last executing test programs:

1m20.049617394s ago: executing program 3 (id=607):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x301, 0x100, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x3}, {}, {0xe}}}, 0x24}, 0x1, 0x4000000, 0x0, 0x800}, 0x0)

1m7.287610906s ago: executing program 3 (id=607):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x301, 0x100, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x3}, {}, {0xe}}}, 0x24}, 0x1, 0x4000000, 0x0, 0x800}, 0x0)

55.311245799s ago: executing program 3 (id=607):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x301, 0x100, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x3}, {}, {0xe}}}, 0x24}, 0x1, 0x4000000, 0x0, 0x800}, 0x0)

34.725430148s ago: executing program 3 (id=607):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x301, 0x100, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x3}, {}, {0xe}}}, 0x24}, 0x1, 0x4000000, 0x0, 0x800}, 0x0)

28.200643514s ago: executing program 2 (id=1106):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYRESHEX=r1, @ANYRES16=r0, @ANYBLOB="270e000000000000210407020000"], 0x14}, 0x1, 0x40030000000000}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'ipvlan1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCRSCLRRT(r5, 0x89e4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bond0\x00'})
r6 = socket$inet6(0xa, 0x6, 0x20005)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000a5c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c0800034000000008080007400000002e080006400000000008000f4000000002140000001000010000000000000000000084000a"], 0x84}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@mpls_delroute={0x2c, 0x19, 0x10, 0x70bd2e, 0x25dfdbfb, {0x1c, 0x0, 0x10, 0xbd, 0xfd, 0x0, 0xfe, 0xa, 0x1100}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0xff}, @RTA_TTL_PROPAGATE={0x5, 0x1a, 0x7}]}, 0x2c}}, 0x0)
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[], 0x150}, 0x1, 0x0, 0x0, 0x4001}, 0x8008090)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6c}}, 0x40000)
r9 = socket$packet(0x11, 0x3, 0x300)
r10 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r10, 0x107, 0x12, 0x0, 0x0)
setsockopt$packet_fanout(r9, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r11, 0x8946, &(0x7f0000000140)="a6cc04e2d8f1c38afbf14b29b86e3a")
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000440)={{0xa, 0x4e21, 0x1, @local, 0x7}, {0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}, 0xfffffc00}, 0xffffffffffffffff, {[0x401, 0xffffd7fb, 0xf, 0x1, 0x3, 0x200, 0x8001, 0x2]}}, 0x5c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x60}}, 0x0)
r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r12, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r13)

27.691212934s ago: executing program 2 (id=1111):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = accept4$alg(r0, 0x0, 0x0, 0x800)
write(r1, &(0x7f0000000000)="8de359b77e302edadd88c008d7aaddce6ce4f9082f832569fc75a459c7e788d0f54e1fb13c4f8244d23fb34f69aae20d28b30c823bbf6470aa07cc7006fc05b91e2eb2042dc609c7dae1148bc2bb496510e5dbfed0453a0fab7d9c921b27a7bce08e334eab4b3a6d803ec816421ef7bbcb2459c162a0421e95731b3617f2154cb92bb534391d8f617b3400c26a43f748e00ffc051cd8094dab86cea36954947126e05ea20ccc836c2f2bda49e521738e2b517f88b425fcd5c0c12aeb162fba2dcc5789d1d761513e907ca66700f1dd68f4f4a96915045d0c93718ae14a9c393503e588011db2", 0xe6)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r2, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, r3, 0x100, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x0, 0x6f}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x34}}, 0xc000)
read$alg(r1, &(0x7f0000000280), 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000002c0)={<r6=>0x0, 0x9f6f}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000340)={r6, @in={{0x2, 0x4e23, @multicast1}}, 0x7, 0x4}, 0x90)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000400)=0x8, 0x4)
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f0000000440)={<r7=>r5, 0xfffffffffffffff2, 0x100})
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@typedef={0x10, 0x0, 0x0, 0x8, 0x3}]}, {0x0, [0x30, 0x3e, 0x61, 0x5f]}}, &(0x7f00000004c0), 0x2a, 0x0, 0x0, 0x9}, 0x28)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@bloom_filter={0x1e, 0x0, 0x1, 0x5, 0x1100, r7, 0x5, '\x00', 0x0, r8, 0x1, 0x2, 0x3, 0x6}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a40)={r7, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000780)=[0x0, 0x0, 0x0], ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x4, 0x6, &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r11=>0x0, 0xe9, &(0x7f0000000840)=[{}], 0x8, 0x10, &(0x7f0000000880), &(0x7f00000008c0), 0x8, 0x37, 0x8, 0x8, &(0x7f0000000900)}}, 0x10)
r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000a80)={0x0, 0x101, 0x8}, 0xc)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)={0x2, 0x4, 0x8, 0x1, 0x80, r7, 0xfffffffc, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x4}, 0x50)
r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x16, 0x1c, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r9}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000006c0)='GPL\x00', 0x6, 0x24, &(0x7f0000000700)=""/36, 0x41000, 0x8, '\x00', 0x0, @fallback=0x29, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740)={0x5, 0xa, 0x1, 0x2}, 0x10, r11, 0xffffffffffffffff, 0x4, &(0x7f0000000b40)=[r9, r12, r13, r9, r7, r7, r9, r9], &(0x7f0000000b80)=[{0x4, 0x2, 0x6, 0x5}, {0x4, 0x5, 0xb, 0xb}, {0x0, 0x1, 0xb, 0x9}, {0x3, 0x2, 0x3, 0x6}], 0x10, 0xe}, 0x94)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000dc0)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000cc0)={0xb0, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x3}, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz1\x00'}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x942}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_ADT={0x48, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x8}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @link_local}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PROTO={0x5, 0x7, 0x5e}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0xf51}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}]}, 0xb0}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000040)
socket$alg(0x26, 0x5, 0x0)
pipe(&(0x7f0000000e00)={<r15=>0xffffffffffffffff, <r16=>0xffffffffffffffff})
sendmsg$NL80211_CMD_RADAR_DETECT(r16, &(0x7f0000000f00)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x2c, r3, 0x20, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xfffffff7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x8040)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000f40)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x8, '\x00', r10, 0xffffffffffffffff, 0x5, 0x2, 0x2}, 0x50)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000fc0), r15)
r17 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001040), r16)
sendmsg$IPVS_CMD_DEL_DAEMON(r16, &(0x7f0000001180)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001140)={&(0x7f0000001080)={0xa0, r17, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e22}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xe}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xfffffff8}]}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x401}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7fff}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4008000}, 0x20000800)
sendmsg$NFT_MSG_GETOBJ_RESET(r7, &(0x7f0000001440)={&(0x7f00000011c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001400)={&(0x7f0000001200)={0x1f4, 0x15, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFTA_OBJ_USERDATA={0xcf, 0x8, "008228a219f6cbb2d9cc6c13370bc5092af1b0525cb7573851a47872f5add6daea542085a112b98d3533e0124669bc3f526f066c35b2b01bc744e116719c3fec697226523e5bbbfe1c6dc586849410604c94876a9deeee107033c5606263056401cd8d0b1f058672febb62704990fa13e8d3cf3be30e140349411cb8ec880de532cb14f726c34179be721be6269ff815209cb80477d6a52efd49c2e3dac173ed9bba59270e2f4539d9f368daaecaa868605d629c01dc2c6baf652ea0c61a07cd76ac72b0e29d86f95f3bf4"}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_USERDATA={0xc7, 0x8, "807be22327b018959abd0820591c48d9426fa6dc1c8c56c116d321f717880b4c71ec5ecd75376379f102da639805dc4e290d5188a6a5e8e831e9493277bfe6b2c901b8d629fa6bf8b19489eabbdb556935079b81068542a18e2fee2684e3aafc890ea158daf21a5c3ca0609496671788cd4d87f82bd22db146c375413d2ebf04a79fc00aeaafac896c48d3a324d39bda0066d81dc85e18be0000a07c1e989b297f7b7e777ceda70cf54d83a888363b2564ba1535cc83de31cc69938bfeb7879f35b761"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJ_USERDATA={0xe, 0x8, "bdb4a899fb223963e1f7"}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}]}, 0x1f4}, 0x1, 0x0, 0x0, 0x44000}, 0x4)
ioctl$TUNSETIFF(r14, 0x400454ca, &(0x7f0000001480)={'xfrm0\x00'})
socket$nl_route(0x10, 0x3, 0x0)

27.570351758s ago: executing program 2 (id=1112):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r0, 0x0, 0xffffffffffffffff}, 0x20) (async)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="02000000020000", @ANYRES64=0x0], 0x10) (async)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073727a3100000000080041007369770014003300626f6e6430"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

27.020033975s ago: executing program 2 (id=1116):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x18, 0x1b, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_fd={0x18, 0x1, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0x75}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xed41d0969ec4053c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1d, &(0x7f00000006c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1000000}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x4, 0x0, 0x6}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}, @call={0x85, 0x0, 0x0, 0x50}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

26.779899601s ago: executing program 2 (id=1119):
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) (async)
close(r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00'}) (async)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0) (async)
setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000040)=0x3, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r3 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r4 = socket(0x10, 0x803, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001040)={0x0, 0x1, 0x5}, 0x10) (async)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) (async)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x78) (async, rerun: 32)
r7 = socket$alg(0x26, 0x5, 0x0) (rerun: 32)
bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) (async, rerun: 32)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r2) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000440)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, r8, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x9, 0x5a}}}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xbf}]}, 0x30}, 0x1, 0x0, 0x0, 0x42000}, 0x4040000) (async)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) (async)
r10 = accept4(r7, 0x0, 0x0, 0x0)
sendmsg$alg(r10, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x10, 0x117, 0x4, 0x1}], 0x10}, 0x0) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r6, 0xe0, &(0x7f0000005080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) (async)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}, @IFLA_GRE_REMOTE={0x8, 0x7, @loopback}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x4000)

15.986667515s ago: executing program 3 (id=607):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x301, 0x100, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x3}, {}, {0xe}}}, 0x24}, 0x1, 0x4000000, 0x0, 0x800}, 0x0)

14.330074403s ago: executing program 2 (id=1119):
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) (async)
close(r0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00'}) (async)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0) (async)
setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000040)=0x3, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r3 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r4 = socket(0x10, 0x803, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001040)={0x0, 0x1, 0x5}, 0x10) (async)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) (async)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @exit, @initr0, @exit, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @exit], &(0x7f00000000c0)='GPL\x00'}, 0x78) (async, rerun: 32)
r7 = socket$alg(0x26, 0x5, 0x0) (rerun: 32)
bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) (async, rerun: 32)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r2) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000440)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, r8, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x9, 0x5a}}}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xbf}]}, 0x30}, 0x1, 0x0, 0x0, 0x42000}, 0x4040000) (async)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) (async)
r10 = accept4(r7, 0x0, 0x0, 0x0)
sendmsg$alg(r10, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x10, 0x117, 0x4, 0x1}], 0x10}, 0x0) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r6, 0xe0, &(0x7f0000005080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) (async)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}, @IFLA_GRE_REMOTE={0x8, 0x7, @loopback}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x4000)

5.371795121s ago: executing program 4 (id=1202):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x470d0, 0x40}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x7, 0xe0000000}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x50}}, 0x8000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x16}, 0xb}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f00000004c0)=0x8)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r3, 0x84, 0x79, &(0x7f00000002c0)={r5, 0xc, 0x8}, 0x8)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="f000000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="0008000000020000bc0012800c0001006d6163766c616e00ac000280080003000100000008000100100000000a0004000180c200000300000a00040000000000030000000800070005000000080007000a0000004c0005800a"], 0xf0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x90}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x14, 0x3, 0x3, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=@ipv4_newroute={0x2c, 0x18, 0x200, 0x70bd25, 0x25dfdbff, {0x2, 0x20, 0x94, 0x3, 0xfd, 0x2, 0xfe, 0x7, 0x1000}, [@RTA_FLOW={0x8, 0xb, 0xc}, @RTA_DST={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x21}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x40)

3.563721255s ago: executing program 4 (id=1204):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, 0x1, 0x8, 0x5, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0xc0c4}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x94, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x30}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x48, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x40}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x9}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x80}, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast2}}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x1ff}]}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x94}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)

3.434158776s ago: executing program 4 (id=1207):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3) (async)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0x38}}, 0x0)
r3 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'hsr0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'hsr0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xe315}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}}, 0x0)
sendmsg$can_bcm(r5, &(0x7f00000001c0)={&(0x7f0000000000)={0x1d, r6}, 0x10, &(0x7f0000000180)={&(0x7f0000000040)={0x3, 0x20a, 0x6, {0x0, 0xea60}, {0x0, 0x2710}, {0x3, 0x1, 0x1}, 0x1, @can={{0x4, 0x1}, 0x8, 0x0, 0x0, 0x0, "e98541a75c81fc39"}}, 0x48}, 0x1, 0x0, 0x0, 0x11}, 0x20044041)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x4000) (async)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x4000)
socket$nl_route(0x10, 0x3, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) (async)
setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x70bd2d, 0x0, {0xa, 0x0, 0x80}, [@RTA_MARK={0x8, 0x10, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async)
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x70bd2d, 0x0, {0xa, 0x0, 0x80}, [@RTA_MARK={0x8, 0x10, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x24}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)
sendmmsg$inet(r3, &(0x7f0000005240), 0x4000095, 0x0)
r10 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r10, 0xc004743e, 0x0) (async)
ioctl$PPPIOCNEWUNIT(r10, 0xc004743e, 0x0)
socket$packet(0x11, 0x2, 0x300)

3.001459998s ago: executing program 4 (id=1210):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f0000001480)}], 0x3)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000180)={@private, @initdev, <r2=>0x0}, &(0x7f00000001c0)=0xc)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
close(0x3)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r4, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r5, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r5, 0x80)
accept$netrom(r5, 0x0, 0x0)
unshare(0x62040200)
connect$inet6(r3, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_GET(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x98, r1, 0x311fbdc56f52a6e8, 0x70bd2b, 0x25dfdbfe, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @HEADER={0x4}]}, 0x98}, 0x1, 0x0, 0x0, 0x40440c0}, 0x4000)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000800000000000000000000000000000002"])
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_timeval(r6, 0x1, 0x2, 0x0, 0x48)
getsockopt$inet6_mptcp_buf(r6, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98)

2.552932309s ago: executing program 1 (id=1213):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000730109000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r4=>0xffffffffffffffff})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000007380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x48, r5, 0xe096044a3fc9e6f1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xfa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x8}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008890}, 0x8050)
bind$inet(r3, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$TUNSETOFFLOAD(r8, 0xc004743e, 0x110e22fff6)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000100)=0x82)
close(r9)
listen(r3, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x4)
writev(r10, &(0x7f00000000c0)=[{&(0x7f0000000000)="f54ab8a27f21ef1839857b0163728b65f09f039b446487baeb91273fc9c2b8dd6c27bcea42b1d1ed27e0d97f6b4f9efb465fd0a607b68056026de077989cfc923fa9e4b7e8443c33787db0395316b6a73a1577f018f95c7d7ceca9270910efdcfbc15b4103b215879e166ba7a53b528b9b859994386c8015f7a9e596bdc6ca1feba0dff1a407ba3ed69015ababd17e03cf673f05ec082ad6b266b6fcfc7130e80dae6abe7bbf3f461a00"/187, 0xbb}], 0x1)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r11, 0x4030582a, 0x0)
r12 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000400)='ns/uts\x00')
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r10, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x811022c0}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x30, 0x1407, 0x100, 0x70bd2a, 0x25dfdbff, "", [@RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r11}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r12}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x240008c4}, 0xc081)

2.130115106s ago: executing program 1 (id=1214):
r0 = socket$inet(0x2, 0x3, 0xfffffffd)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x10, 0xc, &(0x7f0000000480)=ANY=[@ANYRES64=r0, @ANYRESOCT=r0, @ANYRESHEX], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff33, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x8}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r2, &(0x7f0000000040), 0x10)
setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000400)="71b58fff4131cc34e4a53937c09e2b9343ea36f23708dd70acfd4a8a60b9e66c7211fb30d3c0cc0fabd7705d851e3699465e8ca3b6932b40d84006fc0a2337f9ebd40d42d183174c24f822d810f632230a67d249874caee9268a87fcc8515f28d8", 0x61)
listen(r2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r3, &(0x7f0000001140)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000540)='O', 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r3, 0x1)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000680)={0x0, @in6={{0xa, 0x4e21, 0xf, @private2, 0xa9a}}, [0x7, 0x7, 0xa30e, 0x100, 0xa1, 0x1, 0x0, 0x6, 0x5, 0xa, 0xf2e, 0x800, 0xffffffffffff7fff, 0xffffffffffff7fff, 0x8000000000000001]}, &(0x7f00000004c0)=0x100)
r4 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r4, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000006d85500001e0a05010000000000000000070000000900020073797a31000000000900010073797a3000000000ac55038014000080100001800a000100fefe807eb37b0000580100800c0005400000000000000003a40002803c000280080003400000000208000180fffffffb08000180000000000900020073797a320000000008000180ffffffff0900020073797a31000000005000028008000340000000030800034000000003080003400000000408000180fffffffb0900020073797a3200000000080001800000000008000180fffffffc08000180fffffffe08000180fffffffc1400028008000180fffffffa08000340000000019c000a801400028008000340000000040800034000000003100001000d1cfcc7882b26f27f5ce2160e0001007f39ca4ec7a221b1c39a00004400028008000180fffffffb0900020073797a320000000008000180fffffffb08000340000000010900020073797a300000000008000180ffffffff08000180000000001f000100513ee19e9cf377f3d8edc674439f8624bfa0d9fb3c25f5f647c23f000800034000000002"], 0x565c}}, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)='i', 0x1}], 0x1, &(0x7f00000005c0)=ANY=[], 0x200}}], 0x1, 0x4000006)
socket(0x0, 0x1, 0x637)
r6 = accept4$unix(r2, 0x0, 0x0, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000340), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r7, &(0x7f00000000c0)={0xa}, 0x1c)
recvfrom$unix(r6, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x10, &(0x7f0000000100)=0xffffffff, 0x4)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x388}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x400}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f00000000c0)=0xabb3, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000200)="080016fbb07d586e", 0x8}], 0x1, 0x0, 0x0, 0x60000000}, 0x4000000)

1.823974122s ago: executing program 1 (id=1216):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4d014, 0x1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r1}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20004002}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r2)
sendmsg$NFC_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01052cbd7000fedbdf251d00000008001d000400000008001e00300b000008000100d3"], 0x2c}, 0x1, 0x0, 0x0, 0x4004005}, 0x8000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x14}]}, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), r2)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0x80, r4, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private2}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @remote}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:sound_device_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @loopback}]}, 0x80}, 0x1, 0x0, 0x0, 0x40008c1}, 0x80)

1.495224789s ago: executing program 1 (id=1218):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg(r0, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000340)=""/82, 0x52}], 0x1}, 0x81}], 0x1, 0x2000, 0x0)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
bind$tipc(r0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x5, 0x6, 0x8, 0x8, 0x0, 0x2, 0x0, 0x8}, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="20040081aedbfb0800"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x404c840)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="17000000210001"], 0x28}, 0x1, 0x0, 0x0, 0x4040814}, 0x0)
sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0)

1.164215406s ago: executing program 0 (id=1221):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.numa_stat\x00', 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @multicast2}})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)={0x1c, 0x3a, 0x107, 0x400, 0x0, {0x4, 0x7c}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008800}, 0xc000)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c00e06184db6e4254fc05ef38000000", @ANYRES16=r6, @ANYBLOB="01002cbd7000000000000600000008000300", @ANYRES32=0x0, @ANYBLOB="080005000b0000000500530004000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r4)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="f7e80100000000001c0012800b0001006d616373656300000c0002800500030002000000"], 0x3c}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x2, 0x34005}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f}, 0x94)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x20, r9, 0x73976972ba3f4b55, 0x0, 0xffffffff, {0x8}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}]}, 0x20}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x3040}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="34000000430000012cbd7000ffdbdf251c000300cbc20000100006800c00050002000000e5ffffff070002000f000000"], 0x34}, 0x1, 0x0, 0x0, 0x20008840}, 0x815)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="b4136ccbf4ca4f00", @ANYRES16=r9, @ANYBLOB="010026bd7000fddbdf250100000008000500ff070000340003801400020070696d3672656730000000000000000008000500ac1414bb1400060000000000000000000000ffff00000000080005000e0000005c00018006000100020000000c000700390000000d00000008000b007369700006000200d0000000060004004e240000060004004e23000014000300ac1e0001000000000000000000000000060002003c0000000600010002000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4004084}, 0x40000)
connect$pppl2tp(r1, &(0x7f0000000340)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x2, 0x0, 0x2}}, 0x26)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000005c0)={0x14, 0x2e, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}]}, 0x14}], 0x1}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), r4)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x19, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000030000000000000001004000850000001900000700000000000000008f35e4d1d2df2552ae9db640afd6dc91761125a2cc433a20ebea7711c2ede057aa76bba2c570695a3e068d135b2b2d86241bc1bf6add038a006e6d78a7f8a5767cbdb662f8003e48fe540a76965c58275cf1975dfd1544b69d242fb384f5fcf926d53bc8c00000"], &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

