583f46d2da7fba42d4083259c7cdc8bf1f4299c248865d3c809356c3ed"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)

14.093521619s ago: executing program 3 (id=3560):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newsa={0x13c, 0x10, 0x413, 0x70bd28, 0x0, {{@in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x20, 0x20}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in=@private=0xa010100, {0x4, 0x7, 0x0, 0x40000000000005, 0xffffffffffffffff, 0x6, 0x7f}, {0x0, 0xffffffffffffffff, 0x4}, {0xf6, 0x4, 0x4}, 0x0, 0x0, 0x2, 0x1, 0xfe}, [@algo_aead={0x4c, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x804) (async)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=@newtfilter={0x68, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_EMATCHES={0x34, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x28, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x24, 0x1, 0x0, 0x0, {{0x3, 0x9, 0x80}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x68}}, 0x1) (async, rerun: 32)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000140)={{{@in=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f0000000080)=0xe8) (rerun: 32)
sendmsg$nl_xfrm(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="cc01000014001a032abd7000fddbdf25fc000000000000000000000000000001ac1414aa0000000000000000000000004e2100004e2300030a00a00000000000", @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="00000000020000003a010200637473286362632861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009007000060ba91f6ccce0297c418d81e9a7f26ba8491d6409ff642d36acb68d6ad70bf255a9251a9d9d35888808ecbbcaa15fd2f86de3ccaeb009e2068a292134f4436db3912afdd46004fe1021cd9a60819737603e61cc5c161d397f7a428dbcc216df470ebeb01347be22736d7a2ca313827dc029d877618e3c59b8ad0714b49909d2f0f34078db2c612d29c3dce5f0a40bb9b91a06b17dfad9b5fae34512621244dc88bedc9802b334edec8d0f4d961e3557de496b81c61f849507a078ec1202478b611fb055df32bb93ff59d10b8ed39b2aa7c29a7bb430bb9b1bc7096ce8a23fcaa100bf93e29c13a590073253b15c2530f5fc900000c001c00", @ANYRES32=0x0, @ANYBLOB="0200000008000b006102000024000900040000000000000001000000000000000700000000000000080014fc999e55c3c7abd1a8e7a3b0b65f00000000000008000b0000000000"], 0x1cc}, 0x1, 0x0, 0x0, 0x4c844}, 0x40000)

13.887356424s ago: executing program 3 (id=3561):
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x10, 0x4, &(0x7f00000009c0)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x3f}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x275a, 0x0)

13.581348767s ago: executing program 3 (id=3562):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r0)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80308}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x1b0, r2, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0x9, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0x9, 0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x4}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8}}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x4}, 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)

10.186581445s ago: executing program 32 (id=3532):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}, {0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x94}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb4}}, 0x0)
close(0x3)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={<r1=>r0})
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, <r3=>0x0}, &(0x7f0000000080)=0xc)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x28b1b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e1f}]}}}]}, 0x3c}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x8000)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r4, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)="93bffce623851797a8dc7901f0048678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb600"/135, 0x87}, {&(0x7f0000000780)="029993440c7a1d95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e430bcb03", 0x3e}], 0x2}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="b1f56e", 0x3}, {&(0x7f00000002c0)="d2ae7fa9d4ee1d27ef3697a717c4792ff25f85f5cc7168515d8a2c93cf3463c0a99d6169418187791053e8f4c94f4603020303648b17f7ba32367e515f44745ee44f0b1712ef9841fa347f9a9ba3caca8c4bbd0aff8b3b685c1545f7f4a74e4101e3071af4a647c48be58830540234df20c327ffd770ee0f5b6da026ab2bdf77cce9afb80cf82c18e0c787f4a8a65a02656b8a812846caafd5b7ae015b0baf649604bd9dbd", 0xa5}, {&(0x7f0000000380)="ab71dffa3293d267676ad5e7ebd0253d9e5eafb11ee49225e6634c1f5373ebbf61dcb1672000b540485af2790ee1bc22a0bae18ece9a1fc60fc9ece736a71ab5d04ea9f5ce85b3e35258efe357d21d56dd33ecfe0c57d4dc0691f178272ddf90ddd1dcc68b0a078b117f22d6c9ce4153aa1955d0a623d9b67536a0d3474cbb153be4f04a182001985de4b142a31784ff458c336293ab8f0ee922bbdf7c2e702304491594ea903db31010b909b32a1b2acb05568f3424299df128294439c6481ea74f78b88f104115b2fc5a927fbbffc7957f8879b4822f9cc9cafe", 0xdb}, {&(0x7f00000006c0)="707c0bee7f77b88856935a8741867cbdf3b96a152a2db47428e4817867058ee75162be36f320994af0", 0x29}], 0x4}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000940)="ee41e16fcc", 0x5}], 0x1}}], 0x3, 0xc0)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r4, &(0x7f0000000580)="17", 0x501, 0x10008095, 0x0, 0x0)
sendmsg$netlink(r2, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x24, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r3}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}]}, 0x24}], 0x1}, 0x0)
r8 = getpid()
sendmsg$nl_generic(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0x74, 0x3c, 0x200, 0x70bd2a, 0x25dfdbff, {0x15}, [@nested={0x40, 0x114, 0x0, 0x1, [@typed={0x8, 0xc7, 0x0, 0x0, @uid=r3}, @nested={0x4, 0xc7}, @typed={0x8, 0x5f, 0x0, 0x0, @pid=0xffffffffffffffff}, @typed={0x8, 0xd0, 0x0, 0x0, @fd=r0}, @typed={0xc, 0x5e, 0x0, 0x0, @u64=0x5d6}, @typed={0x8, 0x51, 0x0, 0x0, @ipv4=@multicast2}, @typed={0xc, 0x52, 0x0, 0x0, @u64=0x2031543d}]}, @nested={0x10, 0x101, 0x0, 0x1, [@nested={0x4, 0xa7}, @nested={0x4, 0x5}, @nested={0x4, 0x150}]}, @typed={0x8, 0xe1, 0x0, 0x0, @pid=r8}, @typed={0x8, 0x99, 0x0, 0x0, @fd}]}, 0x74}, 0x1, 0x0, 0x0, 0x8080}, 0x80)

10.184423534s ago: executing program 4 (id=3565):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x12f, 0x0, 0x0, {0x0, 0x0, 0x1be}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r0 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYRES8=r0, @ANYRES32=r0], 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_int(r2, 0x29, 0x4b, 0x0, &(0x7f0000000040))
sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r1, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb)
sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)

9.697820463s ago: executing program 4 (id=3567):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r4, &(0x7f0000000000)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x14)
connect$802154_dgram(r4, &(0x7f0000000040)={0x24, @long={0x3, 0xffff}}, 0x14)
sendmsg$802154_dgram(r4, &(0x7f0000000200)={&(0x7f0000000080)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x8040)
ppoll(&(0x7f0000001a00)=[{0xffffffffffffffff, 0x8}, {r4, 0x2100}], 0x2, &(0x7f0000001a40), 0x0, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
write$bt_hci(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0xfffc, @multicast2}, 0x2}}, 0x2e)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r5, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
listen(r5, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x19, &(0x7f0000000200)=0x2, 0x43)
ioctl$int_in(r5, 0x5452, &(0x7f00000000c0)=0x1)
shutdown(r5, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

9.051764981s ago: executing program 1 (id=3569):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth0_macvtap\x00', <r1=>0x0})
sendmmsg$inet(r0, &(0x7f0000002240)=[{{&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @local, @loopback}}}], 0x20}}], 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000500)={0x0, r2}, 0x8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0xd, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000100f2ffffff00677745a3f3266212cc265dac7e8176000000811218000000d2294111b4bd132dc711fd41eca89c693c45f12cc8751bab24956fc1e3ed518ebcffeedf5b7884c4bcaa0000000000000000000000b0ae5e1de4208d29698a44b326022201133a996e8fed8adc7bb8d8030067ff8e89780f3eaccbca615b6e4aae4049787a3706342fbdf0e3c3f0af58eaf5cc0675a9f5b67b159241c8ec60ca1b965148b1e805c247f25b7f2541774d1dfa560f8dbb71a5b2fbc77d7b118d6a6a913aba0650c8436c24b789cf803fcb324c4a1637996bc55ea9f23df21f56aa7d1e449c5b1cc868d129ae9c6c4733144250435f2acc5002"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)=r3}, 0x20)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000004c0)={&(0x7f0000000080)="a14e67dcdd794c9300089b2d06576d1097475852c654126dc86e3d75c764838e6f8fc30fc69b62fcf4fd3ef2763d4fabfdce8d6accd9141abb9ccf37c500ab91e85727eca9fbb0d3bba04a15cd73e4505a51d1436fbe846e453f63de8f1682c601dfaf0d32f4584de9e53de4b9e75d47ebc96cb781d0b0ab0fbc0b823db3503925e582af57d3dd27ce73e7276b4cfb5ce63a01542bef38433a4bd3", &(0x7f0000000200)=""/224, &(0x7f0000000300)="ce7c08b9c23e1e19a54150925d117838c6aa078d5f64448e914daff13135ab88897904f126ad35a002c6712e6f6434dabe245eb3e6faaa037c4e9cefe698b4f7c204d9894e7e9bd2980c816629de6c631709d9763cbb5827bb41b956", &(0x7f0000000380)="a17c74645fae1b9dd884ca24bc65bcb9131b5c6afa3cb69cedceea59486ae853b184f9648ca916b192928a11da7dfb54068b66149014bb6d929f961d577209e94e15215a6275145c3bf28e9cb6139ffa119d598de89b", 0xfffffff9, r4, 0x4}, 0x38)
socket$inet_udp(0x2, 0x2, 0x0) (async)
setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth0_macvtap\x00'}) (async)
sendmmsg$inet(r0, &(0x7f0000002240)=[{{&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @local, @loopback}}}], 0x20}}], 0x1, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000500)={0x0, r2}, 0x8) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0xd, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000100f2ffffff00677745a3f3266212cc265dac7e8176000000811218000000d2294111b4bd132dc711fd41eca89c693c45f12cc8751bab24956fc1e3ed518ebcffeedf5b7884c4bcaa0000000000000000000000b0ae5e1de4208d29698a44b326022201133a996e8fed8adc7bb8d8030067ff8e89780f3eaccbca615b6e4aae4049787a3706342fbdf0e3c3f0af58eaf5cc0675a9f5b67b159241c8ec60ca1b965148b1e805c247f25b7f2541774d1dfa560f8dbb71a5b2fbc77d7b118d6a6a913aba0650c8436c24b789cf803fcb324c4a1637996bc55ea9f23df21f56aa7d1e449c5b1cc868d129ae9c6c4733144250435f2acc5002"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x24}, 0x94) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{}, &(0x7f0000000400), &(0x7f0000000440)=r3}, 0x20) (async)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000004c0)={&(0x7f0000000080)="a14e67dcdd794c9300089b2d06576d1097475852c654126dc86e3d75c764838e6f8fc30fc69b62fcf4fd3ef2763d4fabfdce8d6accd9141abb9ccf37c500ab91e85727eca9fbb0d3bba04a15cd73e4505a51d1436fbe846e453f63de8f1682c601dfaf0d32f4584de9e53de4b9e75d47ebc96cb781d0b0ab0fbc0b823db3503925e582af57d3dd27ce73e7276b4cfb5ce63a01542bef38433a4bd3", &(0x7f0000000200)=""/224, &(0x7f0000000300)="ce7c08b9c23e1e19a54150925d117838c6aa078d5f64448e914daff13135ab88897904f126ad35a002c6712e6f6434dabe245eb3e6faaa037c4e9cefe698b4f7c204d9894e7e9bd2980c816629de6c631709d9763cbb5827bb41b956", &(0x7f0000000380)="a17c74645fae1b9dd884ca24bc65bcb9131b5c6afa3cb69cedceea59486ae853b184f9648ca916b192928a11da7dfb54068b66149014bb6d929f961d577209e94e15215a6275145c3bf28e9cb6139ffa119d598de89b", 0xfffffff9, r4, 0x4}, 0x38) (async)

8.563216504s ago: executing program 4 (id=3570):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000000c0)={{{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@multicast1, 0x4e23, 0x6, 0x4e20, 0x9, 0xa, 0x80, 0x20, 0x2f, 0x0, 0xee01}, {0x0, 0xffffffffffffffff, 0x2, 0x10, 0x3, 0x7ff, 0xff, 0x16723589}, {0x1, 0x4, 0x2, 0x4}, 0x0, 0x6e6bb5, 0x0, 0x1, 0x0, 0x3}, {{@in6=@mcast1, 0x4d6, 0xff}, 0xa, @in=@loopback, 0x3501, 0x3, 0x2, 0xb, 0x5, 0x8, 0x29ad}}, 0xe8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'vlan0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x1, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x4, 0xc8, r3}, [@IFA_FLAGS={0x8, 0x8, 0x408}, @IFA_LOCAL={0x14, 0x2, @remote}]}, 0x34}}, 0x0)

8.430981892s ago: executing program 1 (id=3571):
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000340)={'syztnl2\x00', <r0=>0x0, 0x4, 0x6, 0x2, 0x400, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0xe}, 0x8, 0x63de5816de5de790, 0x7a, 0x7f88}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x100, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r0, {0x0, 0xfff1}, {0xe, 0xffff}, {0xffe0}}}, 0x24}}, 0x20000000) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
shutdown(r2, 0x1) (async)
ppoll(&(0x7f0000000000)=[{r2}], 0x1, 0x0, 0x0, 0x0) (async)
getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000400)={'nat\x00', 0x0, [0xfffffff9, 0x7, 0x1, 0x6, 0xffff]}, &(0x7f0000000480)=0x54) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@ipmr_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, 0x5}, [@RTA_SRC={0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x24}}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000b600"/32], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) (async)
r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r4, 0xffffffffffffffff, 0x19, 0x0, @void}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000002c0)={r6, r4, 0x0, r4}, 0x10)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
close(r7) (async)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000680), 0x0, 0x8001) (async)
r8 = socket$kcm(0x2, 0xa, 0x2)
r9 = socket$nl_generic(0x11, 0x3, 0x10)
sendmsg(r9, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xf}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0xe}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
write$tun(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a)
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f00000003c0)={'nicvf0\x00', @broadcast})

2.339150146s ago: executing program 2 (id=3572):
r0 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x83}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c0000000000000e0021001400000002800000121f", 0x2e}], 0x1}, 0x0)
r1 = socket$inet6(0xa, 0xa, 0x7)
ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f0000000300)={'pim6reg1\x00', 0x1})
r2 = socket$kcm(0x25, 0x1, 0x0) (async, rerun: 32)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.throttle.io_service_bytes_recursive\x00', 0x7a05, 0x1700) (rerun: 32)
ioctl$FICLONE(r3, 0x40049409, r3) (async)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) (async)
connect$rxrpc(r3, &(0x7f0000000340)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x17}}}, 0x24) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000140)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000030000000700000008000300", @ANYRES32=r6, @ANYBLOB="08000500010000001400040074"], 0x54}}, 0x0) (async)
sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r3, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r4, 0x8, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x20000050) (async)
sendmsg$kcm(r2, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x408c050) (async)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r8=>0x0}) (async)
r9 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x44, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r8}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4, 0x5, 0x0, 0x0, [{0x8, 0x0, 0x0, 0x0, 0x123e}, {0x8, 0x6}, {0x8}]}}]}]}, 0x44}}, 0x0) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910900000000000630000dd000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11}, 0x94) (rerun: 32)

