last executing test programs:

2.460713255s ago: executing program 4 (id=3859):
r0 = socket$inet6(0xa, 0x2, 0xfffffffd)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4c2000, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081064e81f782db44b9040a1d08040e00000000000aa1180002000600142603600e1208000f0000810401a8001605200001400200000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a074edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'veth1_to_bridge\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x7, 0x18, 0x9, 0x3, 0x8, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x0, 0x2}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xb, 0x7}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r9)
socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8982, &(0x7f0000000140)={0x7, 'batadv_slave_0\x00', {0x400}, 0x3722})
sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010102}}}], 0x20}}], 0x1, 0x0)

1.978258983s ago: executing program 4 (id=3866):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x20, 0x3, 0x3, 0x801, 0x0, 0x0, {}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff, 0x3}}]}, 0x20}}, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x30, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_FLAGS={0x6}}]}, 0x30}}, 0x20000004) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x6d, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x8}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)

1.845573936s ago: executing program 4 (id=3869):
r0 = socket$inet6(0x10, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0080bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_pressure(r1, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
openat$cgroup_pressure(r1, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
write(r1, &(0x7f0000000000)="071c0165ff00fc020200000007100f000ee1000c", 0x14)

1.690225347s ago: executing program 2 (id=3873):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff?\x11\xc8\xdd\x15\xcc\xd2\xf1\xfb\'%\xa0\x00\x00\x00,'}, 0x30)
write$tun(r1, &(0x7f0000000000)=ANY=[], 0x38)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x10012, r1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4d4881, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000b80)='n', 0x1}], 0x1}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x0, 0x9, 0x7a8, 0x6}, 0x14)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x304}, "db57cda808852139", "252432e72844858a068b92a5a810f4dc", "11802ff5", "08e48ff0bf597edc"}, 0x28)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
close(r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newtaction={0x48, 0x30, 0x9e54f29ff072a93b, 0x0, 0x0, {}, [{0x34, 0x1, [@m_csum={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b02"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

1.591981563s ago: executing program 4 (id=3875):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x8, 0x1, 0x41}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
pipe(&(0x7f0000000600)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe(&(0x7f0000000500)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x60880, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETLINK(r7, 0x400454cd, 0x30c)
splice(r5, 0x0, r4, 0x0, 0xffffffffffff8000, 0x0)
close(r6)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x5e)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r9 = accept4(r8, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@assoc={0x18, 0x117, 0x4, 0xb}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x40800)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r9)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r10)
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x3, 0x81, 0x7fffffff, {}, {0x77359400}, {0x0, 0x1, 0x1, 0x1}, 0x1, @can={{0x1, 0x1, 0x0, 0x1}, 0x1, 0x2, 0x0, 0x0, "609910db5c2e4bbe"}}, 0x48}, 0x1, 0x0, 0x0, 0x10040000}, 0x200008c0)
sendmsg$nl_route_sched(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {0x1, 0xb}, {0xffff, 0xb}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x1, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x41)
sendmsg$nl_route_sched(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x70b925, 0x25dfdbff, {0x0, 0x0, 0x0, r12, {0x0, 0xe}, {0xb, 0xb}, {0x0, 0xb}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x24, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0x5}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x1}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r10, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1.570662605s ago: executing program 2 (id=3876):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e21}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0) (async, rerun: 64)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r3=>0x0}) (rerun: 64)
sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x2c, r2, 0x105, 0xffffffff, 0xd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0x8, 0x34, @random="5b69e68d"}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0x1f5804]}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x4004050) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_START_P2P_DEVICE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4001}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r2, 0x400, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x40010)

1.251108938s ago: executing program 2 (id=3879):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080))
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYRESOCT=r2, @ANYBLOB="7275f449c38adb455e2cdf0a41d2b9a4587c2c49333d3f95048755ba7acd544b5d1408ac31005dcbbad47e64fa67d4159075640a9b817dac1b6617069812b6a0ddddd482ed4d767290292f709760e8f677da4598eb9da82f32c1721946fb3c4a9302a7a255aaae3202dfe1d710119b401d464c6b48fb3a4ce62f2520fa1dd20f97a53aedc60263a7fdd05ef84f357cad7a04bdad9cd629477a89cc2a0c003ed9285209a4de039f99e2734661ae8483c3b2bd1c6c4791ffc83cb0147b5735e1bd37252e946fbb2bb8d4c6"], 0x7c}}, 0x4004005)
listen(r1, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x22, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000280)=0x2, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'sit0\x00', <r6=>0x0})
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x1, r6, 0x7}, 0x10)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r4, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000ffc000/0x4000)=nil, 0xb00, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff45, 0x1, 0x0, 0xfffffffffffffd80}, &(0x7f0000000380)=0x40)
r7 = accept(r1, 0x0, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r8, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r8, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0xfdef)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r9, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r7}, 0x47)
ppoll(&(0x7f0000000300), 0x0, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000002e00090025bd7000fddbdf250600000008000a"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x20040800)

1.061711515s ago: executing program 4 (id=3882):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000700)={0x2, 0x4e22, @remote}, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket(0x2, 0x5, 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x20, 0x20}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x6}]}, 0x24}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000001080)=0x8)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DEST(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x28, r9, 0x50dc85624ea6cf59, 0x0, 0x1, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c081}, 0x0)
sendmsg$IPVS_CMD_SET_SERVICE(r6, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x64, r9, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000000}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xf}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000040}, 0x400c000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
r10 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r10, 0x112, 0xb, &(0x7f00000030c0), 0x2)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002520702500000000690000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r11}, 0x10)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x7, 0xb3, 0x7f}, 0x50)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={r4, 0x808000}, 0x8)
getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={r4, 0x8, 0x9, 0x814}, &(0x7f0000000040)=0x10)
getpeername(r0, 0x0, 0x0)

968.885206ms ago: executing program 0 (id=3884):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
syz_emit_ethernet(0xdf, &(0x7f0000000a00)=ANY=[@ANYBLOB="000000000000bbbbbbbbbbbb0800450000d140400000002f9078ac1e00010a010102be0088be00bd90783b464408a1cd9bb9ab9ff9a9df0026ca829d6d290f60c8ed9403b8a3e41b25b21bb81ba611a27b680632dcc2412ecc0b1c172b3eb78d1cd1cf6633155c1405a64c609b67e38f8044bbae6b980210273041c3d5dc0513283b5fa722f4f6204ecb4559d8a0000fa1be4ce0c356c7e7fdd5ae38557792bcd6736c647d8872daaffd09d1d0f1fbe62b75ea21561e5fe1966093e09cc51bb072749088b2bb76d515ef6f00ac1f8f52885d82ddf86988f06a59b3d057368f4438eb191696b884569d9126e3056e8aae643f488126d7fa9d11ac28c43a360c3e223733faa3af54b9c4e1f6b3e540c38ea7e793f3b5311ea308573b5aaa3741988f00d391a3d8ea02b4ff782e7357df7c1cdf326f032a73a57f44bedccb30196ad924182e5f613c7e1362ad0460e5933ed5c0e2ce61469370765c95e22e76dd"], 0x0)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x7}, 0x4)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0xa7, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0c8636", @ANYRES16, @ANYBLOB="01000000000000000000420000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c325f64726f70730000000008008e0001000000"], 0x4c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x40, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0x2, 0xc}}]}}, @TCA_RATE={0x6, 0x5, {0xb, 0x40}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700))
setsockopt$packet_fanout_data(r2, 0x107, 0x16, 0x0, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r4, &(0x7f0000000280), 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="050000008008"], 0x80}}, 0x0)
close(r4)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[], 0x80}}, 0x0)

864.843286ms ago: executing program 0 (id=3886):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
connect$packet(0xffffffffffffffff, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x2}, 0x14)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
openat$tun(0xffffffffffffff9c, 0x0, 0x102, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x102, 0x0)
close(r1)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000300)=ANY=[], 0x8) (async)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000300)=ANY=[], 0x8)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) (async)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendto$inet6(r2, &(0x7f0000000740)="6eba4632ada130586e022e", 0xb, 0x43304, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="5c000000210021002cbd7000fedbdf2502141007020000000000010008000100e0000001080006000a0000000c000c40000000000000001e0c000c4000000000000000061800020006"], 0x5c}, 0x1, 0x0, 0x0, 0x40d5}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="560a0000000000006111bc00000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)

752.261452ms ago: executing program 0 (id=3887):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) (async)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="ec000000210001002dbd7000fedbdf25fe880000000000000000000000000101ac1414bb0000000000000000000000004e240002000700010a0080a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="af6b6e00010000009c0011001901010000000000000000000000000020010000000000000000000000000001ac14143e0000000000c8b10000000000ac1414bb00000000000000000000000032fcff00073500000a00020000000000000000000000020000000000ac1e01010000000000000000000000000a010102000000000000000000000000fe80000000000000000000000000002f33"], 0xec}}, 0x20000000) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000001740)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000040)=ANY=[], 0x12f4}, 0x1, 0x0, 0x0, 0x800}, 0x2004c008) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@newtclass={0x38, 0x28, 0x400, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xc}, {0xfff1, 0x5}, {0xfff3, 0xffff}}, [@tclass_kind_options=@c_ingress={0xc}, @TCA_RATE={0x6, 0x5, {0x2, 0xc8}}]}, 0x38}}, 0x400c) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}, @TCA_MPLS_BOS={0x5}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x6c}}, 0x0)

738.922008ms ago: executing program 3 (id=3889):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000000c0), r0)
sendmsg$NLBL_CALIPSO_C_LISTALL(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2c, r1, 0x100, 0x70bd2a, 0x25dfdbf9, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x24004052)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f00000001c0), r0)

656.325168ms ago: executing program 0 (id=3890):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x0, @multicast2}, 0x2}}, 0x26)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000340)={0x14, r5, 0x70d, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x8000)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x12, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000000000000000000000000850000003900000095"], &(0x7f00000003c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

637.058024ms ago: executing program 0 (id=3891):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {}, {}, {}, {}, {}, {0x2d}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0xec}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffaf}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0)

568.269852ms ago: executing program 3 (id=3893):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e1f, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x10)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10)
setsockopt$inet_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x6, 0x4)
sendto$inet(r0, &(0x7f0000000200)="99e15b31ddf371c220a3ea2b88cb8b3293a4ed918fc0ef210e411935a3a0d385342df221586192ce3df2c84b44049c37dc03800876b5420b27268679d1e26965c3cf90024066cd5fb1923f9f02f7cb1b8fb9f35c6b7d184078a098a2ac7e09b7c7fc6acfb795745ef5ad70fcfdd337adad780d005db4863d392dd14e64f2cc07197b5726f1ca1feb7899aa2ee502558eb02d8d5e62c8969f79107c4e86c25a00ec51b4148084e2fbcac9cea33b150a5a6de0bb56467b8e5ae19596f5794e79d6b5eec42e8ff9ae0a2d6e08911dc5b59c35e7030827ffc8925afb3c4cb5d575323e294d38b26861ff2925a473cb98bba98f0f34a8e7fd460699b3923bb6493a9a3528f791d4a32001b27ae5fffc41f98789f83706bd74670f5139045edc50dc8575fefd7b763deefbd6ea215b177cb4b014d5ac", 0x133, 0x20000801, 0x0, 0x0)

568.028846ms ago: executing program 0 (id=3894):
syz_emit_ethernet(0x52, &(0x7f0000000200)={@local, @random, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x7, 0xdf, [@local]}, @timestamp={0x44, 0xc, 0x5, 0x3, 0x0, [0x6, 0x0]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r2, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0xa}], 0x1, 0x2, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x8, 0x70bd2d, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x3d}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010100}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x8081)

535.847907ms ago: executing program 3 (id=3895):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x50)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000040000701fcffffff00000100017c0000040042800c00018006000600050a00000c00028008001780"], 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0x2000c000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.stat\x00', 0x275a, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={{0x14, 0x10, 0x1, 0x0, 0x84000000}, [@NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELCHAIN={0x50, 0x5, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6615c42}, @NFTA_HOOK_DEV={0x14, 0x3, 'dvmrp1\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWSETELEM={0x14, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}}], {0x14, 0x10}}, 0xb4}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r5)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, r6, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xea}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20040000)
write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRESHEX=r1, @ANYRES64=r1, @ANYRES16=r3, @ANYRESOCT=r6], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
syz_emit_ethernet(0x6e, &(0x7f00000002c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60f4adf700382c00fe800000000000000000000000000000ff0200000000000000000000000000013c000000000000002e0404020228b500fe8000000000000000000000000000aafc0000000000000000000000000000008100907800000000fc6aecc75e095ee03d259fbe8841310d987b6deb24bfbd89cd7e4e6958f5061304482016676b433fa7a018c0d7f2169bc8ffa46fa198e2222a0a2e79940e81f142ad95161e755fa66fbc4d88db3127dee65973dadbd5d67bae35d89da5df2a26bf2f64f96f4fb67d537e520dce3c8dacb3e793b4036116b7"], 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x0, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000780)=[{0x3, 0x4, 0x1, 0x7}, {0x1, 0x2, 0xc, 0x3}], 0x10, 0x80000000}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x3a0ffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r8=>0xffffffffffffffff})
shutdown(r8, 0x0)
recvmsg$unix(r8, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@cred={{0x1c, 0x1, 0x2, {<r9=>0x0}}}], 0x20}, 0x0)
syz_open_procfs$namespace(r9, 0x0)
r10 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r10, &(0x7f0000000000)={0x1, 0x5, 0x2, 0x0, 0x1}, 0x8)
write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
getsockopt$bt_hci(r1, 0x84, 0x2, 0x0, &(0x7f0000000700))

529.736328ms ago: executing program 1 (id=3896):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)={0x1c, 0x5e, 0xe25, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x6}]}]}, 0x1c}], 0x1}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900014073797a30000000000900030073797a3200000000a0000000060a010400000000000000000100000008000b400000000078000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000400001800c00010062697477697365003000028008000340000000020800014000000014080002400000f3110c000780080001008b1cae4808000640000000010900010073797a3000000000140000001100010000000000000000000700000a5f28fc25178d54616993e473a0e39e50f758d3f5ee9e79530eb394d0ec08874bb656e8dca467628d63e58bc25bbca78ae19816ba02687f2398bded922ac817b869dfaa41d134"], 0x114}}, 0x0)