959.609099ms ago: executing program 0 (id=1222):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000480)={r0, 0xc, 0x7, 0xffffffff00000000})
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fefdffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000000404000001000000b70500002a0000006a0a00fe00000000850000000b000000b70000005920000095000000000000006c8457920ba0fad478e86823cc07b88f5d76781dcb7729f41726a067818b990b13bfdd5db1b7ef826f015cd03018d546fa9b6827767c171a4f0720596bb3b4d821d976f5843061cc2e3afbae82d7932d4f91f718f0e56315040148e11bac31821236192321fa3b3042"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x0, 0xcc0, 0xdd7, &(0x7f0000000000)="5ae02efc441a80536af0d1d905c723fa", &(0x7f0000000040)=""/24}, 0x28)
clock_gettime(0x0, &(0x7f0000000140)={<r2=>0x0, <r3=>0x0})
ppoll(&(0x7f0000000100)=[{r1, 0x1420}, {0xffffffffffffffff, 0x201}, {r0, 0x8001}, {r1, 0x520}, {r1, 0x8004}, {r0, 0x5}, {r1, 0x101}, {r1, 0xc088}], 0x8, &(0x7f00000002c0)={r2, r3+60000000}, &(0x7f0000000300)={[0x4]}, 0x8)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0cd000000000000044e690085000000a000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r6, r7, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20)
sendmsg$inet(r4, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d00)={0x1a8, 0x19, 0x1, 0x0, 0x0, {0x1d, 0xd601, 0x9}, [@nested={0x50, 0x11, 0x0, 0x1, [@typed={0x49, 0x121, 0x0, 0x0, @binary="c9a7befe6f6d645a1a11b81b2c4b101c7510e19fee6bb49f6cc7a2c50fd57c06db1a75df432aa833928a0772ff8f5e9ed3103bc77d35b296674f1fe35663c0d236fd88d7ba"}]}, @nested={0x144, 0x6, 0x0, 0x1, [@nested={0x140, 0x75, 0x0, 0x1, [@nested={0x13c, 0x105, 0x0, 0x1, [@nested={0x135, 0xce, 0x0, 0x1, [@typed={0x8, 0x22, 0x0, 0x0, @fd=r8}, @generic="9db6859cccae2434ff2e8f93db2df78257b0170f04b50b3be1e4c913ca056fe917b18f5222ac3d3541f98865f03144d0b08bebc32edca5884fdd79091323071734155332e8388f50ece0c5f03a29b281c639e10effac78129089df5ef6cfc31b315f5d873171723ff22203aab3e5053649597853a74ba2af1ee6beec35caed1a3ac803501167580d1c3d3c71cbe7b7d46bf41688a56358a6e631a860ce019d10f0b3d70c28acb57ccb7b8f82b6", @nested={0x4, 0x28}, @nested={0x75, 0x34, 0x0, 0x1, [@typed={0xc, 0x53, 0x0, 0x0, @u64=0xffffffff}, @generic="7a431e14b1f1a68e36dc03a34062e7d7769c15282b2256f7d8eedf6b6ad2c5e36130414d2dbd0d2f23b2bbe5f302f91393e8acdd6c271ed82350db17bc5949e057d1a6073db8c20c1fcc8b927e426b945589368aee18d98b1c894e7a9f36dea027c1f76e4a"]}]}, @generic]}]}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x5}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@timestamp, @window={0x3, 0x9, 0x6f}, @window={0x3, 0x9, 0x2}, @mss={0x2, 0x400}, @timestamp, @timestamp, @timestamp, @sack_perm], 0x8)
syz_emit_ethernet(0x4e, &(0x7f0000000540)={@local, @remote, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "f91e2e", 0x18, 0x3c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[@hopopts={0x88}], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "706a01", 0x0, "cc1978"}}}}}}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)

927.910369ms ago: executing program 4 (id=1223):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
unshare(0x24040400)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000400000004000000ff0000"], 0x48)
r3 = socket(0x2c, 0x3, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$bt_hci(r4, 0x0, 0x1, &(0x7f0000000c40)=""/3, &(0x7f0000000c80)=0x3)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000140), &(0x7f0000000080)=@tcp6=r3, 0x2}, 0x20)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r1, 0xfffffffffffffd20}, 0x10)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000180)=0x1)

859.896587ms ago: executing program 0 (id=1224):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r0, &(0x7f00000004c0)='W', 0x1, 0x40000, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000040), 0x1)

607.479379ms ago: executing program 4 (id=1225):
r0 = socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
socket$inet6(0xa, 0x2, 0x0) (async)
r2 = socket$inet6(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000f000000000079f09ebb060000000000000071223d00006b8be98d41d79cd640021cc0914691feb0eef8dd10fb3a09f78e3c223c601a3fdc970bf503d280000000000000007b56ee8fc078638ad1b60fa2cf7138c56fc9d7213d7bc053fa933f3864480ee3aae972b83592d974ceaeaf80c86fbc0aba47b91710000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, {}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@private2, 0x0, 0x2b}, 0x0, @in=@empty, 0x0, 0x0, 0x3}}, 0xe8)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000200)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={r5, 0x20, &(0x7f0000000480)={&(0x7f00000008c0)=""/237, 0xed, 0x0, &(0x7f0000000ac0)=""/168, 0xa8}}, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x1f, 0x15, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x100d}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x20}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8001}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000100))
socket$inet(0x10, 0x3, 0x0) (async)
r7 = socket$inet(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x74, 0x0, 0x0, 0xfffff01c}]}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0xd, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0xfffffffffffffffc}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0xfffffffffffffffc}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x24004000) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x20000040}, 0x24004000)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
syz_emit_ethernet(0xa6, &(0x7f0000000780)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000703afffe8000000000000000000000000000bbff0200000000a825d98e609851cc348bf773c569b80d0000000000000000000186009078ff0000000000000000000000050aa78c000005ffffffffffff23732472eefa45ad96579269748e254c1e4a8a693f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af"], 0x0) (async)
syz_emit_ethernet(0xa6, &(0x7f0000000780)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000703afffe8000000000000000000000000000bbff0200000000a825d98e609851cc348bf773c569b80d0000000000000000000186009078ff0000000000000000000000050aa78c000005ffffffffffff23732472eefa45ad96579269748e254c1e4a8a693f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af"], 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x8, 0x4000010, 0xffffffffffffffff, 0x54099000)

535.036986ms ago: executing program 1 (id=1226):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x1, @remote}, 0xa}}, 0x26)
sendmmsg$inet(r1, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)}}], 0x1a000, 0x8040)
close(0x3)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0x1c, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x403}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$kcm(0x10, 0x2, 0x10)
syz_emit_ethernet(0x12e, &(0x7f0000000540)={@broadcast, @empty, @void, {@ipv4={0x800, @tipc={{0x6, 0x4, 0x1, 0x9, 0x120, 0x64, 0x0, 0x4, 0x6, 0x0, @empty, @multicast1, {[@timestamp={0x44, 0x4, 0xb2, 0x0, 0x1}]}}, @name_distributor={{0x108, 0x0, 0x0, 0x0, 0x1, 0xa, 0xb, 0x2, 0x3, 0x0, 0x0, 0x6, 0x470, 0x4, 0x4e22, 0x4e23, 0x2, 0x3, 0x0, 0x0, 0x1}, [{0xf0a, 0x0, 0x8000, 0x450374b3, 0x3a8, 0x56, 0x8, 0x100}, {0x833e, 0x4, 0x3, 0x9, 0x81, 0x4, 0x4, 0x9}, {0x2, 0x0, 0x6, 0x8, 0x1b9, 0xc18, 0x6, 0xd4e}, {0x40, 0x1c8, 0x3, 0xa388, 0x7, 0x8c3, 0xa, 0x8}, {0x81, 0x80000001, 0xffffffff, 0x8, 0x7, 0x100, 0x4, 0x9}, {0x338, 0x521, 0x1, 0x2, 0x40, 0x2, 0x6, 0xf8e9}, {0x4, 0xfffffffd, 0x2, 0x9a, 0x6, 0x1, 0x9, 0xb}, {0x2, 0x9621, 0x9, 0x40, 0x97, 0x48, 0xb, 0x9}]}}}}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="380100001a0001000000000000000000fe80000000000000000000000000001eac1414bb00"/62, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe880000000000000000000000000001000000006c0000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a"], 0x138}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000400)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x11, 0x0, 0x20040001, 0x80, 0x8, 0x4, 0x0, 0xffffffff, 0xb59f}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
setsockopt$netrom_NETROM_T4(r6, 0x103, 0x6, &(0x7f0000000a40), 0x4)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000480)={0x0, 0x9}, 0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$inet(0x2, 0x80000, 0x0)
ioctl$SIOCNRDECOBS(r7, 0x89e2)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RTOINFO(r8, 0x84, 0x0, &(0x7f0000002780)={0x0, 0x9, 0x2, 0x79}, &(0x7f00000027c0)=0x10)

381.371135ms ago: executing program 0 (id=1227):
socket$inet6(0xa, 0x200000000003, 0x87)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)
pipe(&(0x7f0000000740)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f00000009c0)={{r3}, 0x100000000, 0x418b, 0x8})
epoll_wait(r3, &(0x7f0000000000)=[{}, {}], 0x2, 0x6)
sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="a8010000", @ANYRES16=r1, @ANYBLOB="0100fcffffff0000000008000000400004803c000780080001001a000000080001001500000008000400090000000800030000000000080001000f00000008000200f2000000080002000e00000004000680440004802c0007800800030000000000080001001e0000000800030000000000080002000e000000080001001c0000001300010062726f6164636173742d6c696e6b000054000280080001000600000008000200080000003400038008000100040000000800010007000000080001005200000008000100d90b000008000200060000000800010002000000040004000400040004000400b80001802c000280080004000100000008000100070000000800020000000000080002000400000008000100050000000d0001007564703a73797a31000000003c0002800800010019000000080001000f0000000800030016050000080002000080000008000300000000000d0001007564703a73797a3100000000080003000a0000003400028008000400c00000000800010000000000080001001b0000000800020000000000080004000600000008000300ff000000"], 0x1a8}}, 0x0)
openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
syz_emit_ethernet(0x9a, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff00005402cb008100450000040101c7865948001196d5b7cbb315c4a27619bb91ec16da2330380c11878f7ad1f24fe4dcfffad2ae2c202a1360441e2768d47e8abaad5752ad82f388d83df580a81b5e9f37de29c6da57e9bb4bc07f92c9eab20f9ce0712089a5e1d54b06adf4b8b31caec9a4efe8713e941e5eabeba7a4bebc4e0ae4bbfdbad683757a447c98bbbda942436e558d052f113a9c1aa836779848b7e1db66189cea"], 0x0)

207.572454ms ago: executing program 0 (id=1228):
r0 = socket$netlink(0x10, 0x3, 0x8)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_tcp_int(r1, 0x6, 0x2c, 0x0, &(0x7f0000000ac0))
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000180), r0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x0)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=ANY=[], 0x1c}], 0x1}, 0x0)

107.371212ms ago: executing program 0 (id=1229):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) (async)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)="0bc3ff", 0x3}, {&(0x7f0000000000)='G', 0x1}, {&(0x7f0000000240)="d336bd75243cb9a65f8e", 0xa}], 0x3)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@ifindex, 0xffffffffffffffff, 0x11, 0x2038}, 0x20)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r2=>0x0}) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000040000000000000000000003000000000300000002000000000000000000000000000001050000000800000002000000000000080000000000002e00"], 0x0, 0x50}, 0x20) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b000000000000000000a96035daad3a37c847da80c6bce2c56a2de65a71724cda33de0a2efaf6617af53dff7279824693211db77fa1edf7d365164f8438f293156830672727c012fb2c34eaa50818faf79c324294947612d71673f063321cd768271405ff07000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4], 0x0, 0x2, 0x0, 0x0, 0x0, 0xd5e93709d453f02a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r5}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62c67a04402ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan3\x00', <r6=>0x0})
sendmsg$NL802154_CMD_SET_CHANNEL(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_PAGE={0x5, 0x7, 0xf}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x1}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000001}, 0x40000)

1.95775ms ago: executing program 3 (id=607):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x301, 0x100, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x3}, {}, {0xe}}}, 0x24}, 0x1, 0x4000000, 0x0, 0x800}, 0x0)

0s ago: executing program 1 (id=1230):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b40000007f"], 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xf, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x5, 0x7, 0x6, 0x1, 0x5, 0x9}}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x2, 0x1}}, {0x4}}]}]}, 0x70}}, 0x4000010)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r5}, 0x10)
sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r6, &(0x7f00000003c0)={0x0, 0xfffffffffffffd90, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r7, 0x701, 0x74bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0)
sendmmsg$inet6(r4, &(0x7f0000002680)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1}, 0x1c, &(0x7f0000000ac0)=[{&(0x7f0000000740)="d4", 0x1}], 0x1}}, {{&(0x7f0000000b40)={0xa, 0x4e21, 0x9, @rand_addr=' \x01\x00', 0x3}, 0x1c, &(0x7f0000000d80)=[{&(0x7f0000000b80)='\a', 0x1}], 0x1}}], 0x2, 0x4000050)
setsockopt(r4, 0x84, 0x7f, &(0x7f0000000040)="020000000d80ffff", 0x8)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a30000000000500040000400000050005000a000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x24002800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r0, @ANYBLOB="00000000000000006100ed0000000000180000000000000000000000000000009500000000000000b50a00000000000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x0, '\x00', 0x0, 0x900, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)

kernel console output (not intermixed with test programs):