1.610331666s ago: executing program 4 (id=3573):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
syz_emit_ethernet(0x36, &(0x7f0000000300)={@random="affd03f706c6", @dev, @void, {@ipv4={0x800, @udp={{0x7, 0x4, 0x0, 0x0, 0x28, 0x8000, 0x0, 0x0, 0x88, 0x0, @empty, @rand_addr, {[@generic={0x44, 0x6, "d2b2e01f"}]}}, {0xfffc, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) (async)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfd, 0x0, 0x0, 0xfc}, 0xe) (async, rerun: 32)
shutdown(r0, 0x0) (async, rerun: 32)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f0000000380)=[@in6={0xa, 0x4e20, 0x17a4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}]}, &(0x7f0000000440)=0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) (async, rerun: 32)
syz_emit_ethernet(0x4c, &(0x7f00000001c0)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "a92883755472"}}}}}}}, 0x0) (rerun: 32)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async, rerun: 32)
r6 = socket$kcm(0x2, 0xa, 0x2) (rerun: 32)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000340)={'syzkaller1\x00', @broadcast}) (async)
getsockopt$IP_SET_OP_GET_FNAME(r4, 0x1, 0x53, &(0x7f00000003c0)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000400)=0x2c)
write$tun(r5, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef) (async, rerun: 64)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x10) (async, rerun: 64)
bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e20, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}, 0x1c) (async)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000540)={r1, @in={{0x2, 0x4e20, @multicast1}}, [0x3, 0x0, 0x7, 0x0, 0x3, 0x8, 0x8, 0x5, 0x1, 0x7, 0x0, 0x8, 0xffffffff, 0x2, 0x8]}, &(0x7f0000000280)=0x100)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0) (async)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x89f2, &(0x7f0000000280)={'ip6tnl0\x00'}) (async)
ioctl$TUNSETQUEUE(r7, 0x400454d9, &(0x7f0000000040)={'wlan0\x00', 0x600}) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x3, 0x4, 0x2, 0x20010, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r9, &(0x7f0000000080), 0x0}, 0x20)
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYRESHEX=r10, @ANYRES32=r0, @ANYBLOB="81ffffff000000001c0012800b00010067726574617000000c00028008000100", @ANYRES32, @ANYRESOCT=r10], 0x4c}}, 0x0)

1.292241934s ago: executing program 2 (id=3574):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
pwritev(r2, 0x0, 0x0, 0x0, 0x5) (async)
sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2c, r1, 0x1, 0x70bd2d, 0x0, {0x1b}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x0) (async)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x2000}, 0x90)

1.291789921s ago: executing program 1 (id=3575):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa0, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0xc, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "18"}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x114}}, 0x0)

1.027422833s ago: executing program 1 (id=3576):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_emit_ethernet(0x68, &(0x7f0000005a40)={@multicast, @random="6076b5cad4f6", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "75e700", 0x32, 0x3a, 0x0, @rand_addr=' \x01\x00', @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "a3579e", 0x0, 0x2b, 0x0, @mcast1, @remote, [], "6be2"}}}}}}}, 0x0)
setsockopt$MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000ac0)={{0xa, 0x4e24, 0x6c3, @private0, 0xcb5f}, {0xa, 0x4e20, 0x40, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3c}}, 0x3d}, 0x0, {[0x8001, 0x9, 0xd, 0x2, 0x7e3f, 0x0, 0x6, 0x33d2]}}, 0x5c) (async)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'pimreg1\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x32}}})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b704000000000000850000004600000095"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000900)) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000180)={<r4=>0x0, @local, @multicast1}, &(0x7f00000001c0)=0xc)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000200)={'gretap0\x00', <r5=>0x0, 0x40, 0x80, 0x6, 0xc, {{0x11, 0x4, 0x2, 0x2a, 0x44, 0x68, 0x0, 0x2, 0x29, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x44, 0x14, 0xcf, 0x1, 0x2, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@rand_addr=0x64010100, 0x5}]}, @noop, @timestamp_prespec={0x44, 0xc, 0x7a, 0x3, 0x9, [{@empty, 0x8}]}, @timestamp_addr={0x44, 0xc, 0xf1, 0x1, 0xe, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1000}]}]}}}}})
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newqdisc={0x148, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_PARMS={0x14, 0x1, {0x5, 0x9, 0x48, 0x7, 0xc, 0x4, 0x4}}, @TCA_RED_STAB={0x104, 0x2, "1a00de5bd00d8d44604634839a8f3f5cdf548bc7fda21fc9f12ed25937ef1791bbd1628e6224a3bafb088a85df1f110e78dfcf4ebe1a6861490587997af87970f70724291e929ece5c569501a4b8276a18bfdf5b4ebc76d374ea2bd9b141e6900d0e5f5e2b860aac22f1483ca962a4ba4190b33185f0d8b704dd6f1f95b9f9e3357bb0737e213f677f83e58c5b521ec8b78c0d6869921a2ce4851bb3f56bc8d2c7b9168a942fa8870af9e1ad6c28f83e716c543ec693a6071601d74b9c88931aee46cbf9475946a2ea9b23ab2ce663716ef4026bae6d8d88d012b47eef7b1a02b48ce9e2d3785708e5df2a4e5715d604dfa43c7745a6a8ef4d56506111a7c6b4"}]}}]}, 0x148}}, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000002c0)={@rand_addr, <r9=>0x0}, &(0x7f0000000300)=0x14) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000380)={'gretap0\x00', &(0x7f0000000340)={'syztnl0\x00', <r10=>0x0, 0x1, 0x8, 0xabb, 0x10001, {{0x8, 0x4, 0x3, 0xd, 0x20, 0x64, 0x0, 0x4, 0x2b, 0x0, @empty, @empty, {[@rr={0x7, 0xb, 0x17, [@local, @private=0xa010102]}]}}}}}) (async)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000003c0)=<r11=>0x0, &(0x7f0000000400)=0x4)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000440)={'syztnl1\x00', <r12=>0x0, 0x2f, 0x3, 0x3, 0x6, 0x26, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, 0x7800, 0x20, 0x3, 0xa}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000640)={'ip_vti0\x00', &(0x7f00000005c0)={'ip_vti0\x00', <r13=>0x0, 0x8, 0x7800, 0x1, 0xe7, {{0x14, 0x4, 0x3, 0x7, 0x50, 0x67, 0x0, 0x8, 0x29, 0x0, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0x1b, 0xec, [@private=0xa010101, @broadcast, @empty, @multicast2, @dev={0xac, 0x14, 0x14, 0x12}, @broadcast]}, @generic={0x83, 0x4, "a49e"}, @generic={0x18, 0x12, "98ca9bf9d32cbc0fd6dcb4225d1d1521"}, @end, @ra={0x94, 0x4}, @end]}}}}}) (async, rerun: 64)
r14 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000980)=@o_path={&(0x7f0000000940)='./file0\x00', 0x0, 0x10, r2}, 0x18) (async, rerun: 64)
r15 = getpid()
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x20080000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000a00)={0x28, 0x14, 0x8, 0x70bd2c, 0x25dfdbfc, {0x8}, [@typed={0x8, 0x6c, 0x0, 0x0, @pid=r15}, @nested={0xc, 0xb2, 0x0, 0x1, [@nested={0x4, 0x59}, @nested={0x4, 0x113}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xc840}, 0x44000)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000700)={r14, 0x58, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r16=>0x0}}, 0x3e)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f00000008c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000880)={&(0x7f0000000740)={0x138, r3, 0x408, 0x70bd29, 0x25dfdbff, {}, [@HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4041803}, 0x40000)

733.012733ms ago: executing program 2 (id=3577):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000009c0)=ANY=[@ANYBLOB="280000001200010100000000e0ffffff07000000", @ANYRES32=0x0, @ANYBLOB="000000000040ead008001d00c3"], 0x28}}, 0x0) (async)
r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@o_path={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@fallback=r2, 0xc, 0x1, 0xfffff8b6, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000180)=[0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0], <r3=>0x0}, 0x40) (async)
r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x6, 0x10}, 0xc) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r5, &(0x7f0000000140)=[{&(0x7f0000000200)='F', 0x1}], 0x1) (async)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0) (async)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@map=r4, r2, 0xb, 0x1, 0xffffffffffffffff, @void, @value=r5, @void, @void, r3}, 0x20) (async)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c00)=@newtfilter={0x2c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {}, {0x8}}, [@TCA_CHAIN={0x8, 0xb, 0x20000000}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x8000)

494.124407ms ago: executing program 1 (id=3578):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB, @ANYRES32=r1], 0x34}, 0x1, 0x0, 0x0, 0x20000804}, 0x88000)

137.166158ms ago: executing program 1 (id=3579):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000080), 0x2)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000000000)={@mcast1, <r2=>0x0}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv4_getaddr={0x54, 0x16, 0x28, 0x70bd26, 0x25dfdbfe, {0x2, 0x3f, 0xb3, 0xc8, r2}, [@IFA_CACHEINFO={0x14, 0x6, {0x4, 0x2, 0x8001, 0x283}}, @IFA_FLAGS={0x8}, @IFA_RT_PRIORITY={0x8}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x4}, @IFA_ADDRESS={0x8, 0x1, @broadcast}, @IFA_BROADCAST={0x1b, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)

0s ago: executing program 4 (id=3580):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5421, &(0x7f00000003c0)=0x3d49)
read$alg(r3, &(0x7f0000000140)=""/116, 0x74)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x7, 0xfff1}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x4020080)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x9, 0xfffffffa, 0x2, 0xc, 0x4, 0x2, 0x8e, 0xffffffff, 0x9}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket(0x400000000010, 0x3, 0x0) (async)
pipe(&(0x7f0000000040)) (async)
ioctl$int_in(r3, 0x5421, &(0x7f00000003c0)=0x3d49) (async)
read$alg(r3, &(0x7f0000000140)=""/116, 0x74) (async)
socket$unix(0x1, 0x1, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x7, 0xfff1}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x4020080) (async)
socket$unix(0x1, 0x1, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x9, 0xfffffffa, 0x2, 0xc, 0x4, 0x2, 0x8e, 0xffffffff, 0x9}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) (async)

kernel console output (not intermixed with test programs):