436.307158ms ago: executing program 1 (id=3897):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000200)='blkio.throttle.read_iops_device\x00', 0x2, 0x0)
readv(r1, &(0x7f00000003c0)=[{&(0x7f0000001400)=""/227, 0xe3}], 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x6, 0x7fff)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="44000000100039040000000000000000000003e4", @ANYRES32=0x0, @ANYBLOB="4000006e640000000014000280050001000600000008000b0000", @ANYRES32=0x0, @ANYBLOB], 0x44}}, 0x0)

418.275448ms ago: executing program 3 (id=3898):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000040)={@private0={0xfc, 0x0, '\x00', 0x1}, @multicast2, 0x15, 0x4}})
getsockname$packet(r1, &(0x7f00000001c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xfffa, 0xfff3}, {0x0, 0xffe0}, {0x10, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r4 = socket$inet(0xa, 0x801, 0x84)
listen(r4, 0x8)
accept4(r4, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x9, &(0x7f00000002c0)=@framed={{}, [@jmp={0x6, 0x0, 0xc, 0x0, 0x0, 0x1, 0x25}, @func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @cb_func={0x18, 0x0, 0x4, 0x0, 0x2}, @exit]}, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x807}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
epoll_pwait(0xffffffffffffffff, &(0x7f0000000380)=[{}, {}, {}, {}, {}], 0x5, 0x0, &(0x7f0000000400), 0xffffffffffffff71)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYRES16=r6, @ANYBLOB="01000000000000000000030000004c0001800d0001007564703a73797a310000000038000400200001"], 0x60}}, 0x0)

416.099407ms ago: executing program 1 (id=3899):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x2, 0x5, @dev={0xfe, 0x80, '\x00', 0x10}, 0x7}, 0x1c)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x3, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804)
sendto$inet6(r0, 0x0, 0x0, 0x20000815, &(0x7f0000b63fe4)={0xa, 0x2, 0x5}, 0x1c)

288.218048ms ago: executing program 3 (id=3900):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=@bridge_setlink={0x17, 0x13, 0xa29, 0x0, 0x0, {}, [@IFLA_NUM_RX_QUEUES]}, 0x2c}}, 0x0) (async, rerun: 32)
r2 = accept4(r0, 0x0, 0x0, 0x0) (rerun: 32)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, 0x0, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x3}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x24000091}, 0x48000)
pipe(&(0x7f00000045c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
vmsplice(r4, &(0x7f0000001380)=[{&(0x7f0000001a00)="ce", 0x1}], 0x1, 0x8)
splice(r3, 0x0, r2, 0x0, 0x8000, 0x0)

283.586257ms ago: executing program 1 (id=3901):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="100100002e00090027bd70000000000004000000fa001780c4"], 0x110}, 0x1, 0x0, 0x0, 0x42845}, 0x84)
sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@ipmr_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x11, 0xfe, 0x6}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000d4}, 0x0)

229.327809ms ago: executing program 2 (id=3902):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000340), 0xffffffffffffffff)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), r0)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x4008010)

189.972795ms ago: executing program 1 (id=3903):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x4}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
ioctl$SIOCSIFMTU(r0, 0x8923, &(0x7f0000000000)={'veth1_vlan\x00', 0x1ba})

88.02266ms ago: executing program 4 (id=3904):
r0 = socket(0x9, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)={0x20, 0x40, 0x119, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x48814}, 0xc000)
r3 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000ac0)=@newqdisc={0x5c, 0x15, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x38, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}, {0x16, 0x2, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3, 0x0]}}]}]}, 0x5c}}, 0x0)
sendmmsg(r3, &(0x7f0000000a40)=[{{&(0x7f0000000280)=@in={0x2, 0x4e24, @remote}, 0x80, &(0x7f0000000300)=[{&(0x7f00000003c0)="029c655d0db5d0c499c0999f59049fb224ebe2674cd09bf37d7918a596b77f72e64e231b8a5a6e02bf5d6ec39c391f9f6da81d60a2183c8d23d3d713eb7e34844361d64b22b2732cc6", 0x49}, {&(0x7f0000000440)="9730cc7578a53a9d5f3afe3ca6c9d83b6ad9e2566d5b9bfc20b26664ee9ead5bfdaf0cffbc20f56f9a8a2fe95b260efcaecd96a592219d81a81a1023c97977b994c7b48a2bca46d40e0b5975e40d4353b607b84627bc1fe80ca869c6ecde0ab4561f7f3a61c695ae68267c6e6b9afd96ca0b401e0f8174d62eda19f47397f7c03737602ea931dc10a601bd6ba5292e8ac1b766d55f76624885e3fe802f68822351e1c3e63ed810da4f97b61beae3", 0xae}, {&(0x7f0000000500)="419ebf8f8fa54f0eade3ca0fd22e44ac11b8cc1ddfaeaf7bedcd1bf6aec39119b2c8024912c2b5b3a33b7f3420edddc83cc928e8de359b0a3af8f45a7fb3bd06277181887b52f9f9d020fd50c17c47066c7d25aaaa660ebd8376981020f5ced87fda805f9c21f86549f6b22a6b1251c4bdc5343fd181b2e4bc0156dc5e3e5a4c5c1fb3ba186359711722998210132ea11c79f81a", 0x94}, {&(0x7f0000000180)="66277a7f56c5c281e6dab0fee6f5563087950c08c85b36bf2a0e872f55894fddea96b05ac3aaa0e627", 0x29}], 0x4, &(0x7f00000005c0)=[{0xb8, 0x0, 0x3, "1ca087105d9307df128283843cf1489ddb5d0b178a8854b9162300bad3dca80d07638a06405b6c97200033f165e39fa20b75e0b623e82330c3566cbb36f349823e6baad15f3b09961b9a5634c97bd7a9b9f519ad9d7a607d793db47e0f6f6facfee9a372c01b93dd0897c450e025d9045545d6de6dafd8c915a4988f2a689e60208fb5cb9703d2b7b607fcb3f33f172d052fb580c10f0774c48d481058a9c04ed37731fe6b"}, {0x28, 0x10b, 0x3, "a808442fac8263ec0c0d53bfc0b44a21da"}], 0xe0}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000006c0)="780671ada4456c5a23feadd6a1bc59f044d9dbd953405bc37359b1b34f29a32192b56b85d1b3d2a197a0980d65f58bf085709050fa9ef971059d9534577cc11c9fd344c779dcbccd694e73b2461931fa15b0fa23a54cfeb3aadd658fe836e1d15d62c57098e4c8162f5f15bfaab1c3604478408ac61fcf6f98f6c28ab0417db8968b563fc5d856338a138d7f8ab953d3113770348ecacbc03b0ee11a23c2df798a067e37a859a73dfa306464bf03e8236318c10617f3b962492be5192b15b77e8a2760ccbf8273ea9732a2bf4f445b3c53e0659ad10b8622", 0xd8}, {&(0x7f00000007c0)}, {&(0x7f0000000800)="5f70bf836191a93ebe1b3bda019b7a7b112df7b712048170931920d9e5d26c178ab8fef747054719406808280205ed8408add172d792abf406e8a12a6b2afb4c67c0ff015d5272636150924bd88c33afc5c519f8fe6138fc1ee4f25b5d5e41a5c60ca36a2c91a7d7fc38cb52fab4e71294257510ea6761fbeccffb0a6becab6013e8247bd774a3fb11c03591b7158ecf2b3702e4f8d1796140fed65a6d9defff3b123e2f0ff0e48ac97055c04e822cd771b6732e1bd7d58444f6d9a6b4158fe74d5ab324b9f3b8cbbb145d166cec31ae4b3333", 0xd3}, {&(0x7f0000000980)="f17c364f4b0194ee6b005f55bb8419f4f87dd7590554a1c6cf4ffedaae4d7dcc87f676bc6dd59e4c91ae8064d36f7bbbce9b865dcc3eb9586b994dc0ed38c11610b8ae2ec839c3a40d3b96a40bff4ed65562966c1d761ebbb0dac66381149cdf957182dec829b8b7d18488db65887ad3459f341e16a75921aabc5b6e35c48f", 0x7f}], 0x4}}], 0x2, 0x90)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYRESDEC=r5], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800900010068617368000000002c00028008000640e80000ff08000140000000030800044020000003080003400000000408000240000000120900010073797a30000000000900020073797a32"], 0x94}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
recvmmsg(r4, &(0x7f00000036c0)=[{{&(0x7f0000000d80)=@xdp, 0x80, &(0x7f0000000f80)=[{&(0x7f0000000e00)=""/89, 0x59}, {&(0x7f0000000e80)=""/199, 0xc7}], 0x2}, 0x1b8c}, {{&(0x7f0000000fc0)=@vsock, 0x80, &(0x7f0000003580)=[{&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f0000001040)=""/51, 0x33}, {&(0x7f0000001080)=""/169, 0xa9}, {&(0x7f0000001140)=""/135, 0x87}, {&(0x7f0000001200)=""/176, 0xb0}, {&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f0000003300)=""/198, 0xc6}, {&(0x7f0000003400)=""/160, 0xa0}, {&(0x7f00000034c0)=""/148, 0x94}], 0x9, &(0x7f0000003640)=""/116, 0x74}, 0xd5}], 0x2, 0x100, &(0x7f0000003740)={0x0, 0x3938700})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x24, 0x2c, 0x1, 0x70bd2a, 0xffffeffe, {0x0, 0x0, 0x0, r7, {0xf000, 0xff48}, {0x0, 0xfff1}, {0x7, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x200040c0)
sendmsg$IPSET_CMD_HEADER(r6, &(0x7f0000000bc0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="6c0000000c06050000000000000000000000000505000100070000000900020073797a31cc1a07099f5d17ff73797a300000000009000200730100070000e50900020073797a310000000009000200d835254e4b8a8c8f73797a320000000009000200b769bf1cfe"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004890)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000d40)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000d00)={&(0x7f0000000c40)={0x9c, 0x0, 0x1, 0x101, 0x0, 0x0, {0x7, 0x0, 0x6}, [@CTA_SEQ_ADJ_ORIG={0x4}, @CTA_SYNPROXY={0xc, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x4}]}, @CTA_NAT_SRC={0x2c, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @local}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}]}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0x9, 0x1, 'syz0\x00'}}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}, @CTA_FILTER={0x24, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x22}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x180}, @CTA_FILTER_ORIG_FLAGS={0x8}, @CTA_FILTER_ORIG_FLAGS={0x8}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4000040}, 0x1)

86.747281ms ago: executing program 2 (id=3905):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000940)=ANY=[@ANYBLOB="b40800000000000073110e00000000008510000002000000b7000000000000009500c200000000009500001200000000830345f5b3f42590c416b734596006d9dec99bdcb359ce8c"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x70)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000200000000000000000073012b000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x90)
r0 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000000)=0x60)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vxcan1\x00'})

16.883311ms ago: executing program 1 (id=3906):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_MCAST_LEAVE_GROUP(r3, 0x0, 0x2d, &(0x7f0000000000)={0x0, {{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x10}}}}, 0x88)
r4 = openat$cgroup_procs(r2, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a)
write(r5, &(0x7f0000000000)="240000001a005f0400f9f407000904018000200000000000000000000800010000000000", 0x24)
write$cgroup_pid(r4, 0x0, 0x0)

14.979794ms ago: executing program 3 (id=3907):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x200000, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000002280)={@private0, 0x200000, 0x2, 0x0, 0x0, 0xfffd}, 0x20)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000540)={'team_slave_1\x00', &(0x7f0000000440)=@ethtool_dump={0x7f, 0x9, 0x81}})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b28, &(0x7f0000000000)={'wlan1\x00'})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000580)={0x80, r4, 0xb97534d5fe9704cf, 0x4, 0x200, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x3ff}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x602}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x43, 0xbe, "4ac0cc004796a83373e3035e956dd131a0f9634d30f85bc8db0984473d5704fe358322e98a095bbe7ff9a0205eaa029867aed7a349dbecb5b65855a06e3d6a"}]}, 0x80}, 0x1, 0x0, 0x0, 0x80c1}, 0x0)

0s ago: executing program 2 (id=3908):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@newlink={0x64, 0x10, 0x403, 0x70bd2b, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}, @IFLA_VLAN_EGRESS_QOS={0x4}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0xc0e}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x8, 0xffffc5e1}}]}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x64}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x6c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @loopback}]}]}, @IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}]}}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

kernel console output (not intermixed with test programs):