dv0: Interface activated: batadv_slave_0
[  217.620627][ T9384] batman_adv: batadv0: Interface activated: batadv_slave_1
[  217.706408][ T6799] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  217.726502][ T6799] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  217.948520][ T6799] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  218.006047][ T6799] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  218.345210][ T8837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  218.374237][ T8837] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  218.479026][ T8837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  218.508433][ T8837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.105632][ T8841] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.254324][ T8841] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.526962][ T8841] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.783816][ T8841] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.215539][ T9649] IPv6: sit1: Disabled Multicast RS
[  220.250479][ T9649] sit1: entered allmulticast mode
[  220.472110][ T8841] bridge_slave_1: left allmulticast mode
[  220.477846][ T8841] bridge_slave_1: left promiscuous mode
[  220.513949][ T8841] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.553860][ T8841] bridge_slave_0: left allmulticast mode
[  220.571965][ T8841] bridge_slave_0: left promiscuous mode
[  220.605551][ T8841] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.709797][ T9656] netlink: 'syz.4.895': attribute type 4 has an invalid length.
[  220.752456][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  220.769704][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  220.777987][ T9661] netlink: 'syz.4.895': attribute type 4 has an invalid length.
[  220.790595][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  220.800969][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  220.809109][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  221.186207][ T8841] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  221.197465][ T8841] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  221.209618][ T8841] bond0 (unregistering): Released all slaves
[  221.263805][ T9658] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.350690][ T9658] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.446129][ T9658] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.568633][ T9658] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.057327][ T8833] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.107669][ T8835] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.164337][ T8833] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.405074][ T8835] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.561123][ T8841] hsr_slave_0: left promiscuous mode
[  222.590295][ T8841] hsr_slave_1: left promiscuous mode
[  222.628498][ T8841] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  222.636260][ T8841] batman_adv: batadv0: Removing interface: batadv_slave_0
[  222.698650][ T8841] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  222.722979][ T8841] batman_adv: batadv0: Removing interface: batadv_slave_1
[  222.798323][ T8841] veth1_macvtap: left promiscuous mode
[  222.828409][ T8841] veth0_macvtap: left promiscuous mode
[  222.846282][ T8841] veth1_vlan: left promiscuous mode
[  222.851693][ T8841] veth0_vlan: left promiscuous mode
[  222.857719][   T51] Bluetooth: hci4: command tx timeout
[  223.479158][ T8841] team0 (unregistering): Port device team_slave_1 removed
[  223.521438][ T8841] team0 (unregistering): Port device team_slave_0 removed
[  224.238982][ T9725] netlink: 148 bytes leftover after parsing attributes in process `syz.1.912'.
[  224.322896][ T8833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  224.349969][ T8833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  224.370105][ T8833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  224.409230][ T8833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  224.465670][ T9659] chnl_net:caif_netlink_parms(): no params data found
[  224.554699][ T9730] netlink: 104 bytes leftover after parsing attributes in process `syz.0.914'.
[  224.840035][ T9745] x_tables: duplicate entry at hook 1
[  224.848611][ T9659] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.865803][ T9659] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.875130][ T9659] bridge_slave_0: entered allmulticast mode
[  224.883638][ T9659] bridge_slave_0: entered promiscuous mode
[  224.894210][ T9659] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.901661][ T9659] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.909352][ T9659] bridge_slave_1: entered allmulticast mode
[  224.917461][ T9659] bridge_slave_1: entered promiscuous mode
[  224.939346][   T51] Bluetooth: hci4: command tx timeout
[  225.091469][ T9659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  225.133153][ T9659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.187150][ T9751] tipc: Started in network mode
[  225.196957][ T9751] tipc: Node identity 7f000001, cluster identity 4711
[  225.209365][ T9751] tipc: Enabled bearer <udp:syz2>, priority 10
[  225.276438][ T9659] team0: Port device team_slave_0 added
[  225.305556][ T9659] team0: Port device team_slave_1 added
[  225.428849][ T9659] batman_adv: batadv0: Adding interface: batadv_slave_0
[  225.448133][ T9659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.487388][ T9659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  225.527725][ T9659] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.547834][ T9659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.584217][ T9659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.689524][ T9659] hsr_slave_0: entered promiscuous mode
[  225.704049][ T9659] hsr_slave_1: entered promiscuous mode
[  225.741590][ T9777] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  225.761094][ T9777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.929'.
[  225.783820][ T9777] batman_adv: batadv0: Removing interface: batadv_slave_0
[  225.786101][ T9779] xt_connbytes: Forcing CT accounting to be enabled
[  225.799125][ T9779] set match dimension is over the limit!
[  225.799215][ T9777] batman_adv: batadv0: Removing interface: batadv_slave_1
[  225.846558][ T9779] netlink: 20 bytes leftover after parsing attributes in process `syz.4.930'.
[  226.056354][ T9786] sctp: [Deprecated]: syz.0.933 (pid 9786) Use of int in max_burst socket option.
[  226.056354][ T9786] Use struct sctp_assoc_value instead
[  226.200062][ T9790] netlink: 20 bytes leftover after parsing attributes in process `syz.4.934'.
[  226.209073][ T9792] 8021q: VLANs not supported on wg0
[  226.321162][ T9797] nbd: must specify at least one socket
[  226.337693][ T9798] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  226.344830][ T5904] tipc: Node number set to 2130706433
[  226.353208][ T9798] syzkaller0: entered promiscuous mode
[  226.358732][ T9798] syzkaller0: entered allmulticast mode
[  226.397253][ T9798] tipc: Resetting bearer <eth:syzkaller0>
[  226.432082][ T9796] tipc: Resetting bearer <eth:syzkaller0>
[  226.479255][ T9801] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.938'.
[  226.493795][ T9796] tipc: Disabling bearer <eth:syzkaller0>
[  226.529040][ T9805] netlink: 64 bytes leftover after parsing attributes in process `syz.0.939'.
[  226.646766][ T9659] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  226.692558][ T9659] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  226.712825][ T9814] netlink: 4 bytes leftover after parsing attributes in process `syz.0.942'.
[  226.722773][ T9659] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  226.739119][ T9659] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  227.012725][   T51] Bluetooth: hci4: command tx timeout
[  227.042332][ T9659] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.064031][ T9659] 8021q: adding VLAN 0 to HW filter on device team0
[  227.079251][ T8833] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.086559][ T8833] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.146541][ T9837] sit1: entered promiscuous mode
[  227.197336][ T9839] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  227.222326][ T9842] netlink: 48 bytes leftover after parsing attributes in process `syz.2.950'.
[  227.231605][ T9839] CPU: 0 UID: 0 PID: 9839 Comm: syz.4.949 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  227.231636][ T9839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  227.231650][ T9839] Call Trace:
[  227.231659][ T9839]  <TASK>
[  227.231668][ T9839]  dump_stack_lvl+0x189/0x250
[  227.231704][ T9839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  227.231729][ T9839]  ? __pfx__printk+0x10/0x10
[  227.231757][ T9839]  ? kernfs_path_from_node+0x2c/0x260
[  227.231787][ T9839]  ? kernfs_path_from_node+0x2c/0x260
[  227.231814][ T9839]  ? kernfs_path_from_node+0x2c/0x260
[  227.231844][ T9839]  ? kernfs_path_from_node+0x22c/0x260
[  227.231876][ T9839]  ? kernfs_path_from_node+0x2c/0x260
[  227.231906][ T9839]  sysfs_warn_dup+0x8e/0xa0
[  227.231934][ T9839]  sysfs_do_create_link_sd+0xc0/0x110
[  227.231964][ T9839]  device_add_class_symlinks+0x1cf/0x240
[  227.231996][ T9839]  device_add+0x475/0xb50
[  227.232027][ T9839]  wiphy_register+0x1ba6/0x28d0
[  227.232075][ T9839]  ? __pfx_wiphy_register+0x10/0x10
[  227.232102][ T9839]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  227.232130][ T9839]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  227.232187][ T9839]  ieee80211_register_hw+0x33e1/0x4120
[  227.232230][ T9839]  ? ieee80211_register_hw+0x14b1/0x4120
[  227.232271][ T9839]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  227.232298][ T9839]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  227.232335][ T9839]  ? __hrtimer_setup+0x187/0x210
[  227.232358][ T9839]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  227.232394][ T9839]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  227.232460][ T9839]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  227.232488][ T9839]  ? trace_kmalloc+0x1f/0xd0
[  227.232523][ T9839]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  227.232547][ T9839]  ? kstrndup+0xbf/0x160
[  227.232607][ T9839]  hwsim_new_radio_nl+0xea4/0x1b10
[  227.232641][ T9839]  ? __pfx___nla_validate_parse+0x10/0x10
[  227.232681][ T9839]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  227.232727][ T9839]  ? __nla_parse+0x40/0x60
[  227.232752][ T9839]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  227.232786][ T9839]  genl_family_rcv_msg_doit+0x215/0x300
[  227.232818][ T9839]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  227.232857][ T9839]  ? bpf_lsm_capable+0x9/0x20
[  227.232880][ T9839]  ? security_capable+0x7e/0x2e0
[  227.232919][ T9839]  genl_rcv_msg+0x60e/0x790
[  227.232949][ T9839]  ? __pfx_genl_rcv_msg+0x10/0x10
[  227.232970][ T9839]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  227.233018][ T9839]  netlink_rcv_skb+0x205/0x470
[  227.233049][ T9839]  ? __pfx_genl_rcv_msg+0x10/0x10
[  227.233073][ T9839]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  227.233123][ T9839]  ? down_read+0x1ad/0x2e0
[  227.233157][ T9839]  genl_rcv+0x28/0x40
[  227.233176][ T9839]  netlink_unicast+0x75c/0x8e0
[  227.233216][ T9839]  netlink_sendmsg+0x805/0xb30
[  227.233265][ T9839]  ? __pfx_netlink_sendmsg+0x10/0x10
[  227.233311][ T9839]  ? aa_sock_msg_perm+0x94/0x160
[  227.233343][ T9839]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  227.233372][ T9839]  ? __pfx_netlink_sendmsg+0x10/0x10
[  227.233402][ T9839]  __sock_sendmsg+0x219/0x270
[  227.233431][ T9839]  ____sys_sendmsg+0x505/0x830
[  227.233470][ T9839]  ? __pfx_____sys_sendmsg+0x10/0x10
[  227.233521][ T9839]  ? import_iovec+0x74/0xa0
[  227.233549][ T9839]  ___sys_sendmsg+0x21f/0x2a0
[  227.233572][ T9839]  ? __pfx____sys_sendmsg+0x10/0x10
[  227.233637][ T9839]  ? __fget_files+0x2a/0x420
[  227.233662][ T9839]  ? __fget_files+0x3a0/0x420
[  227.233702][ T9839]  __x64_sys_sendmsg+0x19b/0x260
[  227.233726][ T9839]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  227.233759][ T9839]  ? rcu_is_watching+0x15/0xb0
[  227.233790][ T9839]  ? do_syscall_64+0xbe/0x3b0
[  227.233823][ T9839]  do_syscall_64+0xfa/0x3b0
[  227.233849][ T9839]  ? lockdep_hardirqs_on+0x9c/0x150
[  227.233874][ T9839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.233894][ T9839]  ? clear_bhb_loop+0x60/0xb0
[  227.233920][ T9839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.233939][ T9839] RIP: 0033:0x7fa9b378e929
[  227.233958][ T9839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.233976][ T9839] RSP: 002b:00007fa9b45cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  227.233998][ T9839] RAX: ffffffffffffffda RBX: 00007fa9b39b5fa0 RCX: 00007fa9b378e929
[  227.234013][ T9839] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  227.234026][ T9839] RBP: 00007fa9b3810b39 R08: 0000000000000000 R09: 0000000000000000
[  227.234039][ T9839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  227.234051][ T9839] R13: 0000000000000000 R14: 00007fa9b39b5fa0 R15: 00007ffde493ebc8
[  227.234085][ T9839]  </TASK>
[  227.698074][ T8836] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.705291][ T8836] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.731096][ T9847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.950'.
[  227.740750][ T9847] netlink: 'syz.2.950': attribute type 29 has an invalid length.
[  227.803625][ T9659] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  227.814207][ T9659] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  227.920681][ T8833] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  228.001799][ T8833] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  228.037694][ T8833] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  228.167312][ T8833] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  228.318508][ T9659] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.426194][ T9659] veth0_vlan: entered promiscuous mode
[  228.463968][ T9872] netlink: 'syz.0.958': attribute type 25 has an invalid length.
[  228.472508][ T9871] netlink: 'syz.0.958': attribute type 25 has an invalid length.
[  228.480418][ T9871] netlink: 'syz.0.958': attribute type 25 has an invalid length.
[  228.482072][ T9872] netlink: 'syz.0.958': attribute type 25 has an invalid length.
[  228.500973][ T9659] veth1_vlan: entered promiscuous mode
[  228.535770][ T9871] netlink: 'syz.0.958': attribute type 25 has an invalid length.
[  228.703875][ T9659] veth0_macvtap: entered promiscuous mode
[  228.737461][ T9659] veth1_macvtap: entered promiscuous mode
[  228.925230][ T9659] batman_adv: batadv0: Interface activated: batadv_slave_0
[  229.004020][ T9659] batman_adv: batadv0: Interface activated: batadv_slave_1
[  229.025710][ T8837] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  229.070108][ T8837] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  229.080753][ T8837] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  229.096932][   T51] Bluetooth: hci4: command tx timeout
[  229.164680][ T8837] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.303709][ T9904] __nla_validate_parse: 6 callbacks suppressed
[  229.303729][ T9904] netlink: 8 bytes leftover after parsing attributes in process `syz.0.967'.
[  229.329224][ T8841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.350708][ T8841] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.468029][ T8837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.498606][ T8837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.721088][ T9914] smc: ib device syz1 ibport 1 erased user defined pnetid SYZ1
[  229.730721][ T9915] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  230.068009][   T94] block nbd0: Possible stuck request ffff888025bf0000: control (read@0,1024B). Runtime 120 seconds
[  230.081439][   T94] block nbd0: Possible stuck request ffff888025bf01c0: control (read@1024,1024B). Runtime 120 seconds
[  230.092883][   T94] block nbd0: Possible stuck request ffff888025bf0380: control (read@2048,1024B). Runtime 120 seconds
[  230.103948][   T94] block nbd0: Possible stuck request ffff888025bf0540: control (read@3072,1024B). Runtime 120 seconds
[  230.255858][ T9927] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  230.282079][ T9927] CPU: 0 UID: 0 PID: 9927 Comm: syz.1.974 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  230.282110][ T9927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  230.282123][ T9927] Call Trace:
[  230.282144][ T9927]  <TASK>
[  230.282154][ T9927]  dump_stack_lvl+0x189/0x250
[  230.282187][ T9927]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.282213][ T9927]  ? __pfx__printk+0x10/0x10
[  230.282242][ T9927]  ? kernfs_path_from_node+0x2c/0x260
[  230.282272][ T9927]  ? kernfs_path_from_node+0x2c/0x260
[  230.282298][ T9927]  ? kernfs_path_from_node+0x2c/0x260
[  230.282328][ T9927]  ? kernfs_path_from_node+0x22c/0x260
[  230.282354][ T9927]  ? kernfs_path_from_node+0x2c/0x260
[  230.282385][ T9927]  sysfs_warn_dup+0x8e/0xa0
[  230.282412][ T9927]  sysfs_do_create_link_sd+0xc0/0x110
[  230.282443][ T9927]  device_add_class_symlinks+0x1cf/0x240
[  230.282475][ T9927]  device_add+0x475/0xb50
[  230.282506][ T9927]  wiphy_register+0x1ba6/0x28d0
[  230.282554][ T9927]  ? __pfx_wiphy_register+0x10/0x10
[  230.282581][ T9927]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  230.282611][ T9927]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  230.282648][ T9927]  ieee80211_register_hw+0x33e1/0x4120
[  230.282689][ T9927]  ? ieee80211_register_hw+0x14b1/0x4120
[  230.282720][ T9927]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  230.282746][ T9927]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  230.282780][ T9927]  ? __hrtimer_setup+0x187/0x210
[  230.282802][ T9927]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  230.282837][ T9927]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  230.282901][ T9927]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  230.282929][ T9927]  ? trace_kmalloc+0x1f/0xd0
[  230.282957][ T9927]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  230.282982][ T9927]  ? kstrndup+0xbf/0x160
[  230.283023][ T9927]  hwsim_new_radio_nl+0xea4/0x1b10
[  230.283056][ T9927]  ? __pfx___nla_validate_parse+0x10/0x10
[  230.283093][ T9927]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  230.283139][ T9927]  ? __nla_parse+0x40/0x60
[  230.283163][ T9927]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  230.283195][ T9927]  genl_family_rcv_msg_doit+0x215/0x300
[  230.283227][ T9927]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  230.283266][ T9927]  ? bpf_lsm_capable+0x9/0x20
[  230.283287][ T9927]  ? security_capable+0x7e/0x2e0
[  230.283325][ T9927]  genl_rcv_msg+0x60e/0x790
[  230.283354][ T9927]  ? __pfx_genl_rcv_msg+0x10/0x10
[  230.283374][ T9927]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  230.283421][ T9927]  netlink_rcv_skb+0x205/0x470
[  230.283450][ T9927]  ? __pfx_genl_rcv_msg+0x10/0x10
[  230.283473][ T9927]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  230.283521][ T9927]  ? down_read+0x1ad/0x2e0
[  230.283554][ T9927]  genl_rcv+0x28/0x40
[  230.283572][ T9927]  netlink_unicast+0x75c/0x8e0
[  230.283611][ T9927]  netlink_sendmsg+0x805/0xb30
[  230.283669][ T9927]  ? __pfx_netlink_sendmsg+0x10/0x10
[  230.283703][ T9927]  ? aa_sock_msg_perm+0x94/0x160
[  230.283736][ T9927]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  230.283767][ T9927]  ? __pfx_netlink_sendmsg+0x10/0x10
[  230.283797][ T9927]  __sock_sendmsg+0x219/0x270
[  230.283831][ T9927]  ____sys_sendmsg+0x505/0x830
[  230.283872][ T9927]  ? __pfx_____sys_sendmsg+0x10/0x10
[  230.283923][ T9927]  ? import_iovec+0x74/0xa0
[  230.283958][ T9927]  ___sys_sendmsg+0x21f/0x2a0
[  230.283981][ T9927]  ? __pfx____sys_sendmsg+0x10/0x10
[  230.284044][ T9927]  ? __fget_files+0x2a/0x420
[  230.284082][ T9927]  ? __fget_files+0x3a0/0x420
[  230.284121][ T9927]  __x64_sys_sendmsg+0x19b/0x260
[  230.284144][ T9927]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  230.284178][ T9927]  ? rcu_is_watching+0x15/0xb0
[  230.284208][ T9927]  ? do_syscall_64+0xbe/0x3b0
[  230.284241][ T9927]  do_syscall_64+0xfa/0x3b0
[  230.284267][ T9927]  ? lockdep_hardirqs_on+0x9c/0x150
[  230.284293][ T9927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.284313][ T9927]  ? clear_bhb_loop+0x60/0xb0
[  230.284340][ T9927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.284359][ T9927] RIP: 0033:0x7fe77238e929
[  230.284378][ T9927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.284396][ T9927] RSP: 002b:00007fe77316d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  230.284418][ T9927] RAX: ffffffffffffffda RBX: 00007fe7725b5fa0 RCX: 00007fe77238e929
[  230.284432][ T9927] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  230.284446][ T9927] RBP: 00007fe772410b39 R08: 0000000000000000 R09: 0000000000000000
[  230.284459][ T9927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  230.284470][ T9927] R13: 0000000000000000 R14: 00007fe7725b5fa0 R15: 00007ffd51310388
[  230.284505][ T9927]  </TASK>
[  230.811227][ T9934] veth1_to_bond: entered allmulticast mode
[  230.912793][ T9933] veth1_to_bond: left allmulticast mode
[  231.335961][ T6799] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.834487][ T6799] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.889265][ T6799] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.032976][ T9959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.983'.
[  232.073172][ T6799] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.103633][ T9959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.983'.
[  232.163874][ T9952] bridge3: entered promiscuous mode
[  232.185563][ T9952] bridge3: entered allmulticast mode
[  232.222489][ T9952] team0: Port device bridge3 added
[  232.562153][ T6799] bridge_slave_1: left allmulticast mode
[  232.567879][ T6799] bridge_slave_1: left promiscuous mode
[  232.609699][ T6799] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.676456][ T9982] netlink: 20 bytes leftover after parsing attributes in process `syz.1.992'.
[  232.698229][ T6799] bridge_slave_0: left allmulticast mode