286.703378][T14092]  ? rcu_is_watching+0x15/0xb0
[  286.703399][T14092]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  286.703427][T14092]  ? __pfx__copy_from_iter+0x10/0x10
[  286.703449][T14092]  ? __build_skb_around+0x257/0x3e0
[  286.703472][T14092]  ? netlink_sendmsg+0x642/0xb30
[  286.703494][T14092]  ? skb_put+0x11b/0x210
[  286.703515][T14092]  netlink_sendmsg+0x6b2/0xb30
[  286.703542][T14092]  ? __pfx_netlink_sendmsg+0x10/0x10
[  286.703563][T14092]  ? aa_sock_msg_perm+0xf1/0x1d0
[  286.703583][T14092]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  286.703601][T14092]  ? __pfx_netlink_sendmsg+0x10/0x10
[  286.703619][T14092]  __sock_sendmsg+0x21c/0x270
[  286.703647][T14092]  ____sys_sendmsg+0x505/0x830
[  286.703672][T14092]  ? __pfx_____sys_sendmsg+0x10/0x10
[  286.703702][T14092]  ? import_iovec+0x74/0xa0
[  286.703729][T14092]  ___sys_sendmsg+0x21f/0x2a0
[  286.703754][T14092]  ? __pfx____sys_sendmsg+0x10/0x10
[  286.703818][T14092]  ? __fget_files+0x2a/0x420
[  286.703834][T14092]  ? __fget_files+0x3a0/0x420
[  286.703863][T14092]  __x64_sys_sendmsg+0x19b/0x260
[  286.703888][T14092]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  286.703921][T14092]  ? __pfx_ksys_write+0x10/0x10
[  286.703942][T14092]  ? rcu_is_watching+0x15/0xb0
[  286.703968][T14092]  ? do_syscall_64+0xbe/0x3b0
[  286.703993][T14092]  do_syscall_64+0xfa/0x3b0
[  286.704009][T14092]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.704036][T14092]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.704055][T14092]  ? clear_bhb_loop+0x60/0xb0
[  286.704079][T14092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.704097][T14092] RIP: 0033:0x7f5cd0d8eba9
[  286.704115][T14092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.704130][T14092] RSP: 002b:00007f5ccefd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  286.704151][T14092] RAX: ffffffffffffffda RBX: 00007f5cd0fd6090 RCX: 00007f5cd0d8eba9
[  286.704164][T14092] RDX: 0000000000000000 RSI: 0000200000000b00 RDI: 0000000000000004
[  286.704175][T14092] RBP: 00007f5ccefd5090 R08: 0000000000000000 R09: 0000000000000000
[  286.704197][T14092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.704209][T14092] R13: 00007f5cd0fd6128 R14: 00007f5cd0fd6090 R15: 00007fff0b412da8
[  286.704241][T14092]  </TASK>
[  287.295013][T14105] netlink: 'syz.2.2255': attribute type 1 has an invalid length.
[  287.303333][T14105] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2255'.
[  287.325217][T14105] netlink: 'syz.2.2255': attribute type 1 has an invalid length.
[  287.342005][T14105] netlink: 'syz.2.2255': attribute type 1 has an invalid length.
[  287.350246][T14105] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2255'.
[  287.368277][T14105] netlink: 'syz.2.2255': attribute type 1 has an invalid length.
[  287.935186][T14146] FAULT_INJECTION: forcing a failure.
[  287.935186][T14146] name failslab, interval 1, probability 0, space 0, times 0
[  287.994958][T14146] CPU: 0 UID: 0 PID: 14146 Comm: syz.2.2264 Not tainted syzkaller #0 PREEMPT(full) 
[  287.994988][T14146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  287.995000][T14146] Call Trace:
[  287.995008][T14146]  <TASK>
[  287.995016][T14146]  dump_stack_lvl+0x189/0x250
[  287.995046][T14146]  ? __pfx____ratelimit+0x10/0x10
[  287.995075][T14146]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.995097][T14146]  ? __pfx__printk+0x10/0x10
[  287.995128][T14146]  ? __pfx___might_resched+0x10/0x10
[  287.995146][T14146]  ? fs_reclaim_acquire+0x7d/0x100
[  287.995179][T14146]  should_fail_ex+0x414/0x560
[  287.995212][T14146]  should_failslab+0xa8/0x100
[  287.995241][T14146]  __kmalloc_noprof+0xcb/0x4f0
[  287.995266][T14146]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  287.995298][T14146]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  287.995330][T14146]  genl_family_rcv_msg_doit+0xb8/0x300
[  287.995361][T14146]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  287.995396][T14146]  ? apparmor_capable+0x137/0x1b0
[  287.995421][T14146]  ? bpf_lsm_capable+0x9/0x20
[  287.995446][T14146]  ? security_capable+0x7e/0x2e0
[  287.995482][T14146]  genl_rcv_msg+0x60e/0x790
[  287.995514][T14146]  ? __pfx_genl_rcv_msg+0x10/0x10
[  287.995535][T14146]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  287.995559][T14146]  ? __pfx_nl802154_del_llsec_seclevel+0x10/0x10
[  287.995578][T14146]  ? __pfx_nl802154_post_doit+0x10/0x10
[  287.995623][T14146]  netlink_rcv_skb+0x205/0x470
[  287.995649][T14146]  ? __lock_acquire+0xab9/0xd20
[  287.995677][T14146]  ? __pfx_genl_rcv_msg+0x10/0x10
[  287.995702][T14146]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  287.995755][T14146]  ? down_read+0x1ad/0x2e0
[  287.995779][T14146]  genl_rcv+0x28/0x40
[  287.995800][T14146]  netlink_unicast+0x82f/0x9e0
[  287.995844][T14146]  ? __pfx_netlink_unicast+0x10/0x10
[  287.995872][T14146]  ? netlink_sendmsg+0x642/0xb30
[  287.995887][T14146]  ? skb_put+0x11b/0x210
[  287.995919][T14146]  netlink_sendmsg+0x805/0xb30
[  287.995950][T14146]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.995974][T14146]  ? aa_sock_msg_perm+0xf1/0x1d0
[  287.995995][T14146]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  287.996016][T14146]  ? __pfx_netlink_sendmsg+0x10/0x10
[  287.996035][T14146]  __sock_sendmsg+0x21c/0x270
[  287.996067][T14146]  ____sys_sendmsg+0x505/0x830
[  287.996096][T14146]  ? __pfx_____sys_sendmsg+0x10/0x10
[  287.996130][T14146]  ? import_iovec+0x74/0xa0
[  287.996359][T14146]  ___sys_sendmsg+0x21f/0x2a0
[  287.996399][T14146]  ? __pfx____sys_sendmsg+0x10/0x10
[  287.996470][T14146]  ? __fget_files+0x2a/0x420
[  287.996487][T14146]  ? __fget_files+0x3a0/0x420
[  287.996519][T14146]  __x64_sys_sendmsg+0x19b/0x260
[  287.996545][T14146]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  287.996579][T14146]  ? __pfx_ksys_write+0x10/0x10
[  287.996603][T14146]  ? rcu_is_watching+0x15/0xb0
[  287.996629][T14146]  ? do_syscall_64+0xbe/0x3b0
[  287.996654][T14146]  do_syscall_64+0xfa/0x3b0
[  287.996670][T14146]  ? lockdep_hardirqs_on+0x9c/0x150
[  287.996697][T14146]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.996736][T14146]  ? clear_bhb_loop+0x60/0xb0
[  287.996761][T14146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.996781][T14146] RIP: 0033:0x7f8428f8eba9
[  287.996801][T14146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.996817][T14146] RSP: 002b:00007f8429db6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  287.996839][T14146] RAX: ffffffffffffffda RBX: 00007f84291d6090 RCX: 00007f8428f8eba9
[  287.996867][T14146] RDX: 0000000000000000 RSI: 0000200000000b00 RDI: 0000000000000004
[  287.996881][T14146] RBP: 00007f8429db6090 R08: 0000000000000000 R09: 0000000000000000
[  287.996893][T14146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.996904][T14146] R13: 00007f84291d6128 R14: 00007f84291d6090 R15: 00007ffc5eb55b98
[  287.996940][T14146]  </TASK>
[  288.049144][T14152] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2266'.
[  288.403876][T14152] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2266'.
[  288.641353][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2271'.
[  288.652384][T14170] openvswitch: netlink: Flow actions attr not present in new flow.
[  288.740202][T14166] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  288.918328][T14187] netlink: 'syz.1.2277': attribute type 2 has an invalid length.
[  289.222723][T14202] netlink: 'syz.1.2282': attribute type 9 has an invalid length.
[  289.584549][T14213] syz.4.2287: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  289.653916][T14213] CPU: 1 UID: 0 PID: 14213 Comm: syz.4.2287 Not tainted syzkaller #0 PREEMPT(full) 
[  289.653944][T14213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  289.653954][T14213] Call Trace:
[  289.653962][T14213]  <TASK>
[  289.653970][T14213]  dump_stack_lvl+0x189/0x250
[  289.654003][T14213]  ? __pfx_dump_stack_lvl+0x10/0x10
[  289.654024][T14213]  ? __pfx__printk+0x10/0x10
[  289.654050][T14213]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  289.654071][T14213]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  289.654094][T14213]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  289.654119][T14213]  warn_alloc+0x214/0x310
[  289.654147][T14213]  ? stack_depot_save_flags+0x40/0x860
[  289.654186][T14213]  ? __pfx_warn_alloc+0x10/0x10
[  289.654212][T14213]  ? kasan_save_track+0x4f/0x80
[  289.654235][T14213]  ? xskq_create+0x56/0x170
[  289.654260][T14213]  ? xsk_init_queue+0xb0/0x110
[  289.654281][T14213]  ? xsk_setsockopt+0x4dc/0x8d0
[  289.654302][T14213]  ? do_sock_setsockopt+0x17c/0x1b0
[  289.654319][T14213]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  289.654337][T14213]  ? do_syscall_64+0xfa/0x3b0
[  289.654352][T14213]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.654380][T14213]  __vmalloc_node_range_noprof+0x125/0x12f0
[  289.654441][T14213]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  289.654475][T14213]  ? __kasan_kmalloc+0x93/0xb0
[  289.654503][T14213]  vmalloc_user_noprof+0xad/0xf0
[  289.654527][T14213]  ? xskq_create+0xbf/0x170
[  289.654555][T14213]  xskq_create+0xbf/0x170
[  289.654584][T14213]  xsk_init_queue+0xb0/0x110
[  289.654612][T14213]  xsk_setsockopt+0x4dc/0x8d0
[  289.654640][T14213]  ? __pfx_xsk_setsockopt+0x10/0x10
[  289.654664][T14213]  ? __pfx_aa_sk_perm+0x10/0x10
[  289.654696][T14213]  ? aa_sock_opt_perm+0xff/0x1b0
[  289.654717][T14213]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  289.654736][T14213]  ? __pfx_xsk_setsockopt+0x10/0x10
[  289.654762][T14213]  do_sock_setsockopt+0x17c/0x1b0
[  289.654787][T14213]  __x64_sys_setsockopt+0x13f/0x1b0
[  289.654813][T14213]  do_syscall_64+0xfa/0x3b0
[  289.654830][T14213]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.654856][T14213]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.654874][T14213]  ? clear_bhb_loop+0x60/0xb0
[  289.654897][T14213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.654913][T14213] RIP: 0033:0x7f5cd0d8eba9
[  289.654930][T14213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.654945][T14213] RSP: 002b:00007f5cceff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  289.654966][T14213] RAX: ffffffffffffffda RBX: 00007f5cd0fd5fa0 RCX: 00007f5cd0d8eba9
[  289.654981][T14213] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  289.654992][T14213] RBP: 00007f5cd0e11e19 R08: 0000000000000004 R09: 0000000000000000
[  289.655004][T14213] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  289.655015][T14213] R13: 00007f5cd0fd6038 R14: 00007f5cd0fd5fa0 R15: 00007fff0b412da8
[  289.655046][T14213]  </TASK>
[  289.655053][T14213] Mem-Info:
[  289.821458][T14229] xt_time: unknown flags 0xf4
[  289.838620][T14213] active_anon:5197 inactive_anon:0 isolated_anon:0
[  289.838620][T14213]  active_file:3275 inactive_file:39943 isolated_file:0
[  289.838620][T14213]  unevictable:768 dirty:166 writeback:0
[  289.838620][T14213]  slab_reclaimable:11406 slab_unreclaimable:103772
[  289.838620][T14213]  mapped:29382 shmem:1360 pagetables:1098
[  289.838620][T14213]  sec_pagetables:0 bounce:0
[  289.838620][T14213]  kernel_misc_reclaimable:0
[  289.838620][T14213]  free:1314510 free_pcp:13165 free_cma:0
[  290.036281][T14229] netlink: 'syz.2.2290': attribute type 39 has an invalid length.
[  290.052181][T14213] Node 0 active_anon:20888kB inactive_anon:0kB active_file:13100kB inactive_file:159572kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117528kB dirty:664kB writeback:0kB shmem:3904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13612kB pagetables:4248kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  290.101687][T14213] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  290.140063][T14213] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  290.215746][T14240] __nla_validate_parse: 5 callbacks suppressed
[  290.215768][T14240] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2294'.
[  290.235665][T14241] IPVS: length: 157 != 24
[  290.251824][T14213] lowmem_reserve[]: 0 2497 2499 2499 2499
[  290.271322][T14213] Node 0 DMA32 free:1351404kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:20712kB inactive_anon:0kB active_file:13100kB inactive_file:157996kB unevictable:1536kB writepending:672kB present:3129332kB managed:2557428kB mlocked:0kB bounce:0kB free_pcp:33324kB local_pcp:13484kB free_cma:0kB
[  290.362237][T14247] netlink: 'syz.2.2296': attribute type 1 has an invalid length.
[  290.385316][T14247] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2296'.
[  290.397396][T14213] lowmem_reserve[]: 0 0 1 1 1
[  290.409958][T14213] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  290.486482][T14213] lowmem_reserve[]: 0 0 0 0 0
[  290.608471][T14213] Node 1 Normal free:3891264kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:19088kB local_pcp:9024kB free_cma:0kB
[  290.671739][T14213] lowmem_reserve[]: 0 0 0 0 0
[  290.679792][T14213] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  290.796258][T14213] Node 0 DMA32: 1223*4kB (UME) 304*8kB (UME) 127*16kB (UM) 1451*32kB (UME) 456*64kB (UME) 60*128kB (UM) 39*256kB (UME) 7*512kB (UME) 2*1024kB (ME) 3*2048kB (UM) 302*4096kB (UM) = 1351404kB
[  290.910043][T14213] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  290.977094][T14213] Node 1 Normal: 210*4kB (UE) 65*8kB (UME) 47*16kB (UME) 80*32kB (UME) 26*64kB (UME) 9*128kB (UME) 5*256kB (UME) 5*512kB (UME) 3*1024kB (ME) 1*2048kB (U) 946*4096kB (M) = 3891264kB
[  291.037306][T14213] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  291.057436][T14213] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  291.083623][T14213] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  291.085725][T14283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2304'.
[  291.104457][T14213] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  291.116459][T14213] 44575 total pagecache pages
[  291.121372][T14213] 0 pages in swap cache
[  291.123284][T14283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2304'.
[  291.126672][T14213] Free swap  = 124996kB
[  291.141806][T14213] Total swap = 124996kB
[  291.148600][T14213] 2097051 pages RAM
[  291.155089][T14213] 0 pages HighMem/MovableOnly
[  291.159949][T14213] 425668 pages reserved
[  291.164780][T14213] 0 pages cma reserved
[  291.972953][T14328] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2317'.
[  292.071118][T14333] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2319'.
[  292.110264][T14337] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  292.146452][T14333] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2319'.
[  292.152481][T14337] netlink: 'syz.1.2321': attribute type 11 has an invalid length.
[  292.177505][T14337] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2321'.
[  292.227119][T14340] netlink: 'syz.1.2321': attribute type 11 has an invalid length.
[  292.248998][T14340] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2321'.
[  292.300353][T14351] netlink: 23 bytes leftover after parsing attributes in process `syz.3.2322'.
[  292.426800][T14358] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  292.465072][T14358] tipc: Resetting bearer <eth:syzkaller0>
[  292.472034][T14363] netlink: 'syz.2.2328': attribute type 11 has an invalid length.
[  293.525105][T14425] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  293.545327][T14423] netlink: 'syz.0.2343': attribute type 6 has an invalid length.
[  293.947213][T14449] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  294.310393][T14472] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  294.411907][T14478] syzkaller1: entered promiscuous mode
[  294.423099][T14478] syzkaller1: entered allmulticast mode
[  294.448072][T14480] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  294.845578][T14505] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  294.892772][T14505] tipc: Disabling bearer <eth:syzkaller0>
[  295.298126][T14533] __nla_validate_parse: 11 callbacks suppressed
[  295.298158][T14533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2379'.
[  295.363445][T14533] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2379'.
[  295.559726][T14547] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2384'.
[  295.591509][T14547] mac80211_hwsim hwsim3 ÿ
: renamed from wlan1
[  295.839915][T14560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2387'.
[  296.025452][T14570] netlink: 'syz.1.2392': attribute type 2 has an invalid length.
[  296.042864][T14570] netlink: 'syz.1.2392': attribute type 8 has an invalid length.
[  296.066165][T14570] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2392'.
[  296.176882][T14577] tipc: Started in network mode
[  296.181914][T14577] tipc: Node identity dadbb4546ad4, cluster identity 4711
[  296.192217][T14577] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  296.202624][T14577] syzkaller0: entered promiscuous mode
[  296.218568][T14577] syzkaller0: entered allmulticast mode
[  296.250263][T14577] tipc: Resetting bearer <eth:syzkaller0>
[  296.275259][T14575] tipc: Resetting bearer <eth:syzkaller0>
[  296.315657][T14575] tipc: Disabling bearer <eth:syzkaller0>
[  296.737548][T14611] gre1: entered promiscuous mode
[  296.746068][T14611] gre1: entered allmulticast mode
[  296.935808][T14642] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2405'.
[  297.192439][T14660] syzkaller1: entered promiscuous mode
[  297.212645][T14660] syzkaller1: entered allmulticast mode
[  297.239098][T14660] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324
[  297.325989][T14669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2407'.
[  297.540722][T14674] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2412'.
[  297.724603][T14691] netlink: 240 bytes leftover after parsing attributes in process `syz.2.2415'.
[  297.740722][T14674] macvtap1: entered promiscuous mode
[  297.746594][T14674] vlan0: entered promiscuous mode
[  297.752303][T14674] macvtap1: entered allmulticast mode
[  297.761551][T14674] vlan0: entered allmulticast mode
[  298.077053][T14704] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  298.095185][T14703] netlink: 14544 bytes leftover after parsing attributes in process `syz.4.2419'.
[  298.129373][T14708] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  298.166956][T14708] netlink: 'syz.2.2422': attribute type 10 has an invalid length.
[  298.186123][T14708] mac80211_hwsim hwsim5 wlan1: left promiscuous mode
[  298.254416][T14708] bond0: (slave bridge_slave_1): Releasing backup interface
[  298.280926][T14708] bridge_slave_1: left allmulticast mode
[  298.308258][T14708] bond0: (slave bond_slave_0): Releasing backup interface
[  298.326172][T14708] bond_slave_0: left allmulticast mode
[  298.355019][T14708] bond0: (slave bond_slave_1): Releasing backup interface
[  298.369773][T14708] bond_slave_1: left allmulticast mode
[  298.405348][T14708] team0: Port device team_slave_0 removed
[  298.436772][T14708] team0: Port device team_slave_1 removed
[  298.476261][T14708] team0: Port device vlan0 removed
[  298.512437][T14708] team0: Port device geneve0 removed
[  298.533115][T14708] bond0: (slave geneve1): Releasing backup interface
[  298.559000][T14708] geneve1: left allmulticast mode
[  298.578565][T14708] bond3: (slave wlan0): Releasing active interface
[  298.600417][T14708] bond0: (slave wlan1): Releasing backup interface
[  298.611204][T14708] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  298.623227][T14708] bond4: (slave veth3): Releasing backup interface
[  298.641132][T14708] veth9: left allmulticast mode
[  298.646538][T14708] veth9: left promiscuous mode
[  298.651595][T14708] bridge6: port 1(veth9) entered disabled state
[  298.674403][T14716] gretap1: entered promiscuous mode
[  298.679709][T14716] gretap1: entered allmulticast mode
[  298.706386][T14623] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  298.728419][T14623] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  298.754693][T14623] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  298.796888][T14623] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  298.977231][T14750] team0: Device gtp0 is up. Set it down before adding it as a team port
[  299.005262][T14748] netlink: 'syz.1.2433': attribute type 10 has an invalid length.
[  299.092275][T14748] bridge_slave_1: left promiscuous mode
[  299.115026][T14748] bridge_slave_1: entered promiscuous mode
[  299.136962][T14748] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  299.359495][T14770] netlink: 'syz.0.2438': attribute type 1 has an invalid length.
[  299.548662][T14770] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR
[  299.985389][T14806] xt_limit: Overflow, try lower: 271964/0
[  300.201795][T14822] openvswitch: netlink: Message has 4 unknown bytes.
[  300.224379][T14822] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  300.813990][T14848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  300.814585][T14850] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  300.832355][T14850] syzkaller0: entered promiscuous mode