35][T14126] __nla_validate_parse: 21 callbacks suppressed
[  218.367955][T14126] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2299'.
[  218.405991][T14126] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2299'.
[  218.595806][T14137] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2304'.
[  218.698730][T14146] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2306'.
[  218.721022][T14146] bond1: left promiscuous mode
[  218.727314][T14146] bridge0: port 2(bond1) entered disabled state
[  218.809108][T14155] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  218.828524][ T5839] block nbd2: Receive control failed (result -32)
[  219.157055][T14179] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2315'.
[  219.369832][T14186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2317'.
[  219.492468][T14195] gtp1: entered promiscuous mode
[  219.503580][T14198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2318'.
[  219.515084][T14195] gtp1: entered allmulticast mode
[  219.544103][T14199] netlink: 81 bytes leftover after parsing attributes in process `syz.4.2321'.
[  219.560722][T14197] validate_nla: 2 callbacks suppressed
[  219.560739][T14197] netlink: 'syz.4.2321': attribute type 21 has an invalid length.
[  219.575373][T14197] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2321'.
[  219.601041][T14204] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2322'.
[  219.936118][T14224] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  220.052983][T14234] netlink: 'syz.1.2330': attribute type 1 has an invalid length.
[  220.122109][T14232] bond8: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  220.984343][T14300] netlink: 'syz.2.2351': attribute type 1 has an invalid length.
[  220.992286][T14300] netlink: 'syz.2.2351': attribute type 4 has an invalid length.
[  221.159726][T14317] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  221.300558][T14328] vlan3: entered allmulticast mode
[  221.317537][T14328] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  221.407419][T14335] bond12: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-tlb(5)
[  221.423939][T14335] bond12 (unregistering): Released all slaves
[  222.853438][T14364] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  222.928052][T14370] netlink: 'syz.1.2373': attribute type 1 has an invalid length.
[  222.929370][T14366] bridge0: entered promiscuous mode
[  222.972778][T14366] bridge0: entered allmulticast mode
[  222.986785][T14366] team0: Port device bridge0 added
[  223.029036][T14376] bridge0: port 1(team0) entered blocking state
[  223.053421][T14376] bridge0: port 1(team0) entered disabled state
[  223.112883][T14376] team0: entered allmulticast mode
[  223.145055][T14376] team0: left allmulticast mode
[  223.349099][T14404] netlink: 'syz.4.2382': attribute type 2 has an invalid length.
[  223.373454][T14404] netlink: 'syz.4.2382': attribute type 1 has an invalid length.
[  223.434611][T14413] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  223.539905][T14421] __nla_validate_parse: 12 callbacks suppressed
[  223.539922][T14421] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2388'.
[  223.664994][T14426] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2389'.
[  223.857526][T14435] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  224.025665][T14446] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2396'.
[  224.110925][T14452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2396'.
[  224.120468][T14452] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2396'.
[  224.225090][T14413] tipc: Resetting bearer <eth:syzkaller0>
[  224.231820][T14450] netlink: 'syz.2.2397': attribute type 29 has an invalid length.
[  224.243556][T14454] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  224.250835][T14454] IPv6: NLM_F_CREATE should be set when creating new route
[  224.258276][T14454] IPv6: NLM_F_CREATE should be set when creating new route
[  224.265602][T14454] IPv6: NLM_F_CREATE should be set when creating new route
[  224.284020][T14411] tipc: Disabling bearer <eth:syzkaller0>
[  224.405605][T14450] netlink: 'syz.2.2397': attribute type 1 has an invalid length.
[  224.528120][T14451] netlink: 'syz.2.2397': attribute type 29 has an invalid length.
[  225.004942][T14473] team0 (unregistering): Port device bridge0 removed
[  225.254930][T14507] vcan0: entered allmulticast mode
[  225.470836][T14519] syz_tun: entered allmulticast mode
[  225.544349][T14531] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  225.579834][T14525] netlink: 'syz.0.2416': attribute type 11 has an invalid length.
[  225.604266][T14525] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2416'.
[  225.683803][T14543] validate_nla: 2 callbacks suppressed
[  225.683821][T14543] netlink: 'syz.4.2421': attribute type 12 has an invalid length.
[  225.710334][T14535] syz_tun: left allmulticast mode
[  225.893850][T14559] openvswitch: netlink: IP tunnel dst address not specified
[  225.939905][T14569] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2425'.
[  225.950779][T14563] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2429'.
[  226.002855][T14569] workqueue: Failed to create a rescuer kthread for wq "bond13": -EINTR
[  226.077837][T14575] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2431'.
[  226.094746][T14579] netlink: 'syz.1.2433': attribute type 1 has an invalid length.
[  226.130213][T14575] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2431'.
[  226.231785][T14584] wg2: entered promiscuous mode
[  226.236686][T14584] wg2: entered allmulticast mode
[  226.380505][T14590] team0: Port device team_slave_0 removed
[  226.475074][T14604] syzkaller0: entered promiscuous mode
[  226.481321][T14604] syzkaller0: entered allmulticast mode
[  226.619182][T14613] openvswitch: netlink: Message has 8 unknown bytes.
[  226.637440][T14613] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  226.894928][T14625] netlink: 'syz.1.2449': attribute type 1 has an invalid length.
[  226.903466][T14626] netlink: 'syz.1.2449': attribute type 1 has an invalid length.
[  227.193540][T14659] xt_TCPMSS: Only works on TCP SYN packets
[  227.324451][T14664] netlink: 'syz.1.2459': attribute type 29 has an invalid length.
[  227.342289][T14663] netlink: 'syz.1.2459': attribute type 29 has an invalid length.
[  227.356417][T14664] unsupported nla_type 58
[  227.474653][T14673] xt_addrtype: ipv6 BLACKHOLE matching not supported
[  227.756623][T14694] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  228.154900][T14712] netlink: 'syz.4.2475': attribute type 1 has an invalid length.
[  228.247885][T14717] xfrm1: entered promiscuous mode
[  228.259810][T14717] xfrm1: entered allmulticast mode
[  229.559268][T14778] netlink: 'syz.2.2492': attribute type 1 has an invalid length.
[  229.703751][T14790] netlink: 'syz.1.2499': attribute type 2 has an invalid length.
[  229.740939][T14785] bond13: down delay (33554432) is not a multiple of miimon (640), value rounded to 33553920 ms
[  229.752895][T14791] netlink: 'syz.2.2500': attribute type 10 has an invalid length.
[  229.773007][T14791] dummy0: left promiscuous mode
[  229.815522][T14798] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  229.854700][T14798] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  229.928044][T14810] __nla_validate_parse: 19 callbacks suppressed
[  229.928059][T14810] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2505'.
[  229.969031][T14812] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2506'.
[  229.984635][T14812] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2506'.
[  230.010354][T14812] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2506'.
[  230.019543][T14812] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2506'.
[  230.058204][T14818] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2507'.
[  230.091982][  T324] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  230.104173][  T324] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  230.123840][  T324] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  230.152379][  T324] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  230.219663][T14825] openvswitch: netlink: Flow key attr not present in new flow.
[  230.268803][T14831] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2512'.
[  230.522137][T14851] openvswitch: netlink: IP tunnel dst address not specified
[  230.821909][T14872] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  231.383273][T14920] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2537'.
[  231.403859][T14920] ip6gre2: entered promiscuous mode
[  231.409262][T14920] ip6gre2: entered allmulticast mode
[  231.676384][T14940] siw: device registration error -23
[  231.708081][T14940] siw: device registration error -23
[  231.794728][T14947] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  231.859018][T14948] bond4: option arp_all_targets: invalid value (18446744073709551613)
[  231.877101][T14948] bond4 (unregistering): Released all slaves
[  231.922342][T14949] bridge6: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  231.943522][T14953] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  232.299171][T14973] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  232.322038][T14973] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  232.477998][T14984] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2555'.
[  232.560142][ T5839] Bluetooth: hci1: command 0x0406 tx timeout
[  232.790080][T15012] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2563'.
[  233.056302][T15038] validate_nla: 2 callbacks suppressed
[  233.056319][T15038] netlink: 'syz.2.2570': attribute type 1 has an invalid length.
[  233.071251][T15040] netlink: 'syz.0.2571': attribute type 1 has an invalid length.
[  233.079598][T15034] netlink: 'syz.2.2570': attribute type 1 has an invalid length.
[  233.165609][T15048] bond4: (slave bridge6): making interface the new active one
[  233.176608][T15048] bond4: (slave bridge6): Enslaving as an active interface with an up link
[  233.386698][T15068] IPVS: set_ctl: invalid protocol: 33 255.255.255.255:20000
[  233.606765][T15085] af_packet: tpacket_rcv: packet too big, clamped from 2906 to 4294967272. macoff=96
[  234.269018][T15116] netlink: 'syz.2.2596': attribute type 1 has an invalid length.
[  234.965553][T15155] bond9: option xmit_hash_policy: invalid value (64)
[  234.975825][T15155] bond9 (unregistering): Released all slaves
[  235.019262][T15156] __nla_validate_parse: 7 callbacks suppressed
[  235.019279][T15156] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2606'.
[  235.035870][T15156] block nbd3: Unsupported socket: should be TCP or UNIX.
[  235.059383][T15164] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2608'.
[  235.081772][T15164] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2608'.
[  235.121980][T15161] syzkaller0: entered promiscuous mode
[  235.131056][T15161] syzkaller0: entered allmulticast mode
[  235.403383][T15172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2610'.
[  235.491647][T15186] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2613'.
[  235.622956][T15192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2617'.
[  235.730406][T15203] siw: device registration error -23
[  235.916264][T15215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2622'.
[  235.972711][T15215] bond5: option xmit_hash_policy: invalid value (64)
[  236.116677][T15215] bond5 (unregistering): Released all slaves
[  236.321506][T15241] netlink: 'syz.0.2629': attribute type 21 has an invalid length.
[  236.333445][T15241] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2629'.
[  236.347808][T15241] netlink: 'syz.0.2629': attribute type 4 has an invalid length.
[  236.356687][T15241] netlink: 'syz.0.2629': attribute type 5 has an invalid length.
[  236.364718][T15241] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2629'.
[  236.495052][T15248] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2631'.
[  237.368161][T15310] netlink: 'syz.4.2653': attribute type 10 has an invalid length.
[  237.486498][T15310] netlink: 'syz.4.2653': attribute type 11 has an invalid length.
[  237.688090][T15329] bridge0: left promiscuous mode
[  237.697895][T15335] x_tables: unsorted entry at hook 2
[  237.697905][T15329] bridge0: left allmulticast mode
[  238.719246][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  238.748725][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  238.757450][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  238.778997][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  238.790410][T15390] netlink: 'syz.2.2673': attribute type 1 has an invalid length.
[  238.798440][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  238.847881][T15386] lo speed is unknown, defaulting to 1000
[  239.189632][T15411] nbd3: detected capacity change from 0 to 127
[  239.205614][ T5839] block nbd3: Receive control failed (result -32)
[  239.317286][T15415] syz.2.2681: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  239.332639][T15415] CPU: 0 UID: 0 PID: 15415 Comm: syz.2.2681 Not tainted syzkaller #0 PREEMPT(full) 
[  239.332667][T15415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  239.332678][T15415] Call Trace:
[  239.332686][T15415]  <TASK>
[  239.332694][T15415]  dump_stack_lvl+0x189/0x250
[  239.332727][T15415]  ? __pfx_dump_stack_lvl+0x10/0x10
[  239.332749][T15415]  ? __pfx__printk+0x10/0x10
[  239.332769][T15415]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  239.332791][T15415]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  239.332815][T15415]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  239.332861][T15415]  warn_alloc+0x214/0x310
[  239.332885][T15415]  ? stack_depot_save_flags+0x40/0x860
[  239.332916][T15415]  ? __pfx_warn_alloc+0x10/0x10
[  239.332952][T15415]  ? kasan_save_track+0x3e/0x80
[  239.332974][T15415]  ? __kasan_kmalloc+0x93/0xb0
[  239.332997][T15415]  ? xsk_setsockopt+0x4dc/0x8d0
[  239.333014][T15415]  ? do_sock_setsockopt+0x17c/0x1b0
[  239.333029][T15415]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  239.333042][T15415]  ? do_syscall_64+0xfa/0xfa0
[  239.333062][T15415]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.333088][T15415]  __vmalloc_node_range_noprof+0x125/0x12d0
[  239.333139][T15415]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  239.333165][T15415]  ? __kasan_kmalloc+0x93/0xb0
[  239.333194][T15415]  vmalloc_user_noprof+0xad/0xf0
[  239.333214][T15415]  ? xskq_create+0xbf/0x170
[  239.333236][T15415]  xskq_create+0xbf/0x170
[  239.333258][T15415]  xsk_init_queue+0xb0/0x110
[  239.333281][T15415]  xsk_setsockopt+0x4dc/0x8d0
[  239.333302][T15415]  ? __pfx_xsk_setsockopt+0x10/0x10
[  239.333324][T15415]  ? __pfx_aa_sk_perm+0x10/0x10
[  239.333348][T15415]  ? aa_sock_opt_perm+0xff/0x1b0
[  239.333374][T15415]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  239.333389][T15415]  ? __pfx_xsk_setsockopt+0x10/0x10
[  239.333410][T15415]  do_sock_setsockopt+0x17c/0x1b0
[  239.333429][T15415]  __x64_sys_setsockopt+0x13f/0x1b0
[  239.333452][T15415]  do_syscall_64+0xfa/0xfa0
[  239.333472][T15415]  ? lockdep_hardirqs_on+0x9c/0x150
[  239.333494][T15415]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.333511][T15415]  ? clear_bhb_loop+0x60/0xb0
[  239.333530][T15415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.333546][T15415] RIP: 0033:0x7f7831d8f6c9
[  239.333562][T15415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.333576][T15415] RSP: 002b:00007f7832c71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  239.333595][T15415] RAX: ffffffffffffffda RBX: 00007f7831fe5fa0 RCX: 00007f7831d8f6c9
[  239.333608][T15415] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  239.333618][T15415] RBP: 00007f7831e11f91 R08: 0000000000000004 R09: 0000000000000000
[  239.333628][T15415] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  239.333639][T15415] R13: 00007f7831fe6038 R14: 00007f7831fe5fa0 R15: 00007ffc42caef08
[  239.333671][T15415]  </TASK>
[  239.333678][T15415] Mem-Info:
[  239.628066][T15415] active_anon:3890 inactive_anon:0 isolated_anon:0
[  239.628066][T15415]  active_file:2436 inactive_file:39940 isolated_file:0
[  239.628066][T15415]  unevictable:768 dirty:50 writeback:0
[  239.628066][T15415]  slab_reclaimable:12153 slab_unreclaimable:105974
[  239.628066][T15415]  mapped:31951 shmem:1358 pagetables:891
[  239.628066][T15415]  sec_pagetables:0 bounce:0
[  239.628066][T15415]  kernel_misc_reclaimable:0