[  232.722047][ T6799] bridge_slave_0: left promiscuous mode
[  232.737132][ T6799] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.813399][ T5167] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  232.830672][ T5167] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  232.849846][ T5167] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  232.858529][ T5167] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  232.866959][ T5167] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  233.570840][ T6799] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  233.590583][ T6799] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  233.607499][ T6799] bond0 (unregistering): Released all slaves
[  233.684473][ T9984] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  233.705769][ T9984] CPU: 1 UID: 0 PID: 9984 Comm: syz.2.991 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  233.705802][ T9984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  233.705816][ T9984] Call Trace:
[  233.705826][ T9984]  <TASK>
[  233.705835][ T9984]  dump_stack_lvl+0x189/0x250
[  233.705870][ T9984]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.705898][ T9984]  ? __pfx__printk+0x10/0x10
[  233.705928][ T9984]  ? kernfs_path_from_node+0x2c/0x260
[  233.705960][ T9984]  ? kernfs_path_from_node+0x2c/0x260
[  233.705987][ T9984]  ? kernfs_path_from_node+0x2c/0x260
[  233.706018][ T9984]  ? kernfs_path_from_node+0x22c/0x260
[  233.706045][ T9984]  ? kernfs_path_from_node+0x2c/0x260
[  233.706078][ T9984]  sysfs_warn_dup+0x8e/0xa0
[  233.706107][ T9984]  sysfs_do_create_link_sd+0xc0/0x110
[  233.706139][ T9984]  device_add_class_symlinks+0x1cf/0x240
[  233.706171][ T9984]  device_add+0x475/0xb50
[  233.706203][ T9984]  wiphy_register+0x1ba6/0x28d0
[  233.706252][ T9984]  ? __pfx_wiphy_register+0x10/0x10
[  233.706278][ T9984]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  233.706307][ T9984]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  233.706346][ T9984]  ieee80211_register_hw+0x33e1/0x4120
[  233.706386][ T9984]  ? ieee80211_register_hw+0x14b1/0x4120
[  233.706416][ T9984]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  233.706443][ T9984]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  233.706477][ T9984]  ? __hrtimer_setup+0x187/0x210
[  233.706498][ T9984]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  233.706535][ T9984]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  233.706601][ T9984]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  233.706639][ T9984]  ? trace_kmalloc+0x1f/0xd0
[  233.706667][ T9984]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  233.706690][ T9984]  ? kstrndup+0xbf/0x160
[  233.706726][ T9984]  hwsim_new_radio_nl+0xea4/0x1b10
[  233.706756][ T9984]  ? __pfx___nla_validate_parse+0x10/0x10
[  233.706789][ T9984]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  233.706828][ T9984]  ? __nla_parse+0x40/0x60
[  233.706850][ T9984]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  233.706882][ T9984]  genl_family_rcv_msg_doit+0x215/0x300
[  233.706915][ T9984]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  233.706955][ T9984]  ? bpf_lsm_capable+0x9/0x20
[  233.706980][ T9984]  ? security_capable+0x7e/0x2e0
[  233.707014][ T9984]  genl_rcv_msg+0x60e/0x790
[  233.707040][ T9984]  ? __pfx_genl_rcv_msg+0x10/0x10
[  233.707058][ T9984]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  233.707099][ T9984]  netlink_rcv_skb+0x205/0x470
[  233.707124][ T9984]  ? __pfx_genl_rcv_msg+0x10/0x10
[  233.707144][ T9984]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  233.707187][ T9984]  ? down_read+0x1ad/0x2e0
[  233.707216][ T9984]  genl_rcv+0x28/0x40
[  233.707232][ T9984]  netlink_unicast+0x75c/0x8e0
[  233.707267][ T9984]  netlink_sendmsg+0x805/0xb30
[  233.707303][ T9984]  ? __pfx_netlink_sendmsg+0x10/0x10
[  233.707332][ T9984]  ? aa_sock_msg_perm+0x94/0x160
[  233.707359][ T9984]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  233.707385][ T9984]  ? __pfx_netlink_sendmsg+0x10/0x10
[  233.707411][ T9984]  __sock_sendmsg+0x219/0x270
[  233.707437][ T9984]  ____sys_sendmsg+0x505/0x830
[  233.707484][ T9984]  ? __pfx_____sys_sendmsg+0x10/0x10
[  233.707530][ T9984]  ? import_iovec+0x74/0xa0
[  233.707556][ T9984]  ___sys_sendmsg+0x21f/0x2a0
[  233.707575][ T9984]  ? __pfx____sys_sendmsg+0x10/0x10
[  233.707639][ T9984]  ? __fget_files+0x2a/0x420
[  233.707661][ T9984]  ? __fget_files+0x3a0/0x420
[  233.707696][ T9984]  __x64_sys_sendmsg+0x19b/0x260
[  233.707716][ T9984]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  233.707744][ T9984]  ? rcu_is_watching+0x15/0xb0
[  233.707770][ T9984]  ? do_syscall_64+0xbe/0x3b0
[  233.707799][ T9984]  do_syscall_64+0xfa/0x3b0
[  233.707822][ T9984]  ? lockdep_hardirqs_on+0x9c/0x150
[  233.707844][ T9984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.707861][ T9984]  ? clear_bhb_loop+0x60/0xb0
[  233.707887][ T9984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.707906][ T9984] RIP: 0033:0x7fe483b8e929
[  233.707924][ T9984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.707942][ T9984] RSP: 002b:00007fe4849e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  233.707963][ T9984] RAX: ffffffffffffffda RBX: 00007fe483db5fa0 RCX: 00007fe483b8e929
[  233.707978][ T9984] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  233.707991][ T9984] RBP: 00007fe483c10b39 R08: 0000000000000000 R09: 0000000000000000
[  233.708004][ T9984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  233.708016][ T9984] R13: 0000000000000000 R14: 00007fe483db5fa0 R15: 00007ffc90ec2c88
[  233.708049][ T9984]  </TASK>
[  234.285506][T10007] batadv0: entered promiscuous mode
[  234.326995][T10007] vlan2: entered promiscuous mode
[  234.426782][T10009] netlink: 24 bytes leftover after parsing attributes in process `syz.2.996'.
[  234.761618][T10018] netlink: 'syz.4.998': attribute type 1 has an invalid length.
[  234.785340][T10018] netlink: 'syz.4.998': attribute type 11 has an invalid length.
[  234.811714][T10018] netlink: 220 bytes leftover after parsing attributes in process `syz.4.998'.
[  234.887402][T10017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1000'.
[  234.933011][   T51] Bluetooth: hci4: command tx timeout
[  235.361009][T10032] dvmrp1: entered allmulticast mode
[  235.495570][ T6799] hsr_slave_0: left promiscuous mode
[  235.505309][ T6799] hsr_slave_1: left promiscuous mode
[  235.524366][ T6799] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  235.532267][ T6799] batman_adv: batadv0: Removing interface: batadv_slave_0
[  235.540518][ T6799] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  235.549335][ T6799] batman_adv: batadv0: Removing interface: batadv_slave_1
[  235.588970][ T6799] veth1_macvtap: left promiscuous mode
[  235.612755][ T6799] veth0_macvtap: left promiscuous mode
[  235.622408][ T6799] veth1_vlan: left promiscuous mode
[  235.627885][ T6799] veth0_vlan: left promiscuous mode
[  236.207397][ T6799] team0 (unregistering): Port device team_slave_1 removed
[  236.251158][ T6799] team0 (unregistering): Port device team_slave_0 removed
[  236.761389][T10038] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  236.798797][T10038] CPU: 1 UID: 0 PID: 10038 Comm: syz.1.1003 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  236.798831][T10038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  236.798845][T10038] Call Trace:
[  236.798853][T10038]  <TASK>
[  236.798863][T10038]  dump_stack_lvl+0x189/0x250
[  236.798900][T10038]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.798926][T10038]  ? __pfx__printk+0x10/0x10
[  236.798956][T10038]  ? kernfs_path_from_node+0x2c/0x260
[  236.798985][T10038]  ? kernfs_path_from_node+0x2c/0x260
[  236.799012][T10038]  ? kernfs_path_from_node+0x2c/0x260
[  236.799041][T10038]  ? kernfs_path_from_node+0x22c/0x260
[  236.799067][T10038]  ? kernfs_path_from_node+0x2c/0x260
[  236.799099][T10038]  sysfs_warn_dup+0x8e/0xa0
[  236.799126][T10038]  sysfs_do_create_link_sd+0xc0/0x110
[  236.799158][T10038]  device_add_class_symlinks+0x1cf/0x240
[  236.799191][T10038]  device_add+0x475/0xb50
[  236.799220][T10038]  wiphy_register+0x1ba6/0x28d0
[  236.799268][T10038]  ? __pfx_wiphy_register+0x10/0x10
[  236.799295][T10038]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  236.799324][T10038]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  236.799374][T10038]  ieee80211_register_hw+0x33e1/0x4120
[  236.799414][T10038]  ? ieee80211_register_hw+0x14b1/0x4120
[  236.799443][T10038]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  236.799464][T10038]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  236.799492][T10038]  ? __hrtimer_setup+0x187/0x210
[  236.799510][T10038]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  236.799538][T10038]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  236.799588][T10038]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  236.799610][T10038]  ? trace_kmalloc+0x1f/0xd0
[  236.799626][T10038]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  236.799646][T10038]  ? kstrndup+0xbf/0x160
[  236.799677][T10038]  hwsim_new_radio_nl+0xea4/0x1b10
[  236.799702][T10038]  ? __pfx___nla_validate_parse+0x10/0x10
[  236.799731][T10038]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  236.799765][T10038]  ? __nla_parse+0x40/0x60
[  236.799788][T10038]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  236.799814][T10038]  genl_family_rcv_msg_doit+0x215/0x300
[  236.799838][T10038]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  236.799866][T10038]  ? bpf_lsm_capable+0x9/0x20
[  236.799884][T10038]  ? security_capable+0x7e/0x2e0
[  236.799912][T10038]  genl_rcv_msg+0x60e/0x790
[  236.799936][T10038]  ? __pfx_genl_rcv_msg+0x10/0x10
[  236.799952][T10038]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  236.799988][T10038]  netlink_rcv_skb+0x205/0x470
[  236.800011][T10038]  ? __pfx_genl_rcv_msg+0x10/0x10
[  236.800029][T10038]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  236.800084][T10038]  ? down_read+0x1ad/0x2e0
[  236.800111][T10038]  genl_rcv+0x28/0x40
[  236.800125][T10038]  netlink_unicast+0x75c/0x8e0
[  236.800156][T10038]  netlink_sendmsg+0x805/0xb30
[  236.800187][T10038]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.800213][T10038]  ? aa_sock_msg_perm+0x94/0x160
[  236.800239][T10038]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  236.800263][T10038]  ? __pfx_netlink_sendmsg+0x10/0x10
[  236.800287][T10038]  __sock_sendmsg+0x219/0x270
[  236.800331][T10038]  ____sys_sendmsg+0x505/0x830
[  236.800372][T10038]  ? __pfx_____sys_sendmsg+0x10/0x10
[  236.800408][T10038]  ? import_iovec+0x74/0xa0
[  236.800432][T10038]  ___sys_sendmsg+0x21f/0x2a0
[  236.800450][T10038]  ? __pfx____sys_sendmsg+0x10/0x10
[  236.800500][T10038]  ? __fget_files+0x2a/0x420
[  236.800522][T10038]  ? __fget_files+0x3a0/0x420
[  236.800553][T10038]  __x64_sys_sendmsg+0x19b/0x260
[  236.800571][T10038]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  236.800598][T10038]  ? rcu_is_watching+0x15/0xb0
[  236.800623][T10038]  ? do_syscall_64+0xbe/0x3b0
[  236.800649][T10038]  do_syscall_64+0xfa/0x3b0
[  236.800670][T10038]  ? lockdep_hardirqs_on+0x9c/0x150
[  236.800691][T10038]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.800707][T10038]  ? clear_bhb_loop+0x60/0xb0
[  236.800727][T10038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.800743][T10038] RIP: 0033:0x7fe77238e929
[  236.800760][T10038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.800774][T10038] RSP: 002b:00007fe77316d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  236.800793][T10038] RAX: ffffffffffffffda RBX: 00007fe7725b5fa0 RCX: 00007fe77238e929
[  236.800805][T10038] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  236.800816][T10038] RBP: 00007fe772410b39 R08: 0000000000000000 R09: 0000000000000000
[  236.800827][T10038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  236.800837][T10038] R13: 0000000000000000 R14: 00007fe7725b5fa0 R15: 00007ffd51310388
[  236.800864][T10038]  </TASK>
[  237.267465][ T9991] chnl_net:caif_netlink_parms(): no params data found
[  237.320688][   T51] Bluetooth: hci4: command tx timeout
[  237.409076][T10059] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1008'.
[  237.484265][ T9991] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.491611][ T9991] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.499446][ T9991] bridge_slave_0: entered allmulticast mode
[  237.507816][ T9991] bridge_slave_0: entered promiscuous mode
[  237.528113][ T9991] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.535653][ T9991] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.543143][ T9991] bridge_slave_1: entered allmulticast mode
[  237.551033][ T9991] bridge_slave_1: entered promiscuous mode
[  237.580985][T10067] netlink: 'syz.0.1007': attribute type 10 has an invalid length.
[  237.592407][T10062] netlink: 'syz.4.1009': attribute type 322 has an invalid length.
[  237.651037][T10068] netlink: 'syz.0.1007': attribute type 10 has an invalid length.
[  237.673619][ T9991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  237.708637][T10068] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  237.794740][T10067] bond0: (slave dummy0): Releasing backup interface
[  237.806900][T10067] team0: Port device dummy0 added
[  237.840579][ T9991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  237.910312][T10079] bond0: option arp_validate: invalid value (18446744073491447809)
[  237.910617][ T8835] bond0: (slave bond_slave_0): interface is now down
[  237.939857][ T8835] bond0: (slave bond_slave_1): interface is now down
[  237.966000][ T8835] bond0: (slave bond_slave_0): interface is now down
[  237.982118][ T8835] bond0: (slave bond_slave_1): interface is now down
[  238.038181][ T9991] team0: Port device team_slave_0 added
[  238.043317][ T8835] bond0: (slave bond_slave_0): interface is now down
[  238.070124][T10090] x_tables: duplicate underflow at hook 1
[  238.083579][ T8835] bond0: (slave bond_slave_1): interface is now down
[  238.120029][ T9991] team0: Port device team_slave_1 added
[  238.123334][ T8835] bond0: (slave bond_slave_0): interface is now down
[  238.132635][ T8835] bond0: (slave bond_slave_1): interface is now down
[  238.153394][ T8835] bond0: (slave bond_slave_0): interface is now down
[  238.160238][ T8835] bond0: (slave bond_slave_1): interface is now down
[  238.202446][ T8835] bond0: (slave bond_slave_0): interface is now down
[  238.231965][ T8835] bond0: (slave bond_slave_1): interface is now down
[  238.253905][ T8827] bond0: (slave bond_slave_0): interface is now down
[  238.277793][ T8827] bond0: (slave bond_slave_1): interface is now down
[  238.305011][ T9991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  238.312586][ T8834] bond0: (slave bond_slave_0): interface is now down
[  238.319304][ T8834] bond0: (slave bond_slave_1): interface is now down
[  238.337139][ T9991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.368036][T10104] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1021'.
[  238.383525][ T8834] bond0: (slave bond_slave_0): interface is now down
[  238.398225][ T9991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.409225][ T8834] bond0: (slave bond_slave_1): interface is now down
[  238.423543][ T8827] bond0: (slave bond_slave_0): interface is now down
[  238.432796][T10089] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  238.438813][ T8827] bond0: (slave bond_slave_1): interface is now down
[  238.455016][T10089] CPU: 0 UID: 0 PID: 10089 Comm: syz.0.1018 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  238.455045][T10089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  238.455058][T10089] Call Trace:
[  238.455067][T10089]  <TASK>
[  238.455075][T10089]  dump_stack_lvl+0x189/0x250
[  238.455109][T10089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.455134][T10089]  ? __pfx__printk+0x10/0x10
[  238.455161][T10089]  ? kernfs_path_from_node+0x2c/0x260
[  238.455192][T10089]  ? kernfs_path_from_node+0x2c/0x260
[  238.455217][T10089]  ? kernfs_path_from_node+0x2c/0x260
[  238.455265][T10089]  ? kernfs_path_from_node+0x22c/0x260
[  238.455291][T10089]  ? kernfs_path_from_node+0x2c/0x260
[  238.455324][T10089]  sysfs_warn_dup+0x8e/0xa0
[  238.455351][T10089]  sysfs_do_create_link_sd+0xc0/0x110
[  238.455382][T10089]  device_add_class_symlinks+0x1cf/0x240
[  238.455432][T10089]  device_add+0x475/0xb50
[  238.455466][T10089]  wiphy_register+0x1ba6/0x28d0
[  238.455516][T10089]  ? __pfx_wiphy_register+0x10/0x10
[  238.455545][T10089]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  238.455576][T10089]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  238.455614][T10089]  ieee80211_register_hw+0x33e1/0x4120
[  238.455656][T10089]  ? ieee80211_register_hw+0x14b1/0x4120
[  238.455688][T10089]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  238.455715][T10089]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  238.455749][T10089]  ? __hrtimer_setup+0x187/0x210
[  238.455772][T10089]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  238.455810][T10089]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  238.455876][T10089]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  238.455905][T10089]  ? trace_kmalloc+0x1f/0xd0
[  238.455926][T10089]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  238.455951][T10089]  ? kstrndup+0xbf/0x160
[  238.455993][T10089]  hwsim_new_radio_nl+0xea4/0x1b10
[  238.456026][T10089]  ? __pfx___nla_validate_parse+0x10/0x10
[  238.456061][T10089]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  238.456094][T10089]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  238.456127][T10089]  ? __nla_parse+0x40/0x60
[  238.456151][T10089]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  238.456181][T10089]  genl_family_rcv_msg_doit+0x215/0x300
[  238.456211][T10089]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  238.456247][T10089]  ? bpf_lsm_capable+0x9/0x20
[  238.456271][T10089]  ? security_capable+0x7e/0x2e0
[  238.456310][T10089]  genl_rcv_msg+0x60e/0x790
[  238.456340][T10089]  ? __pfx_genl_rcv_msg+0x10/0x10
[  238.456362][T10089]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  238.456416][T10089]  netlink_rcv_skb+0x205/0x470
[  238.456446][T10089]  ? __pfx_genl_rcv_msg+0x10/0x10
[  238.456469][T10089]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  238.456518][T10089]  ? down_read+0x1ad/0x2e0
[  238.456554][T10089]  genl_rcv+0x28/0x40
[  238.456573][T10089]  netlink_unicast+0x75c/0x8e0
[  238.456613][T10089]  netlink_sendmsg+0x805/0xb30
[  238.456650][T10089]  ? __pfx_netlink_sendmsg+0x10/0x10
[  238.456682][T10089]  ? aa_sock_msg_perm+0x94/0x160
[  238.456715][T10089]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  238.456746][T10089]  ? __pfx_netlink_sendmsg+0x10/0x10
[  238.456776][T10089]  __sock_sendmsg+0x219/0x270
[  238.456806][T10089]  ____sys_sendmsg+0x505/0x830
[  238.456845][T10089]  ? __pfx_____sys_sendmsg+0x10/0x10
[  238.456890][T10089]  ? import_iovec+0x74/0xa0
[  238.456919][T10089]  ___sys_sendmsg+0x21f/0x2a0
[  238.456943][T10089]  ? __pfx____sys_sendmsg+0x10/0x10
[  238.457008][T10089]  ? __fget_files+0x2a/0x420
[  238.457035][T10089]  ? __fget_files+0x3a0/0x420
[  238.457074][T10089]  __x64_sys_sendmsg+0x19b/0x260
[  238.457109][T10089]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  238.457140][T10089]  ? rcu_is_watching+0x15/0xb0
[  238.457169][T10089]  ? do_syscall_64+0xbe/0x3b0
[  238.457203][T10089]  do_syscall_64+0xfa/0x3b0
[  238.457257][T10089]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.457284][T10089]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.457305][T10089]  ? clear_bhb_loop+0x60/0xb0
[  238.457330][T10089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.457350][T10089] RIP: 0033:0x7fd32278e929
[  238.457370][T10089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.457388][T10089] RSP: 002b:00007fd3235cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  238.457417][T10089] RAX: ffffffffffffffda RBX: 00007fd3229b5fa0 RCX: 00007fd32278e929
[  238.457431][T10089] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  238.457445][T10089] RBP: 00007fd322810b39 R08: 0000000000000000 R09: 0000000000000000
[  238.457458][T10089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  238.457469][T10089] R13: 0000000000000000 R14: 00007fd3229b5fa0 R15: 00007ffd5f192018
[  238.457505][T10089]  </TASK>
[  238.920975][ T8827] bond0: (slave bond_slave_0): interface is now down
[  238.927770][ T8827] bond0: (slave bond_slave_1): interface is now down
[  238.939708][ T9991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.950190][ T9991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.982319][ T8834] bond0: (slave bond_slave_0): interface is now down
[  238.989086][ T8834] bond0: (slave bond_slave_1): interface is now down
[  239.012355][ T8836] bond0: (slave bond_slave_0): interface is now down
[  239.032270][ T8836] bond0: (slave bond_slave_1): interface is now down
[  239.047127][ T9991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  239.099987][ T8834] bond0: (slave bond_slave_0): interface is now down
[  239.106804][ T8834] bond0: (slave bond_slave_1): interface is now down
[  239.122907][ T8834] bond0: (slave bond_slave_0): interface is now down
[  239.129656][ T8834] bond0: (slave bond_slave_1): interface is now down
[  239.163325][ T8836] bond0: (slave bond_slave_0): interface is now down
[  239.170079][ T8836] bond0: (slave bond_slave_1): interface is now down
[  239.213193][ T8834] bond0: (slave bond_slave_0): interface is now down
[  239.230636][ T8834] bond0: (slave bond_slave_1): interface is now down
[  239.264092][ T8834] bond0: (slave bond_slave_0): interface is now down
[  239.308924][ T8834] bond0: (slave bond_slave_1): interface is now down
[  239.334235][ T5167] Bluetooth: hci4: command tx timeout
[  239.341996][ T8835] bond0: (slave bond_slave_0): interface is now down
[  239.348730][ T8835] bond0: (slave bond_slave_1): interface is now down
[  239.398772][ T8835] bond0: (slave bond_slave_0): interface is now down
[  239.438568][ T8835] bond0: (slave bond_slave_1): interface is now down