[  300.839062][T14850] syzkaller0: entered allmulticast mode
[  300.878761][T14848] __nla_validate_parse: 8 callbacks suppressed
[  300.878783][T14848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2464'.
[  300.897787][T14850] tipc: Resetting bearer <eth:syzkaller0>
[  300.915688][T14848] xt_time: unknown flags 0xf4
[  300.916655][T14850] netlink: 'syz.3.2462': attribute type 10 has an invalid length.
[  300.949739][T14846] tipc: Resetting bearer <eth:syzkaller0>
[  300.978075][T14846] tipc: Disabling bearer <eth:syzkaller0>
[  300.989513][T14858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2466'.
[  301.234617][T14872] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2470'.
[  301.333182][T14872] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2470'.
[  301.656237][T14880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2472'.
[  301.741946][T14898] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2476'.
[  302.024701][T14898] bridge0: port 3(dummy0) entered disabled state
[  302.031284][T14898] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.039996][T14898] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.518768][T14917] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2482'.
[  302.773418][T14907] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  303.103124][T14945] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2488'.
[  303.122349][T14946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2488'.
[  303.224900][T14945] hsr_slave_1: left promiscuous mode
[  303.441418][T14961] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2493'.
[  303.515536][T14973] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  303.622445][T14981] gre0: entered promiscuous mode
[  303.645564][T14981] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  303.670997][T14981] vlan4: entered promiscuous mode
[  303.680445][T14981] bridge0: entered promiscuous mode
[  303.989468][T15006] netlink: 'syz.2.2506': attribute type 3 has an invalid length.
[  303.991974][T14994] 8021q: adding VLAN 0 to HW filter on device bond5
[  304.002316][T15006] netlink: 'syz.2.2506': attribute type 10 has an invalid length.
[  304.020933][T15007] netlink: 'syz.0.2504': attribute type 1 has an invalid length.
[  304.127329][T15000] vlan0: entered allmulticast mode
[  304.143018][T15000] bond5: entered allmulticast mode
[  305.504522][T15066] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  305.691291][T15081] netlink: 'syz.1.2523': attribute type 5 has an invalid length.
[  305.948762][T15090] __nla_validate_parse: 9 callbacks suppressed
[  305.948786][T15090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2527'.
[  305.965347][T15091] netlink: 'syz.3.2526': attribute type 11 has an invalid length.
[  306.157224][T15101] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2530'.
[  306.372610][T15120] netlink: 'syz.2.2535': attribute type 1 has an invalid length.
[  306.547322][T15130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2538'.
[  306.570520][T15133] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2540'.
[  306.598111][T15134] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  306.651109][T15139] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2541'.
[  307.086484][T15164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2548'.
[  307.133467][T15164] netlink: 'syz.1.2548': attribute type 1 has an invalid length.
[  307.181149][T15164] netlink: 'syz.1.2548': attribute type 1 has an invalid length.
[  307.194136][T15164] netlink: 'syz.1.2548': attribute type 2 has an invalid length.
[  307.215895][T15164] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2548'.
[  307.982320][T15215] netlink: 'syz.0.2562': attribute type 10 has an invalid length.
[  308.031882][T15215] team0: Port device 
0!
 removed
[  308.051258][T15215] bond0: (slave 
0!
): Enslaving as an active interface with an up link
[  330.603735][T15222] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2565'.
[  330.625393][T15229] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2568'.
[  330.716909][T15235] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2568'.
[  330.743690][T15235] validate_nla: 2 callbacks suppressed
[  330.743710][T15235] netlink: 'syz.4.2568': attribute type 7 has an invalid length.
[  330.773599][T15235] netlink: 'syz.4.2568': attribute type 8 has an invalid length.
[  330.807159][T15235] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2568'.
[  330.854029][T15244] sctp: [Deprecated]: syz.2.2570 (pid 15244) Use of int in max_burst socket option.
[  330.854029][T15244] Use struct sctp_assoc_value instead
[  330.928568][T15246] netdevsim netdevsim0: Direct firmware load for /.€ failed with error -2
[  330.961920][T15248] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  330.981090][T15246] netdevsim netdevsim0: Falling back to sysfs fallback for: /.€
[  331.451923][T15279] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2578'.
[  331.551436][T15284] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2580'.
[  331.569435][T15286] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2580'.
[  331.696961][T15292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2581'.
[  331.764315][T15290] 8021q: adding VLAN 0 to HW filter on device bond0
[  331.799633][T15290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  331.842471][T15308] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2586'.
[  331.942253][T15312] openvswitch: netlink: IPv4 frag type 255 is out of range max 2
[  332.249149][T15328] veth1_to_bond: entered allmulticast mode
[  332.261535][T15331] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2593'.
[  332.409638][T15328] veth1_to_bond (unregistering): left allmulticast mode
[  332.516688][T15344] openvswitch: netlink: Message has -1 unknown bytes.
[  332.940342][T15367] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  332.998983][T15367] IPVS: set_ctl: invalid protocol: 33 172.20.20.187:20003
[  333.045292][ T5924] IPVS: starting estimator thread 0...
[  333.154050][T15379] IPVS: using max 26 ests per chain, 62400 per kthread
[  333.489899][T15403] netlink: 'syz.1.2609': attribute type 3 has an invalid length.
[  334.089810][T15427] IPVS: set_ctl: invalid protocol: 115 172.20.20.47:20000
[  334.120051][T15427] netlink: 'syz.4.2614': attribute type 33 has an invalid length.
[  334.290578][T15435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  334.332689][T15435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  334.756098][T15472] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  335.730362][T15525] netlink: 'syz.1.2644': attribute type 8 has an invalid length.
[  335.770658][T15529] netlink: 'syz.4.2647': attribute type 10 has an invalid length.
[  335.817140][T15529] 8021q: adding VLAN 0 to HW filter on device team0
[  335.831645][T15529] bond0: (slave team0): Enslaving as an active interface with an up link
[  335.932501][T15536] netlink: 'syz.0.2648': attribute type 10 has an invalid length.
[  335.948394][T15536] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  336.029438][T15541] __nla_validate_parse: 11 callbacks suppressed
[  336.029460][T15541] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2650'.
[  336.256057][T15564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2656'.
[  336.270738][T15566] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2655'.
[  336.469436][T15569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2660'.
[  336.488566][T15573] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2660'.
[  336.518999][T15571] sch_tbf: peakrate 36943 is lower than or equals to rate 9336745865087060749 !
[  336.588685][T15579] netlink: 'syz.1.2659': attribute type 2 has an invalid length.
[  336.710126][T15587] netlink: 'syz.4.2665': attribute type 1 has an invalid length.
[  336.718719][T15588] netlink: 'syz.4.2665': attribute type 1 has an invalid length.
[  336.791161][T15587] 8021q: adding VLAN 0 to HW filter on device bond7
[  337.192740][T15618] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2676'.
[  337.240305][T15621] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2677'.
[  337.488833][T15635] openvswitch: netlink: Tunnel attr 47 out of range max 16
[  338.134791][T15675] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2692'.
[  338.152151][T15674] syzkaller1: entered promiscuous mode
[  338.158475][T15674] syzkaller1: entered allmulticast mode
[  338.172881][T15675] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2692'.
[  338.230172][T15675] bridge0: port 1(vlan0) entered blocking state
[  338.249730][T15675] bridge0: port 1(vlan0) entered disabled state
[  338.266643][T15675] vlan0: entered allmulticast mode
[  338.281032][T15675] bridge0: entered allmulticast mode
[  338.320889][T15675] vlan0: left allmulticast mode
[  338.350749][T15675] bridge0: left allmulticast mode
[  338.423093][T15694] netlink: 'syz.4.2697': attribute type 4 has an invalid length.
[  338.604652][T15701] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2699'.
[  338.625657][T15701] xt_time: invalid argument - start or stop time greater than 23:59:59
[  338.736017][T15712] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  339.330720][T15758] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  340.911756][T15846] netlink: 'syz.4.2748': attribute type 3 has an invalid length.
[  340.981050][T15848] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  340.992384][T15849] syzkaller0: entered promiscuous mode
[  341.019464][T15849] syzkaller0: entered allmulticast mode
[  341.056590][T15849] tipc: Resetting bearer <eth:syzkaller0>
[  341.120771][T15849] tipc: Disabling bearer <eth:syzkaller0>
[  341.265837][T15861] __nla_validate_parse: 8 callbacks suppressed
[  341.265857][T15861] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2754'.
[  341.488422][T15880] sctp: [Deprecated]: syz.1.2761 (pid 15880) Use of struct sctp_assoc_value in delayed_ack socket option.
[  341.488422][T15880] Use struct sctp_sack_info instead
[  341.518449][T15878] netlink: 'syz.3.2760': attribute type 2 has an invalid length.
[  341.536065][T15880] sctp: [Deprecated]: syz.1.2761 (pid 15880) Use of struct sctp_assoc_value in delayed_ack socket option.
[  341.536065][T15880] Use struct sctp_sack_info instead
[  341.578324][T15878] netlink: 'syz.3.2760': attribute type 8 has an invalid length.
[  341.634146][T15878] netlink: 1148 bytes leftover after parsing attributes in process `syz.3.2760'.
[  341.790528][T15891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2764'.
[  341.810912][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2764'.
[  341.842894][T15891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2764'.
[  341.866214][T15891] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2764'.
[  341.950312][T15899] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  342.261915][T15924] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2778'.
[  342.303406][T15925] netlink: 'syz.3.2777': attribute type 3 has an invalid length.
[  342.452628][T15939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2780'.
[  342.471959][T15941] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2781'.
[  342.661212][T15939] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2780'.
[  342.672047][T15948] openvswitch: netlink: Message has 5 unknown bytes.
[  342.886059][T15963] syzkaller0: entered promiscuous mode
[  342.897849][T15963] syzkaller0: entered allmulticast mode
[  342.928391][T15963] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  343.202663][T15992] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  344.104532][T16033] block nbd0: server does not support multiple connections per device.
[  344.138817][T16033] block nbd0: shutting down sockets
[  344.379696][T16049] pimreg: entered allmulticast mode
[  345.336018][T16095] netlink: 'syz.2.2829': attribute type 15 has an invalid length.
[  345.559404][T16107] sctp: [Deprecated]: syz.4.2831 (pid 16107) Use of int in maxseg socket option.
[  345.559404][T16107] Use struct sctp_assoc_value instead
[  345.826371][T16122] nbd: must specify a size in bytes for the device
[  346.272483][T16146] lo speed is unknown, defaulting to 1000
[  346.282141][T16144] TCP: TCP_TX_DELAY enabled
[  346.285485][T16146] lo speed is unknown, defaulting to 1000
[  346.296998][T16146] lo speed is unknown, defaulting to 1000
[  346.792743][T16166] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  346.910470][ T5940] lo speed is unknown, defaulting to 1000
[  346.919971][T16146] infiniband syz0: set active
[  346.929744][T16146] infiniband syz0: added lo
[  347.056227][T16146] RDS/IB: syz0: added
[  347.076914][T16146] smc: adding ib device syz0 with port count 1
[  347.085468][T16146] smc:    ib device syz0 port 1 has pnetid 
[  347.102094][T10071] lo speed is unknown, defaulting to 1000
[  347.121387][T16146] lo speed is unknown, defaulting to 1000
[  347.338949][T16180] __nla_validate_parse: 20 callbacks suppressed
[  347.338970][T16180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2857'.
[  347.371005][T16180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2857'.
[  347.474224][T16186] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2859'.
[  347.729926][T16146] lo speed is unknown, defaulting to 1000
[  347.990756][T16206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2865'.
[  348.254848][T16217] netlink: 'syz.1.2867': attribute type 10 has an invalid length.
[  348.270148][T16217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2867'.
[  348.334813][T16221] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2869'.
[  348.447976][T16224] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (18446744073709551615)
[  348.470421][T16224] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535
[  348.548424][T16146] lo speed is unknown, defaulting to 1000
[  349.150968][T16264] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2884'.
[  349.232823][T16146] lo speed is unknown, defaulting to 1000
[  349.864588][T16291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2889'.
[  349.990024][T16294] netlink: 'syz.0.2889': attribute type 1 has an invalid length.
[  349.998743][T16294] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2889'.
[  350.276556][T16299] netlink: 'syz.1.2892': attribute type 10 has an invalid length.
[  350.326786][T16304] netlink: 'syz.1.2892': attribute type 10 has an invalid length.
[  350.327922][T16146] lo speed is unknown, defaulting to 1000
[  350.385034][T16301] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2893'.
[  350.454863][ T5882] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  350.467925][ T5882] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  350.479361][ T5882] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  350.499847][ T5882] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  350.509681][ T5882] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  350.572820][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  350.587902][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  350.595796][ T5873] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  350.612928][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  350.639882][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  351.269245][T16146] lo speed is unknown, defaulting to 1000
[  351.380273][T16352] vlan3: entered promiscuous mode
[  351.439385][T16352] team0: entered promiscuous mode
[  351.447408][T16352] team_slave_0: entered promiscuous mode
[  351.471903][T16352] team_slave_1: entered promiscuous mode
[  351.781443][T16365] veth0_virt_wifi: renamed from dummy0
[  352.018404][T16377] netlink: 'syz.0.2914': attribute type 12 has an invalid length.
[  352.379316][T16307] chnl_net:caif_netlink_parms(): no params data found
[  352.565243][T16307] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.574482][T16307] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.581863][T16307] bridge_slave_0: entered allmulticast mode
[  352.590530][T16307] bridge_slave_0: entered promiscuous mode
[  352.603275][T16307] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.611418][T16307] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.619175][T16307] bridge_slave_1: entered allmulticast mode
[  352.628051][T16307] bridge_slave_1: entered promiscuous mode
[  352.694662][ T5873] Bluetooth: hci1: command tx timeout
[  352.722476][T16307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  352.771533][T16307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  352.847608][T16412] lo speed is unknown, defaulting to 1000
[  352.899162][T16307] team0: Port device team_slave_0 added
[  352.918623][T16307] team0: Port device team_slave_1 added
[  352.990984][T16386] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  352.997457][T16386] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  353.052456][T16307] batman_adv: batadv0: Adding interface: batadv_slave_0
[  353.073583][T16307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.128658][T16307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  353.154262][T16307] batman_adv: batadv0: Adding interface: batadv_slave_1
[  353.363563][T16307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.423023][T16307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  353.545135][T16307] hsr_slave_0: entered promiscuous mode
[  353.551641][T16307] hsr_slave_1: entered promiscuous mode
[  353.558757][T16307] debugfs: 'hsr0' already exists in 'hsr'
[  353.565012][T16307] Cannot create hsr debugfs directory
[  353.971783][T16307] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  354.066603][T16307] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  354.163231][T16307] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  354.248794][T16307] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  354.389634][T16307] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  354.399895][T16307] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  354.411099][T16307] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  354.424385][T16307] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  354.502676][T16307] 8021q: adding VLAN 0 to HW filter on device bond0
[  354.526475][T16307] 8021q: adding VLAN 0 to HW filter on device team0
[  354.541289][T14621] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.548678][T14621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  354.570629][T14621] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.577930][T14621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  354.779109][T16307] 8021q: adding VLAN 0 to HW filter on device batadv0
[  354.825748][T16307] veth0_vlan: entered promiscuous mode
[  354.838439][T16307] veth1_vlan: entered promiscuous mode
[  354.875144][T16307] veth0_macvtap: entered promiscuous mode
[  354.885634][T16307] veth1_macvtap: entered promiscuous mode
[  354.907893][T16307] batman_adv: batadv0: Interface activated: batadv_slave_0
[  354.922566][T16307] batman_adv: batadv0: Interface activated: batadv_slave_1
[  354.940660][T14631] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  354.950943][T14618] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  354.964947][T14618] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  354.974068][T14618] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  355.119383][T14622] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  355.130267][T14622] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  355.164944][T14618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  355.173058][T14618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  375.273215][T16454] __nla_validate_parse: 4 callbacks suppressed
[  375.273238][T16454] netlink: 288 bytes leftover after parsing attributes in process `syz.2.2934'.
[  375.418677][T16458] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2937'.
[  375.485537][T16462] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2939'.
[  375.514029][T16463] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2939'.
[  375.810252][T16477] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2942'.
[  376.237285][T16497] netlink: 'syz.3.2946': attribute type 18 has an invalid length.
[  376.356967][ T5882] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  376.369733][ T5882] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  376.382225][ T5882] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  376.392117][ T5882] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  376.404793][ T5882] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  376.599894][T16502] lo speed is unknown, defaulting to 1000
[  376.719817][T16520] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2954'.
[  376.898169][T16525] netlink: 'syz.4.2956': attribute type 1 has an invalid length.
[  377.179943][T16541] netlink: 'syz.4.2960': attribute type 10 has an invalid length.
[  377.206976][T16541] mac80211_hwsim hwsim11 wlan1: left promiscuous mode
[  377.225154][T16541] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  377.264836][T16543] netlink: 260 bytes leftover after parsing attributes in process `syz.1.2962'.