[  239.628066][T15415]  free:1317318 free_pcp:16191 free_cma:0
[  239.673446][T15415] Node 0 active_anon:15560kB inactive_anon:0kB active_file:9744kB inactive_file:159560kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131904kB dirty:200kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13608kB pagetables:3436kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  239.712072][T15415] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  239.742277][T15415] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  239.772642][T15415] lowmem_reserve[]: 0 2505 2505 2505 2505
[  239.778477][T15415] Node 0 DMA32 free:1365832kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15560kB inactive_anon:0kB active_file:9744kB inactive_file:159560kB unevictable:1536kB writepending:200kB zspages:0kB present:3129332kB managed:2565160kB mlocked:0kB bounce:0kB free_pcp:46976kB local_pcp:25832kB free_cma:0kB
[  239.812823][T15415] lowmem_reserve[]: 0 0 0 0 0
[  239.817590][T15415] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  239.847258][T15415] lowmem_reserve[]: 0 0 0 0 0
[  239.852304][T15415] Node 1 Normal free:3888080kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:17576kB local_pcp:8744kB free_cma:0kB
[  239.884773][T15415] lowmem_reserve[]: 0 0 0 0 0
[  239.889588][T15415] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  239.902377][T15415] Node 0 DMA32: 274*4kB (UME) 944*8kB (UM) 236*16kB (UME) 228*32kB (UME) 149*64kB (UME) 48*128kB (UME) 49*256kB (UME) 40*512kB (UME) 11*1024kB (UM) 4*2048kB (UME) 312*4096kB (UM) = 1365832kB
[  239.921823][T15415] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  239.933384][T15415] Node 1 Normal: 198*4kB (UME) 53*8kB (UME) 37*16kB (UME) 98*32kB (UME) 32*64kB (UME) 7*128kB (UME) 3*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3888080kB
[  239.951684][T15415] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  239.961454][T15415] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  239.970964][T15415] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  239.980699][T15415] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  239.990146][T15415] 43731 total pagecache pages
[  239.994845][T15415] 0 pages in swap cache
[  239.999039][T15415] Free swap  = 124996kB
[  240.003297][T15415] Total swap = 124996kB
[  240.007470][T15415] 2097051 pages RAM
[  240.011601][T15415] 0 pages HighMem/MovableOnly
[  240.016303][T15415] 424119 pages reserved
[  240.020543][T15415] 0 pages cma reserved
[  240.793503][T15418] __nla_validate_parse: 12 callbacks suppressed
[  240.793522][T15418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2681'.
[  240.828274][T15418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2681'.
[  240.843129][T15418] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2681'.
[  240.879687][ T5839] Bluetooth: hci0: command tx timeout
[  240.952160][T15431] netlink: 'syz.3.2684': attribute type 1 has an invalid length.
[  241.034649][T15431] veth0_to_bond: left allmulticast mode
[  241.153476][T15386] chnl_net:caif_netlink_parms(): no params data found
[  241.200726][T15445] netlink: 'syz.0.2688': attribute type 1 has an invalid length.
[  241.251058][T15451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  241.377792][T15386] bridge0: port 1(bridge_slave_0) entered blocking state
[  241.385487][T15386] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.393432][T15386] bridge_slave_0: entered allmulticast mode
[  241.401667][T15386] bridge_slave_0: entered promiscuous mode
[  241.412560][T15386] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.420405][T15386] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.427766][T15386] bridge_slave_1: entered allmulticast mode
[  241.435549][T15386] bridge_slave_1: entered promiscuous mode
[  241.492406][T15386] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  241.505091][T15386] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  241.566965][T15386] team0: Port device team_slave_0 added
[  241.578440][T15386] team0: Port device team_slave_1 added
[  241.592465][T15468] netlink: 'syz.2.2694': attribute type 1 has an invalid length.
[  241.641919][T15468] bond9: entered promiscuous mode
[  241.647795][T15468] bond9: entered allmulticast mode
[  241.653524][T15468] 8021q: adding VLAN 0 to HW filter on device bond9
[  241.685428][T15475] macvlan3: entered promiscuous mode
[  241.691258][T15475] macvlan3: entered allmulticast mode
[  241.698461][T15475] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  241.734631][T15386] batman_adv: batadv0: Adding interface: batadv_slave_0
[  241.738488][T15479] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  241.742353][T15386] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  241.777952][T15386] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  241.800697][T15386] batman_adv: batadv0: Adding interface: batadv_slave_1
[  241.809824][T15386] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  241.856951][T15386] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  242.097953][T15386] hsr_slave_0: entered promiscuous mode
[  242.120724][T15386] hsr_slave_1: entered promiscuous mode
[  242.127171][T15386] debugfs: 'hsr0' already exists in 'hsr'
[  242.145531][T15386] Cannot create hsr debugfs directory
[  242.166515][T15502] netlink: 248 bytes leftover after parsing attributes in process `syz.4.2705'.
[  242.224319][T15502] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2705'.
[  242.234052][T15502] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2705'.
[  242.316398][T15502] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2705'.
[  242.336671][T15502] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2705'.
[  242.484424][T15519] netlink: 648 bytes leftover after parsing attributes in process `syz.4.2712'.
[  242.502994][T15519] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2712'.
[  242.569708][T15386] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  242.665614][T15386] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  242.765603][T15386] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  242.835234][T15386] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  242.874852][T15540] Bluetooth: MGMT ver 1.23
[  242.959779][ T5839] Bluetooth: hci0: command tx timeout
[  243.313948][T15386] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  243.331946][T15386] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  243.417244][T15546] 8021q: VLANs not supported on wlan0
[  243.423586][T15386] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  243.451058][T15386] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  243.544555][T15386] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.562773][T15386] 8021q: adding VLAN 0 to HW filter on device team0
[  243.575439][ T1326] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.582562][ T1326] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.596436][T12220] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.603620][T12220] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.743739][T15559] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  244.264522][T15386] 8021q: adding VLAN 0 to HW filter on device batadv0
[  244.359617][T15386] veth0_vlan: entered promiscuous mode
[  244.600278][T15386] veth1_vlan: entered promiscuous mode
[  244.689006][T15386] veth0_macvtap: entered promiscuous mode
[  244.722935][T15386] veth1_macvtap: entered promiscuous mode
[  244.757488][T15386] batman_adv: batadv0: Interface activated: batadv_slave_0
[  244.774665][T15386] batman_adv: batadv0: Interface activated: batadv_slave_1
[  244.854519][  T324] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  244.872798][  T324] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  244.902160][  T324] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  244.915046][  T324] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  244.984689][T15628] bridge0: port 3(batadv0) entered blocking state
[  244.993305][T15628] bridge0: port 3(batadv0) entered disabled state
[  245.000022][T15628] batadv0: entered allmulticast mode
[  245.008359][T15628] batadv0: entered promiscuous mode
[  245.040357][ T5839] Bluetooth: hci0: command tx timeout
[  245.092014][T12222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  245.108334][T12222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  245.156568][T12220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  245.181172][T12220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  245.481069][T12222] batman_adv: batadv0: IGMP Querier appeared
[  245.487117][T12222] batman_adv: batadv0: MLD Querier appeared
[  245.907210][T15684] __nla_validate_parse: 7 callbacks suppressed
[  245.907228][T15684] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2755'.
[  245.925225][T15684] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2755'.
[  245.934463][T15684] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2755'.
[  245.996542][T15687] delete_channel: no stack
[  246.144285][T15695] openvswitch: netlink: Flow actions attr not present in new flow.
[  246.307632][T15705] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  246.322668][T15705] syzkaller0: entered promiscuous mode
[  246.328370][T15705] syzkaller0: entered allmulticast mode
[  246.340707][T15705] tipc: Resetting bearer <eth:syzkaller0>
[  246.374636][T15711] netlink: 'syz.0.2764': attribute type 1 has an invalid length.
[  246.382665][T15711] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2764'.
[  246.396788][T15711] xfrm0: mtu less than device minimum
[  246.414366][T15704] tipc: Resetting bearer <eth:syzkaller0>
[  246.436184][T15704] tipc: Disabling bearer <eth:syzkaller0>
[  246.449602][T15713] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  246.495404][T15717] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2767'.
[  246.529689][T15719] netlink: 404 bytes leftover after parsing attributes in process `syz.3.2766'.
[  246.551140][T15719] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2766'.
[  246.567865][T15719] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2766'.
[  246.590481][T15719] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2766'.
[  246.615126][T15726] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2766'.
[  246.725577][T15729] mac80211_hwsim hwsim11 �
: renamed from wlan1
[  247.119596][ T5839] Bluetooth: hci0: command tx timeout
[  247.166625][T15759] tipc: Started in network mode
[  247.173561][T15759] tipc: Node identity e6d77244adba, cluster identity 4711
[  247.181831][T15759] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  247.190191][T15759] syzkaller0: entered promiscuous mode
[  247.195685][T15759] syzkaller0: entered allmulticast mode
[  247.203216][T15760] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  247.231545][T15759] tipc: Resetting bearer <eth:syzkaller0>
[  247.262118][T15757] tipc: Resetting bearer <eth:syzkaller0>
[  247.295161][T15757] tipc: Disabling bearer <eth:syzkaller0>
[  247.503321][T15773] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  247.516112][T15772] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  248.341684][T15838] 8021q: adding VLAN 0 to HW filter on device ipvlan3
[  248.355961][T15838] bond0: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  248.810935][T15879] netlink: 'syz.4.2813': attribute type 1 has an invalid length.
[  248.823838][T15877] netlink: 'syz.4.2813': attribute type 1 has an invalid length.
[  248.846727][T15880] veth0: entered promiscuous mode
[  248.921566][T15876] veth0: left promiscuous mode
[  249.334178][T15920] tunl0: Caught tx_queue_len zero misconfig
[  249.370414][T15907] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6)
[  249.487573][T15928] syzkaller0: entered promiscuous mode
[  249.508918][T15928] syzkaller0: entered allmulticast mode
[  249.562710][T15930] netlink: 'syz.2.2829': attribute type 9 has an invalid length.
[  250.198148][T15966] netlink: 'syz.4.2837': attribute type 1 has an invalid length.
[  250.244058][T15966] 8021q: adding VLAN 0 to HW filter on device bond14
[  250.276939][T15966] bond14: (slave veth17): Enslaving as an active interface with a down link
[  250.312115][T15966] bond14: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  250.412198][T15972] netlink: 'syz.2.2839': attribute type 2 has an invalid length.
[  250.418902][T15966] bond14: (slave veth19): Enslaving as an active interface with a down link
[  250.450138][T15972] �9: entered promiscuous mode
[  250.641100][T15982] macvtap1: entered promiscuous mode
[  250.646586][T15982] vlan0: entered promiscuous mode
[  250.654607][T15982] macvtap1: entered allmulticast mode
[  250.668937][T15982] vlan0: entered allmulticast mode
[  250.688768][T15982] veth0_vlan: entered allmulticast mode
[  250.708228][T15986] macvtap2: entered promiscuous mode
[  250.714296][T15986] macvtap2: entered allmulticast mode
[  250.862664][T15999] openvswitch: netlink: Key type 234 is out of range max 32
[  250.948309][T15997] __nla_validate_parse: 19 callbacks suppressed
[  250.948326][T15997] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2847'.
[  250.981207][T16011] syzkaller1: entered promiscuous mode
[  250.986786][T16011] syzkaller1: entered allmulticast mode
[  251.900099][T16044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2860'.
[  251.930752][T16049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2860'.
[  251.941286][T16049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2860'.
[  252.106312][T16064] : entered promiscuous mode
[  252.491912][T16095] sctp: [Deprecated]: syz.0.2871 (pid 16095) Use of int in maxseg socket option.
[  252.491912][T16095] Use struct sctp_assoc_value instead
[  252.510625][T16094] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  252.518236][T16094] syzkaller0: entered promiscuous mode
[  252.550375][T16094] syzkaller0: entered allmulticast mode
[  252.686031][T16094] tipc: Resetting bearer <eth:syzkaller0>
[  252.694282][T16093] tipc: Resetting bearer <eth:syzkaller0>
[  252.783217][T16093] tipc: Disabling bearer <eth:syzkaller0>
[  253.032687][T16121] bond15: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  253.048344][T16121] bond15 (unregistering): Released all slaves
[  253.167541][T16130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2881'.
[  253.187253][T16130] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2881'.
[  253.518091][T16157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  253.714288][T16164] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  253.726059][T16164] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.739792][T16120] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  253.745879][T16120] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  253.760908][T16120] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  253.766828][T16120] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  253.776927][T16120] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  253.783075][T16120] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  253.795448][T16120] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  253.801708][T16120] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  253.828933][T16164] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  253.841475][T16164] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.908716][T16164] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  253.920092][T16164] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.116265][ T1352] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  254.124995][ T1352] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  254.143498][ T1352] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  254.153023][ T1352] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  254.172645][ T1326] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  254.181137][ T1326] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  254.196665][ T1326] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  254.205105][ T1326] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  254.226609][T16152] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  254.236178][T16120] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  254.251211][T16120] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  254.296429][T16173] IPVS: set_ctl: invalid protocol: 1 172.30.0.5:20000
[  254.544678][T16181] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2895'.