[  239.442548][T10121] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1024'.
[  239.472396][ T8835] bond0: (slave bond_slave_0): interface is now down
[  239.479516][ T8835] bond0: (slave bond_slave_1): interface is now down
[  239.543072][ T8827] bond0: (slave bond_slave_0): interface is now down
[  239.555202][ T8827] bond0: (slave bond_slave_1): interface is now down
[  239.585728][ T8836] bond0: (slave bond_slave_0): interface is now down
[  239.619012][ T8836] bond0: (slave bond_slave_1): interface is now down
[  239.669009][ T8836] bond0: (slave bond_slave_0): interface is now down
[  239.682105][ T8836] bond0: (slave bond_slave_1): interface is now down
[  239.712147][ T8835] bond0: (slave bond_slave_0): interface is now down
[  239.716801][T10129] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1027'.
[  239.718895][ T8835] bond0: (slave bond_slave_1): interface is now down
[  239.732463][ T8836] bond0: (slave bond_slave_0): interface is now down
[  239.741628][ T8836] bond0: (slave bond_slave_1): interface is now down
[  239.774656][ T8836] bond0: (slave bond_slave_0): interface is now down
[  239.791682][ T8836] bond0: (slave bond_slave_1): interface is now down
[  239.815041][ T9991] hsr_slave_0: entered promiscuous mode
[  239.821844][ T9991] hsr_slave_1: entered promiscuous mode
[  239.842215][ T8836] bond0: (slave bond_slave_0): interface is now down
[  239.872035][ T8836] bond0: (slave bond_slave_1): interface is now down
[  239.894555][ T8841] bond0: (slave bond_slave_0): interface is now down
[  239.911621][ T8841] bond0: (slave bond_slave_1): interface is now down
[  239.929780][T10149] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1031'.
[  239.961436][ T8827] bond0: (slave bond_slave_0): interface is now down
[  239.965479][T10149] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1031'.
[  239.982634][ T8827] bond0: (slave bond_slave_1): interface is now down
[  240.003693][ T8836] bond0: (slave bond_slave_0): interface is now down
[  240.009094][T10149] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1031'.
[  240.029981][ T8836] bond0: (slave bond_slave_1): interface is now down
[  240.054013][ T8836] bond0: (slave bond_slave_0): interface is now down
[  240.077132][ T8836] bond0: (slave bond_slave_1): interface is now down
[  240.122262][ T8827] bond0: (slave bond_slave_0): interface is now down
[  240.167149][ T8827] bond0: (slave bond_slave_1): interface is now down
[  240.214394][ T8827] bond0: (slave bond_slave_0): interface is now down
[  240.233874][ T8827] bond0: (slave bond_slave_1): interface is now down
[  240.272348][ T8835] bond0: (slave bond_slave_0): interface is now down
[  240.293037][ T8835] bond0: (slave bond_slave_1): interface is now down
[  240.326123][ T8833] bond0: (slave bond_slave_0): interface is now down
[  240.361674][ T8833] bond0: (slave bond_slave_1): interface is now down
[  240.382299][T10166] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1037'.
[  240.397080][T10167] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1033'.
[  240.412213][ T8841] bond0: (slave bond_slave_0): interface is now down
[  240.428606][ T8841] bond0: (slave bond_slave_1): interface is now down
[  240.453379][ T8841] bond0: (slave bond_slave_0): interface is now down
[  240.472659][ T8841] bond0: (slave bond_slave_1): interface is now down
[  240.533662][ T8841] bond0: (slave bond_slave_0): interface is now down
[  240.540656][ T8841] bond0: (slave bond_slave_1): interface is now down
[  240.592803][ T8837] bond0: (slave bond_slave_0): interface is now down
[  240.602907][T10176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1039'.
[  240.609718][ T8837] bond0: (slave bond_slave_1): interface is now down
[  240.642117][ T8833] bond0: (slave bond_slave_0): interface is now down
[  240.649402][ T8833] bond0: (slave bond_slave_1): interface is now down
[  240.692049][ T8833] bond0: (slave bond_slave_0): interface is now down
[  240.716815][ T8833] bond0: (slave bond_slave_1): interface is now down
[  240.749445][ T8833] bond0: (slave bond_slave_0): interface is now down
[  240.756416][ T8833] bond0: (slave bond_slave_1): interface is now down
[  240.782900][ T8833] bond0: (slave bond_slave_0): interface is now down
[  240.791573][ T8833] bond0: (slave bond_slave_1): interface is now down
[  240.804705][ T8833] bond0: now running without any active interface!
[  240.901077][T10192] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1043'.
[  240.968858][T10190] bridge2: entered promiscuous mode
[  240.979579][T10193] rdma_rxe: rxe_newlink: failed to add macvlan1
[  240.980814][T10190] bridge2: entered allmulticast mode
[  241.026815][T10190] team0: Port device bridge2 added
[  241.414436][ T5167] Bluetooth: hci4: command tx timeout
[  241.489866][ T9991] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  241.544916][ T9991] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  241.574840][ T9991] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  241.609280][ T9991] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  241.638357][T10212] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  241.696920][T10212] netlink: 'syz.0.1051': attribute type 4 has an invalid length.
[  241.873493][T10222] syzkaller0: entered promiscuous mode
[  241.879134][T10222] syzkaller0: entered allmulticast mode
[  241.882822][T10224] netlink: 'syz.1.1052': attribute type 13 has an invalid length.
[  242.076803][T10224] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.624996][T10224] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  242.671255][T10224] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  242.994797][T10224] veth1_vlan: left allmulticast mode
[  243.303477][T10224] macvlan0: left allmulticast mode
[  247.195352][ T8833] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  247.204223][ T8833] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  247.212713][ T8833] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  247.221236][ T8833] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  247.299918][ T8833] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  247.315939][ T8833] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  247.333250][ T8833] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  247.376288][ T8833] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  247.502989][ T9991] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.554826][T10274] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  247.581625][T10274] CPU: 0 UID: 0 PID: 10274 Comm: syz.1.1063 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  247.581655][T10274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  247.581668][T10274] Call Trace:
[  247.581676][T10274]  <TASK>
[  247.581686][T10274]  dump_stack_lvl+0x189/0x250
[  247.581721][T10274]  ? __pfx_dump_stack_lvl+0x10/0x10
[  247.581748][T10274]  ? __pfx__printk+0x10/0x10
[  247.581777][T10274]  ? kernfs_path_from_node+0x2c/0x260
[  247.581811][T10274]  ? kernfs_path_from_node+0x2c/0x260
[  247.581838][T10274]  ? kernfs_path_from_node+0x2c/0x260
[  247.581868][T10274]  ? kernfs_path_from_node+0x22c/0x260
[  247.581894][T10274]  ? kernfs_path_from_node+0x2c/0x260
[  247.581925][T10274]  sysfs_warn_dup+0x8e/0xa0
[  247.581976][T10274]  sysfs_do_create_link_sd+0xc0/0x110
[  247.582008][T10274]  device_add_class_symlinks+0x1cf/0x240
[  247.582040][T10274]  device_add+0x475/0xb50
[  247.582072][T10274]  wiphy_register+0x1ba6/0x28d0
[  247.582133][T10274]  ? __pfx_wiphy_register+0x10/0x10
[  247.582159][T10274]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  247.582189][T10274]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  247.582227][T10274]  ieee80211_register_hw+0x33e1/0x4120
[  247.582268][T10274]  ? ieee80211_register_hw+0x14b1/0x4120
[  247.582299][T10274]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  247.582326][T10274]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  247.582361][T10274]  ? __hrtimer_setup+0x187/0x210
[  247.582383][T10274]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  247.582420][T10274]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  247.582485][T10274]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  247.582513][T10274]  ? trace_kmalloc+0x1f/0xd0
[  247.582534][T10274]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  247.582566][T10274]  ? kstrndup+0xbf/0x160
[  247.582607][T10274]  hwsim_new_radio_nl+0xea4/0x1b10
[  247.582641][T10274]  ? __pfx___nla_validate_parse+0x10/0x10
[  247.582678][T10274]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  247.582711][T10274]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  247.582745][T10274]  ? __nla_parse+0x40/0x60
[  247.582770][T10274]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  247.582803][T10274]  genl_family_rcv_msg_doit+0x215/0x300
[  247.582834][T10274]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  247.582872][T10274]  ? bpf_lsm_capable+0x9/0x20
[  247.582895][T10274]  ? security_capable+0x7e/0x2e0
[  247.582932][T10274]  genl_rcv_msg+0x60e/0x790
[  247.582962][T10274]  ? __pfx_genl_rcv_msg+0x10/0x10
[  247.582983][T10274]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  247.583030][T10274]  netlink_rcv_skb+0x205/0x470
[  247.583060][T10274]  ? __pfx_genl_rcv_msg+0x10/0x10
[  247.583083][T10274]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  247.583133][T10274]  ? down_read+0x1ad/0x2e0
[  247.583166][T10274]  genl_rcv+0x28/0x40
[  247.583184][T10274]  netlink_unicast+0x75c/0x8e0
[  247.583224][T10274]  netlink_sendmsg+0x805/0xb30
[  247.583264][T10274]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.583297][T10274]  ? aa_sock_msg_perm+0x94/0x160
[  247.583329][T10274]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  247.583359][T10274]  ? __pfx_netlink_sendmsg+0x10/0x10
[  247.583390][T10274]  __sock_sendmsg+0x219/0x270
[  247.583419][T10274]  ____sys_sendmsg+0x505/0x830
[  247.583458][T10274]  ? __pfx_____sys_sendmsg+0x10/0x10
[  247.583503][T10274]  ? import_iovec+0x74/0xa0
[  247.583531][T10274]  ___sys_sendmsg+0x21f/0x2a0
[  247.583561][T10274]  ? __pfx____sys_sendmsg+0x10/0x10
[  247.583625][T10274]  ? __fget_files+0x2a/0x420
[  247.583652][T10274]  ? __fget_files+0x3a0/0x420
[  247.583692][T10274]  __x64_sys_sendmsg+0x19b/0x260
[  247.583714][T10274]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  247.583748][T10274]  ? rcu_is_watching+0x15/0xb0
[  247.583779][T10274]  ? do_syscall_64+0xbe/0x3b0
[  247.583813][T10274]  do_syscall_64+0xfa/0x3b0
[  247.583839][T10274]  ? lockdep_hardirqs_on+0x9c/0x150
[  247.583865][T10274]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.583886][T10274]  ? clear_bhb_loop+0x60/0xb0
[  247.583912][T10274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.583932][T10274] RIP: 0033:0x7fe77238e929
[  247.583952][T10274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.583969][T10274] RSP: 002b:00007fe77316d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  247.583990][T10274] RAX: ffffffffffffffda RBX: 00007fe7725b5fa0 RCX: 00007fe77238e929
[  247.584005][T10274] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  247.584018][T10274] RBP: 00007fe772410b39 R08: 0000000000000000 R09: 0000000000000000
[  247.584031][T10274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  247.584043][T10274] R13: 0000000000000000 R14: 00007fe7725b5fa0 R15: 00007ffd51310388
[  247.584078][T10274]  </TASK>
[  247.597977][T10280] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1064'.
[  247.696301][ T9991] 8021q: adding VLAN 0 to HW filter on device team0
[  248.094479][ T8835] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.101709][ T8835] bridge0: port 1(bridge_slave_0) entered forwarding state
[  248.119734][ T8835] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.127102][ T8835] bridge0: port 2(bridge_slave_1) entered forwarding state
[  248.421587][ T9991] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  248.460143][T10305] wg2: entered promiscuous mode
[  248.478281][T10305] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1069'.
[  248.740380][T10316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1072'.
[  249.090685][ T9991] 8021q: adding VLAN 0 to HW filter on device batadv0
[  249.239693][ T9991] veth0_vlan: entered promiscuous mode
[  249.298730][ T9991] veth1_vlan: entered promiscuous mode
[  249.395670][ T9991] veth0_macvtap: entered promiscuous mode
[  249.434352][T10338] netlink: 'syz.1.1077': attribute type 3 has an invalid length.
[  249.500664][ T9991] veth1_macvtap: entered promiscuous mode
[  249.541140][ T9991] batman_adv: batadv0: Interface activated: batadv_slave_0
[  249.694321][T10345] syz.0.1075: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  249.710357][T10345] CPU: 0 UID: 0 PID: 10345 Comm: syz.0.1075 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  249.710388][T10345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.710402][T10345] Call Trace:
[  249.710410][T10345]  <TASK>
[  249.710419][T10345]  dump_stack_lvl+0x189/0x250
[  249.710454][T10345]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.710490][T10345]  ? __pfx__printk+0x10/0x10
[  249.710520][T10345]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  249.710549][T10345]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  249.710581][T10345]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  249.710613][T10345]  warn_alloc+0x214/0x310
[  249.710641][T10345]  ? stack_depot_save_flags+0x40/0x900
[  249.710679][T10345]  ? __pfx_warn_alloc+0x10/0x10
[  249.710710][T10345]  ? kasan_save_track+0x4f/0x80
[  249.710734][T10345]  ? xskq_create+0x56/0x170
[  249.710759][T10345]  ? xsk_init_queue+0xb0/0x110
[  249.710780][T10345]  ? xsk_setsockopt+0x4dc/0x8d0
[  249.710802][T10345]  ? do_sock_setsockopt+0x257/0x3e0
[  249.710832][T10345]  ? __x64_sys_setsockopt+0x18b/0x220
[  249.710860][T10345]  ? do_syscall_64+0xfa/0x3b0
[  249.710887][T10345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.710918][T10345]  __vmalloc_node_range_noprof+0x125/0x12f0
[  249.710980][T10345]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  249.711016][T10345]  ? __kasan_kmalloc+0x93/0xb0
[  249.711043][T10345]  vmalloc_user_noprof+0xad/0xf0
[  249.711072][T10345]  ? xskq_create+0xbf/0x170
[  249.711108][T10345]  xskq_create+0xbf/0x170
[  249.711138][T10345]  xsk_init_queue+0xb0/0x110
[  249.711168][T10345]  xsk_setsockopt+0x4dc/0x8d0
[  249.711197][T10345]  ? __pfx_xsk_setsockopt+0x10/0x10
[  249.711223][T10345]  ? __pfx_aa_sk_perm+0x10/0x10
[  249.711249][T10345]  ? __lock_acquire+0xab9/0xd20
[  249.711276][T10345]  ? aa_sock_opt_perm+0x74/0x110
[  249.711309][T10345]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  249.711340][T10345]  ? __pfx_xsk_setsockopt+0x10/0x10
[  249.711367][T10345]  do_sock_setsockopt+0x257/0x3e0
[  249.711403][T10345]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  249.711441][T10345]  ? __fget_files+0x2a/0x420
[  249.711479][T10345]  __x64_sys_setsockopt+0x18b/0x220
[  249.711518][T10345]  do_syscall_64+0xfa/0x3b0
[  249.711557][T10345]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.711583][T10345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.711603][T10345]  ? clear_bhb_loop+0x60/0xb0
[  249.711628][T10345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.711648][T10345] RIP: 0033:0x7fd32278e929
[  249.711666][T10345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.711684][T10345] RSP: 002b:00007fd32356c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  249.711705][T10345] RAX: ffffffffffffffda RBX: 00007fd3229b6240 RCX: 00007fd32278e929
[  249.711720][T10345] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000d
[  249.711733][T10345] RBP: 00007fd322810b39 R08: 0000000000000004 R09: 0000000000000000
[  249.711746][T10345] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  249.711759][T10345] R13: 0000000000000000 R14: 00007fd3229b6240 R15: 00007ffd5f192018
[  249.711793][T10345]  </TASK>
[  249.711812][T10345] Mem-Info:
[  250.046690][T10345] active_anon:8805 inactive_anon:0 isolated_anon:0
[  250.046690][T10345]  active_file:1516 inactive_file:39930 isolated_file:0
[  250.046690][T10345]  unevictable:3832 dirty:142 writeback:0
[  250.046690][T10345]  slab_reclaimable:12357 slab_unreclaimable:154004
[  250.046690][T10345]  mapped:34471 shmem:4241 pagetables:945
[  250.046690][T10345]  sec_pagetables:0 bounce:0
[  250.046690][T10345]  kernel_misc_reclaimable:0
[  250.046690][T10345]  free:1269840 free_pcp:11431 free_cma:0
[  250.095244][T10345] Node 0 active_anon:35220kB inactive_anon:0kB active_file:6064kB inactive_file:159516kB unevictable:13792kB isolated(anon):0kB isolated(file):0kB mapped:137884kB dirty:568kB writeback:0kB shmem:15428kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14444kB pagetables:3624kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  250.135732][T10345] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  250.169761][ T9991] batman_adv: batadv0: Interface activated: batadv_slave_1
[  250.201461][T10345] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  250.248120][T10345] lowmem_reserve[]: 0 2498 2499 2499 2499
[  250.254679][T10345] Node 0 DMA32 free:1163760kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35172kB inactive_anon:0kB active_file:6064kB inactive_file:157952kB unevictable:13792kB writepending:564kB present:3129332kB managed:2558272kB mlocked:12288kB bounce:0kB free_pcp:26028kB local_pcp:16680kB free_cma:0kB
[  250.291206][T10345] lowmem_reserve[]: 0 0 1 1 1
[  250.297355][T10345] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1564kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  250.346580][T10345] lowmem_reserve[]: 0 0 0 0 0
[  250.351534][T10345] Node 1 Normal free:3900216kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19936kB local_pcp:9376kB free_cma:0kB
[  250.389756][T10345] lowmem_reserve[]: 0 0 0 0 0
[  250.424161][T10345] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (UM) = 15360kB
[  250.442176][T10345] Node 0 DMA32: 2*4kB (ME) 87*8kB (UME) 29*16kB (U) 375*32kB (UE) 104*64kB (UME) 53*128kB (UM) 40*256kB (UME) 31*512kB (UME) 3*1024kB (U) 7*2048kB (UM) 267*4096kB (U) = 1163760kB
[  250.474899][T10345] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  250.487949][T10345] Node 1 Normal: 198*4kB (UE) 48*8kB (UME) 38*16kB (UME) 76*32kB (UME) 29*64kB (UME) 7*128kB (UME) 4*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (UM) = 3900216kB
[  250.506930][T10345] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  250.508023][ T6799] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  250.518072][T10345] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  250.536393][T10345] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  250.546227][T10345] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  250.556169][T10345] 45684 total pagecache pages
[  250.560974][T10345] 0 pages in swap cache
[  250.565260][T10345] Free swap  = 124996kB
[  250.569516][T10345] Total swap = 124996kB
[  250.577061][T10345] 2097051 pages RAM
[  250.581013][T10345] 0 pages HighMem/MovableOnly
[  250.585880][T10345] 425441 pages reserved
[  250.590090][T10345] 0 pages cma reserved
[  250.618757][ T6799] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  250.679078][ T6799] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  250.719889][ T6799] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  250.908005][ T6799] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  250.941277][ T6799] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.081293][ T6799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  251.097468][ T6799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  251.214809][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1080'.
[  251.799748][ T8837] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.885233][ T8837] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.060040][ T8837] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.168101][ T8837] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.276692][ T8837] bridge_slave_1: left allmulticast mode
[  252.282744][ T8837] bridge_slave_1: left promiscuous mode
[  252.288483][ T8837] bridge0: port 2(bridge_slave_1) entered disabled state
[  252.299107][ T8837] bridge_slave_0: left allmulticast mode
[  252.305595][ T8837] bridge_slave_0: left promiscuous mode
[  252.311561][ T8837] bridge0: port 1(bridge_slave_0) entered disabled state
[  252.611591][T10369] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1083'.
[  252.998451][ T8837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  253.018900][ T8837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  253.030565][ T8837] bond0 (unregistering): Released all slaves
[  253.060847][T10381] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1083'.
[  253.080028][T10381] A link change request failed with some changes committed already. Interface nlmon0 may have been left with an inconsistent configuration, please check.
[  253.168142][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  253.199039][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  253.208737][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  253.233627][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  253.241624][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  253.298785][T10395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1087'.
[  253.316652][T10395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1087'.
[  253.333066][T10395] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1087'.
[  253.697996][T10411] netlink: 12760 bytes leftover after parsing attributes in process `syz.2.1091'.
[  253.717220][T10411] openvswitch: netlink: Flow key attr not present in new flow.
[  254.088527][T10425] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1093'.
[  254.992352][T10436] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1095'.
[  254.998118][T10438] bond0: Device is already in use.
[  255.047491][ T8837] hsr_slave_0: left promiscuous mode
[  255.081539][ T8837] hsr_slave_1: left promiscuous mode
[  255.087762][ T8837] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  255.102283][ T8837] batman_adv: batadv0: Removing interface: batadv_slave_0