[  377.300114][T16537] bond0: (slave team0): Releasing backup interface
[  377.349957][T16537] bridge_slave_0: left allmulticast mode
[  377.370845][T16537] bridge_slave_0: left promiscuous mode
[  377.387313][T16537] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.400746][T16537] bridge_slave_1: left allmulticast mode
[  377.407260][T16537] bridge_slave_1: left promiscuous mode
[  377.413495][T16537] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.431088][T16537] bond0: (slave bond_slave_0): Releasing backup interface
[  377.450567][T16537] bond0: (slave bond_slave_1): Releasing backup interface
[  377.466944][T16537] team0: Port device team_slave_0 removed
[  377.477328][T16537] team0: Port device team_slave_1 removed
[  377.485667][T16537] bond2: (slave bridge1): Releasing active interface
[  377.498762][T16537] bond6: (slave geneve3): Releasing active interface
[  377.533383][ T5877] lo speed is unknown, defaulting to 1000
[  377.578849][T16545] ipip0: entered allmulticast mode
[  377.660233][T14622] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 20004 - 0
[  377.679840][T14622] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 20004 - 0
[  377.722769][T14622] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 20004 - 0
[  377.831262][T16558] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2966'.
[  377.944364][T16564] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2968'.
[  377.956543][T16567] IPVS: set_ctl: invalid protocol: 60 172.20.20.48:20000
[  378.316916][T16584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2974'.
[  378.337837][T16502] chnl_net:caif_netlink_parms(): no params data found
[  378.367950][T16588] netlink: 'syz.2.2975': attribute type 33 has an invalid length.
[  378.399572][T16588] netlink: 'syz.2.2975': attribute type 33 has an invalid length.
[  378.455316][ T5882] Bluetooth: hci4: command tx timeout
[  378.578344][T16595] gre2: entered promiscuous mode
[  378.592425][T16595] gre2: entered allmulticast mode
[  378.824017][T16502] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.831398][T16502] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.852342][T16502] bridge_slave_0: entered allmulticast mode
[  378.861400][T16502] bridge_slave_0: entered promiscuous mode
[  378.871248][T16502] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.879692][T16502] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.890790][T16502] bridge_slave_1: entered allmulticast mode
[  378.900129][T16502] bridge_slave_1: entered promiscuous mode
[  379.112483][T16502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.142002][T16502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  379.211208][T16622] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�z
[  379.389217][T16502] team0: Port device team_slave_0 added
[  379.440073][T16502] team0: Port device team_slave_1 added
[  379.576160][T16502] batman_adv: batadv0: Adding interface: batadv_slave_0
[  379.593688][T16502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.640749][T16502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  379.700319][T16502] batman_adv: batadv0: Adding interface: batadv_slave_1
[  379.717001][T16502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.763569][T16502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  380.051916][T16502] hsr_slave_0: entered promiscuous mode
[  380.064231][T16502] hsr_slave_1: entered promiscuous mode
[  380.088459][T16502] debugfs: 'hsr0' already exists in 'hsr'
[  380.111781][T16502] Cannot create hsr debugfs directory
[  380.539068][ T5882] Bluetooth: hci4: command tx timeout
[  380.641046][T16502] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  380.675520][T16688] mac80211_hwsim hwsim23 wlan1: entered allmulticast mode
[  380.700540][T16688] netlink: 'syz.3.3001': attribute type 10 has an invalid length.
[  380.725325][T16688] bond0: (slave ÿ
): Enslaving as an active interface with an up link
[  380.746253][T16688] veth0_virt_wifi: left allmulticast mode
[  380.752636][T16688] bridge0: port 3(veth0_virt_wifi) entered disabled state
[  380.769058][T16688] bridge_slave_0: left allmulticast mode
[  380.779745][T16688] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.799323][T16688] bridge_slave_1: left allmulticast mode
[  380.806954][T16688] bridge_slave_1: left promiscuous mode
[  380.813540][T16688] bridge0: port 2(bridge_slave_1) entered disabled state
[  380.829087][T16688] bond2: (slave veth0_to_bond): Releasing active interface
[  380.846640][T16688] bond0: (slave bond_slave_0): Releasing backup interface
[  380.861327][T16688] bond0: (slave bond_slave_1): Releasing backup interface
[  380.875417][T16688] team_slave_0: left promiscuous mode
[  380.887757][T16688] team0: Port device team_slave_0 removed
[  380.895219][T16688] team_slave_1: left promiscuous mode
[  380.902739][T16688] team0: Port device team_slave_1 removed
[  380.918971][T16688] bond0: (slave ÿ
): Releasing backup interface
[  380.979060][T16688] bond2: (slave veth5): Releasing active interface
[  380.992283][T16688] veth7: left allmulticast mode
[  381.013233][T16688] veth7: left promiscuous mode
[  381.034745][T16688] bridge3: port 1(veth7) entered disabled state
[  381.050835][T16688] vlan2: left promiscuous mode
[  381.056075][T16688] veth0_to_bond: left promiscuous mode
[  381.062261][T16688] bridge3: port 2(vlan2) entered disabled state
[  381.137804][T16502] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.246253][T16502] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.378484][T16502] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.399195][T16713] 8021q: VLANs not supported on gre0
[  381.701428][T16502] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  381.781371][T16502] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  381.834487][T16726] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  381.872847][T16502] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  381.940611][T16502] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  382.047078][T16735] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  382.067302][T16735] syzkaller0: entered promiscuous mode
[  382.072831][T16735] syzkaller0: entered allmulticast mode
[  382.103955][T16735] netlink: 'syz.3.3012': attribute type 11 has an invalid length.
[  382.132684][T16735] __nla_validate_parse: 3 callbacks suppressed
[  382.132702][T16735] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3012'.
[  382.257800][T16735] tipc: Resetting bearer <eth:syzkaller0>
[  382.287967][T16734] tipc: Resetting bearer <eth:syzkaller0>
[  382.339618][T16734] tipc: Disabling bearer <eth:syzkaller0>
[  382.579349][T16502] 8021q: adding VLAN 0 to HW filter on device bond0
[  382.614540][ T5882] Bluetooth: hci4: command tx timeout
[  382.665313][T16502] 8021q: adding VLAN 0 to HW filter on device team0
[  382.715163][T14623] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.722424][T14623] bridge0: port 1(bridge_slave_0) entered forwarding state
[  382.739752][T14623] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.747071][T14623] bridge0: port 2(bridge_slave_1) entered forwarding state
[  383.107527][T16782] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3026'.
[  383.120947][T16783] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  383.163025][T16782] vlan3: entered allmulticast mode
[  383.190168][T16782] erspan0: entered allmulticast mode
[  383.242144][T16783] tipc: Disabling bearer <eth:syzkaller0>
[  383.525553][T16804] gtp0: entered allmulticast mode
[  383.658828][T16502] 8021q: adding VLAN 0 to HW filter on device batadv0
[  383.860809][T16502] veth0_vlan: entered promiscuous mode
[  383.911070][T16502] veth1_vlan: entered promiscuous mode
[  383.956310][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  383.997539][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.000766][T16828] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.3038'.
[  384.028124][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.036141][T16828] netlink: zone id is out of range
[  384.043353][T16502] veth0_macvtap: entered promiscuous mode
[  384.056265][T16828] netlink: zone id is out of range
[  384.077861][T16828] netlink: zone id is out of range
[  384.092107][T16825] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  384.103100][T16502] veth1_macvtap: entered promiscuous mode
[  384.111424][T16828] netlink: get zone limit has 8 unknown bytes
[  384.152354][T16825] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  384.170658][T16502] batman_adv: batadv0: Interface activated: batadv_slave_0
[  384.230399][T16502] batman_adv: batadv0: Interface activated: batadv_slave_1
[  384.269076][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.287695][T14621] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  384.307837][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.311720][T16835] erspan0: entered promiscuous mode
[  384.326551][T16835] erspan0: entered allmulticast mode
[  384.338061][T14621] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  384.376825][T14621] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  384.387276][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.402936][T14621] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  384.414813][T16836] netlink: 'syz.2.3041': attribute type 3 has an invalid length.
[  384.422929][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.472689][T16836] netlink: 'syz.2.3041': attribute type 3 has an invalid length.
[  384.496095][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.520670][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.558299][T16825] syzkaller0 speed is unknown, defaulting to 1000
[  384.610112][T14632] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  384.635059][T14632] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  384.687709][T14621] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  384.708243][ T5882] Bluetooth: hci4: command tx timeout
[  384.720497][T14621] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  384.745621][T16845] 8021q: VLANs not supported on lo
[  384.754368][T16849] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3045'.
[  384.932301][T16858] tipc: Enabled bearer <ib:gretap0>, priority 10
[  384.936944][T16859] vxcan1: tx address claim with dlc 0
[  384.952926][T16859] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2932'.
[  384.962958][T16858] netlink: 'syz.3.3049': attribute type 1 has an invalid length.
[  384.996101][T16858] netlink: 232 bytes leftover after parsing attributes in process `syz.3.3049'.
[  385.041305][T16858] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3049'.
[  385.326814][T16878] FAULT_INJECTION: forcing a failure.
[  385.326814][T16878] name failslab, interval 1, probability 0, space 0, times 0
[  385.373666][T16878] CPU: 1 UID: 0 PID: 16878 Comm: syz.1.3054 Not tainted syzkaller #0 PREEMPT(full) 
[  385.373694][T16878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  385.373706][T16878] Call Trace:
[  385.373713][T16878]  <TASK>
[  385.373722][T16878]  dump_stack_lvl+0x189/0x250
[  385.373750][T16878]  ? __pfx____ratelimit+0x10/0x10
[  385.373777][T16878]  ? __pfx_dump_stack_lvl+0x10/0x10
[  385.373798][T16878]  ? __pfx__printk+0x10/0x10
[  385.373831][T16878]  ? __pfx___might_resched+0x10/0x10
[  385.373857][T16878]  should_fail_ex+0x414/0x560
[  385.373888][T16878]  should_failslab+0xa8/0x100
[  385.373918][T16878]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  385.373945][T16878]  ? __alloc_skb+0x112/0x2d0
[  385.373969][T16878]  __alloc_skb+0x112/0x2d0
[  385.374004][T16878]  netlink_sendmsg+0x5c6/0xb30
[  385.374035][T16878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  385.374058][T16878]  ? aa_sock_msg_perm+0xf1/0x1d0
[  385.374079][T16878]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  385.374100][T16878]  ? __pfx_netlink_sendmsg+0x10/0x10
[  385.374120][T16878]  __sock_sendmsg+0x21c/0x270
[  385.374150][T16878]  ____sys_sendmsg+0x505/0x830
[  385.374179][T16878]  ? __pfx_____sys_sendmsg+0x10/0x10
[  385.374212][T16878]  ? import_iovec+0x74/0xa0
[  385.374239][T16878]  ___sys_sendmsg+0x21f/0x2a0
[  385.374264][T16878]  ? __pfx____sys_sendmsg+0x10/0x10
[  385.374328][T16878]  ? __fget_files+0x2a/0x420
[  385.374345][T16878]  ? __fget_files+0x3a0/0x420
[  385.374374][T16878]  __x64_sys_sendmsg+0x19b/0x260
[  385.374399][T16878]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  385.374433][T16878]  ? __pfx_ksys_write+0x10/0x10
[  385.374457][T16878]  ? rcu_is_watching+0x15/0xb0
[  385.374482][T16878]  ? do_syscall_64+0xbe/0x3b0
[  385.374505][T16878]  do_syscall_64+0xfa/0x3b0
[  385.374520][T16878]  ? lockdep_hardirqs_on+0x9c/0x150
[  385.374547][T16878]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.374567][T16878]  ? clear_bhb_loop+0x60/0xb0
[  385.374591][T16878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.374609][T16878] RIP: 0033:0x7f320798eba9
[  385.374627][T16878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.374643][T16878] RSP: 002b:00007f3208736038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  385.374665][T16878] RAX: ffffffffffffffda RBX: 00007f3207bd5fa0 RCX: 00007f320798eba9
[  385.374678][T16878] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  385.374691][T16878] RBP: 00007f3208736090 R08: 0000000000000000 R09: 0000000000000000
[  385.374703][T16878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  385.374714][T16878] R13: 00007f3207bd6038 R14: 00007f3207bd5fa0 R15: 00007ffe81ab8948
[  385.374746][T16878]  </TASK>
[  385.807667][T16884] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3057'.
[  385.871277][ T5873] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  385.892565][ T5873] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  385.904284][ T5873] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  385.924356][ T5873] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  385.936851][ T5940] tipc: Node number set to 2953819220
[  385.937020][ T5873] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  385.983205][T16895] netlink: 'syz.1.3058': attribute type 6 has an invalid length.
[  386.002199][T16888] lo speed is unknown, defaulting to 1000
[  386.329358][T16896] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3060'.
[  386.344852][T16904] bridge0: port 3(veth0_to_bridge) entered blocking state
[  386.465803][T16904] bridge0: port 3(veth0_to_bridge) entered disabled state
[  386.502098][T16904] veth0_to_bridge: entered allmulticast mode
[  386.531895][T16904] veth0_to_bridge: entered promiscuous mode
[  386.551716][T16908] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3064'.
[  386.562793][T16904] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  386.636234][T16904] bridge0: port 3(veth0_to_bridge) entered blocking state
[  386.644081][T16904] bridge0: port 3(veth0_to_bridge) entered forwarding state
[  386.765948][T16888] syzkaller0 speed is unknown, defaulting to 1000
[  387.191736][T16888] chnl_net:caif_netlink_parms(): no params data found
[  387.205376][T16940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3074'.
[  387.475949][T16888] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.483314][T16888] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.491058][T16888] bridge_slave_0: entered allmulticast mode
[  387.500547][T16888] bridge_slave_0: entered promiscuous mode
[  387.512768][T16888] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.521150][T16888] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.528853][T16888] bridge_slave_1: entered allmulticast mode
[  387.546544][T16888] bridge_slave_1: entered promiscuous mode
[  387.648772][T16888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  387.697610][T16888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  387.771435][T16888] team0: Port device team_slave_0 added
[  387.778781][T16970] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  387.812229][T16888] team0: Port device team_slave_1 added
[  387.905092][T16888] batman_adv: batadv0: Adding interface: batadv_slave_0
[  387.922414][T16888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  387.968504][T16888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  387.980268][ T5882] Bluetooth: hci5: command tx timeout
[  387.991809][T16888] batman_adv: batadv0: Adding interface: batadv_slave_1
[  387.999586][T16888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.025776][T16888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  388.041547][T16976] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3085'.
[  388.121639][T16888] hsr_slave_0: entered promiscuous mode
[  388.132317][T16888] hsr_slave_1: entered promiscuous mode
[  388.141336][T16888] debugfs: 'hsr0' already exists in 'hsr'
[  388.147178][T16888] Cannot create hsr debugfs directory
[  388.693000][T16994] netlink: 'syz.1.3092': attribute type 10 has an invalid length.
[  388.776080][T17000] netlink: 'syz.1.3092': attribute type 10 has an invalid length.
[  388.785199][T16994] bond0: (slave 
0!
): Releasing backup interface
[  388.791852][T16994] bond0: (slave 
0!
): the permanent HWaddr of slave - aa:aa:aa:aa:aa:24 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  388.811503][T16994] !
: left promiscuous mode
[  388.826622][T16994] team0: Failed to send port change of device 
0!
 via netlink (err -105)
[  388.837749][T16994] team0: Failed to send options change via netlink (err -105)
[  388.851295][T16994] team0: Port device 
0!
 added
[  388.912825][T17000] team0: Failed to send port change of device 
0!
 via netlink (err -105)
[  388.929880][T17000] team0: Failed to send options change via netlink (err -105)
[  388.953210][T17000] team0: Failed to send port change of device 
0!
 via netlink (err -105)
[  388.978952][T17000] team0: Port device 
0!
 removed
[  388.991953][T17000] !
: entered promiscuous mode
[  388.998063][T17000] bond0: (slave 
0!
): Enslaving as an active interface with an up link
[  389.112482][T16999] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  389.127407][T17002] syzkaller0: entered promiscuous mode
[  389.139994][T17002] syzkaller0: entered allmulticast mode
[  389.147468][T17007] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  389.234179][T16999] tipc: Resetting bearer <eth:syzkaller0>
[  389.287735][T16999] tipc: Resetting bearer <eth:syzkaller0>
[  389.311665][T17016] openvswitch: netlink: Missing key (keys=40, expected=80)
[  389.349887][T16999] tipc: Disabling bearer <eth:syzkaller0>
[  389.395048][T17016] syzkaller1: entered promiscuous mode
[  389.401263][T17016] syzkaller1: entered allmulticast mode
[  389.889671][T16888] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  389.931992][T16888] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  389.962536][T16888] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  390.001028][T16888] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  390.065528][ T5882] Bluetooth: hci5: command tx timeout
[  390.246307][T17055] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  390.260522][T17055] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.343926][T17073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3112'.
[  390.490269][T17055] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  390.501407][T17055] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.604300][T17055] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  390.620535][T17055] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.745392][T17055] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  390.755889][T17055] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.860222][T16888] 8021q: adding VLAN 0 to HW filter on device bond0
[  390.934099][T17095] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3119'.
[  390.962070][T16888] 8021q: adding VLAN 0 to HW filter on device team0
[  391.044657][T17103] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3121'.
[  391.072843][T14622] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.074450][T17102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3119'.
[  391.080129][T14622] bridge0: port 1(bridge_slave_0) entered forwarding state
[  391.114436][T14618] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 2816 - 0
[  391.122785][T14618] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  391.196969][T14632] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.204333][T14632] bridge0: port 2(bridge_slave_1) entered forwarding state
[  391.231377][T14618] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 2816 - 0
[  391.248090][T14618] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  391.266234][T17108] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3123'.
[  391.308659][T14618] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 2816 - 0
[  391.329955][T14618] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  391.341575][T14618] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 2816 - 0