[  254.609297][T16183] netlink: 'syz.0.2895': attribute type 9 has an invalid length.
[  255.452469][T16208] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2901'.
[  255.494202][T16208] bond10 (unregistering): Released all slaves
[  255.515405][   T30] audit: type=1804 audit(1762760555.859:7): pid=16213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2904" name="/newroot/36/cgroup.controllers" dev="tmpfs" ino=202 res=1 errno=0
[  255.539152][   T30] audit: type=1800 audit(1762760555.859:8): pid=16213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2904" name="cgroup.controllers" dev="tmpfs" ino=202 res=0 errno=0
[  255.694772][T16222] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  255.705808][T16222] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2907'.
[  255.716538][T16222] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2907'.
[  255.736615][T16222] 8021q: adding VLAN 0 to HW filter on device ipvlan3
[  255.746476][T16222] bond0: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  255.975334][T16238] __nla_validate_parse: 1 callbacks suppressed
[  255.975350][T16238] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2911'.
[  256.138363][T16248] macvtap1: entered promiscuous mode
[  256.144513][T16248] macvtap1: entered allmulticast mode
[  256.220045][T16252] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2918'.
[  256.229318][T16252] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2918'.
[  256.334601][T16261] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2920'.
[  256.374363][T16265] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2922'.
[  256.435601][T16266] syzkaller0: entered promiscuous mode
[  256.445208][T16266] syzkaller0: entered allmulticast mode
[  256.470975][T16266] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  256.508171][T16271] lo speed is unknown, defaulting to 1000
[  256.525633][T16271] netlink: 'syz.3.2924': attribute type 9 has an invalid length.
[  256.535088][T16271] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2924'.
[  256.671852][T16277] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2925'.
[  256.789318][T16288] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2930'.
[  256.801745][T16287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2930'.
[  256.811424][T16287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2930'.
[  256.956467][T16300] netlink: 'syz.3.2934': attribute type 1 has an invalid length.
[  256.977569][T16300] workqueue: Failed to create a rescuer kthread for wq "bond10": -EINTR
[  257.036690][T16313] syzkaller0: entered promiscuous mode
[  257.070531][T16313] syzkaller0: entered allmulticast mode
[  257.433282][T16338] syz_tun: entered allmulticast mode
[  257.574221][T16351] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  257.638236][T16342] syzkaller0: entered promiscuous mode
[  257.645799][T16352] netlink: 'syz.4.2945': attribute type 15 has an invalid length.
[  257.654430][T16342] syzkaller0: entered allmulticast mode
[  257.742198][T16351] tipc: Resetting bearer <eth:syzkaller0>
[  257.844553][T16341] tipc: Resetting bearer <eth:syzkaller0>
[  257.892422][T16341] tipc: Disabling bearer <eth:syzkaller0>
[  258.134604][T16379] openvswitch: netlink: Missing key (keys=40, expected=80)
[  258.735373][T16411] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  258.833170][T16415] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  258.844229][T16415] syzkaller0: entered promiscuous mode
[  258.849848][T16415] syzkaller0: entered allmulticast mode
[  258.895175][T16415] tipc: Resetting bearer <eth:syzkaller0>
[  258.904252][T16414] tipc: Resetting bearer <eth:syzkaller0>
[  258.930500][T16414] tipc: Disabling bearer <eth:syzkaller0>
[  259.205535][T16425] bond15: option active_slave: mode dependency failed, not supported in mode balance-xor(2)
[  259.227816][T16425] bond15 (unregistering): Released all slaves
[  259.671561][T16463] 8021q: adding VLAN 0 to HW filter on device bond15
[  259.755453][T16463] 8021q: adding VLAN 0 to HW filter on device bond15
[  259.772518][T16463] bond15: (slave vxcan5): The slave device specified does not support setting the MAC address
[  259.814098][T16463] bond15: (slave vxcan5): Error -95 calling set_mac_address
[  260.288151][T16492] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  260.405403][T16491] tipc: Disabling bearer <eth:syzkaller0>
[  260.604312][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  260.614581][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  260.623262][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  260.640247][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  260.648314][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  260.667431][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  260.669103][T12222] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.687172][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  260.706196][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  260.714478][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  260.724089][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  260.838151][T12222] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.874809][T16508] lo speed is unknown, defaulting to 1000
[  260.974355][T12222] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.000612][T16533] IPv6: NLM_F_CREATE should be specified when creating new route
[  261.096562][T12222] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.127039][T16539] __nla_validate_parse: 19 callbacks suppressed
[  261.127056][T16539] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.3003'.
[  261.234929][T16544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3005'.
[  261.494799][T16560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  261.543083][T16508] chnl_net:caif_netlink_parms(): no params data found
[  261.611404][T12222] batadv0: left allmulticast mode
[  261.618574][T12222] batadv0: left promiscuous mode
[  261.625547][T12222] bridge0: port 3(batadv0) entered disabled state
[  261.635683][T12222] bridge_slave_1: left allmulticast mode
[  261.642137][T12222] bridge_slave_1: left promiscuous mode
[  261.647927][T12222] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.656548][T16572] netlink: 592 bytes leftover after parsing attributes in process `syz.4.3012'.
[  261.667014][T12222] bridge_slave_0: left allmulticast mode
[  261.674266][T12222] bridge_slave_0: left promiscuous mode
[  261.680391][T12222] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.693169][T16580] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3014'.
[  261.707998][T12222] veth7: left allmulticast mode
[  261.713674][T12222] veth7: left promiscuous mode
[  261.718628][T12222] bridge1: port 2(veth7) entered disabled state
[  261.732330][T12222] veth5: left allmulticast mode
[  261.733915][T16581] syz.3.3013: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  261.737359][T12222] veth5: left promiscuous mode
[  261.755624][T16581] CPU: 0 UID: 0 PID: 16581 Comm: syz.3.3013 Not tainted syzkaller #0 PREEMPT(full) 
[  261.755648][T16581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  261.755659][T16581] Call Trace:
[  261.755666][T16581]  <TASK>
[  261.755674][T16581]  dump_stack_lvl+0x189/0x250
[  261.755703][T16581]  ? __pfx_dump_stack_lvl+0x10/0x10
[  261.755721][T16581]  ? __pfx__printk+0x10/0x10
[  261.755738][T16581]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  261.755761][T16581]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  261.755785][T16581]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  261.755810][T16581]  warn_alloc+0x214/0x310
[  261.755841][T16581]  ? __pfx_warn_alloc+0x10/0x10
[  261.755873][T16581]  ? __get_vm_area_node+0x28f/0x300
[  261.755896][T16581]  ? packet_set_ring+0x6f3/0x2120
[  261.755925][T16581]  __vmalloc_node_range_noprof+0x690/0x12d0
[  261.755978][T16581]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  261.756002][T16581]  ? alloc_pages_mpol+0x3cd/0x4a0
[  261.756021][T16581]  ? packet_set_ring+0x6f3/0x2120
[  261.756045][T16581]  vzalloc_noprof+0xb2/0xf0
[  261.756066][T16581]  ? packet_set_ring+0x6f3/0x2120
[  261.756091][T16581]  packet_set_ring+0x6f3/0x2120
[  261.756137][T16581]  ? __pfx_packet_set_ring+0x10/0x10
[  261.756187][T16581]  ? _copy_from_user+0x94/0xb0
[  261.756212][T16581]  packet_setsockopt+0xc5a/0x12c0
[  261.756239][T16581]  ? __pfx_packet_setsockopt+0x10/0x10
[  261.756262][T16581]  ? __pfx_css_rstat_updated+0x10/0x10
[  261.756297][T16581]  ? aa_sk_perm+0x81e/0x950
[  261.756324][T16581]  ? __pfx_aa_sk_perm+0x10/0x10
[  261.756347][T16581]  ? aa_sock_opt_perm+0xff/0x1b0
[  261.756374][T16581]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  261.756389][T16581]  ? __pfx_packet_setsockopt+0x10/0x10
[  261.756414][T16581]  do_sock_setsockopt+0x17c/0x1b0
[  261.756437][T16581]  __x64_sys_setsockopt+0x13f/0x1b0
[  261.756459][T16581]  do_syscall_64+0xfa/0xfa0
[  261.756481][T16581]  ? lockdep_hardirqs_on+0x9c/0x150
[  261.756503][T16581]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.756520][T16581]  ? clear_bhb_loop+0x60/0xb0
[  261.756540][T16581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.756556][T16581] RIP: 0033:0x7f074978f6c9
[  261.756571][T16581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.756586][T16581] RSP: 002b:00007f07479b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  261.756604][T16581] RAX: ffffffffffffffda RBX: 00007f07499e6180 RCX: 00007f074978f6c9
[  261.756616][T16581] RDX: 000000000000000d RSI: 0000000000000107 RDI: 0000000000000004
[  261.756626][T16581] RBP: 00007f0749811f91 R08: 000000000000001c R09: 0000000000000000
[  261.756637][T16581] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000
[  261.756648][T16581] R13: 00007f07499e6218 R14: 00007f07499e6180 R15: 00007ffc1f198538
[  261.756678][T16581]  </TASK>
[  261.756685][T16581] Mem-Info:
[  261.764926][T12222] bridge1: port 1(veth5) entered disabled state
[  261.792912][T16581] active_anon:3871 inactive_anon:0 isolated_anon:0
[  261.792912][T16581]  active_file:2436 inactive_file:39950 isolated_file:0
[  261.792912][T16581]  unevictable:768 dirty:109 writeback:0
[  261.792912][T16581]  slab_reclaimable:12141 slab_unreclaimable:108825
[  261.792912][T16581]  mapped:28902 shmem:1358 pagetables:941
[  261.792912][T16581]  sec_pagetables:0 bounce:0
[  261.792912][T16581]  kernel_misc_reclaimable:0
[  261.792912][T16581]  free:1315695 free_pcp:14514 free_cma:0
[  262.097068][T16581] Node 0 active_anon:15420kB inactive_anon:0kB active_file:9744kB inactive_file:159608kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:115524kB dirty:444kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13948kB pagetables:3560kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  262.139753][T16581] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  262.170928][T16581] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  262.202403][T16581] lowmem_reserve[]: 0 2505 2505 2505 2505
[  262.208290][T16581] Node 0 DMA32 free:1358544kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15484kB inactive_anon:0kB active_file:9744kB inactive_file:159608kB unevictable:1536kB writepending:444kB zspages:0kB present:3129332kB managed:2565160kB mlocked:0kB bounce:0kB free_pcp:41312kB local_pcp:20684kB free_cma:0kB
[  262.242938][T16581] lowmem_reserve[]: 0 0 0 0 0
[  262.247764][T16581] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  262.278315][T16581] lowmem_reserve[]: 0 0 0 0 0
[  262.284039][T16581] Node 1 Normal free:3888908kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:16760kB local_pcp:8312kB free_cma:0kB
[  262.316934][T16581] lowmem_reserve[]: 0 0 0 0 0
[  262.321806][T16581] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  262.347031][T16581] Node 0 DMA32: 1576*4kB (UME) 318*8kB (UM) 156*16kB (ME) 76*32kB (ME) 28*64kB (UME) 60*128kB (UME) 62*256kB (UM) 39*512kB (UM) 13*1024kB (UM) 6*2048kB (UME) 311*4096kB (UM) = 1358544kB
[  262.368777][T16581] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  262.385330][T16581] Node 1 Normal: 133*4kB (UME) 53*8kB (UME) 37*16kB (UME) 116*32kB (UME) 36*64kB (UME) 9*128kB (UME) 3*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3888908kB
[  262.412896][T16581] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  262.436493][T16581] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  262.451874][T16581] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  262.461772][T16581] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  262.472300][T16581] 43743 total pagecache pages
[  262.480707][T16581] 0 pages in swap cache
[  262.485054][T16581] Free swap  = 124996kB
[  262.489972][T16591] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3017'.
[  262.490297][T16581] Total swap = 124996kB
[  262.505812][T16581] 2097051 pages RAM
[  262.509943][T16581] 0 pages HighMem/MovableOnly
[  262.514661][T16581] 424119 pages reserved
[  262.519020][T16581] 0 pages cma reserved
[  262.799602][ T5839] Bluetooth: hci2: command tx timeout
[  262.919877][T12222] bond4 (unregistering): (slave bridge6): Releasing active interface
[  263.040242][T12222] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  263.051746][T12222] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  263.061727][T12222] bond0 (unregistering): Released all slaves
[  263.143868][T12222] bond1 (unregistering): Released all slaves
[  263.227274][T12222] bond2 (unregistering): Released all slaves
[  263.241068][T12222] bond3 (unregistering): Released all slaves
[  263.254639][T12222] bond4 (unregistering): Released all slaves
[  263.268860][T12222] bond5 (unregistering): Released all slaves
[  263.286886][T16571] netlink: 'syz.4.3012': attribute type 12 has an invalid length.
[  263.381129][T16593] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3018'.
[  263.433189][T16593] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  263.440498][T16593] IPv6: NLM_F_CREATE should be set when creating new route
[  263.500808][T16602] netlink: 'syz.3.3019': attribute type 62 has an invalid length.
[  263.547396][T12222] : left promiscuous mode
[  263.611692][T16508] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.625496][T16508] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.646115][T16508] bridge_slave_0: entered allmulticast mode
[  263.648337][T16615] SET target dimension over the limit!
[  263.654634][T16508] bridge_slave_0: entered promiscuous mode
[  263.666748][T16598] sch_fq: defrate 0 ignored.
[  263.687005][T12222] : left promiscuous mode
[  263.714092][T16508] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.734142][T16508] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.741726][T16508] bridge_slave_1: entered allmulticast mode
[  263.749631][T16508] bridge_slave_1: entered promiscuous mode
[  263.855009][T12222] tipc: Disabling bearer <eth:macvlan1>
[  263.864316][T12222] tipc: Left network mode
[  263.876195][T16508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  263.892228][T16621] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.3024'.
[  263.913570][T12222] IPVS: stopping backup sync thread 11214 ...
[  263.923328][T16508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  263.931090][T16621] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3024'.
[  264.002518][T16508] team0: Port device team_slave_0 added
[  264.040602][T16508] team0: Port device team_slave_1 added
[  264.112598][T16508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  264.123314][T16508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  264.155014][T16508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  264.158345][T16630] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  264.171469][T16508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  264.182586][T16508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  264.209087][T16508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  264.283396][T16508] hsr_slave_0: entered promiscuous mode
[  264.290807][T16508] hsr_slave_1: entered promiscuous mode
[  264.297226][T16508] debugfs: 'hsr0' already exists in 'hsr'
[  264.319549][T16508] Cannot create hsr debugfs directory
[  264.412042][T16641] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3032'.
[  264.435297][T16642] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  264.525467][T12222] hsr_slave_0: left promiscuous mode
[  264.531460][T12222] hsr_slave_1: left promiscuous mode
[  264.552559][T12222] veth1_macvtap: left promiscuous mode