[  255.120802][ T8837] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  255.129832][ T8837] batman_adv: batadv0: Removing interface: batadv_slave_1
[  255.164606][ T8837] veth1_macvtap: left promiscuous mode
[  255.170423][ T8837] veth0_macvtap: left promiscuous mode
[  255.176669][ T8837] veth1_vlan: left promiscuous mode
[  255.186777][ T8837] veth0_vlan: left promiscuous mode
[  255.335820][ T5167] Bluetooth: hci4: command tx timeout
[  255.661133][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  255.668139][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  255.684150][ T8837] team0 (unregistering): Port device team_slave_1 removed
[  255.725561][ T8837] team0 (unregistering): Port device team_slave_0 removed
[  256.151524][T10449] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-alb(6)
[  256.177663][T10451] bridge_slave_0: left promiscuous mode
[  256.190973][T10451] bridge2: left promiscuous mode
[  256.199405][T10451] bridge2: left allmulticast mode
[  256.206530][T10451] bridge3: left promiscuous mode
[  256.211607][T10451] bridge3: left allmulticast mode
[  257.412320][ T5167] Bluetooth: hci4: command tx timeout
[  258.049078][T10389] chnl_net:caif_netlink_parms(): no params data found
[  258.291004][T10492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1109'.
[  258.317031][T10494] xt_hashlimit: size too large, truncated to 1048576
[  258.430941][T10389] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.460556][T10389] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.487133][T10389] bridge_slave_0: entered allmulticast mode
[  258.534317][T10389] bridge_slave_0: entered promiscuous mode
[  258.558523][T10389] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.584944][T10389] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.601177][T10389] bridge_slave_1: entered allmulticast mode
[  258.631722][T10389] bridge_slave_1: entered promiscuous mode
[  258.737178][T10389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  258.785598][T10389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  258.985823][T10389] team0: Port device team_slave_0 added
[  258.995880][T10389] team0: Port device team_slave_1 added
[  259.071191][T10508] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  259.085118][T10508] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -1
[  259.134936][T10389] batman_adv: batadv0: Adding interface: batadv_slave_0
[  259.147058][T10389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  259.174633][T10389] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  259.272677][T10389] batman_adv: batadv0: Adding interface: batadv_slave_1
[  259.297972][T10389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  259.338560][T10389] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  259.492281][ T5167] Bluetooth: hci4: command tx timeout
[  259.537339][T10389] hsr_slave_0: entered promiscuous mode
[  259.567344][T10389] hsr_slave_1: entered promiscuous mode
[  260.140778][   T94] block nbd0: Possible stuck request ffff888025bf0000: control (read@0,1024B). Runtime 150 seconds
[  260.152062][   T94] block nbd0: Possible stuck request ffff888025bf01c0: control (read@1024,1024B). Runtime 150 seconds
[  260.164030][   T94] block nbd0: Possible stuck request ffff888025bf0380: control (read@2048,1024B). Runtime 150 seconds
[  260.175326][   T94] block nbd0: Possible stuck request ffff888025bf0540: control (read@3072,1024B). Runtime 150 seconds
[  260.338771][T10526] delete_channel: no stack
[  260.586876][T10532] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1123'.
[  260.689260][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  260.713981][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  260.722686][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  260.730907][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  260.739192][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  260.943687][ T8835] bond2 (unregistering): (slave gretap1): Releasing active interface
[  260.974473][ T8835] gretap1 (unregistering): left allmulticast mode
[  261.129633][ T8835] dvmrp1 (unregistering): left allmulticast mode
[  261.274383][ T8835] team0: Port device bridge2 removed
[  261.335666][ T8835] team0: Port device bridge3 removed
[  261.509257][ T8835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  261.522317][ T8835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  261.534039][ T8835] bond0 (unregistering): Released all slaves
[  261.559509][ T8835] bond1 (unregistering): Released all slaves
[  261.572060][   T51] Bluetooth: hci4: command tx timeout
[  261.580407][ T8835] bond2 (unregistering): Released all slaves
[  261.621823][T10541] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1123'.
[  261.669829][T10546] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  261.677971][T10549] syzkaller0: entered promiscuous mode
[  261.684610][T10549] syzkaller0: entered allmulticast mode
[  261.711354][T10239] infiniband srz1: ib_query_port failed (-19)
[  261.790543][T10568] tipc: Resetting bearer <eth:syzkaller0>
[  261.859184][T10568] tipc: Disabling bearer <eth:syzkaller0>
[  261.906230][ T8835] : left promiscuous mode
[  262.008068][ T8835] tipc: Left network mode
[  262.046683][T10579] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1132'.
[  262.292819][T10389] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  262.369456][T10389] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  262.420952][T10389] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  262.450518][T10389] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  262.807234][ T8835] hsr_slave_0: left promiscuous mode
[  262.815953][T10607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1137'.
[  262.826343][ T8835] hsr_slave_1: left promiscuous mode
[  262.836798][ T8835] batman_adv: batadv0: Removing interface: batadv_slave_0
[  262.846599][ T8835] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.853924][   T51] Bluetooth: hci2: command tx timeout
[  262.917337][ T8835] pim6reg (unregistering): left allmulticast mode
[  263.014341][ T8833] smc: removing ib device syz1
[  263.476043][ T8835] team0 (unregistering): Port device team_slave_1 removed
[  263.539534][ T8835] team0 (unregistering): Port device team_slave_0 removed
[  263.676408][T10621] netlink: 'syz.0.1139': attribute type 6 has an invalid length.
[  263.949403][ T8835] team0 (unregistering): Port device 
0!
 removed
[  264.082620][T10607] bond0: Device is already in use.
[  264.088489][T10615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1139'.
[  264.427293][T10637] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1142'.
[  264.793898][T10646] netlink: 'syz.1.1144': attribute type 2 has an invalid length.
[  264.933157][   T51] Bluetooth: hci2: command tx timeout
[  264.965050][T10654] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1146'.
[  265.188060][T10542] chnl_net:caif_netlink_parms(): no params data found
[  265.399880][T10665] netlink: 'syz.4.1149': attribute type 1 has an invalid length.
[  265.416043][T10665] netlink: 232 bytes leftover after parsing attributes in process `syz.4.1149'.
[  265.440620][T10665] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1149'.
[  265.508716][T10389] 8021q: adding VLAN 0 to HW filter on device bond0
[  265.696186][T10389] 8021q: adding VLAN 0 to HW filter on device team0
[  265.711446][T10542] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.728474][T10542] bridge0: port 1(bridge_slave_0) entered disabled state
[  265.740296][T10542] bridge_slave_0: entered allmulticast mode
[  265.769647][T10542] bridge_slave_0: entered promiscuous mode
[  265.810972][ T8837] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.818218][ T8837] bridge0: port 1(bridge_slave_0) entered forwarding state
[  265.837173][T10542] bridge0: port 2(bridge_slave_1) entered blocking state
[  265.849314][T10542] bridge0: port 2(bridge_slave_1) entered disabled state
[  265.858735][T10542] bridge_slave_1: entered allmulticast mode
[  265.873427][T10542] bridge_slave_1: entered promiscuous mode
[  266.003253][ T8837] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.010457][ T8837] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.177193][T10677] netlink: 'syz.1.1151': attribute type 9 has an invalid length.
[  266.186776][T10677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1151'.
[  266.197053][T10542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  266.229029][T10542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  266.275381][T10677] macvlan2: entered promiscuous mode
[  266.280717][T10677] hsr0: entered promiscuous mode
[  266.286183][T10677] macvlan2: entered allmulticast mode
[  266.291614][T10677] hsr0: entered allmulticast mode
[  266.297706][T10677] hsr_slave_0: entered allmulticast mode
[  266.304514][T10677] hsr_slave_1: entered allmulticast mode
[  266.419691][T10542] team0: Port device team_slave_0 added
[  266.429997][T10542] team0: Port device team_slave_1 added
[  266.521085][T10542] batman_adv: batadv0: Adding interface: batadv_slave_0
[  266.528518][T10542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.556059][T10542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.583483][T10542] batman_adv: batadv0: Adding interface: batadv_slave_1
[  266.601805][T10542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.631070][T10542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.668347][ T8835] IPVS: stop unused estimator thread 0...
[  266.815389][T10542] hsr_slave_0: entered promiscuous mode
[  266.837870][T10542] hsr_slave_1: entered promiscuous mode
[  266.861008][T10542] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  266.882099][T10542] Cannot create hsr debugfs directory
[  267.013210][   T51] Bluetooth: hci2: command tx timeout
[  267.186286][T10700] veth0: entered promiscuous mode
[  267.680960][T10698] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1156'.
[  268.176721][T10714] netlink: 'syz.1.1161': attribute type 10 has an invalid length.
[  268.190578][T10696] veth0: left promiscuous mode
[  268.226035][T10714] bridge0: entered promiscuous mode
[  268.234448][T10714] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  268.439209][T10389] 8021q: adding VLAN 0 to HW filter on device batadv0
[  268.530404][T10389] veth0_vlan: entered promiscuous mode
[  268.557383][T10389] veth1_vlan: entered promiscuous mode
[  268.622712][T10389] veth0_macvtap: entered promiscuous mode
[  268.688702][T10389] veth1_macvtap: entered promiscuous mode
[  268.821665][T10389] batman_adv: batadv0: Interface activated: batadv_slave_0
[  268.882815][T10729] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1165'.
[  268.894576][T10542] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  268.904273][T10730] netlink: 'syz.0.1164': attribute type 13 has an invalid length.
[  268.934427][T10542] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  268.952614][T10730] netlink: 'syz.0.1164': attribute type 17 has an invalid length.
[  268.973372][T10542] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  269.053393][T10389] batman_adv: batadv0: Interface activated: batadv_slave_1
[  269.102762][   T51] Bluetooth: hci2: command tx timeout
[  269.152435][T10730] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.162535][T10730] 8021q: adding VLAN 0 to HW filter on device team0
[  269.214983][T10730] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  269.231984][T10542] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  269.352501][ T8833] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  269.362856][ T8827] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  269.371708][ T8827] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  269.422380][ T8827] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  269.714262][ T8837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  269.736080][ T8837] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  269.807424][T10542] 8021q: adding VLAN 0 to HW filter on device bond0
[  269.856685][ T8837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  269.874770][T10542] 8021q: adding VLAN 0 to HW filter on device team0
[  269.881760][ T8837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  269.907966][ T6799] bridge0: port 1(bridge_slave_0) entered blocking state
[  269.915277][ T6799] bridge0: port 1(bridge_slave_0) entered forwarding state
[  269.951140][ T6799] bridge0: port 2(bridge_slave_1) entered blocking state
[  269.958495][ T6799] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.030371][T10542] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  270.050373][T10542] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  270.426418][ T6799] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.627005][ T6799] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.701840][T10542] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.747917][T10542] veth0_vlan: entered promiscuous mode
[  270.759568][T10542] veth1_vlan: entered promiscuous mode
[  270.796445][T10542] veth0_macvtap: entered promiscuous mode
[  270.808528][T10542] veth1_macvtap: entered promiscuous mode
[  270.827703][T10542] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.847164][T10542] batman_adv: batadv0: Interface activated: batadv_slave_1
[  270.870229][ T8831] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  270.879115][ T8831] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  270.890364][ T8831] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  270.899419][ T8831] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  270.980286][ T6799] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.004076][ T8831] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.013600][ T8831] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.074282][ T8831] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.085674][ T8831] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.180851][ T6799] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.356410][ T6799] bridge_slave_1: left allmulticast mode
[  271.362612][ T6799] bridge_slave_1: left promiscuous mode
[  271.368450][ T6799] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.378916][ T6799] bridge_slave_0: left allmulticast mode
[  271.386228][ T6799] bridge_slave_0: left promiscuous mode
[  271.392686][ T6799] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.550590][T10768] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1172'.
[  271.884657][ T6799] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  271.904985][ T6799] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  271.916263][ T6799] bond0 (unregistering): Released all slaves
[  271.929455][ T5167] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  271.941529][ T5167] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  271.950629][ T5167] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  271.972602][ T5167] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  271.980739][ T5167] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  272.400135][ T6799] hsr_slave_0: left promiscuous mode
[  272.418141][ T6799] hsr_slave_1: left promiscuous mode
[  272.434183][ T6799] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  272.441660][ T6799] batman_adv: batadv0: Removing interface: batadv_slave_0
[  272.487460][ T6799] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  272.502468][ T6799] batman_adv: batadv0: Removing interface: batadv_slave_1
[  272.581206][ T6799] veth1_macvtap: left promiscuous mode
[  272.597028][ T6799] veth0_macvtap: left promiscuous mode
[  272.614413][ T6799] veth1_vlan: left promiscuous mode
[  272.630363][ T6799] veth0_vlan: left promiscuous mode
[  272.939934][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  272.949605][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  272.958665][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  272.967638][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  272.977466][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  273.279881][ T6799] team0 (unregistering): Port device team_slave_1 removed
[  273.320953][ T6799] team0 (unregistering): Port device team_slave_0 removed
[  273.716449][T10778] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  273.729405][T10778] CPU: 1 UID: 0 PID: 10778 Comm: syz.0.1174 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  273.729434][T10778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  273.729447][T10778] Call Trace:
[  273.729456][T10778]  <TASK>
[  273.729466][T10778]  dump_stack_lvl+0x189/0x250
[  273.729500][T10778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  273.729519][T10778]  ? __pfx__printk+0x10/0x10
[  273.729541][T10778]  ? kernfs_path_from_node+0x2c/0x260
[  273.729563][T10778]  ? kernfs_path_from_node+0x2c/0x260
[  273.729583][T10778]  ? kernfs_path_from_node+0x2c/0x260
[  273.729606][T10778]  ? kernfs_path_from_node+0x22c/0x260
[  273.729627][T10778]  ? kernfs_path_from_node+0x2c/0x260
[  273.729652][T10778]  sysfs_warn_dup+0x8e/0xa0
[  273.729672][T10778]  sysfs_do_create_link_sd+0xc0/0x110
[  273.729695][T10778]  device_add_class_symlinks+0x1cf/0x240
[  273.729718][T10778]  device_add+0x475/0xb50
[  273.729741][T10778]  wiphy_register+0x1ba6/0x28d0
[  273.729776][T10778]  ? __pfx_wiphy_register+0x10/0x10
[  273.729796][T10778]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  273.729818][T10778]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  273.729847][T10778]  ieee80211_register_hw+0x33e1/0x4120
[  273.729886][T10778]  ? ieee80211_register_hw+0x14b1/0x4120
[  273.729909][T10778]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  273.729929][T10778]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  273.729955][T10778]  ? __hrtimer_setup+0x187/0x210
[  273.729972][T10778]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  273.729999][T10778]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  273.730046][T10778]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  273.730066][T10778]  ? trace_kmalloc+0x1f/0xd0
[  273.730082][T10778]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  273.730101][T10778]  ? kstrndup+0xbf/0x160
[  273.730133][T10778]  hwsim_new_radio_nl+0xea4/0x1b10
[  273.730157][T10778]  ? __pfx___nla_validate_parse+0x10/0x10
[  273.730184][T10778]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  273.730216][T10778]  ? __nla_parse+0x40/0x60
[  273.730234][T10778]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  273.730259][T10778]  genl_family_rcv_msg_doit+0x215/0x300
[  273.730281][T10778]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  273.730308][T10778]  ? bpf_lsm_capable+0x9/0x20
[  273.730324][T10778]  ? security_capable+0x7e/0x2e0
[  273.730352][T10778]  genl_rcv_msg+0x60e/0x790
[  273.730373][T10778]  ? __pfx_genl_rcv_msg+0x10/0x10
[  273.730388][T10778]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  273.730421][T10778]  netlink_rcv_skb+0x205/0x470
[  273.730443][T10778]  ? __pfx_genl_rcv_msg+0x10/0x10
[  273.730460][T10778]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  273.730495][T10778]  ? down_read+0x1ad/0x2e0
[  273.730520][T10778]  genl_rcv+0x28/0x40
[  273.730533][T10778]  netlink_unicast+0x75c/0x8e0
[  273.730562][T10778]  netlink_sendmsg+0x805/0xb30
[  273.730591][T10778]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.730615][T10778]  ? aa_sock_msg_perm+0x94/0x160
[  273.730639][T10778]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  273.730661][T10778]  ? __pfx_netlink_sendmsg+0x10/0x10
[  273.730684][T10778]  __sock_sendmsg+0x219/0x270
[  273.730705][T10778]  ____sys_sendmsg+0x505/0x830
[  273.730734][T10778]  ? __pfx_____sys_sendmsg+0x10/0x10
[  273.730766][T10778]  ? import_iovec+0x74/0xa0
[  273.730787][T10778]  ___sys_sendmsg+0x21f/0x2a0
[  273.730803][T10778]  ? __pfx____sys_sendmsg+0x10/0x10
[  273.730848][T10778]  ? __fget_files+0x2a/0x420
[  273.730867][T10778]  ? __fget_files+0x3a0/0x420
[  273.730902][T10778]  __x64_sys_sendmsg+0x19b/0x260
[  273.730918][T10778]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  273.730941][T10778]  ? rcu_is_watching+0x15/0xb0
[  273.730964][T10778]  ? do_syscall_64+0xbe/0x3b0
[  273.730989][T10778]  do_syscall_64+0xfa/0x3b0
[  273.731008][T10778]  ? lockdep_hardirqs_on+0x9c/0x150
[  273.731028][T10778]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.731043][T10778]  ? clear_bhb_loop+0x60/0xb0
[  273.731062][T10778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.731076][T10778] RIP: 0033:0x7fd32278e929
[  273.731091][T10778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.731104][T10778] RSP: 002b:00007fd3235cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  273.731120][T10778] RAX: ffffffffffffffda RBX: 00007fd3229b5fa0 RCX: 00007fd32278e929
[  273.731133][T10778] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  273.731143][T10778] RBP: 00007fd322810b39 R08: 0000000000000000 R09: 0000000000000000
[  273.731152][T10778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  273.731161][T10778] R13: 0000000000000000 R14: 00007fd3229b5fa0 R15: 00007ffd5f192018
[  273.731186][T10778]  </TASK>
[  274.185258][   T51] Bluetooth: hci2: command tx timeout
[  274.448316][T10794] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1176'.
[  274.462136][T10794] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1176'.
[  274.525163][T10794] lo speed is unknown, defaulting to 1000
[  274.533306][T10772] chnl_net:caif_netlink_parms(): no params data found
[  274.619604][T10798] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  274.688885][T10789] chnl_net:caif_netlink_parms(): no params data found
[  274.735031][T10794] lo speed is unknown, defaulting to 1000
[  274.781271][T10794] lo speed is unknown, defaulting to 1000
[  274.871187][T10802] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  274.884691][T10802] CPU: 0 UID: 0 PID: 10802 Comm: syz.1.1177 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  274.884728][T10802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.884741][T10802] Call Trace:
[  274.884749][T10802]  <TASK>
[  274.884758][T10802]  dump_stack_lvl+0x189/0x250
[  274.884793][T10802]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.884819][T10802]  ? __pfx__printk+0x10/0x10