[  391.361453][T14618] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  391.379703][T17111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3124'.
[  391.458816][T17116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3124'.
[  391.624043][T17115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3125'.
[  391.676459][T17120] lo speed is unknown, defaulting to 1000
[  392.133922][ T5882] Bluetooth: hci5: command tx timeout
[  392.241486][T17144] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3133'.
[  392.362905][T16888] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.511318][T17153] netlink: 'syz.3.3135': attribute type 10 has an invalid length.
[  392.677763][T17141] netlink: 'syz.0.3131': attribute type 10 has an invalid length.
[  392.740609][T17141] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  392.774013][T17165] netlink: 'syz.3.3137': attribute type 1 has an invalid length.
[  392.793607][T17165] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3137'.
[  392.831931][T17162] veth0: entered promiscuous mode
[  392.859646][T17120] syzkaller0 speed is unknown, defaulting to 1000
[  392.960205][T17165] veth0: left promiscuous mode
[  393.363052][T16888] veth0_vlan: entered promiscuous mode
[  393.444476][T17187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3143'.
[  393.461122][T17187] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  393.473312][T17187] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  393.540209][T16888] veth1_vlan: entered promiscuous mode
[  393.696928][T16888] veth0_macvtap: entered promiscuous mode
[  393.749884][T16888] veth1_macvtap: entered promiscuous mode
[  393.819642][T16888] batman_adv: batadv0: Interface activated: batadv_slave_0
[  393.872271][T16888] batman_adv: batadv0: Interface activated: batadv_slave_1
[  393.896788][T17205] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3149'.
[  393.937752][T17206] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3147'.
[  394.010332][T14623] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  394.024747][T14623] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  394.052651][T14623] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  394.073284][T14623] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  394.214370][ T5882] Bluetooth: hci5: command tx timeout
[  394.291561][T14622] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.300593][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  394.345693][T14622] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.377583][T17220] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3153'.
[  394.463683][T14623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.479495][T14623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.480835][T17223] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3154'.
[  394.851335][T17243] netlink: 51 bytes leftover after parsing attributes in process `syz.1.3156'.
[  394.895489][T17243] netlink: 248 bytes leftover after parsing attributes in process `syz.1.3156'.
[  395.665193][T17264] lo speed is unknown, defaulting to 1000
[  395.719028][T17264] geneve2: entered promiscuous mode
[  395.788816][T17264] geneve2: entered allmulticast mode
[  395.804043][T17269] netlink: 'syz.4.3165': attribute type 2 has an invalid length.
[  395.843578][T17269] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3165'.
[  395.884754][T17269] netlink: 'syz.4.3165': attribute type 2 has an invalid length.
[  395.930951][T17275] mac80211_hwsim hwsim23 wlan1: left allmulticast mode
[  396.713323][ T5873] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  396.735883][ T5873] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  396.755426][ T5873] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  396.769671][ T5873] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  396.781511][ T5873] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  396.998828][T17315] netlink: 'syz.0.3176': attribute type 10 has an invalid length.
[  397.247459][T17315] bond0: (slave geneve1): Enslaving as an active interface with an up link
[  397.344709][T17328] netlink: 'syz.2.3179': attribute type 3 has an invalid length.
[  397.351133][T17303] lo speed is unknown, defaulting to 1000
[  397.412718][T17331] netlink: 'syz.4.3180': attribute type 1 has an invalid length.
[  397.444565][T17331] __nla_validate_parse: 5 callbacks suppressed
[  397.444586][T17331] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3180'.
[  397.501270][T17331] netlink: 'syz.4.3180': attribute type 1 has an invalid length.
[  397.514926][T17332] team0: Device vti0 is of different type
[  397.575391][T17334] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3182'.
[  397.594240][T17334] netlink: 'syz.3.3182': attribute type 20 has an invalid length.
[  397.746202][T17334] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3182'.
[  397.770357][T17334] netlink: 'syz.3.3182': attribute type 20 has an invalid length.
[  397.779233][T17343] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3185'.
[  398.070008][T17303] syzkaller0 speed is unknown, defaulting to 1000
[  398.332031][T17365] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  398.409800][T17368] Bluetooth: MGMT ver 1.23
[  398.585548][T17303] chnl_net:caif_netlink_parms(): no params data found
[  398.860283][ T5882] Bluetooth: hci0: command tx timeout
[  399.255421][T17303] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.283304][T17303] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.323960][T17303] bridge_slave_0: entered allmulticast mode
[  399.341820][T17303] bridge_slave_0: entered promiscuous mode
[  399.384506][T17303] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.391944][T17303] bridge0: port 2(bridge_slave_1) entered disabled state
[  399.425852][T17303] bridge_slave_1: entered allmulticast mode
[  399.438661][T17303] bridge_slave_1: entered promiscuous mode
[  399.539583][T17418] : left promiscuous mode
[  399.609500][T17303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  399.669119][T17303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  399.695189][T17425] : renamed from hsr0 (while UP)
[  399.768910][T17431] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  399.836221][T17303] team0: Port device team_slave_0 added
[  399.866538][T17303] team0: Port device team_slave_1 added
[  400.012168][T17303] batman_adv: batadv0: Adding interface: batadv_slave_0
[  400.030786][T17303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  400.080315][T17303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  400.172006][T17303] batman_adv: batadv0: Adding interface: batadv_slave_1
[  400.209831][T17303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  400.231216][T17457] netlink: 'syz.2.3212': attribute type 1 has an invalid length.
[  400.263900][T17303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  400.633607][T17303] hsr_slave_0: entered promiscuous mode
[  400.649514][T17303] hsr_slave_1: entered promiscuous mode
[  400.661072][T17303] debugfs: 'hsr0' already exists in 'hsr'
[  400.667688][T17303] Cannot create hsr debugfs directory
[  400.679724][T17471] netlink: 140 bytes leftover after parsing attributes in process `syz.3.3217'.
[  400.694931][T17477] netlink: 'syz.2.3218': attribute type 32 has an invalid length.
[  400.702815][T17477] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3218'.
[  400.803972][T17477] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  400.937182][ T5882] Bluetooth: hci0: command tx timeout
[  400.961569][T17489] netlink: 'syz.3.3221': attribute type 3 has an invalid length.
[  401.239392][T17511] netlink: 'syz.3.3226': attribute type 1 has an invalid length.
[  401.278249][T17513] netlink: 'syz.2.3228': attribute type 1 has an invalid length.
[  401.317331][T17518] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3226'.
[  401.423092][T17506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3226'.
[  401.444069][T17515] bond2 (unregistering): Released all slaves
[  401.473141][T17506] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3226'.
[  401.650144][T17529] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3231'.
[  401.671192][T17303] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  401.684820][T17303] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.780325][T17530] vlan2: entered allmulticast mode
[  401.792577][T17530] bridge0: entered allmulticast mode
[  401.807342][T17530] bridge1: port 1(vlan2) entered blocking state
[  401.814677][T17530] bridge1: port 1(vlan2) entered disabled state
[  401.836666][T17530] vlan2: entered promiscuous mode
[  401.843949][T17530] bridge0: entered promiscuous mode
[  401.887875][T17303] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  401.945350][T17540] sctp: [Deprecated]: syz.0.3232 (pid 17540) Use of int in max_burst socket option.
[  401.945350][T17540] Use struct sctp_assoc_value instead
[  401.981029][T17303] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.069489][T17303] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  402.096123][T17303] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.208683][T17303] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  402.276797][T17303] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  402.540580][T17566] lo speed is unknown, defaulting to 1000
[  402.550595][T17575] __nla_validate_parse: 1 callbacks suppressed
[  402.550616][T17575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3239'.
[  402.551084][T17576] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3239'.
[  402.577069][T17575] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3239'.
[  402.677648][T17576] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3239'.
[  402.885160][T17584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3240'.
[  402.935299][T17303] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  402.958696][T17303] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  402.975529][T17592] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3242'.
[  403.000053][T17303] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  403.015048][ T5882] Bluetooth: hci0: command tx timeout
[  403.028964][T17593] netlink: 'syz.0.3242': attribute type 12 has an invalid length.
[  403.093187][T17303] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  403.449976][T17566] syzkaller0 speed is unknown, defaulting to 1000
[  403.513116][T17614] netlink: 'syz.3.3246': attribute type 1 has an invalid length.
[  403.551611][T17303] 8021q: adding VLAN 0 to HW filter on device bond0
[  403.720054][T17303] 8021q: adding VLAN 0 to HW filter on device team0
[  403.779734][T14632] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.787163][T14632] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.846254][T14622] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.853542][T14622] bridge0: port 2(bridge_slave_1) entered forwarding state
[  404.114395][T17629] netlink: 'syz.0.3251': attribute type 21 has an invalid length.
[  404.122472][T17629] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3251'.
[  404.397760][T17640] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input7
[  404.758417][T17303] 8021q: adding VLAN 0 to HW filter on device batadv0
[  404.804698][T17656] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3258'.
[  404.911817][T17661] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3260'.
[  404.972868][T17303] veth0_vlan: entered promiscuous mode
[  405.041482][T17303] veth1_vlan: entered promiscuous mode
[  405.093774][ T5882] Bluetooth: hci0: command tx timeout
[  405.163157][T17677] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3264'.
[  405.281504][T17303] veth0_macvtap: entered promiscuous mode
[  405.341851][T17303] veth1_macvtap: entered promiscuous mode
[  405.428412][T17303] batman_adv: batadv0: Interface activated: batadv_slave_0
[  405.486014][T17303] batman_adv: batadv0: Interface activated: batadv_slave_1
[  405.546154][T17694] openvswitch: netlink: ct_state flags 0000ee01 unsupported
[  405.558931][T14618] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  405.586063][T14618] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  405.616594][T14618] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  405.635537][T14618] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  405.772487][T17701] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  405.865171][T14622] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  405.900966][T14622] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.080953][T14633] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.102761][T14633] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.249102][T17713] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  407.322225][T17758] tipc: Started in network mode
[  407.334732][T17758] tipc: Node identity 520e09330a69, cluster identity 4711
[  407.352747][T17758] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  407.403833][T17760] tipc: Disabling bearer <eth:syzkaller0>
[  407.726054][T17770] __nla_validate_parse: 4 callbacks suppressed
[  407.726075][T17770] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3287'.
[  407.970293][ T5873] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  407.992756][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  408.003900][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  408.018100][ T5873] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  408.029147][ T5873] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  408.076561][T17777] lo speed is unknown, defaulting to 1000
[  408.144358][T17785] macsec0: entered promiscuous mode
[  408.151581][T17785] macsec0: entered allmulticast mode
[  408.157447][T17785] veth1_macvtap: entered allmulticast mode
[  408.177059][T17785] bridge0: port 3(macsec0) entered blocking state
[  408.233829][T17785] bridge0: port 3(macsec0) entered disabled state
[  408.267539][T17785] bridge0: port 3(macsec0) entered blocking state
[  408.275460][T17785] bridge0: port 3(macsec0) entered forwarding state
[  408.390596][T17791] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3293'.
[  408.521798][   T43] IPVS: starting estimator thread 0...
[  408.574868][T17800] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3297'.
[  408.589587][T17777] syzkaller0 speed is unknown, defaulting to 1000
[  408.633652][T17797] IPVS: using max 26 ests per chain, 62400 per kthread
[  408.944168][T17813] IPv6: sit1: Disabled Multicast RS
[  409.354230][T17777] chnl_net:caif_netlink_parms(): no params data found
[  409.867313][T17777] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.883936][T17777] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.895982][T17777] bridge_slave_0: entered allmulticast mode
[  409.905733][T17777] bridge_slave_0: entered promiscuous mode
[  409.930892][T17777] bridge0: port 2(bridge_slave_1) entered blocking state
[  409.943693][T17777] bridge0: port 2(bridge_slave_1) entered disabled state
[  409.953299][T17777] bridge_slave_1: entered allmulticast mode
[  409.962428][T17777] bridge_slave_1: entered promiscuous mode
[  410.011089][T17849] netlink: 'syz.0.3308': attribute type 1 has an invalid length.
[  410.054317][ T5882] Bluetooth: hci2: command tx timeout
[  410.078941][T17850] veth0: entered promiscuous mode
[  410.090481][T17777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  410.120883][T17777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  410.176292][T17848] veth0: left promiscuous mode
[  410.202291][T17777] team0: Port device team_slave_0 added
[  410.263030][T17777] team0: Port device team_slave_1 added
[  410.371423][T10058] IPVS: starting estimator thread 0...
[  410.465265][T17866] IPVS: using max 27 ests per chain, 64800 per kthread
[  410.500132][T17777] batman_adv: batadv0: Adding interface: batadv_slave_0
[  410.533192][T17777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  410.543164][T17873] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3317'.
[  410.564721][T17777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  410.620757][T17777] batman_adv: batadv0: Adding interface: batadv_slave_1
[  410.640426][T17777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  410.676115][T17777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  410.892722][T17777] hsr_slave_0: entered promiscuous mode
[  410.926898][T17777] hsr_slave_1: entered promiscuous mode
[  410.939950][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  410.952868][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  410.965769][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  410.978367][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  410.991303][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  411.003842][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  411.016526][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  411.029120][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  411.041979][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  411.054852][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  411.238591][T17777] debugfs: 'hsr0' already exists in 'hsr'
[  411.263267][T17777] Cannot create hsr debugfs directory
[  412.133871][ T5882] Bluetooth: hci2: command tx timeout
[  414.213829][ T5882] Bluetooth: hci2: command tx timeout
[  414.411772][T17928] unsupported nla_type 52263
[  414.690990][T17935] netlink: 'syz.0.3333': attribute type 1 has an invalid length.
[  414.857779][T17935] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  414.858737][T17938] netlink: 666 bytes leftover after parsing attributes in process `syz.2.3334'.
[  415.393156][T17952] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3336'.
[  415.427532][T17952] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3336'.
[  415.479930][T17955] netlink: 'syz.0.3338': attribute type 1 has an invalid length.
[  415.525104][T17955] netlink: 'syz.0.3338': attribute type 2 has an invalid length.
[  415.591585][T17951] tipc: Started in network mode
[  415.602982][T17951] tipc: Node identity aaaaaaaaaa33, cluster identity 4711
[  415.617178][T17951] tipc: Enabled bearer <eth:vlan1>, priority 12
[  415.762333][T17947] syzkaller0: entered promiscuous mode
[  415.798532][T17947] syzkaller0: entered allmulticast mode
[  415.923392][T17958] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3339'.
[  415.943518][    C0] net_ratelimit: 13386 callbacks suppressed
[  415.943539][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  415.962241][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  415.975261][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  415.987860][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  415.994354][T17964] vxcan1: tx address claim with dlc 0
[  416.000547][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  416.018420][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  416.030965][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  416.043634][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  416.056646][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  416.069114][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  416.295737][ T5882] Bluetooth: hci2: command tx timeout
[  416.488570][T17973] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3343'.
[  416.631672][T17973] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3343'.
[  416.646945][T17777] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  416.733642][ T5940] tipc: Node number set to 10070698
[  416.743777][T14621] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  416.796985][T17777] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  416.895103][T17777] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  417.014681][T17777] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  417.134849][T14621] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  417.223721][T14621] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  417.296201][T17991] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3349'.
[  417.336941][T14621] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  417.424985][T17991] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3349'.
[  417.834513][T18006] IPVS: ip_vs_add_dest(): server weight less than zero
[  418.168191][T17777] 8021q: adding VLAN 0 to HW filter on device bond0
[  418.346594][T18019] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3356'.
[  418.605626][T17777] 8021q: adding VLAN 0 to HW filter on device team0
[  418.692637][T14621] bridge0: port 1(bridge_slave_0) entered blocking state
[  418.700058][T14621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  418.812882][T14621] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.821353][T14621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  418.936551][T18033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3361'.
[  419.007468][T18034] netlink: 'syz.0.3359': attribute type 10 has an invalid length.
[  419.931103][T18034] team0: Device hsr_slave_0 failed to register rx_handler
[  420.860618][T18064] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3368'.