[  264.558351][T12222] veth0_vlan: left promiscuous mode
[  264.890523][ T5839] Bluetooth: hci2: command tx timeout
[  265.184177][T12222] team0 (unregistering): Port device team_slave_1 removed
[  265.194059][T16667] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3039'.
[  265.830146][T16689] syzkaller0: entered promiscuous mode
[  265.835715][T16689] syzkaller0: entered allmulticast mode
[  265.892402][T16698] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  266.103827][T12222] IPVS: stop unused estimator thread 0...
[  266.342356][T16716] __nla_validate_parse: 2 callbacks suppressed
[  266.342373][T16716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3054'.
[  266.347884][T16508] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  266.382450][T16508] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  266.422619][T16508] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  266.440672][T16508] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  266.468811][T16716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3054'.
[  266.476746][T16722] pimreg: entered allmulticast mode
[  266.829036][T16745] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3060'.
[  266.860825][T16508] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.945007][T16508] 8021q: adding VLAN 0 to HW filter on device team0
[  266.969215][T12220] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.969561][ T5839] Bluetooth: hci2: command tx timeout
[  266.976435][T12220] bridge0: port 1(bridge_slave_0) entered forwarding state
[  267.000598][T12220] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.007785][T12220] bridge0: port 2(bridge_slave_1) entered forwarding state
[  267.045389][T16754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3064'.
[  267.087907][T16754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3064'.
[  267.119030][T16761] netlink: 'syz.4.3066': attribute type 6 has an invalid length.
[  267.141128][T16754] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3064'.
[  267.162482][T16754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3064'.
[  267.191889][T16763] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3067'.
[  267.207417][T16767] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3066'.
[  267.247139][T16770] netlink: 'syz.1.3067': attribute type 1 has an invalid length.
[  267.477061][T16782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3071'.
[  267.486780][T16508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  267.588743][T16508] veth0_vlan: entered promiscuous mode
[  267.639194][T16508] veth1_vlan: entered promiscuous mode
[  267.746399][T16797] x_tables: unsorted underflow at hook 3
[  267.786836][T16508] veth0_macvtap: entered promiscuous mode
[  267.798176][T16508] veth1_macvtap: entered promiscuous mode
[  267.828035][T16508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  267.864350][T16508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  267.894150][   T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  267.913595][   T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  267.934800][ T5839] Bluetooth: hci0: command tx timeout
[  267.955392][T12220] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  267.980053][T12220] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  268.149349][  T324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  268.159736][  T324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  268.225783][  T324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  268.246141][  T324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  268.484128][T16837] netlink: 'syz.4.3085': attribute type 16 has an invalid length.
[  268.515917][T16837] netlink: 'syz.4.3085': attribute type 17 has an invalid length.
[  268.635376][T16837] 8021q: adding VLAN 0 to HW filter on device bond0
[  268.680056][T16837] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  268.784675][T16850] Cannot find set identified by id 0 to match
[  269.040383][ T5839] Bluetooth: hci2: command tx timeout
[  269.355389][T16872] syzkaller1: entered promiscuous mode
[  269.377869][T16872] syzkaller1: entered allmulticast mode
[  269.423590][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  269.433824][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  269.446970][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  269.458395][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  269.466717][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  269.568364][T16879] lo speed is unknown, defaulting to 1000
[  269.906619][T16897] netlink: 'syz.0.3101': attribute type 1 has an invalid length.
[  270.056975][T16910] xfrm1: entered promiscuous mode
[  270.062490][T16910] xfrm1: entered allmulticast mode
[  270.100379][T16879] chnl_net:caif_netlink_parms(): no params data found
[  270.338757][T16879] bridge0: port 1(bridge_slave_0) entered blocking state
[  270.348133][T16879] bridge0: port 1(bridge_slave_0) entered disabled state
[  270.356077][T16879] bridge_slave_0: entered allmulticast mode
[  270.364433][T16879] bridge_slave_0: entered promiscuous mode
[  270.378039][T16879] bridge0: port 2(bridge_slave_1) entered blocking state
[  270.397470][T16879] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.405078][T16879] bridge_slave_1: entered allmulticast mode
[  270.413371][T16879] bridge_slave_1: entered promiscuous mode
[  270.443250][T16927] bond0: entered promiscuous mode
[  270.448329][T16927] bond_slave_0: entered promiscuous mode
[  270.456138][T16927] bond_slave_1: entered promiscuous mode
[  270.464225][T16927] batadv0: entered promiscuous mode
[  270.471841][T16927] 8021q: adding VLAN 0 to HW filter on device hsr1
[  270.481392][T16927] bond0: left promiscuous mode
[  270.486185][T16927] bond_slave_0: left promiscuous mode
[  270.492021][T16927] bond_slave_1: left promiscuous mode
[  270.498455][T16927] batadv0: left promiscuous mode
[  270.543842][T16879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  270.557367][T16879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  270.607491][T16937] netem: unknown loss type 0
[  270.612691][T16937] netem: change failed
[  270.654540][T16879] team0: Port device team_slave_0 added
[  270.675228][T16879] team0: Port device team_slave_1 added
[  270.705371][ T8771] IPVS: starting estimator thread 0...
[  270.744453][T16879] batman_adv: batadv0: Adding interface: batadv_slave_0
[  270.773666][T16879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  270.809946][T16941] IPVS: using max 26 ests per chain, 62400 per kthread
[  270.816896][T16879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  270.850007][T16879] batman_adv: batadv0: Adding interface: batadv_slave_1
[  270.856986][T16879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  270.892393][T16879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  271.046248][T16879] hsr_slave_0: entered promiscuous mode
[  271.066273][T16879] hsr_slave_1: entered promiscuous mode
[  271.086796][T16879] debugfs: 'hsr0' already exists in 'hsr'
[  271.101263][T16879] Cannot create hsr debugfs directory
[  271.487278][T16879] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  271.520590][T16879] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  271.529869][ T5839] Bluetooth: hci4: command tx timeout
[  271.568909][T16977] veth0_to_hsr: entered allmulticast mode
[  271.684512][T16879] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  271.716070][T16879] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  271.839016][T16879] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  271.849847][T16879] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  271.924162][T16879] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  271.935462][T16879] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  272.074560][T17014] netlink: 'syz.3.3133': attribute type 13 has an invalid length.
[  272.173193][T17014] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  272.198023][T17016] __nla_validate_parse: 45 callbacks suppressed
[  272.198041][T17016] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3134'.
[  272.407828][T16879] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  272.465855][T16879] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  272.489113][T17037] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3139'.
[  272.507137][T16879] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  272.518953][T16879] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  272.617709][T17049] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3141'.
[  272.717723][T17052] tls_set_device_offload: netdev not found
[  272.860926][T16879] 8021q: adding VLAN 0 to HW filter on device bond0
[  272.885821][T17066] netlink: 'syz.1.3148': attribute type 13 has an invalid length.
[  272.906078][T17065] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3145'.
[  272.918746][T16879] 8021q: adding VLAN 0 to HW filter on device team0
[  273.015210][T17072] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3149'.
[  273.032373][T12220] bridge0: port 1(bridge_slave_0) entered blocking state
[  273.039584][T12220] bridge0: port 1(bridge_slave_0) entered forwarding state
[  273.078197][T17065] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3145'.
[  273.093563][T12220] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.100763][T12220] bridge0: port 2(bridge_slave_1) entered forwarding state
[  273.322690][T17093] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3154'.
[  273.343257][T17090] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3153'.
[  273.382840][T17093] netlink: 'syz.4.3154': attribute type 17 has an invalid length.
[  273.404704][T17093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3154'.
[  273.421541][T17093] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3154'.
[  273.473662][T17093] gretap0: entered promiscuous mode
[  273.493664][T17093] gretap0: left promiscuous mode
[  273.566347][T17097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  273.599704][ T5839] Bluetooth: hci4: command tx timeout
[  273.613128][T16879] 8021q: adding VLAN 0 to HW filter on device batadv0
[  273.792944][T16879] veth0_vlan: entered promiscuous mode
[  273.864052][T16879] veth1_vlan: entered promiscuous mode
[  273.945534][T17132] netlink: 'syz.3.3161': attribute type 1 has an invalid length.
[  273.974540][T16879] veth0_macvtap: entered promiscuous mode
[  274.034463][T17138] netlink: 'syz.4.3163': attribute type 10 has an invalid length.
[  274.072922][T17134] 8021q: adding VLAN 0 to HW filter on device bond11
[  274.086945][T17134] bond10: (slave bond11): making interface the new active one
[  274.096224][T17134] bond10: (slave bond11): Enslaving as an active interface with an up link
[  274.106769][T16879] veth1_macvtap: entered promiscuous mode
[  274.135767][T17132] bond10: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  274.178852][T17132] bond10: (slave ipvlan3): The slave device specified does not support setting the MAC address
[  274.213161][T17144] netlink: 'syz.1.3165': attribute type 5 has an invalid length.
[  274.249373][T16879] batman_adv: batadv0: Interface activated: batadv_slave_0
[  274.296203][T16879] batman_adv: batadv0: Interface activated: batadv_slave_1
[  274.342697][ T1352] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  274.370447][ T1352] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  274.417834][ T1352] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  274.447401][ T1352] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  274.557247][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  274.559336][T17163] netlink: 'syz.3.3173': attribute type 12 has an invalid length.
[  274.566453][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  274.585446][T17163] netlink: 'syz.3.3173': attribute type 29 has an invalid length.
[  274.593477][T17163] netlink: 'syz.3.3173': attribute type 2 has an invalid length.
[  274.602882][T17163] netlink: 'syz.3.3173': attribute type 3 has an invalid length.
[  274.676013][ T1326] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  274.685964][ T1326] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  275.550975][T17216] netlink: 'syz.2.3188': attribute type 10 has an invalid length.
[  275.579921][T17216] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  275.619523][T17216] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  275.629030][T17216] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  275.681780][ T5839] Bluetooth: hci4: command tx timeout
[  275.740224][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  275.779872][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  275.789832][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  275.807147][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  275.831302][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  275.935619][T17233] tipc: Started in network mode
[  275.943424][T17233] tipc: Node identity 52b1c63988ec, cluster identity 4711
[  275.951568][T17233] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  275.961014][T17227] lo speed is unknown, defaulting to 1000
[  276.008782][T17233] syzkaller0: entered promiscuous mode
[  276.015149][T17233] syzkaller0: entered allmulticast mode
[  276.077281][T17242] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  276.088204][T17233] tipc: Resetting bearer <eth:syzkaller0>
[  276.103063][T17242] syzkaller0: entered promiscuous mode
[  276.108777][T17242] syzkaller0: entered allmulticast mode
[  276.118026][T17232] tipc: Resetting bearer <eth:syzkaller0>
[  276.133696][T17232] tipc: Disabling bearer <eth:syzkaller0>
[  276.157143][T17242] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  276.179958][T17242] tipc: Resetting bearer <eth:syzkaller0>
[  276.193615][T17241] tipc: Resetting bearer <eth:syzkaller0>
[  276.212523][T17241] tipc: Disabling bearer <eth:syzkaller0>
[  276.224054][T17247] netlink: 'syz.0.3198': attribute type 12 has an invalid length.
[  276.462406][T17266] netlink: 'syz.0.3202': attribute type 1 has an invalid length.
[  276.521138][T17227] chnl_net:caif_netlink_parms(): no params data found
[  276.630276][T17270] syz.2.3205: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  276.656057][T17270] CPU: 0 UID: 0 PID: 17270 Comm: syz.2.3205 Not tainted syzkaller #0 PREEMPT(full) 
[  276.656082][T17270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  276.656093][T17270] Call Trace:
[  276.656100][T17270]  <TASK>
[  276.656108][T17270]  dump_stack_lvl+0x189/0x250
[  276.656138][T17270]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.656161][T17270]  ? __pfx__printk+0x10/0x10
[  276.656179][T17270]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  276.656200][T17270]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  276.656223][T17270]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  276.656246][T17270]  warn_alloc+0x214/0x310
[  276.656275][T17270]  ? __pfx_warn_alloc+0x10/0x10
[  276.656314][T17270]  ? __get_vm_area_node+0x28f/0x300
[  276.656336][T17270]  ? htable_create+0x101/0x7a0
[  276.656358][T17270]  __vmalloc_node_range_noprof+0x690/0x12d0
[  276.656403][T17270]  ? alloc_pages_mpol+0x3cd/0x4a0
[  276.656422][T17270]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  276.656450][T17270]  ? rcu_is_watching+0x15/0xb0
[  276.656471][T17270]  ? htable_create+0x101/0x7a0
[  276.656491][T17270]  __kvmalloc_node_noprof+0x674/0x910
[  276.656512][T17270]  ? htable_create+0x101/0x7a0
[  276.656536][T17270]  ? hashlimit_pernet+0x23/0x240
[  276.656557][T17270]  ? hashlimit_pernet+0x23/0x240
[  276.656574][T17270]  ? hashlimit_pernet+0x23/0x240
[  276.656597][T17270]  htable_create+0x101/0x7a0
[  276.656623][T17270]  hashlimit_mt_check_common+0x719/0xa10
[  276.656654][T17270]  hashlimit_mt_check_v1+0x221/0x360
[  276.656677][T17270]  ? __pfx_hashlimit_mt_check_v1+0x10/0x10
[  276.656702][T17270]  ? xt_find_match+0x1f7/0x250
[  276.656727][T17270]  xt_check_match+0x3d1/0xab0
[  276.656754][T17270]  ? __pfx_xt_check_match+0x10/0x10
[  276.656774][T17270]  ? pcpu_alloc_noprof+0xfdd/0x1720
[  276.656804][T17270]  ? xt_find_match+0x1f7/0x250
[  276.656830][T17270]  translate_table+0x150b/0x2000
[  276.656874][T17270]  ? __pfx_translate_table+0x10/0x10
[  276.656893][T17270]  ? __might_fault+0xb0/0x130
[  276.656935][T17270]  ? _copy_from_user+0x94/0xb0
[  276.656961][T17270]  do_ipt_set_ctl+0x967/0xcd0