[  274.884847][T10802]  ? kernfs_path_from_node+0x2c/0x260
[  274.884877][T10802]  ? kernfs_path_from_node+0x2c/0x260
[  274.884903][T10802]  ? kernfs_path_from_node+0x2c/0x260
[  274.884933][T10802]  ? kernfs_path_from_node+0x22c/0x260
[  274.884959][T10802]  ? kernfs_path_from_node+0x2c/0x260
[  274.884991][T10802]  sysfs_warn_dup+0x8e/0xa0
[  274.885018][T10802]  sysfs_do_create_link_sd+0xc0/0x110
[  274.885050][T10802]  device_add_class_symlinks+0x1cf/0x240
[  274.885081][T10802]  device_add+0x475/0xb50
[  274.885113][T10802]  wiphy_register+0x1ba6/0x28d0
[  274.885161][T10802]  ? __pfx_wiphy_register+0x10/0x10
[  274.885188][T10802]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  274.885218][T10802]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  274.885256][T10802]  ieee80211_register_hw+0x33e1/0x4120
[  274.885298][T10802]  ? ieee80211_register_hw+0x14b1/0x4120
[  274.885330][T10802]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  274.885356][T10802]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  274.885391][T10802]  ? __hrtimer_setup+0x187/0x210
[  274.885413][T10802]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  274.885449][T10802]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  274.885515][T10802]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  274.885542][T10802]  ? trace_kmalloc+0x1f/0xd0
[  274.885562][T10802]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  274.885587][T10802]  ? kstrndup+0xbf/0x160
[  274.885628][T10802]  hwsim_new_radio_nl+0xea4/0x1b10
[  274.885660][T10802]  ? __pfx___nla_validate_parse+0x10/0x10
[  274.885699][T10802]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  274.885750][T10802]  ? __nla_parse+0x40/0x60
[  274.885775][T10802]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  274.885810][T10802]  genl_family_rcv_msg_doit+0x215/0x300
[  274.885842][T10802]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  274.885882][T10802]  ? bpf_lsm_capable+0x9/0x20
[  274.885905][T10802]  ? security_capable+0x7e/0x2e0
[  274.885943][T10802]  genl_rcv_msg+0x60e/0x790
[  274.885991][T10802]  ? __pfx_genl_rcv_msg+0x10/0x10
[  274.886012][T10802]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  274.886060][T10802]  netlink_rcv_skb+0x205/0x470
[  274.886091][T10802]  ? __pfx_genl_rcv_msg+0x10/0x10
[  274.886115][T10802]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  274.886167][T10802]  ? down_read+0x1ad/0x2e0
[  274.886201][T10802]  genl_rcv+0x28/0x40
[  274.886220][T10802]  netlink_unicast+0x75c/0x8e0
[  274.886260][T10802]  netlink_sendmsg+0x805/0xb30
[  274.886302][T10802]  ? __pfx_netlink_sendmsg+0x10/0x10
[  274.886337][T10802]  ? aa_sock_msg_perm+0x94/0x160
[  274.886370][T10802]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  274.886401][T10802]  ? __pfx_netlink_sendmsg+0x10/0x10
[  274.886432][T10802]  __sock_sendmsg+0x219/0x270
[  274.886462][T10802]  ____sys_sendmsg+0x505/0x830
[  274.886502][T10802]  ? __pfx_____sys_sendmsg+0x10/0x10
[  274.886548][T10802]  ? import_iovec+0x74/0xa0
[  274.886578][T10802]  ___sys_sendmsg+0x21f/0x2a0
[  274.886601][T10802]  ? __pfx____sys_sendmsg+0x10/0x10
[  274.886668][T10802]  ? __fget_files+0x2a/0x420
[  274.886695][T10802]  ? __fget_files+0x3a0/0x420
[  274.886745][T10802]  __x64_sys_sendmsg+0x19b/0x260
[  274.886770][T10802]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  274.886805][T10802]  ? rcu_is_watching+0x15/0xb0
[  274.886837][T10802]  ? do_syscall_64+0xbe/0x3b0
[  274.886871][T10802]  do_syscall_64+0xfa/0x3b0
[  274.886899][T10802]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.886932][T10802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.886953][T10802]  ? clear_bhb_loop+0x60/0xb0
[  274.886980][T10802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.887001][T10802] RIP: 0033:0x7fe77238e929
[  274.887021][T10802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.887040][T10802] RSP: 002b:00007fe77316d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  274.887062][T10802] RAX: ffffffffffffffda RBX: 00007fe7725b5fa0 RCX: 00007fe77238e929
[  274.887077][T10802] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  274.887091][T10802] RBP: 00007fe772410b39 R08: 0000000000000000 R09: 0000000000000000
[  274.887104][T10802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  274.887117][T10802] R13: 0000000000000000 R14: 00007fe7725b5fa0 R15: 00007ffd51310388
[  274.887165][T10802]  </TASK>
[  275.124032][T10794] infiniband syz0: set active
[  275.139318][   T51] Bluetooth: hci4: command tx timeout
[  275.172578][T10794] infiniband syz0: added lo
[  275.373585][T10233] lo speed is unknown, defaulting to 1000
[  275.394012][T10794] RDS/IB: syz0: added
[  275.398215][T10794] smc: adding ib device syz0 with port count 1
[  275.404635][T10794] smc:    ib device syz0 port 1 has pnetid 
[  275.434186][T10242] lo speed is unknown, defaulting to 1000
[  275.440005][T10772] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.452724][T10772] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.460926][T10772] bridge_slave_0: entered allmulticast mode
[  275.484635][T10772] bridge_slave_0: entered promiscuous mode
[  275.501615][T10794] lo speed is unknown, defaulting to 1000
[  275.599522][T10772] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.611676][T10772] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.625334][T10772] bridge_slave_1: entered allmulticast mode
[  275.636283][T10772] bridge_slave_1: entered promiscuous mode
[  275.658714][T10789] bridge0: port 1(bridge_slave_0) entered blocking state
[  275.669582][T10789] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.678987][T10789] bridge_slave_0: entered allmulticast mode
[  275.693638][T10789] bridge_slave_0: entered promiscuous mode
[  275.721136][T10789] bridge0: port 2(bridge_slave_1) entered blocking state
[  275.730410][T10789] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.738564][T10789] bridge_slave_1: entered allmulticast mode
[  275.747023][T10789] bridge_slave_1: entered promiscuous mode
[  275.769705][T10815] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1178'.
[  275.808874][T10815] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1178'.
[  275.829728][ T6799] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.877092][T10794] lo speed is unknown, defaulting to 1000
[  275.879522][T10772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  275.913722][T10815] batadv2: entered promiscuous mode
[  275.918999][T10815] batadv2: entered allmulticast mode
[  276.004662][T10820] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1178'.
[  276.060731][T10772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  276.111185][ T6799] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.160369][T10789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  276.212479][   T51] Bluetooth: hci2: command tx timeout
[  276.269558][T10822] netlink: 'syz.1.1179': attribute type 39 has an invalid length.
[  276.271459][T10789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  276.292801][T10822] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1179'.
[  276.321050][T10772] team0: Port device team_slave_0 added
[  276.329727][T10794] lo speed is unknown, defaulting to 1000
[  276.330088][T10822] smc: net device bond0 applied user defined pnetid S
[  276.383398][T10789] team0: Port device team_slave_0 added
[  276.424963][ T6799] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.436111][T10825] netlink: 'syz.1.1180': attribute type 3 has an invalid length.
[  276.456547][T10772] team0: Port device team_slave_1 added
[  276.462592][T10825] ieee802154 phy0 wpan0: encryption failed: -90
[  276.518387][T10789] team0: Port device team_slave_1 added
[  276.622259][ T6799] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.768992][T10789] batman_adv: batadv0: Adding interface: batadv_slave_0
[  276.787461][T10789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  276.824089][T10789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  276.839419][T10772] batman_adv: batadv0: Adding interface: batadv_slave_0
[  276.850736][T10772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  276.878131][T10772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  276.890448][T10794] lo speed is unknown, defaulting to 1000
[  276.904842][T10789] batman_adv: batadv0: Adding interface: batadv_slave_1
[  276.923171][T10789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  276.962096][T10789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  277.018203][T10772] batman_adv: batadv0: Adding interface: batadv_slave_1
[  277.035570][T10772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  277.067511][T10772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  277.300306][T10844] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1184'.
[  277.320314][T10772] hsr_slave_0: entered promiscuous mode
[  277.327553][T10772] hsr_slave_1: entered promiscuous mode
[  277.370087][T10789] hsr_slave_0: entered promiscuous mode
[  277.376728][T10789] hsr_slave_1: entered promiscuous mode
[  277.384117][T10789] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  277.392972][T10789] Cannot create hsr debugfs directory
[  277.417710][   T51] Bluetooth: hci4: command tx timeout
[  277.423575][T10794] lo speed is unknown, defaulting to 1000
[  277.451804][T10846] netlink: 'syz.1.1184': attribute type 2 has an invalid length.
[  277.474973][T10844] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  277.663659][T10851] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  277.771060][T10853] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  277.823365][T10853] CPU: 1 UID: 0 PID: 10853 Comm: syz.1.1186 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  277.823407][T10853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  277.823421][T10853] Call Trace:
[  277.823429][T10853]  <TASK>
[  277.823437][T10853]  dump_stack_lvl+0x189/0x250
[  277.823472][T10853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  277.823498][T10853]  ? __pfx__printk+0x10/0x10
[  277.823528][T10853]  ? kernfs_path_from_node+0x2c/0x260
[  277.823557][T10853]  ? kernfs_path_from_node+0x2c/0x260
[  277.823583][T10853]  ? kernfs_path_from_node+0x2c/0x260
[  277.823613][T10853]  ? kernfs_path_from_node+0x22c/0x260
[  277.823641][T10853]  ? kernfs_path_from_node+0x2c/0x260
[  277.823673][T10853]  sysfs_warn_dup+0x8e/0xa0
[  277.823701][T10853]  sysfs_do_create_link_sd+0xc0/0x110
[  277.823752][T10853]  device_add_class_symlinks+0x1cf/0x240
[  277.823785][T10853]  device_add+0x475/0xb50
[  277.823817][T10853]  wiphy_register+0x1ba6/0x28d0
[  277.823867][T10853]  ? __pfx_wiphy_register+0x10/0x10
[  277.823895][T10853]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  277.823926][T10853]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  277.823966][T10853]  ieee80211_register_hw+0x33e1/0x4120
[  277.824010][T10853]  ? ieee80211_register_hw+0x14b1/0x4120
[  277.824043][T10853]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  277.824071][T10853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  277.824107][T10853]  ? __hrtimer_setup+0x187/0x210
[  277.824130][T10853]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  277.824178][T10853]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  277.824252][T10853]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  277.824280][T10853]  ? trace_kmalloc+0x1f/0xd0
[  277.824301][T10853]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  277.824326][T10853]  ? kstrndup+0xbf/0x160
[  277.824368][T10853]  hwsim_new_radio_nl+0xea4/0x1b10
[  277.824407][T10853]  ? __pfx___nla_validate_parse+0x10/0x10
[  277.824447][T10853]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  277.824493][T10853]  ? __nla_parse+0x40/0x60
[  277.824518][T10853]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  277.824552][T10853]  genl_family_rcv_msg_doit+0x215/0x300
[  277.824583][T10853]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  277.824622][T10853]  ? bpf_lsm_capable+0x9/0x20
[  277.824644][T10853]  ? security_capable+0x7e/0x2e0
[  277.824683][T10853]  genl_rcv_msg+0x60e/0x790
[  277.824713][T10853]  ? __pfx_genl_rcv_msg+0x10/0x10
[  277.824733][T10853]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  277.824781][T10853]  netlink_rcv_skb+0x205/0x470
[  277.824810][T10853]  ? __pfx_genl_rcv_msg+0x10/0x10
[  277.824833][T10853]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  277.824883][T10853]  ? down_read+0x1ad/0x2e0
[  277.824916][T10853]  genl_rcv+0x28/0x40
[  277.824934][T10853]  netlink_unicast+0x75c/0x8e0
[  277.824973][T10853]  netlink_sendmsg+0x805/0xb30
[  277.825013][T10853]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.825046][T10853]  ? aa_sock_msg_perm+0x94/0x160
[  277.825078][T10853]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  277.825107][T10853]  ? __pfx_netlink_sendmsg+0x10/0x10
[  277.825136][T10853]  __sock_sendmsg+0x219/0x270
[  277.825165][T10853]  ____sys_sendmsg+0x505/0x830
[  277.825205][T10853]  ? __pfx_____sys_sendmsg+0x10/0x10
[  277.825249][T10853]  ? import_iovec+0x74/0xa0
[  277.825276][T10853]  ___sys_sendmsg+0x21f/0x2a0
[  277.825299][T10853]  ? __pfx____sys_sendmsg+0x10/0x10
[  277.825365][T10853]  ? __fget_files+0x2a/0x420
[  277.825390][T10853]  ? __fget_files+0x3a0/0x420
[  277.825436][T10853]  __x64_sys_sendmsg+0x19b/0x260
[  277.825459][T10853]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  277.825492][T10853]  ? rcu_is_watching+0x15/0xb0
[  277.825524][T10853]  ? do_syscall_64+0xbe/0x3b0
[  277.825558][T10853]  do_syscall_64+0xfa/0x3b0
[  277.825586][T10853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.825605][T10853]  ? asm_sysvec_call_function_single+0x1a/0x20
[  277.825625][T10853]  ? clear_bhb_loop+0x60/0xb0
[  277.825650][T10853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.825671][T10853] RIP: 0033:0x7fe77238e929
[  277.825690][T10853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.825707][T10853] RSP: 002b:00007fe77316d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  277.825729][T10853] RAX: ffffffffffffffda RBX: 00007fe7725b5fa0 RCX: 00007fe77238e929
[  277.825743][T10853] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  277.825756][T10853] RBP: 00007fe772410b39 R08: 0000000000000000 R09: 0000000000000000
[  277.825769][T10853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  277.825781][T10853] R13: 0000000000000000 R14: 00007fe7725b5fa0 R15: 00007ffd51310388
[  277.825817][T10853]  </TASK>
[  278.316354][   T51] Bluetooth: hci2: command tx timeout
[  278.353850][ T6799] bridge_slave_1: left allmulticast mode
[  278.359657][ T6799] bridge_slave_1: left promiscuous mode
[  278.372769][ T6799] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.385515][ T6799] bridge_slave_0: left allmulticast mode
[  278.391311][ T6799] bridge_slave_0: left promiscuous mode
[  278.397727][ T6799] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.758052][ T6799] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  278.769426][ T6799] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  278.780217][ T6799] bond0 (unregistering): Released all slaves
[  278.844004][T10794] lo speed is unknown, defaulting to 1000
[  279.081775][T10869] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1189'.
[  279.365213][T10794] lo speed is unknown, defaulting to 1000
[  279.492262][   T51] Bluetooth: hci4: command tx timeout
[  279.563546][T10881] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1190'.
[  279.574015][T10881] tipc: Started in network mode
[  279.578920][T10881] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  279.592652][T10881] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  279.674128][   T30] audit: type=1804 audit(1752370363.508:5): pid=10888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1193" name="memory.events" dev="tmpfs" ino=1423 res=1 errno=0
[  279.727907][   T30] audit: type=1800 audit(1752370363.508:6): pid=10888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1193" name="memory.events" dev="tmpfs" ino=1423 res=0 errno=0
[  279.770011][T10889] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1193'.
[  279.782166][T10889] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1193'.
[  279.828992][T10794] lo speed is unknown, defaulting to 1000
[  280.136248][T10772] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  280.160277][T10772] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  280.178248][T10772] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  280.241135][T10772] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  280.361512][T10901] netlink: 'syz.0.1198': attribute type 1 has an invalid length.
[  280.377796][   T51] Bluetooth: hci2: command tx timeout
[  280.386912][T10901] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1198'.
[  280.575238][T10907] xt_CT: No such helper "snmp"
[  280.676716][T10910] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1198'.
[  280.982690][T10916] sysfs: cannot create duplicate filename '/class/ieee80211/žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–_à›xDä±pj8¼•TTí!'
[  281.022920][T10916] CPU: 0 UID: 0 PID: 10916 Comm: syz.1.1200 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  281.022953][T10916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  281.022966][T10916] Call Trace:
[  281.022975][T10916]  <TASK>
[  281.022984][T10916]  dump_stack_lvl+0x189/0x250
[  281.023017][T10916]  ? __pfx_dump_stack_lvl+0x10/0x10
[  281.023042][T10916]  ? __pfx__printk+0x10/0x10
[  281.023071][T10916]  ? kernfs_path_from_node+0x2c/0x260
[  281.023101][T10916]  ? kernfs_path_from_node+0x2c/0x260
[  281.023127][T10916]  ? kernfs_path_from_node+0x2c/0x260
[  281.023157][T10916]  ? kernfs_path_from_node+0x22c/0x260
[  281.023181][T10916]  ? kernfs_path_from_node+0x2c/0x260
[  281.023212][T10916]  sysfs_warn_dup+0x8e/0xa0
[  281.023239][T10916]  sysfs_do_create_link_sd+0xc0/0x110
[  281.023270][T10916]  device_add_class_symlinks+0x1cf/0x240
[  281.023301][T10916]  device_add+0x475/0xb50
[  281.023331][T10916]  wiphy_register+0x1ba6/0x28d0
[  281.023368][T10916]  ? __pfx_wiphy_register+0x10/0x10
[  281.023387][T10916]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  281.023416][T10916]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  281.023444][T10916]  ieee80211_register_hw+0x33e1/0x4120
[  281.023474][T10916]  ? ieee80211_register_hw+0x14b1/0x4120
[  281.023497][T10916]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  281.023516][T10916]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  281.023541][T10916]  ? __hrtimer_setup+0x187/0x210
[  281.023557][T10916]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  281.023584][T10916]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  281.023629][T10916]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  281.023649][T10916]  ? trace_kmalloc+0x1f/0xd0
[  281.023664][T10916]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  281.023681][T10916]  ? kstrndup+0xbf/0x160
[  281.023711][T10916]  hwsim_new_radio_nl+0xea4/0x1b10
[  281.023735][T10916]  ? __pfx___nla_validate_parse+0x10/0x10
[  281.023761][T10916]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  281.023793][T10916]  ? __nla_parse+0x40/0x60
[  281.023810][T10916]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  281.023834][T10916]  genl_family_rcv_msg_doit+0x215/0x300
[  281.023856][T10916]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  281.023889][T10916]  ? bpf_lsm_capable+0x9/0x20
[  281.023911][T10916]  ? security_capable+0x7e/0x2e0
[  281.023946][T10916]  genl_rcv_msg+0x60e/0x790
[  281.023975][T10916]  ? __pfx_genl_rcv_msg+0x10/0x10
[  281.023997][T10916]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  281.024030][T10916]  netlink_rcv_skb+0x205/0x470
[  281.024052][T10916]  ? __pfx_genl_rcv_msg+0x10/0x10
[  281.024068][T10916]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  281.024102][T10916]  ? down_read+0x1ad/0x2e0
[  281.024126][T10916]  genl_rcv+0x28/0x40
[  281.024139][T10916]  netlink_unicast+0x75c/0x8e0
[  281.024168][T10916]  netlink_sendmsg+0x805/0xb30
[  281.024196][T10916]  ? __pfx_netlink_sendmsg+0x10/0x10
[  281.024219][T10916]  ? aa_sock_msg_perm+0x94/0x160
[  281.024242][T10916]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  281.024264][T10916]  ? __pfx_netlink_sendmsg+0x10/0x10
[  281.024285][T10916]  __sock_sendmsg+0x219/0x270
[  281.024325][T10916]  ____sys_sendmsg+0x505/0x830
[  281.024354][T10916]  ? __pfx_____sys_sendmsg+0x10/0x10
[  281.024386][T10916]  ? import_iovec+0x74/0xa0
[  281.024417][T10916]  ___sys_sendmsg+0x21f/0x2a0
[  281.024433][T10916]  ? __pfx____sys_sendmsg+0x10/0x10
[  281.024479][T10916]  ? __fget_files+0x2a/0x420
[  281.024499][T10916]  ? __fget_files+0x3a0/0x420
[  281.024528][T10916]  __x64_sys_sendmsg+0x19b/0x260
[  281.024545][T10916]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  281.024576][T10916]  ? do_syscall_64+0xbe/0x3b0
[  281.024601][T10916]  do_syscall_64+0xfa/0x3b0
[  281.024621][T10916]  ? lockdep_hardirqs_on+0x9c/0x150
[  281.024640][T10916]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.024655][T10916]  ? clear_bhb_loop+0x60/0xb0
[  281.024674][T10916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.024688][T10916] RIP: 0033:0x7fe77238e929
[  281.024703][T10916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.024715][T10916] RSP: 002b:00007fe77316d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  281.024732][T10916] RAX: ffffffffffffffda RBX: 00007fe7725b5fa0 RCX: 00007fe77238e929
[  281.024743][T10916] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  281.024753][T10916] RBP: 00007fe772410b39 R08: 0000000000000000 R09: 0000000000000000
[  281.024761][T10916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  281.024770][T10916] R13: 0000000000000000 R14: 00007fe7725b5fa0 R15: 00007ffd51310388
[  281.024795][T10916]  </TASK>
[  281.523555][ T6799] hsr_slave_0: left promiscuous mode
[  281.541526][ T6799] hsr_slave_1: left promiscuous mode
[  281.552936][ T6799] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  281.560408][ T6799] batman_adv: batadv0: Removing interface: batadv_slave_0
[  281.568704][ T6799] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  281.572530][   T51] Bluetooth: hci4: command tx timeout