[  420.953495][    C0] net_ratelimit: 7669 callbacks suppressed
[  420.953518][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  420.971857][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  420.984844][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  420.998264][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  421.010882][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  421.023538][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  421.030897][T18064] sctp: [Deprecated]: syz.0.3368 (pid 18064) Use of int in max_burst socket option deprecated.
[  421.030897][T18064] Use struct sctp_assoc_value instead
[  421.036161][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  421.065673][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  421.078158][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  421.090705][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  421.341330][T18075] tipc: Started in network mode
[  421.383961][T18075] tipc: Node identity 662f38e389a5, cluster identity 4711
[  421.480274][T18075] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  421.547422][T18079] syzkaller0: entered promiscuous mode
[  421.611564][T18079] syzkaller0: entered allmulticast mode
[  421.732220][T18085] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3373'.
[  421.774260][T18085] netlink: 21 bytes leftover after parsing attributes in process `syz.1.3373'.
[  421.807061][T18079] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3372'.
[  421.840679][T18085] netlink: 21 bytes leftover after parsing attributes in process `syz.1.3373'.
[  421.871334][T18081] netlink: 'syz.1.3373': attribute type 3 has an invalid length.
[  421.913318][T18079] netlink: 92 bytes leftover after parsing attributes in process `syz.2.3372'.
[  422.544730][   T24] tipc: Node number set to 4018813155
[  422.559541][T18074] tipc: Resetting bearer <eth:syzkaller0>
[  422.872046][T18074] tipc: Disabling bearer <eth:syzkaller0>
[  422.986643][T17777] 8021q: adding VLAN 0 to HW filter on device batadv0
[  423.150372][T18105] nbd: must specify a device to reconfigure
[  423.373270][T18109] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3380'.
[  423.390461][T18108] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3382'.
[  423.403172][T17777] veth0_vlan: entered promiscuous mode
[  423.470826][T17777] veth1_vlan: entered promiscuous mode
[  423.608552][T17777] veth0_macvtap: entered promiscuous mode
[  423.695526][T18113] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3383'.
[  423.742535][T17777] veth1_macvtap: entered promiscuous mode
[  423.978655][T17777] batman_adv: batadv0: Interface activated: batadv_slave_0
[  424.029106][   T43] IPVS: starting estimator thread 0...
[  424.091068][T17777] batman_adv: batadv0: Interface activated: batadv_slave_1
[  424.141107][T18124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3384'.
[  424.151034][T18123] IPVS: using max 25 ests per chain, 60000 per kthread
[  424.249939][T18127] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  424.273321][T18127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  424.296885][T18127] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  424.317682][T18127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  425.090044][T14623] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  425.134917][T14623] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  425.184009][T18141] veth1_to_bond: entered allmulticast mode
[  425.257051][T14623] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  425.362442][T14623] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  425.573389][T18138] veth1_to_bond: left allmulticast mode
[  425.964532][    C0] net_ratelimit: 7201 callbacks suppressed
[  425.964566][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  425.983777][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  425.996611][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  426.009345][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  426.023024][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  426.028543][T14622] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  426.035607][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  426.055830][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  426.067242][T18152] __nla_validate_parse: 1 callbacks suppressed
[  426.067261][T18152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3392'.
[  426.068377][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  426.096879][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  426.102226][T14622] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  426.109483][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  426.214159][T18152] netlink: 'syz.1.3392': attribute type 12 has an invalid length.
[  426.333417][T18169] netlink: 'syz.4.3396': attribute type 1 has an invalid length.
[  426.610916][T18175] netlink: 'syz.2.3397': attribute type 1 has an invalid length.
[  426.646097][T18179] netlink: 'syz.2.3397': attribute type 1 has an invalid length.
[  429.060447][T18214] netlink: 'syz.4.3405': attribute type 1 has an invalid length.
[  429.134795][T18215] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3405'.
[  429.191802][T18216] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3405'.
[  429.775625][T18214] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  429.843184][T14622] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  429.955477][T14622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.273165][T18224] netlink: 'syz.0.3406': attribute type 1 has an invalid length.
[  430.529885][T18235] tipc: Started in network mode
[  430.597565][T18235] tipc: Node identity 3e33181756d3, cluster identity 4711
[  430.680953][T18235] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  430.720881][T18237] syzkaller0: entered promiscuous mode
[  430.798524][T18237] syzkaller0: entered allmulticast mode
[  430.812766][T18249] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3412'.
[  430.946664][T18254] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3412'.
[  430.961201][T18235] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  430.974180][    C0] net_ratelimit: 7346 callbacks suppressed
[  430.974201][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  430.992847][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  431.005340][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  431.018197][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  431.032384][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  431.045577][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  431.058084][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  431.070650][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  431.084562][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  431.097179][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  431.170681][T18240] tipc: Resetting bearer <eth:syzkaller0>
[  431.693208][T18268] netlink: 'syz.0.3415': attribute type 21 has an invalid length.
[  431.701568][   T24] tipc: Node number set to 1759516695
[  432.252053][T18245] syzkaller0: entered promiscuous mode
[  432.266553][T18245] syzkaller0: entered allmulticast mode
[  432.282185][T18232] tipc: Resetting bearer <eth:syzkaller0>
[  432.478632][T18232] tipc: Disabling bearer <eth:syzkaller0>
[  435.990391][    C0] net_ratelimit: 8459 callbacks suppressed
[  435.990414][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  436.009063][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  436.021713][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  436.034448][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  436.047987][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  436.060775][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  436.073531][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  436.086277][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  436.099595][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  436.112119][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  439.362996][T18264] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3414'.
[  439.373250][T18268] netlink: 'syz.0.3415': attribute type 6 has an invalid length.
[  439.410196][T18268] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3415'.
[  439.677601][T18281] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3418'.
[  440.315489][T18299] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3425'.
[  440.475599][T18305] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3427'.
[  440.881060][T18312] tls_set_device_offload: netdev not found
[  440.994205][    C0] net_ratelimit: 7698 callbacks suppressed
[  440.994225][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  441.012806][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  441.013068][T18318] openvswitch: netlink: Missing key (keys=40, expected=80)
[  441.025316][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  441.025836][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  441.027374][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  441.027759][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  441.028128][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  441.096172][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  441.110176][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  441.529096][T18327] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3435'.
[  441.705973][T18333] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3436'.
[  441.974331][T18323] Bluetooth: hci0: Opcode 0x080f failed: -4
[  442.485038][T18343] mac80211_hwsim hwsim26 wlan1: entered allmulticast mode
[  442.988839][T18362] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3445'.
[  443.174665][ T5882] Bluetooth: hci0: command 0x080f tx timeout
[  443.410896][T18370] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3449'.
[  444.131492][T18389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3455'.
[  444.234604][T18389] netlink: 'syz.4.3455': attribute type 1 has an invalid length.
[  444.316649][T18389] netlink: 'syz.4.3455': attribute type 2 has an invalid length.
[  444.998251][T18410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3462'.
[  445.164202][T18412] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3462'.
[  446.003543][    C0] net_ratelimit: 7291 callbacks suppressed
[  446.003576][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  446.022692][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  446.035190][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  446.047773][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  446.061621][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  446.074350][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  446.086959][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  446.099815][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  446.113359][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  446.125978][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  446.139009][T18437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3467'.
[  446.347962][T18443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3468'.
[  446.836583][T18455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3471'.
[  446.898483][T18455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3471'.
[  446.941902][T18455] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3471'.
[  446.996919][T18458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3471'.
[  447.168732][T18458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3471'.
[  447.544885][T18469] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3475'.
[  448.352915][T18490] netlink: 'syz.2.3485': attribute type 23 has an invalid length.
[  448.875184][T18501] netlink: 'syz.0.3488': attribute type 4 has an invalid length.
[  450.086563][T18533] __nla_validate_parse: 3 callbacks suppressed
[  450.086582][T18533] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3497'.
[  450.342892][T18524] geneve2: entered promiscuous mode
[  450.372995][T18524] geneve2: entered allmulticast mode
[  450.777700][T18539] netlink: 'syz.0.3498': attribute type 29 has an invalid length.
[  450.872091][T18543] dvmrp1: entered allmulticast mode
[  450.920457][T18539] netlink: 'syz.0.3498': attribute type 29 has an invalid length.
[  450.984852][T18548] netlink: 500 bytes leftover after parsing attributes in process `syz.0.3498'.
[  451.014193][    C0] net_ratelimit: 6818 callbacks suppressed
[  451.014216][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  451.032925][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  451.045499][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  451.058167][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  451.071991][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  451.075867][T18551] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3501'.
[  451.084586][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  451.106086][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  451.118926][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  451.132923][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  451.146040][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  451.175232][T18539] 8021q: VLANs not supported on caif0
[  451.224628][T18547] netlink: 'syz.4.3501': attribute type 4 has an invalid length.
[  452.318061][T18581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3512'.
[  452.494086][T18584] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3512'.
[  452.641056][T18588] sctp: [Deprecated]: syz.4.3512 (pid 18588) Use of int in max_burst socket option deprecated.
[  452.641056][T18588] Use struct sctp_assoc_value instead
[  454.066311][T18619] sctp: [Deprecated]: syz.3.3521 (pid 18619) Use of int in maxseg socket option.
[  454.066311][T18619] Use struct sctp_assoc_value instead
[  454.114566][T18614] bond1: entered promiscuous mode
[  454.144789][T18614] bond1: entered allmulticast mode
[  454.177614][T18614] 8021q: adding VLAN 0 to HW filter on device bond1
[  454.202903][T18621] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3519'.
[  454.327483][T18621] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3519'.
[  455.855016][T18660] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3533'.
[  456.023873][    C0] net_ratelimit: 7162 callbacks suppressed
[  456.023898][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  456.031573][T18659] geneve2: entered promiscuous mode
[  456.042432][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  456.060048][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  456.072784][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  456.087627][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  456.100096][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  456.112994][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  456.126362][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  456.139872][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  456.152503][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  456.162754][T18659] geneve2: entered allmulticast mode
[  456.410428][T14622] veth0_to_bridge: left allmulticast mode
[  456.439642][T14622] veth0_to_bridge: left promiscuous mode
[  456.477807][T14622] bridge0: port 1(veth0_to_bridge) entered disabled state
[  459.249499][T14622] bond2 (unregistering): (slave geneve2): Releasing active interface
[  460.546369][T14622] bond0 (unregistering): (slave team0): Releasing backup interface
[  460.594832][T14622] bond0 (unregistering): (slave 
0!
): Releasing backup interface
[  460.641805][T14622] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  460.672511][T14622] bond0 (unregistering): Released all slaves
[  461.033593][    C0] net_ratelimit: 7833 callbacks suppressed
[  461.033616][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  461.053392][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  461.065929][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  461.078873][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  461.091611][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  461.105556][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  461.118180][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  461.130596][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  461.142879][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  461.156442][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  461.177561][T14622] bond1 (unregistering): Released all slaves
[  461.622984][T14622] bond2 (unregistering): Released all slaves
[  461.660999][T14622] bond3 (unregistering): (slave bond4): Releasing backup interface
[  461.682320][T14622] bond3 (unregistering): Released all slaves
[  462.122484][T14622] bond4 (unregistering): Released all slaves
[  462.440073][T14622] bond5 (unregistering): (slave vlan3): Releasing active interface
[  462.455063][T14622] bond5 (unregistering): Released all slaves
[  462.811936][T14622] bond6 (unregistering): Released all slaves
[  462.851003][T14622] bond7 (unregistering): Released all slaves
[  462.889784][T14618] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0
[  462.910294][T14618] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0
[  463.197394][T18702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3537'.
[  463.297727][T18664] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  463.481146][T14618] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0
[  463.511174][T14622] tipc: Disabling bearer <eth:syzkaller0>
[  463.554842][T14622] tipc: Left network mode
[  463.812798][T18707] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  464.631738][T18731] tipc: Failed to remove unknown binding: 66,1,1/1759516695:985771921/985771923
[  465.178280][T18744] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3548'.
[  465.291596][T18744] netlink: 'syz.4.3548': attribute type 1 has an invalid length.
[  465.349415][T18744] netlink: 'syz.4.3548': attribute type 2 has an invalid length.
[  465.409805][T18745] team0: No ports can be present during mode change
[  465.584976][T18750] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  465.964955][T18749] syzkaller0: entered promiscuous mode
[  465.992221][T18749] syzkaller0: entered allmulticast mode
[  466.044496][    C0] net_ratelimit: 7860 callbacks suppressed
[  466.044520][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  466.049982][T18753] tipc: Resetting bearer <eth:syzkaller0>
[  466.050941][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  466.082762][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  466.095299][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  466.109021][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  466.121589][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  466.134012][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  466.139193][T18752] netlink: 'syz.4.3551': attribute type 29 has an invalid length.
[  466.146807][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  466.168090][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  466.180629][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  466.200332][T18752] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3551'.
[  466.522290][T18664] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.569555][T18664] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  466.665684][T14622] hsr_slave_0: left promiscuous mode
[  466.732567][T14622] hsr_slave_1: left promiscuous mode
[  466.835555][T14622] veth1_macvtap: left promiscuous mode
[  466.859563][T14622] veth1_vlan: left promiscuous mode
[  466.887217][T14622] veth0_vlan: left promiscuous mode
[  467.678333][T14622] pimreg (unregistering): left allmulticast mode
[  471.041491][T18664] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.053766][    C0] net_ratelimit: 8408 callbacks suppressed
[  471.053788][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  471.072213][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  471.085762][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  471.093168][T18664] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  471.098655][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  471.099085][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  471.101066][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  471.102576][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  471.102944][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  471.103391][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  471.104185][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  472.057713][T18780] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.164780][T18747] tipc: Resetting bearer <eth:syzkaller0>
[  472.415569][ T5185] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  472.444355][ T5185] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  472.460822][ T5185] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  472.482096][ T5185] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  472.490261][ T5185] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  474.538476][ T5882] Bluetooth: hci3: command tx timeout