[  276.656983][T17270]  ? rcu_is_watching+0x15/0xb0
[  276.657002][T17270]  ? trace_contention_end+0x39/0x120
[  276.657023][T17270]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  276.657066][T17270]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  276.657102][T17270]  ? __pfx_aa_sk_perm+0x10/0x10
[  276.657130][T17270]  nf_setsockopt+0x26f/0x290
[  276.657152][T17270]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  276.657177][T17270]  do_sock_setsockopt+0x17c/0x1b0
[  276.657200][T17270]  __x64_sys_setsockopt+0x13f/0x1b0
[  276.657224][T17270]  do_syscall_64+0xfa/0xfa0
[  276.657244][T17270]  ? lockdep_hardirqs_on+0x9c/0x150
[  276.657266][T17270]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.657282][T17270]  ? clear_bhb_loop+0x60/0xb0
[  276.657300][T17270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.657317][T17270] RIP: 0033:0x7f5d8798f6c9
[  276.657332][T17270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.657346][T17270] RSP: 002b:00007f5d888a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  276.657365][T17270] RAX: ffffffffffffffda RBX: 00007f5d87be5fa0 RCX: 00007f5d8798f6c9
[  276.657377][T17270] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
[  276.657387][T17270] RBP: 00007f5d87a11f91 R08: 0000000000000448 R09: 0000000000000000
[  276.657397][T17270] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000
[  276.657407][T17270] R13: 00007f5d87be6038 R14: 00007f5d87be5fa0 R15: 00007fff8d2d8de8
[  276.657439][T17270]  </TASK>
[  276.657446][T17270] Mem-Info:
[  276.730560][T17270] active_anon:3886 inactive_anon:0 isolated_anon:0
[  276.730560][T17270]  active_file:2436 inactive_file:39961 isolated_file:0
[  276.730560][T17270]  unevictable:768 dirty:69 writeback:0
[  276.730560][T17270]  slab_reclaimable:12485 slab_unreclaimable:124563
[  276.730560][T17270]  mapped:28836 shmem:1358 pagetables:965
[  276.730560][T17270]  sec_pagetables:0 bounce:0
[  276.730560][T17270]  kernel_misc_reclaimable:0
[  276.730560][T17270]  free:1296166 free_pcp:18099 free_cma:0
[  277.056419][T17296] nbd: couldn't find a device at index 0
[  277.067102][T17270] Node 0 active_anon:15420kB inactive_anon:0kB active_file:9744kB inactive_file:159652kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:115492kB dirty:284kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14224kB pagetables:3944kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  277.106946][T17270] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  277.178207][T17270] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  277.220294][T17270] lowmem_reserve[]: 0 2505 2505 2505 2505
[  277.226157][T17270] Node 0 DMA32 free:1279028kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15420kB inactive_anon:0kB active_file:9744kB inactive_file:159652kB unevictable:1536kB writepending:284kB zspages:0kB present:3129332kB managed:2565160kB mlocked:0kB bounce:0kB free_pcp:56080kB local_pcp:21556kB free_cma:0kB
[  277.260639][T17227] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.267883][T17227] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.276524][T17227] bridge_slave_0: entered allmulticast mode
[  277.285049][T17227] bridge_slave_0: entered promiscuous mode
[  277.302851][T17227] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.305696][T17270] lowmem_reserve[]: 0 0 0 0 0
[  277.319775][T17227] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.334962][T17227] bridge_slave_1: entered allmulticast mode
[  277.353340][T17270] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  277.353380][T17227] bridge_slave_1: entered promiscuous mode
[  277.393594][T17270] lowmem_reserve[]: 0 0 0 0 0
[  277.398344][T17270] Node 1 Normal free:3889444kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:16232kB local_pcp:7780kB free_cma:0kB
[  277.433939][T17270] lowmem_reserve[]: 0 0 0 0 0
[  277.439125][T17270] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  277.452463][T17270] Node 0 DMA32: 3*4kB (UME) 0*8kB 51*16kB (UME) 8*32kB (UME) 4*64kB (UME) 0*128kB 2*256kB (ME) 45*512kB (UM) 22*1024kB (UME) 5*2048kB (UM) 298*4096kB (M) = 1278268kB
[  277.486994][T17270] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  277.532999][T17270] Node 1 Normal: 195*4kB (UME) 53*8kB (UME) 37*16kB (UME) 121*32kB (UME) 36*64kB (UME) 8*128kB (UME) 4*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3889444kB
[  277.572317][T17227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  277.572585][T17270] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  277.598743][T17312] ip6gre1: entered allmulticast mode
[  277.620373][T17227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  277.639656][T17270] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  277.663353][T17270] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  277.675331][T17270] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  277.688899][T17270] 43754 total pagecache pages
[  277.693684][T17270] 0 pages in swap cache
[  277.698620][T17270] Free swap  = 124996kB
[  277.710345][T17270] Total swap = 124996kB
[  277.715870][T17270] 2097051 pages RAM
[  277.720026][T17270] 0 pages HighMem/MovableOnly
[  277.724795][T17270] 424119 pages reserved
[  277.729030][T17270] 0 pages cma reserved
[  277.738984][T17227] team0: Port device team_slave_0 added
[  277.769530][ T5839] Bluetooth: hci4: command tx timeout
[  277.794322][T17227] team0: Port device team_slave_1 added
[  277.812058][T17317] __nla_validate_parse: 53 callbacks suppressed
[  277.812075][T17317] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3214'.
[  277.862482][T17227] batman_adv: batadv0: Adding interface: batadv_slave_0
[  277.870514][T17227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  277.897354][T17227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.926631][T17227] batman_adv: batadv0: Adding interface: batadv_slave_1
[  277.934530][ T5839] Bluetooth: hci3: command tx timeout
[  277.941211][T17227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  277.967733][T17227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  278.055578][T17227] hsr_slave_0: entered promiscuous mode
[  278.063197][T17227] hsr_slave_1: entered promiscuous mode
[  278.071084][T17227] debugfs: 'hsr0' already exists in 'hsr'
[  278.076932][T17227] Cannot create hsr debugfs directory
[  278.410909][T17344] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  278.425982][T17344] syzkaller0: entered promiscuous mode
[  278.434820][T17344] syzkaller0: entered allmulticast mode
[  278.469223][T17344] tipc: Resetting bearer <eth:syzkaller0>
[  278.478288][T17343] tipc: Resetting bearer <eth:syzkaller0>
[  278.502276][T17343] tipc: Disabling bearer <eth:syzkaller0>
[  278.511897][T17353] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3226'.
[  278.533900][T17353] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3226'.
[  278.557133][T17353] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3226'.
[  278.597907][T17355] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3227'.
[  278.603168][T17227] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  278.718761][T17361] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3228'.
[  278.744953][T17227] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  278.763509][T17360] 8021q: VLANs not supported on gre0
[  278.817830][T17227] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  278.845232][T17368] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3233'.
[  278.866773][T17366] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3231'.
[  278.876054][T17366] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3231'.
[  278.893500][T17368] ip6gre1: entered promiscuous mode
[  278.898737][T17368] ip6gre1: entered allmulticast mode
[  278.973571][T17227] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  279.017610][T17374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3233'.
[  279.414911][T17401] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  279.416182][T17227] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  279.434716][T17227] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  279.468353][T17227] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  279.488740][T17227] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  279.523368][T17407] validate_nla: 1 callbacks suppressed
[  279.523385][T17407] netlink: 'syz.3.3244': attribute type 10 has an invalid length.
[  279.692913][T17227] 8021q: adding VLAN 0 to HW filter on device bond0
[  279.728042][T17227] 8021q: adding VLAN 0 to HW filter on device team0
[  279.746006][T12223] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.753268][T12223] bridge0: port 1(bridge_slave_0) entered forwarding state
[  279.788479][T12223] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.795733][T12223] bridge0: port 2(bridge_slave_1) entered forwarding state
[  279.897206][T17429] netlink: 'syz.2.3250': attribute type 3 has an invalid length.
[  279.913268][T17429] netlink: 'syz.2.3250': attribute type 2 has an invalid length.
[  280.002524][ T5839] Bluetooth: hci3: command tx timeout
[  280.262960][T17227] 8021q: adding VLAN 0 to HW filter on device batadv0
[  280.788369][T17227] veth0_vlan: entered promiscuous mode
[  280.808952][T17227] veth1_vlan: entered promiscuous mode
[  280.854982][T17227] veth0_macvtap: entered promiscuous mode
[  280.877760][T17227] veth1_macvtap: entered promiscuous mode
[  280.917479][T17227] batman_adv: batadv0: Interface activated: batadv_slave_0
[  280.971198][T17227] batman_adv: batadv0: Interface activated: batadv_slave_1
[  280.994267][ T1318] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  281.007766][ T1318] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  281.039405][ T1318] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  281.069715][ T1318] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  281.249074][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  281.273496][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  281.404130][T12223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  281.422763][T12223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  282.081552][ T5846] Bluetooth: hci3: command tx timeout
[  283.071269][T17578] netlink: 'syz.1.3290': attribute type 10 has an invalid length.
[  283.088201][ T5827] syz_tun (unregistering): left allmulticast mode
[  283.090340][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  283.108061][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  283.117170][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  283.131852][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  283.143373][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  283.168477][T17578] team0: Device ipvlan1 failed to register rx_handler
[  283.210910][T17587] __nla_validate_parse: 12 callbacks suppressed
[  283.210927][T17587] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3291'.
[  283.235465][T17590] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  283.252138][T17589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3293'.
[  283.289292][T17587] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  283.392747][T17587] batman_adv: batadv0: Removing interface: batadv_slave_1
[  283.426978][T17579] lo speed is unknown, defaulting to 1000
[  283.505405][T17601] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3295'.
[  283.515944][T17601] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3295'.
[  283.555221][T17601] syzkaller0: entered promiscuous mode
[  283.561908][T17601] syzkaller0: entered allmulticast mode
[  283.583129][T17601] netlink: 'syz.2.3295': attribute type 29 has an invalid length.
[  283.619325][T17601] netlink: 'syz.2.3295': attribute type 29 has an invalid length.
[  283.798235][T17617] 8021q: adding VLAN 0 to HW filter on device bond2
[  283.808196][T17617] bond0: (slave bond2): Enslaving as an active interface with an up link
[  283.860046][T17618] 8021q: adding VLAN 0 to HW filter on device bond3
[  283.868200][T17618] bond0: (slave bond3): Enslaving as an active interface with an up link
[  283.877019][T17613] tipc: Started in network mode
[  283.884818][T17613] tipc: Node identity 6a643aab2187, cluster identity 4711
[  283.894076][T17613] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  284.014232][T17613] tipc: Resetting bearer <eth:syzkaller0>
[  284.086029][T17638] netlink: 'syz.4.3303': attribute type 1 has an invalid length.
[  284.140120][T17638] netlink: 228 bytes leftover after parsing attributes in process `syz.4.3303'.
[  284.160834][ T5846] Bluetooth: hci3: command 0x0419 tx timeout
[  284.165749][T17579] chnl_net:caif_netlink_parms(): no params data found
[  284.322879][T17579] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.339993][T17579] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.347276][T17579] bridge_slave_0: entered allmulticast mode
[  284.356851][T17579] bridge_slave_0: entered promiscuous mode
[  284.366549][T17579] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.373846][T17579] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.381251][T17579] bridge_slave_1: entered allmulticast mode
[  284.390143][T17579] bridge_slave_1: entered promiscuous mode
[  284.411220][T17653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3307'.
[  284.438881][T17653] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3307'.
[  284.454304][T17579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  284.487204][T17655] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3308'.
[  284.498544][T17579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  284.632595][T17612] tipc: Disabling bearer <eth:syzkaller0>
[  284.658790][T17579] team0: Port device team_slave_0 added
[  284.669010][T17666] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  284.736708][T17659] tipc: Resetting bearer <eth:syzkaller0>
[  284.749295][T17579] team0: Port device team_slave_1 added
[  284.769686][T17658] tipc: Resetting bearer <eth:syzkaller0>
[  285.200815][ T5839] Bluetooth: hci1: command tx timeout
[  285.753497][ T5946] tipc: Node number set to 1265463876
[  286.097575][T17658] tipc: Disabling bearer <eth:syzkaller0>
[  286.159070][T17677] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  286.221009][T17579] batman_adv: batadv0: Adding interface: batadv_slave_0
[  286.228033][T17579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  286.267278][ T5839] Bluetooth: hci3: command 0x0419 tx timeout
[  286.278210][T17579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  286.310482][T17677] tipc: Disabling bearer <eth:syzkaller0>
[  286.317773][T17693] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3317'.
[  286.355591][T17579] batman_adv: batadv0: Adding interface: batadv_slave_1
[  286.370270][T17579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  286.426350][T17579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  286.447214][T17704] netlink: 'syz.0.3320': attribute type 1 has an invalid length.
[  286.496274][T17707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3317'.
[  286.685891][T17579] hsr_slave_0: entered promiscuous mode
[  286.695731][T17579] hsr_slave_1: entered promiscuous mode
[  286.705571][T17579] debugfs: 'hsr0' already exists in 'hsr'
[  286.714909][T17579] Cannot create hsr debugfs directory
[  286.777545][T17723] netlink: 'syz.1.3326': attribute type 1 has an invalid length.
[  286.807905][T17723] bridge4: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  286.865957][T17729] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  287.116194][T17579] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  287.180656][T17579] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.232882][T17751] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  287.266579][T17579] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  287.281470][ T5839] Bluetooth: hci1: command tx timeout
[  287.301116][T17579] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.341121][T17751] syzkaller0: entered promiscuous mode
[  287.346636][T17751] syzkaller0: entered allmulticast mode
[  287.358153][T17751] netem: invalid attributes len -24
[  287.365084][T17751] netem: change failed
[  287.386646][T17751] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  287.407448][T17579] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  287.418598][T17579] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.444179][T17751] netdevsim0: mtu greater than device maximum