[  281.576732][ T6799] batman_adv: batadv0: Removing interface: batadv_slave_1
[  281.620721][ T6799] veth1_macvtap: left promiscuous mode
[  281.628584][ T6799] veth0_macvtap: left promiscuous mode
[  281.634751][ T6799] veth1_vlan: left promiscuous mode
[  281.640146][ T6799] veth0_vlan: left promiscuous mode
[  281.648809][T10926] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1202'.
[  281.658686][T10926] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1202'.
[  282.150343][ T6799] team0 (unregistering): Port device team_slave_1 removed
[  282.189940][ T6799] team0 (unregistering): Port device team_slave_0 removed
[  282.831833][T10789] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  282.862999][T10929] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1205'.
[  282.872934][T10789] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  282.919396][T10789] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  282.927572][T10934] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1206'.
[  283.018603][T10789] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  283.060155][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1207'.
[  283.086788][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1207'.
[  283.111824][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1207'.
[  283.126069][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1207'.
[  283.148904][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1207'.
[  283.163529][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1207'.
[  283.179782][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1207'.
[  283.191413][T10936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1207'.
[  283.397420][T10772] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.409451][T10954] netlink: 'syz.1.1211': attribute type 4 has an invalid length.
[  283.432829][T10954] netlink: 'syz.1.1211': attribute type 4 has an invalid length.
[  283.480036][T10772] 8021q: adding VLAN 0 to HW filter on device team0
[  283.497554][ T8827] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.504774][ T8827] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.549636][ T8831] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.556848][ T8831] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.620353][T10959] lo speed is unknown, defaulting to 1000
[  283.702339][T10789] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.772838][T10789] 8021q: adding VLAN 0 to HW filter on device team0
[  283.810866][ T8836] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.818056][ T8836] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.885543][T10964] batman_adv: batadv0: Removing interface: batadv_slave_0
[  283.899326][T10964] batman_adv: batadv0: Removing interface: batadv_slave_1
[  283.944289][ T8831] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.951484][ T8831] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.242890][T10772] 8021q: adding VLAN 0 to HW filter on device batadv0
[  284.367880][T10977] RDS: rds_bind could not find a transport for ::4000:0:20:0, load rds_tcp or rds_rdma?
[  284.608985][T10772] veth0_vlan: entered promiscuous mode
[  284.646859][T10789] 8021q: adding VLAN 0 to HW filter on device batadv0
[  284.679004][T10772] veth1_vlan: entered promiscuous mode
[  284.817934][T10772] veth0_macvtap: entered promiscuous mode
[  284.845097][T10789] veth0_vlan: entered promiscuous mode
[  284.864785][T10772] veth1_macvtap: entered promiscuous mode
[  284.909536][T10789] veth1_vlan: entered promiscuous mode
[  285.040206][T10772] batman_adv: batadv0: Interface activated: batadv_slave_0
[  285.103063][T10772] batman_adv: batadv0: Interface activated: batadv_slave_1
[  285.124931][T10789] veth0_macvtap: entered promiscuous mode
[  285.156163][ T8835] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.167594][ T8835] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.186876][ T8835] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.199112][ T8835] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.211295][T10789] veth1_macvtap: entered promiscuous mode
[  285.271475][T10789] batman_adv: batadv0: Interface activated: batadv_slave_0
[  285.347230][T10789] batman_adv: batadv0: Interface activated: batadv_slave_1
[  285.400446][ T8834] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.428030][ T8834] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.450047][ T8834] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.466001][ T8834] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.489154][ T8831] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.499558][ T8831] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.603596][ T8827] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.626005][ T8827] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.834711][T11008] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  285.846724][ T8827] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.861836][ T8827] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.894328][T11008] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.038218][T11008] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  286.056975][T11008] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.101725][ T8831] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.130534][ T8831] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  286.244727][T11008] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  286.259552][T11008] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.398302][ T8834] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.475877][T11008] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  286.493337][T11008] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.597327][ T8834] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.674930][ T6799] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  286.686992][ T6799] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  286.721205][ T8834] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.746281][ T8831] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  286.762817][ T8831] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  286.790408][ T6799] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  286.799990][ T6799] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  286.830496][ T8834] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.873233][ T6799] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  286.881619][ T6799] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  286.896219][T11009] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  286.907919][T11009] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.930185][ T6799] ==================================================================
[  286.938296][ T6799] BUG: KASAN: slab-use-after-free in __mutex_lock+0x144/0xe80
[  286.945802][ T6799] Read of size 8 at addr ffff888079b286b0 by task kworker/u8:9/6799
[  286.953808][ T6799] 
[  286.956149][ T6799] CPU: 0 UID: 0 PID: 6799 Comm: kworker/u8:9 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  286.956170][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  286.956182][ T6799] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  286.956210][ T6799] Call Trace:
[  286.956217][ T6799]  <TASK>
[  286.956224][ T6799]  dump_stack_lvl+0x189/0x250
[  286.956247][ T6799]  ? __virt_addr_valid+0x1c8/0x5c0
[  286.956269][ T6799]  ? rcu_is_watching+0x15/0xb0
[  286.956287][ T6799]  ? __kasan_check_byte+0x12/0x40
[  286.956308][ T6799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.956327][ T6799]  ? rcu_is_watching+0x15/0xb0
[  286.956346][ T6799]  ? lock_release+0x4b/0x3e0
[  286.956365][ T6799]  ? __virt_addr_valid+0x1c8/0x5c0
[  286.956386][ T6799]  ? __virt_addr_valid+0x4a5/0x5c0
[  286.956408][ T6799]  print_report+0xd2/0x2b0
[  286.956424][ T6799]  ? __mutex_lock+0x144/0xe80
[  286.956446][ T6799]  kasan_report+0x118/0x150
[  286.956465][ T6799]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  286.956487][ T6799]  ? __mutex_lock+0x144/0xe80
[  286.956512][ T6799]  __mutex_lock+0x144/0xe80
[  286.956534][ T6799]  ? __lock_acquire+0xab9/0xd20
[  286.956552][ T6799]  ? __mutex_lock+0x51b/0xe80
[  286.956576][ T6799]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  286.956600][ T6799]  ? __pfx___mutex_lock+0x10/0x10
[  286.956625][ T6799]  ? __lock_acquire+0xab9/0xd20
[  286.956647][ T6799]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  286.956672][ T6799]  ? process_scheduled_works+0x9ef/0x17b0
[  286.956691][ T6799]  ? process_scheduled_works+0x9ef/0x17b0
[  286.956711][ T6799]  process_scheduled_works+0xae1/0x17b0
[  286.956743][ T6799]  ? __pfx_process_scheduled_works+0x10/0x10
[  286.956770][ T6799]  worker_thread+0x8a0/0xda0
[  286.956807][ T6799]  kthread+0x70e/0x8a0
[  286.956831][ T6799]  ? __pfx_worker_thread+0x10/0x10
[  286.956850][ T6799]  ? __pfx_kthread+0x10/0x10
[  286.956873][ T6799]  ? _raw_spin_unlock_irq+0x23/0x50
[  286.956892][ T6799]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.956912][ T6799]  ? __pfx_kthread+0x10/0x10
[  286.956935][ T6799]  ret_from_fork+0x3fc/0x770
[  286.956954][ T6799]  ? __pfx_ret_from_fork+0x10/0x10
[  286.956974][ T6799]  ? __switch_to_asm+0x39/0x70
[  286.956995][ T6799]  ? __switch_to_asm+0x33/0x70
[  286.957016][ T6799]  ? __pfx_kthread+0x10/0x10
[  286.957039][ T6799]  ret_from_fork_asm+0x1a/0x30
[  286.957068][ T6799]  </TASK>
[  286.957075][ T6799] 
[  287.188448][ T6799] Allocated by task 11008:
[  287.192876][ T6799]  kasan_save_track+0x3e/0x80
[  287.197571][ T6799]  __kasan_kmalloc+0x93/0xb0
[  287.202166][ T6799]  __kmalloc_noprof+0x27a/0x4f0
[  287.207022][ T6799]  udp_tunnel_nic_netdevice_event+0x854/0x19f0
[  287.213193][ T6799]  notifier_call_chain+0x1b3/0x3e0
[  287.218308][ T6799]  register_netdevice+0x1608/0x1ae0
[  287.223514][ T6799]  nsim_create+0xae8/0xf10
[  287.227938][ T6799]  __nsim_dev_port_add+0x6b6/0xb10
[  287.233055][ T6799]  nsim_dev_port_add_all+0x37/0xf0
[  287.238170][ T6799]  nsim_dev_reload_up+0x451/0x780
[  287.243202][ T6799]  devlink_reload+0x4e9/0x8d0
[  287.247892][ T6799]  devlink_nl_reload_doit+0xb35/0xd50
[  287.253294][ T6799]  genl_family_rcv_msg_doit+0x215/0x300
[  287.258856][ T6799]  genl_rcv_msg+0x60e/0x790
[  287.263364][ T6799]  netlink_rcv_skb+0x205/0x470
[  287.268138][ T6799]  genl_rcv+0x28/0x40
[  287.272122][ T6799]  netlink_unicast+0x75c/0x8e0
[  287.276908][ T6799]  netlink_sendmsg+0x805/0xb30
[  287.281680][ T6799]  __sock_sendmsg+0x219/0x270
[  287.286359][ T6799]  ____sys_sendmsg+0x505/0x830
[  287.291135][ T6799]  ___sys_sendmsg+0x21f/0x2a0
[  287.295808][ T6799]  __x64_sys_sendmsg+0x19b/0x260
[  287.300745][ T6799]  do_syscall_64+0xfa/0x3b0
[  287.305260][ T6799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.311154][ T6799] 
[  287.313566][ T6799] Freed by task 11009:
[  287.317631][ T6799]  kasan_save_track+0x3e/0x80
[  287.322317][ T6799]  kasan_save_free_info+0x46/0x50
[  287.327356][ T6799]  __kasan_slab_free+0x62/0x70
[  287.332123][ T6799]  kfree+0x18e/0x440
[  287.336030][ T6799]  udp_tunnel_nic_netdevice_event+0x1332/0x19f0
[  287.342279][ T6799]  notifier_call_chain+0x1b3/0x3e0
[  287.347395][ T6799]  unregister_netdevice_many_notify+0x14d7/0x1ff0
[  287.353823][ T6799]  unregister_netdevice_queue+0x33c/0x380
[  287.359569][ T6799]  nsim_destroy+0x217/0x6a0
[  287.364081][ T6799]  __nsim_dev_port_del+0x14d/0x1b0
[  287.369203][ T6799]  nsim_dev_reload_destroy+0x288/0x490
[  287.374673][ T6799]  nsim_dev_reload_down+0x8a/0xc0
[  287.379707][ T6799]  devlink_reload+0x1b3/0x8d0
[  287.384391][ T6799]  devlink_nl_reload_doit+0xb35/0xd50
[  287.389771][ T6799]  genl_family_rcv_msg_doit+0x215/0x300
[  287.395320][ T6799]  genl_rcv_msg+0x60e/0x790
[  287.399825][ T6799]  netlink_rcv_skb+0x205/0x470
[  287.404594][ T6799]  genl_rcv+0x28/0x40
[  287.408576][ T6799]  netlink_unicast+0x75c/0x8e0
[  287.413343][ T6799]  netlink_sendmsg+0x805/0xb30
[  287.418113][ T6799]  __sock_sendmsg+0x219/0x270
[  287.422794][ T6799]  ____sys_sendmsg+0x505/0x830
[  287.427568][ T6799]  ___sys_sendmsg+0x21f/0x2a0
[  287.432254][ T6799]  __x64_sys_sendmsg+0x19b/0x260
[  287.437200][ T6799]  do_syscall_64+0xfa/0x3b0
[  287.441710][ T6799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.447606][ T6799] 
[  287.449942][ T6799] Last potentially related work creation:
[  287.455741][ T6799]  kasan_save_stack+0x3e/0x60
[  287.460425][ T6799]  kasan_record_aux_stack+0xbd/0xd0
[  287.465627][ T6799]  insert_work+0x3d/0x330
[  287.469957][ T6799]  __queue_work+0xbd9/0xfe0
[  287.474461][ T6799]  queue_work_on+0x181/0x270
[  287.479053][ T6799]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  287.484687][ T6799]  udp_tunnel_push_rx_port+0x17d/0x200
[  287.490148][ T6799]  geneve_offload_rx_ports+0xd7/0x160
[  287.495531][ T6799]  geneve_netdevice_event+0x6a/0x80
[  287.500739][ T6799]  notifier_call_chain+0x1b3/0x3e0
[  287.505885][ T6799]  call_netdevice_notifiers+0x88/0xc0
[  287.511311][ T6799]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[  287.517663][ T6799]  notifier_call_chain+0x1b3/0x3e0
[  287.522781][ T6799]  register_netdevice+0x1608/0x1ae0
[  287.527983][ T6799]  nsim_create+0xae8/0xf10
[  287.532410][ T6799]  __nsim_dev_port_add+0x6b6/0xb10
[  287.537532][ T6799]  nsim_dev_port_add_all+0x37/0xf0
[  287.542653][ T6799]  nsim_dev_reload_up+0x451/0x780
[  287.547689][ T6799]  devlink_reload+0x4e9/0x8d0
[  287.552370][ T6799]  devlink_nl_reload_doit+0xb35/0xd50
[  287.557746][ T6799]  genl_family_rcv_msg_doit+0x215/0x300
[  287.563297][ T6799]  genl_rcv_msg+0x60e/0x790
[  287.567802][ T6799]  netlink_rcv_skb+0x205/0x470
[  287.572573][ T6799]  genl_rcv+0x28/0x40
[  287.576567][ T6799]  netlink_unicast+0x75c/0x8e0
[  287.581336][ T6799]  netlink_sendmsg+0x805/0xb30
[  287.586192][ T6799]  __sock_sendmsg+0x219/0x270
[  287.590874][ T6799]  ____sys_sendmsg+0x505/0x830
[  287.595647][ T6799]  ___sys_sendmsg+0x21f/0x2a0
[  287.600323][ T6799]  __x64_sys_sendmsg+0x19b/0x260
[  287.605258][ T6799]  do_syscall_64+0xfa/0x3b0
[  287.609770][ T6799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.615680][ T6799] 
[  287.618006][ T6799] Second to last potentially related work creation:
[  287.624585][ T6799]  kasan_save_stack+0x3e/0x60
[  287.629284][ T6799]  kasan_record_aux_stack+0xbd/0xd0
[  287.634497][ T6799]  insert_work+0x3d/0x330
[  287.638831][ T6799]  __queue_work+0xcfc/0xfe0
[  287.643333][ T6799]  queue_work_on+0x181/0x270
[  287.647919][ T6799]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  287.653553][ T6799]  udp_tunnel_push_rx_port+0x17d/0x200
[  287.659023][ T6799]  vxlan_offload_rx_ports+0x139/0x200
[  287.664394][ T6799]  vxlan_netdevice_event+0x111/0x470
[  287.669680][ T6799]  notifier_call_chain+0x1b3/0x3e0
[  287.674795][ T6799]  call_netdevice_notifiers+0x88/0xc0
[  287.680168][ T6799]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[  287.686440][ T6799]  notifier_call_chain+0x1b3/0x3e0
[  287.691556][ T6799]  register_netdevice+0x1608/0x1ae0
[  287.696757][ T6799]  nsim_create+0xae8/0xf10
[  287.701188][ T6799]  __nsim_dev_port_add+0x6b6/0xb10
[  287.706321][ T6799]  nsim_dev_port_add_all+0x37/0xf0
[  287.711446][ T6799]  nsim_dev_reload_up+0x451/0x780
[  287.716486][ T6799]  devlink_reload+0x4e9/0x8d0
[  287.721180][ T6799]  devlink_nl_reload_doit+0xb35/0xd50
[  287.726558][ T6799]  genl_family_rcv_msg_doit+0x215/0x300
[  287.732114][ T6799]  genl_rcv_msg+0x60e/0x790
[  287.736638][ T6799]  netlink_rcv_skb+0x205/0x470
[  287.741409][ T6799]  genl_rcv+0x28/0x40
[  287.745389][ T6799]  netlink_unicast+0x75c/0x8e0
[  287.750154][ T6799]  netlink_sendmsg+0x805/0xb30
[  287.754927][ T6799]  __sock_sendmsg+0x219/0x270
[  287.759609][ T6799]  ____sys_sendmsg+0x505/0x830
[  287.764384][ T6799]  ___sys_sendmsg+0x21f/0x2a0
[  287.769058][ T6799]  __x64_sys_sendmsg+0x19b/0x260
[  287.774012][ T6799]  do_syscall_64+0xfa/0x3b0
[  287.778521][ T6799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.784413][ T6799] 
[  287.786737][ T6799] The buggy address belongs to the object at ffff888079b28600
[  287.786737][ T6799]  which belongs to the cache kmalloc-256 of size 256
[  287.800800][ T6799] The buggy address is located 176 bytes inside of
[  287.800800][ T6799]  freed 256-byte region [ffff888079b28600, ffff888079b28700)
[  287.814597][ T6799] 
[  287.816925][ T6799] The buggy address belongs to the physical page:
[  287.823335][ T6799] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79b28
[  287.832109][ T6799] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  287.840607][ T6799] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  287.848606][ T6799] page_type: f5(slab)
[  287.852612][ T6799] raw: 00fff00000000040 ffff88801a441b40 ffffea0001452080 dead000000000005
[  287.861366][ T6799] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  287.869949][ T6799] head: 00fff00000000040 ffff88801a441b40 ffffea0001452080 dead000000000005
[  287.878620][ T6799] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  287.887294][ T6799] head: 00fff00000000001 ffffea0001e6ca01 00000000ffffffff 00000000ffffffff
[  287.895968][ T6799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  287.904637][ T6799] page dumped because: kasan: bad access detected
[  287.911060][ T6799] page_owner tracks the page as allocated
[  287.916774][ T6799] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6043, tgid 6042 (syz.3.17), ts 98741545727, free_ts 98082999674
[  287.937786][ T6799]  post_alloc_hook+0x240/0x2a0
[  287.942563][ T6799]  get_page_from_freelist+0x21e4/0x22c0
[  287.948145][ T6799]  __alloc_frozen_pages_noprof+0x181/0x370
[  287.953960][ T6799]  alloc_pages_mpol+0x232/0x4a0
[  287.958904][ T6799]  allocate_slab+0x8a/0x3b0
[  287.963415][ T6799]  ___slab_alloc+0xbfc/0x1480
[  287.968096][ T6799]  __kmalloc_cache_noprof+0x296/0x3d0
[  287.973472][ T6799]  btf_new_fd+0x227/0xc90
[  287.977819][ T6799]  __sys_bpf+0x635/0x860
[  287.982073][ T6799]  __x64_sys_bpf+0x7c/0x90
[  287.986494][ T6799]  do_syscall_64+0xfa/0x3b0
[  287.991001][ T6799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.996902][ T6799] page last free pid 5992 tgid 5988 stack trace:
[  288.003226][ T6799]  __free_frozen_pages+0xc71/0xe70
[  288.008340][ T6799]  pagetable_dtor_free+0x2d2/0x3b0
[  288.013462][ T6799]  __mmdrop+0xb5/0x460
[  288.017556][ T6799]  exit_mm+0x1da/0x2c0
[  288.021632][ T6799]  do_exit+0x648/0x22e0
[  288.025794][ T6799]  do_group_exit+0x21c/0x2d0
[  288.030390][ T6799]  get_signal+0x1286/0x1340
[  288.034894][ T6799]  arch_do_signal_or_restart+0x9a/0x750
[  288.040454][ T6799]  exit_to_user_mode_loop+0x75/0x110
[  288.045745][ T6799]  do_syscall_64+0x2bd/0x3b0
[  288.050349][ T6799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.056252][ T6799] 
[  288.058585][ T6799] Memory state around the buggy address:
[  288.064236][ T6799]  ffff888079b28580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  288.072323][ T6799]  ffff888079b28600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  288.080403][ T6799] >ffff888079b28680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  288.088493][ T6799]                                      ^
[  288.094129][ T6799]  ffff888079b28700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  288.102205][ T6799]  ffff888079b28780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  288.110262][ T6799] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  288.551653][ T6799] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  288.558915][ T6799] CPU: 1 UID: 0 PID: 6799 Comm: kworker/u8:9 Not tainted 6.16.0-rc5-syzkaller-01399-ga52f9f0d77f2 #0 PREEMPT(full) 
[  288.571101][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  288.581165][ T6799] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  288.588465][ T6799] Call Trace:
[  288.591744][ T6799]  <TASK>
[  288.594677][ T6799]  dump_stack_lvl+0x99/0x250
[  288.599275][ T6799]  ? __asan_memcpy+0x40/0x70
[  288.603878][ T6799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.609094][ T6799]  ? __pfx__printk+0x10/0x10
[  288.613699][ T6799]  panic+0x2db/0x790
[  288.617603][ T6799]  ? __pfx_panic+0x10/0x10
[  288.622033][ T6799]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  288.627929][ T6799]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  288.634269][ T6799]  ? print_memory_metadata+0x314/0x400
[  288.639733][ T6799]  ? __mutex_lock+0x144/0xe80
[  288.644423][ T6799]  check_panic_on_warn+0x89/0xb0
[  288.649381][ T6799]  ? __mutex_lock+0x144/0xe80
[  288.654070][ T6799]  end_report+0x78/0x160
[  288.658429][ T6799]  kasan_report+0x129/0x150
[  288.662960][ T6799]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  288.668876][ T6799]  ? __mutex_lock+0x144/0xe80
[  288.673576][ T6799]  __mutex_lock+0x144/0xe80
[  288.678094][ T6799]  ? __lock_acquire+0xab9/0xd20
[  288.682961][ T6799]  ? __mutex_lock+0x51b/0xe80
[  288.687650][ T6799]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  288.693898][ T6799]  ? __pfx___mutex_lock+0x10/0x10
[  288.698931][ T6799]  ? __lock_acquire+0xab9/0xd20
[  288.703800][ T6799]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  288.709886][ T6799]  ? process_scheduled_works+0x9ef/0x17b0
[  288.715612][ T6799]  ? process_scheduled_works+0x9ef/0x17b0
[  288.721338][ T6799]  process_scheduled_works+0xae1/0x17b0
[  288.726986][ T6799]  ? __pfx_process_scheduled_works+0x10/0x10
[  288.732975][ T6799]  worker_thread+0x8a0/0xda0
[  288.737578][ T6799]  kthread+0x70e/0x8a0
[  288.741657][ T6799]  ? __pfx_worker_thread+0x10/0x10
[  288.746779][ T6799]  ? __pfx_kthread+0x10/0x10
[  288.751377][ T6799]  ? _raw_spin_unlock_irq+0x23/0x50
[  288.756588][ T6799]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.761797][ T6799]  ? __pfx_kthread+0x10/0x10
[  288.766397][ T6799]  ret_from_fork+0x3fc/0x770
[  288.770996][ T6799]  ? __pfx_ret_from_fork+0x10/0x10
[  288.776110][ T6799]  ? __switch_to_asm+0x39/0x70
[  288.780898][ T6799]  ? __switch_to_asm+0x33/0x70
[  288.785665][ T6799]  ? __pfx_kthread+0x10/0x10
[  288.790264][ T6799]  ret_from_fork_asm+0x1a/0x30
[  288.795040][ T6799]  </TASK>
[  288.798394][ T6799] Kernel Offset: disabled
[  288.802723][ T6799] Rebooting in 86400 seconds..