[  476.064088][    C0] net_ratelimit: 8568 callbacks suppressed
[  476.064112][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  476.082828][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  476.095420][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  476.107879][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  476.120673][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  476.133594][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  476.146098][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  476.158725][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  476.172223][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  476.184694][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  476.614030][ T5882] Bluetooth: hci3: command tx timeout
[  478.451018][T18747] tipc: Disabling bearer <eth:syzkaller0>
[  478.693987][ T5882] Bluetooth: hci3: command tx timeout
[  478.726959][T18810] netlink: 'syz.2.3572': attribute type 33 has an invalid length.
[  478.767536][T18664] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.786131][T18664] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0
[  479.230577][T18780] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.583069][T18780] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.990603][T18780] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.160418][T18799] lo speed is unknown, defaulting to 1000
[  480.399892][T14622] IPVS: stop unused estimator thread 0...
[  480.416734][T14613] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 19999 - 0
[  480.473884][T14613] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  480.658317][T14618] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 19999 - 0
[  480.714874][T14618] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  480.773884][ T5882] Bluetooth: hci3: command tx timeout
[  480.928997][T14621] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 19999 - 0
[  480.965047][T14621] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  481.073483][    C0] net_ratelimit: 9218 callbacks suppressed
[  481.073506][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  481.092027][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  481.095105][    C1] ==================================================================
[  481.104686][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  481.112287][    C1] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x696/0xca0
[  481.124794][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  481.132639][    C1] Write of size 8 at addr ffff88803380d130 by task kworker/u8:21/14615
[  481.145840][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  481.152845][    C1] 
[  481.152859][    C1] CPU: 1 UID: 0 PID: 14615 Comm: kworker/u8:21 Not tainted syzkaller #0 PREEMPT(full) 
[  481.152881][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  481.152893][    C1] Workqueue: events_unbound nsim_dev_trap_report_work
[  481.152922][    C1] Call Trace:
[  481.152930][    C1]  <IRQ>
[  481.152938][    C1]  dump_stack_lvl+0x189/0x250
[  481.152960][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  481.152979][    C1]  ? rcu_is_watching+0x15/0xb0
[  481.152996][    C1]  ? __kasan_check_byte+0x12/0x40
[  481.153017][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.153034][    C1]  ? rcu_is_watching+0x15/0xb0
[  481.153050][    C1]  ? lock_release+0x4b/0x3e0
[  481.153074][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  481.153093][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[  481.153113][    C1]  print_report+0xca/0x240
[  481.153129][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  481.153145][    C1]  kasan_report+0x118/0x150
[  481.153166][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  481.153185][    C1]  __xfrm_state_delete+0x696/0xca0
[  481.153205][    C1]  xfrm_timer_handler+0x18f/0xa00
[  481.153225][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  481.153240][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  481.153262][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.153286][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  481.153307][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  481.153330][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  481.153345][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  481.153360][    C1]  __hrtimer_run_queues+0x529/0xc60
[  481.153384][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  481.153399][    C1]  ? read_tsc+0x9/0x20
[  481.153420][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  481.153440][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  481.153459][    C1]  handle_softirqs+0x283/0x870
[  481.153488][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  481.153506][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  481.153524][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  481.153544][    C1]  __irq_exit_rcu+0xca/0x1f0
[  481.153560][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  481.153579][    C1]  irq_exit_rcu+0x9/0x30
[  481.153593][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  481.153616][    C1]  </IRQ>
[  481.153622][    C1]  <TASK>
[  481.153628][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  481.153646][    C1] RIP: 0010:lock_acquire+0x175/0x360
[  481.153669][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 7b 21 03 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  481.153683][    C1] RSP: 0018:ffffc9001e42f3d8 EFLAGS: 00000206
[  481.153698][    C1] RAX: 45ad7f3b651deb00 RBX: 0000000000000000 RCX: 45ad7f3b651deb00
[  481.153710][    C1] RDX: 0000000000000000 RSI: ffffffff8dba8220 RDI: ffffffff8be33880
[  481.153722][    C1] RBP: ffffffff8172c195 R08: 0000000000000000 R09: ffffffff8172c195
[  481.153733][    C1] R10: ffffc9001e42f598 R11: ffffffff81ac3ae0 R12: 0000000000000002
[  481.153745][    C1] R13: ffffffff8e139f20 R14: 0000000000000000 R15: 0000000000000246
[  481.153758][    C1]  ? unwind_next_frame+0xa5/0x2390
[  481.153776][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  481.153795][    C1]  ? unwind_next_frame+0xa5/0x2390
[  481.153819][    C1]  ? unwind_next_frame+0xa5/0x2390
[  481.153836][    C1]  ? worker_thread+0x8a0/0xda0
[  481.153853][    C1]  ? unwind_next_frame+0xa5/0x2390
[  481.153869][    C1]  unwind_next_frame+0xc2/0x2390
[  481.153886][    C1]  ? unwind_next_frame+0xa5/0x2390
[  481.153906][    C1]  ? unwind_next_frame+0xa5/0x2390
[  481.153923][    C1]  ? process_scheduled_works+0xae1/0x17b0
[  481.153940][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  481.153959][    C1]  arch_stack_walk+0x11c/0x150
[  481.153980][    C1]  ? worker_thread+0x8a0/0xda0
[  481.153997][    C1]  stack_trace_save+0x9c/0xe0
[  481.154015][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  481.154035][    C1]  ? stack_trace_save+0x9c/0xe0
[  481.154055][    C1]  kasan_save_track+0x3e/0x80
[  481.154073][    C1]  ? kasan_save_track+0x3e/0x80
[  481.154091][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[  481.154110][    C1]  ? kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  481.154130][    C1]  ? __alloc_skb+0x112/0x2d0
[  481.154153][    C1]  ? nsim_dev_trap_report_work+0x29a/0xb80
[  481.154175][    C1]  ? process_scheduled_works+0xae1/0x17b0
[  481.154190][    C1]  ? worker_thread+0x8a0/0xda0
[  481.154225][    C1]  __kasan_slab_alloc+0x6c/0x80
[  481.154246][    C1]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  481.154266][    C1]  ? __alloc_skb+0x112/0x2d0
[  481.154283][    C1]  __alloc_skb+0x112/0x2d0
[  481.154299][    C1]  nsim_dev_trap_report_work+0x29a/0xb80
[  481.154329][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  481.154345][    C1]  process_scheduled_works+0xae1/0x17b0
[  481.154372][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  481.154394][    C1]  worker_thread+0x8a0/0xda0
[  481.154420][    C1]  kthread+0x70e/0x8a0
[  481.154440][    C1]  ? __pfx_worker_thread+0x10/0x10
[  481.154456][    C1]  ? __pfx_kthread+0x10/0x10
[  481.154482][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  481.154502][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.154523][    C1]  ? __pfx_kthread+0x10/0x10
[  481.154541][    C1]  ret_from_fork+0x3fc/0x770
[  481.154558][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  481.154577][    C1]  ? __switch_to_asm+0x39/0x70
[  481.154595][    C1]  ? __switch_to_asm+0x33/0x70
[  481.154614][    C1]  ? __pfx_kthread+0x10/0x10
[  481.154633][    C1]  ret_from_fork_asm+0x1a/0x30
[  481.154659][    C1]  </TASK>
[  481.154665][    C1] 
[  481.165176][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  481.167168][    C1] Allocated by task 18351:
[  481.177275][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  481.187191][    C1]  kasan_save_track+0x3e/0x80
[  481.187218][    C1]  __kasan_slab_alloc+0x6c/0x80
[  481.187239][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  481.194352][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  481.197268][    C1]  xfrm_state_alloc+0x24/0x2f0
[  481.200516][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:b5:e5:1f:fb:53, vlan:0)
[  481.204870][    C1]  __find_acq_core+0x8a7/0x1c00
[  481.204892][    C1]  xfrm_find_acq+0x78/0xa0
[  481.210340][    C0] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  481.214771][    C1]  xfrm_alloc_userspi+0x6b3/0xc90
[  481.214797][    C1]  xfrm_user_rcv_msg+0x7a0/0xab0
[  481.807966][    C1]  netlink_rcv_skb+0x205/0x470
[  481.813299][    C1]  xfrm_netlink_rcv+0x79/0x90
[  481.818094][    C1]  netlink_unicast+0x82f/0x9e0
[  481.822881][    C1]  netlink_sendmsg+0x805/0xb30
[  481.827660][    C1]  __sock_sendmsg+0x21c/0x270
[  481.832405][    C1]  ____sys_sendmsg+0x505/0x830
[  481.837195][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  481.841893][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  481.846851][    C1]  do_syscall_64+0xfa/0x3b0
[  481.851385][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.857469][    C1] 
[  481.859821][    C1] Freed by task 43:
[  481.863642][    C1]  kasan_save_track+0x3e/0x80
[  481.868430][    C1]  kasan_save_free_info+0x46/0x50
[  481.873868][    C1]  __kasan_slab_free+0x5b/0x80
[  481.878751][    C1]  kmem_cache_free+0x18f/0x400
[  481.883540][    C1]  xfrm_state_gc_task+0x52d/0x6b0
[  481.888592][    C1]  process_scheduled_works+0xae1/0x17b0
[  481.894187][    C1]  worker_thread+0x8a0/0xda0
[  481.899073][    C1]  kthread+0x70e/0x8a0
[  481.903183][    C1]  ret_from_fork+0x3fc/0x770
[  481.907800][    C1]  ret_from_fork_asm+0x1a/0x30
[  481.912601][    C1] 
[  481.914937][    C1] The buggy address belongs to the object at ffff88803380d100
[  481.914937][    C1]  which belongs to the cache xfrm_state of size 928
[  481.928922][    C1] The buggy address is located 48 bytes inside of
[  481.928922][    C1]  freed 928-byte region [ffff88803380d100, ffff88803380d4a0)
[  481.942844][    C1] 
[  481.945278][    C1] The buggy address belongs to the physical page:
[  481.951700][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3380c
[  481.960475][    C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  481.968988][    C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  481.976642][    C1] page_type: f5(slab)
[  481.980646][    C1] raw: 00fff00000000040 ffff88801af0f780 dead000000000122 0000000000000000
[  481.989247][    C1] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  481.997865][    C1] head: 00fff00000000040 ffff88801af0f780 dead000000000122 0000000000000000
[  482.006558][    C1] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  482.015605][    C1] head: 00fff00000000002 ffffea0000ce0301 00000000ffffffff 00000000ffffffff
[  482.024393][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  482.033172][    C1] page dumped because: kasan: bad access detected
[  482.039710][    C1] page_owner tracks the page as allocated
[  482.045507][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 18190, tgid 18185 (syz.4.3401), ts 427737059879, free_ts 423774307373
[  482.065432][    C1]  post_alloc_hook+0x240/0x2a0
[  482.070325][    C1]  get_page_from_freelist+0x21e4/0x22c0
[  482.076077][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  482.081906][    C1]  alloc_pages_mpol+0x232/0x4a0
[  482.086780][    C1]  allocate_slab+0x8a/0x370
[  482.091478][    C1]  ___slab_alloc+0xbeb/0x1420
[  482.096186][    C1]  kmem_cache_alloc_noprof+0x283/0x3c0
[  482.101675][    C1]  xfrm_state_alloc+0x24/0x2f0
[  482.106462][    C1]  xfrm_state_find+0x37d4/0x5400
[  482.111434][    C1]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  482.118051][    C1]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  482.123526][    C1]  xfrm_lookup_route+0x3c/0x1c0
[  482.128760][    C1]  udp_sendmsg+0x142e/0x2170
[  482.133542][    C1]  __sock_sendmsg+0x19c/0x270
[  482.138448][    C1]  ____sys_sendmsg+0x52d/0x830
[  482.143255][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  482.147958][    C1] page last free pid 24 tgid 24 stack trace:
[  482.153962][    C1]  __free_frozen_pages+0xbc4/0xd30
[  482.159286][    C1]  __put_partials+0x156/0x1a0
[  482.163992][    C1]  put_cpu_partial+0x17c/0x250
[  482.168785][    C1]  __slab_free+0x2d5/0x3c0
[  482.173229][    C1]  qlist_free_all+0x97/0x140
[  482.178099][    C1]  kasan_quarantine_reduce+0x148/0x160
[  482.183600][    C1]  __kasan_slab_alloc+0x22/0x80
[  482.188568][    C1]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  482.194560][    C1]  __alloc_skb+0x112/0x2d0
[  482.199003][    C1]  mld_newpack+0x13c/0xc40
[  482.203554][    C1]  add_grhead+0x5a/0x2a0
[  482.207822][    C1]  add_grec+0x1452/0x1740
[  482.212190][    C1]  mld_ifc_work+0x6ed/0xd60
[  482.216784][    C1]  process_scheduled_works+0xae1/0x17b0
[  482.222624][    C1]  worker_thread+0x8a0/0xda0
[  482.227251][    C1]  kthread+0x70e/0x8a0
[  482.231372][    C1] 
[  482.233731][    C1] Memory state around the buggy address:
[  482.239489][    C1]  ffff88803380d000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  482.247569][    C1]  ffff88803380d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  482.255653][    C1] >ffff88803380d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  482.263820][    C1]                                      ^
[  482.269545][    C1]  ffff88803380d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  482.277631][    C1]  ffff88803380d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  482.285806][    C1] ==================================================================
[  482.294079][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  482.301301][    C1] CPU: 1 UID: 0 PID: 14615 Comm: kworker/u8:21 Not tainted syzkaller #0 PREEMPT(full) 
[  482.311229][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  482.321404][    C1] Workqueue: events_unbound nsim_dev_trap_report_work
[  482.328226][    C1] Call Trace:
[  482.331538][    C1]  <IRQ>
[  482.334661][    C1]  dump_stack_lvl+0x99/0x250
[  482.339386][    C1]  ? __asan_memcpy+0x40/0x70
[  482.344000][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.349319][    C1]  ? __pfx__printk+0x10/0x10
[  482.353947][    C1]  vpanic+0x281/0x750
[  482.358055][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  482.363467][    C1]  ? __pfx_vpanic+0x10/0x10
[  482.368148][    C1]  ? irqentry_exit+0x74/0x90
[  482.372790][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  482.378207][    C1]  panic+0xb9/0xc0
[  482.381970][    C1]  ? __pfx_panic+0x10/0x10
[  482.386513][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  482.392460][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  482.399007][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  482.404665][    C1]  check_panic_on_warn+0x89/0xb0
[  482.409729][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  482.415472][    C1]  end_report+0x78/0x160
[  482.419844][    C1]  kasan_report+0x129/0x150
[  482.424554][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  482.429950][    C1]  __xfrm_state_delete+0x696/0xca0
[  482.435094][    C1]  xfrm_timer_handler+0x18f/0xa00
[  482.440151][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  482.445801][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  482.452085][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  482.457310][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  482.463318][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  482.469678][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  482.475245][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  482.480810][    C1]  __hrtimer_run_queues+0x529/0xc60
[  482.486034][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  482.491768][    C1]  ? read_tsc+0x9/0x20
[  482.495864][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  482.501789][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  482.506938][    C1]  handle_softirqs+0x283/0x870
[  482.511978][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  482.517295][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  482.522610][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[  482.527855][    C1]  __irq_exit_rcu+0xca/0x1f0
[  482.532483][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  482.537910][    C1]  irq_exit_rcu+0x9/0x30
[  482.542275][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  482.547992][    C1]  </IRQ>
[  482.551032][    C1]  <TASK>
[  482.553998][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  482.560202][    C1] RIP: 0010:lock_acquire+0x175/0x360
[  482.565630][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 7b 21 03 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  482.585791][    C1] RSP: 0018:ffffc9001e42f3d8 EFLAGS: 00000206
[  482.591887][    C1] RAX: 45ad7f3b651deb00 RBX: 0000000000000000 RCX: 45ad7f3b651deb00
[  482.600675][    C1] RDX: 0000000000000000 RSI: ffffffff8dba8220 RDI: ffffffff8be33880
[  482.608775][    C1] RBP: ffffffff8172c195 R08: 0000000000000000 R09: ffffffff8172c195
[  482.616773][    C1] R10: ffffc9001e42f598 R11: ffffffff81ac3ae0 R12: 0000000000000002
[  482.624770][    C1] R13: ffffffff8e139f20 R14: 0000000000000000 R15: 0000000000000246
[  482.633053][    C1]  ? unwind_next_frame+0xa5/0x2390
[  482.638661][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  482.645125][    C1]  ? unwind_next_frame+0xa5/0x2390
[  482.650490][    C1]  ? unwind_next_frame+0xa5/0x2390
[  482.655809][    C1]  ? worker_thread+0x8a0/0xda0
[  482.660614][    C1]  ? unwind_next_frame+0xa5/0x2390
[  482.665762][    C1]  unwind_next_frame+0xc2/0x2390
[  482.670818][    C1]  ? unwind_next_frame+0xa5/0x2390
[  482.676128][    C1]  ? unwind_next_frame+0xa5/0x2390
[  482.681374][    C1]  ? process_scheduled_works+0xae1/0x17b0
[  482.687204][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  482.693498][    C1]  arch_stack_walk+0x11c/0x150
[  482.698379][    C1]  ? worker_thread+0x8a0/0xda0
[  482.703173][    C1]  stack_trace_save+0x9c/0xe0
[  482.708022][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  482.713535][    C1]  ? stack_trace_save+0x9c/0xe0
[  482.718413][    C1]  kasan_save_track+0x3e/0x80
[  482.723211][    C1]  ? kasan_save_track+0x3e/0x80
[  482.728192][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[  482.733343][    C1]  ? kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  482.739733][    C1]  ? __alloc_skb+0x112/0x2d0
[  482.744503][    C1]  ? nsim_dev_trap_report_work+0x29a/0xb80
[  482.750696][    C1]  ? process_scheduled_works+0xae1/0x17b0
[  482.756447][    C1]  ? worker_thread+0x8a0/0xda0
[  482.761264][    C1]  __kasan_slab_alloc+0x6c/0x80
[  482.766241][    C1]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  482.772519][    C1]  ? __alloc_skb+0x112/0x2d0
[  482.777307][    C1]  __alloc_skb+0x112/0x2d0
[  482.781763][    C1]  nsim_dev_trap_report_work+0x29a/0xb80
[  482.787456][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  482.793472][    C1]  process_scheduled_works+0xae1/0x17b0
[  482.799107][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  482.805312][    C1]  worker_thread+0x8a0/0xda0
[  482.809961][    C1]  kthread+0x70e/0x8a0
[  482.814072][    C1]  ? __pfx_worker_thread+0x10/0x10
[  482.819209][    C1]  ? __pfx_kthread+0x10/0x10
[  482.823835][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  482.829151][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  482.834475][    C1]  ? __pfx_kthread+0x10/0x10
[  482.839459][    C1]  ret_from_fork+0x3fc/0x770
[  482.844457][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  482.849730][    C1]  ? __switch_to_asm+0x39/0x70
[  482.854913][    C1]  ? __switch_to_asm+0x33/0x70
[  482.859913][    C1]  ? __pfx_kthread+0x10/0x10
[  482.864548][    C1]  ret_from_fork_asm+0x1a/0x30
[  482.869452][    C1]  </TASK>
[  482.873049][    C1] Kernel Offset: disabled
[  482.877397][    C1] Rebooting in 86400 seconds..