[  287.452793][T17750] tipc: Resetting bearer <eth:syzkaller0>
[  287.492145][T17750] tipc: Disabling bearer <eth:syzkaller0>
[  287.535633][T17579] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  287.546980][T17579] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.565936][T17771] sch_tbf: burst 88 is lower than device veth3 mtu (1514) !
[  287.578669][   T50] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  287.741592][T17786] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  287.768290][T17788] tap0: tun_chr_ioctl cmd 1074025677
[  287.780442][T17788] tap0: linktype set to 65534
[  288.043380][T17797] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  288.051549][T17797] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  288.059115][T17797] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  288.235728][T17579] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  288.331333][T17579] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  288.366531][T17579] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  288.402687][T17579] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  288.447227][T17810] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  288.620957][T17820] bond1: entered allmulticast mode
[  288.634363][T17820] 8021q: adding VLAN 0 to HW filter on device bond1
[  288.655207][T17820] bridge0: port 3(bond1) entered blocking state
[  288.663061][T17820] bridge0: port 3(bond1) entered disabled state
[  288.680536][T17820] bond1: entered promiscuous mode
[  288.686318][T17820] bridge0: port 3(bond1) entered blocking state
[  288.692722][T17820] bridge0: port 3(bond1) entered forwarding state
[  288.757233][T17803] tipc: Disabling bearer <eth:syzkaller0>
[  288.957189][T17579] 8021q: adding VLAN 0 to HW filter on device bond0
[  289.003959][ T1352] bridge0: port 3(bond1) entered disabled state
[  289.065772][T17579] 8021q: adding VLAN 0 to HW filter on device team0
[  289.081475][T17836] __nla_validate_parse: 4 callbacks suppressed
[  289.081494][T17836] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3354'.
[  289.113635][T17836] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.128158][T17842] pim6reg1: entered promiscuous mode
[  289.134240][T17842] pim6reg1: entered allmulticast mode
[  289.157988][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.165197][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  289.183295][T17847] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3356'.
[  289.195665][T17842] netlink: 'syz.2.3355': attribute type 11 has an invalid length.
[  289.247269][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.254537][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  289.265847][T17856] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3359'.
[  289.360655][ T5839] Bluetooth: hci1: command tx timeout
[  289.431462][T17861] netlink: 'syz.0.3359': attribute type 2 has an invalid length.
[  289.612987][T17873] bridge_slave_0: default FDB implementation only supports local addresses
[  289.643452][T17875] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3362'.
[  289.697782][T17881] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  289.700569][T17875] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3362'.
[  289.740303][T17878] FAULT_INJECTION: forcing a failure.
[  289.740303][T17878] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  289.756802][T17875] erspan0: entered promiscuous mode
[  289.759604][T17878] CPU: 1 UID: 0 PID: 17878 Comm: syz.4.3363 Not tainted syzkaller #0 PREEMPT(full) 
[  289.759627][T17878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  289.759637][T17878] Call Trace:
[  289.759644][T17878]  <TASK>
[  289.759651][T17878]  dump_stack_lvl+0x189/0x250
[  289.759677][T17878]  ? __pfx____ratelimit+0x10/0x10
[  289.759700][T17878]  ? __pfx_dump_stack_lvl+0x10/0x10
[  289.759720][T17878]  ? __pfx__printk+0x10/0x10
[  289.759738][T17878]  ? __might_fault+0xb0/0x130
[  289.759783][T17878]  should_fail_ex+0x414/0x560
[  289.759812][T17878]  _copy_from_user+0x2d/0xb0
[  289.759834][T17878]  ___sys_sendmsg+0x158/0x2a0
[  289.759855][T17878]  ? __pfx____sys_sendmsg+0x10/0x10
[  289.759908][T17878]  ? __fget_files+0x2a/0x420
[  289.759923][T17878]  ? __fget_files+0x3a0/0x420
[  289.759949][T17878]  __sys_sendmmsg+0x227/0x430
[  289.759978][T17878]  ? __pfx___sys_sendmmsg+0x10/0x10
[  289.760005][T17878]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  289.760046][T17878]  ? ksys_write+0x22a/0x250
[  289.760070][T17878]  ? __pfx_ksys_write+0x10/0x10
[  289.760097][T17878]  __x64_sys_sendmmsg+0xa0/0xc0
[  289.760116][T17878]  do_syscall_64+0xfa/0xfa0
[  289.760137][T17878]  ? lockdep_hardirqs_on+0x9c/0x150
[  289.760158][T17878]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.760175][T17878]  ? clear_bhb_loop+0x60/0xb0
[  289.760195][T17878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.760210][T17878] RIP: 0033:0x7f1706d8f6c9
[  289.760226][T17878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  289.760240][T17878] RSP: 002b:00007f1707b9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  289.760263][T17878] RAX: ffffffffffffffda RBX: 00007f1706fe5fa0 RCX: 00007f1706d8f6c9
[  289.760276][T17878] RDX: 0000000000000001 RSI: 00002000000017c0 RDI: 0000000000000003
[  289.760286][T17878] RBP: 00007f1707b9f090 R08: 0000000000000000 R09: 0000000000000000
[  289.760296][T17878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.760306][T17878] R13: 00007f1706fe6038 R14: 00007f1706fe5fa0 R15: 00007ffdd67c0058
[  289.760337][T17878]  </TASK>
[  289.982509][T17875] erspan0: left promiscuous mode
[  290.070018][T17579] 8021q: adding VLAN 0 to HW filter on device batadv0
[  290.176543][T17579] veth0_vlan: entered promiscuous mode
[  290.226871][T17579] veth1_vlan: entered promiscuous mode
[  290.337283][T17579] veth0_macvtap: entered promiscuous mode
[  290.364984][T17579] veth1_macvtap: entered promiscuous mode
[  290.395185][T17911] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  290.402453][T17911] IPv6: NLM_F_CREATE should be set when creating new route
[  290.409798][T17911] IPv6: NLM_F_CREATE should be set when creating new route
[  290.417022][T17911] IPv6: NLM_F_CREATE should be set when creating new route
[  290.443633][T17915] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  290.454104][T17579] batman_adv: batadv0: Interface activated: batadv_slave_0
[  290.479203][T17579] batman_adv: batadv0: Interface activated: batadv_slave_1
[  290.485730][T17907] IPVS: persistence engine module ip_vs_pe_�
 not found
[  290.542171][ T1318] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  290.565262][T17916] netlink: 'syz.4.3373': attribute type 32 has an invalid length.
[  290.579767][ T1318] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  290.594365][T17916] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3373'.
[  290.612951][ T1318] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  290.624262][ T1318] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  290.687212][T17916] bond2: option coupled_control: invalid value (52)
[  290.710695][T17916] bond2 (unregistering): Released all slaves
[  290.961666][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  290.980298][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  290.988085][T17939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3376'.
[  291.004609][T17941] netlink: 'syz.2.3375': attribute type 11 has an invalid length.
[  291.039292][T17942] netlink: 22 bytes leftover after parsing attributes in process `syz.4.3377'.
[  291.056865][ T1326] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  291.081405][ T1326] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  291.445023][ T5839] Bluetooth: hci1: command tx timeout
[  291.503813][T17967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3383'.
[  291.529406][T17970] syzkaller0: entered promiscuous mode
[  291.538621][T17970] syzkaller0: entered allmulticast mode
[  291.645980][T17978] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3387'.
[  291.723653][T17975] team0 (unregistering): Port device team_slave_0 removed
[  291.734894][T17975] team0 (unregistering): Port device team_slave_1 removed
[  291.871313][T17985] netlink: 'syz.4.3389': attribute type 21 has an invalid length.
[  292.054737][T17988] C: renamed from team_slave_0
[  292.063323][T17988] netlink: 'syz.4.3391': attribute type 1 has an invalid length.
[  292.083027][T17988] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  292.152045][T18000] netlink: 'syz.3.3395': attribute type 5 has an invalid length.
[  292.180508][T18000] geneve2: entered promiscuous mode
[  292.185841][T18000] geneve2: entered allmulticast mode
[  292.205658][ T1318] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  292.218664][ T1318] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  292.244413][ T1318] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  292.278161][ T1318] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  292.515561][T18023] xt_recent: Unsupported userspace flags (000000b1)
[  292.553796][T18027] bridge0: port 1(bridge_slave_0) entered disabled state
[  292.566592][T18027] bridge0: port 2(bridge_slave_1) entered disabled state
[  292.602050][T18036] RDS: rds_bind could not find a transport for 400:0:1200:0:1030:0:ffff:ffff, load rds_tcp or rds_rdma?
[  293.068895][T18070] netlink: 'syz.1.3416': attribute type 6 has an invalid length.
[  293.070880][T18066] team0: entered promiscuous mode
[  293.101023][T18066] team_slave_0: entered promiscuous mode
[  293.106928][T18066] team_slave_1: entered promiscuous mode
[  293.366428][T18088] dvmrp0: entered allmulticast mode
[  293.376980][T18088] dvmrp0: left allmulticast mode
[  293.442389][T18094] x_tables: duplicate underflow at hook 3
[  293.724001][T18096] team0 (unregistering): Port device team_slave_0 removed
[  293.741276][T18096] team0 (unregistering): Port device team_slave_1 removed
[  294.026130][T18129] xt_hashlimit: size too large, truncated to 1048576
[  294.041440][T18120] veth0_to_team: entered promiscuous mode
[  294.252511][T18149] __nla_validate_parse: 13 callbacks suppressed
[  294.252529][T18149] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3441'.
[  294.355342][T18161] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  294.372907][T18161] syzkaller0: entered promiscuous mode
[  294.389294][T18161] syzkaller0: entered allmulticast mode
[  294.470151][T18161] tipc: Resetting bearer <eth:syzkaller0>
[  294.624514][T18159] tipc: Resetting bearer <eth:syzkaller0>
[  294.678805][T18159] tipc: Disabling bearer <eth:syzkaller0>
[  294.706381][T18176] netem: incorrect ge model size
[  294.712326][T18176] netem: change failed
[  294.842802][T18186] netlink: 11 bytes leftover after parsing attributes in process `syz.4.3451'.
[  294.861437][T18186] netlink: 11 bytes leftover after parsing attributes in process `syz.4.3451'.
[  295.257064][T18202] syzkaller1: entered promiscuous mode
[  295.263926][T18202] syzkaller1: entered allmulticast mode
[  295.542642][T18219] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3463'.
[  295.551996][T18220] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3461'.
[  295.556211][T18219] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3463'.
[  295.912096][T18252] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  295.945767][T12223] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  295.967015][T18256] netlink: 'syz.2.3470': attribute type 11 has an invalid length.
[  296.006379][T18260] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3473'.
[  296.137957][T18268] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3475'.
[  296.288378][T18280] netlink: 'syz.1.3477': attribute type 1 has an invalid length.
[  296.328146][T18281] bond4: (slave bridge5): making interface the new active one
[  296.337917][T18281] bond4: (slave bridge5): Enslaving as an active interface with an up link
[  296.365920][T18280] bond4: (slave bridge6): Enslaving as an active interface with a down link
[  296.592750][T18297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3483'.
[  296.604869][T18297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3483'.
[  298.205557][T18323] tc_dump_action: action bad kind
[  298.501581][T18360] xt_hashlimit: size too large, truncated to 1048576
[  298.621643][T18369] nbd: socks must be embedded in a SOCK_ITEM attr
[  298.678661][T18375] vlan0: entered allmulticast mode
[  298.685115][T18375] mac80211_hwsim hwsim36 wlan0: entered allmulticast mode
[  298.819858][T18378] tap0: tun_chr_ioctl cmd 1074025672
[  298.825426][T18378] tap0: ignored: set checksum disabled
[  298.850876][T18378] netlink: 'syz.1.3500': attribute type 9 has an invalid length.
[  298.965055][T18382] netlink: 'syz.0.3502': attribute type 4 has an invalid length.
[  299.025662][T18389] netlink: 'syz.3.3504': attribute type 1 has an invalid length.
[  299.105392][T18397] bond1: (slave geneve3): making interface the new active one
[  299.114647][T18397] bond1: (slave geneve3): Enslaving as an active interface with an up link
[  299.139381][T18396] erspan0: entered promiscuous mode
[  299.157557][T18396] erspan0: entered allmulticast mode
[  299.181708][T12222] netdevsim netdevsim3 netdevsim0: set [1, 2] type 2 family 0 port 20004 - 0
[  299.212851][ T1318] netdevsim netdevsim3 netdevsim1: set [1, 2] type 2 family 0 port 20004 - 0
[  299.231727][ T1318] netdevsim netdevsim3 netdevsim2: set [1, 2] type 2 family 0 port 20004 - 0
[  299.260809][ T1318] netdevsim netdevsim3 netdevsim3: set [1, 2] type 2 family 0 port 20004 - 0
[  299.290126][T18402] __nla_validate_parse: 83 callbacks suppressed
[  299.290144][T18402] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3508'.
[  299.311714][T18410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3510'.
[  299.321509][T18405] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3508'.
[  299.325738][T18410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3510'.
[  299.346095][T18410] netlink: 'syz.0.3510': attribute type 14 has an invalid length.
[  299.355141][T18410] netlink: 'syz.0.3510': attribute type 13 has an invalid length.
[  299.369841][T18402] TC_ACT_REPEAT abuse ?
[  299.390173][T18405] TC_ACT_REPEAT abuse ?
[  299.424292][T18408] syzkaller0: entered promiscuous mode
[  299.430855][T18408] syzkaller0: entered allmulticast mode
[  299.680878][T18432] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3517'.
[  299.738799][T18437] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3518'.
[  299.903341][T18443] netlink: 6 bytes leftover after parsing attributes in process `syz.3.3519'.
[  299.926054][T18443] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  300.085673][T18450] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3524'.
[  300.108965][T18448] tipc: Started in network mode
[  300.119576][T18448] tipc: Node identity 52c2a78d4495, cluster identity 4711
[  300.148763][T18448] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  300.183607][T18448] syzkaller0: entered promiscuous mode
[  300.196919][T18448] syzkaller0: entered allmulticast mode
[  300.230690][T18454] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3525'.
[  300.289141][T18448] tipc: Resetting bearer <eth:syzkaller0>
[  300.294683][T18424] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  300.310185][T18456] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[  300.343279][T18447] tipc: Resetting bearer <eth:syzkaller0>
[  300.358685][T18447] tipc: Disabling bearer <eth:syzkaller0>
[  300.503018][T18466] netlink: 'syz.3.3529': attribute type 10 has an invalid length.
[  300.548775][T18466] team0: Port device dummy0 added
[  300.699190][T18475] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  300.722703][T18477] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3533'.
[  301.057050][T18509] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[  301.238714][T18528] netlink: 'syz.1.3546': attribute type 4 has an invalid length.
[  301.342139][T18528] tipc: New replicast peer: 255.255.255.255
[  301.369216][T18528] tipc: Enabled bearer <udp:syz2>, priority 10
[  301.533157][T18549] tipc: Failed to remove unknown binding: 66,1,1/0:2390598555/2390598557
[  301.580787][T18553] netlink: 'syz.4.3554': attribute type 2 has an invalid length.
[  301.602400][T18552] netlink: 'syz.1.3553': attribute type 7 has an invalid length.
[  301.610825][T18552] netlink: 'syz.1.3553': attribute type 8 has an invalid length.
[  301.624032][T18555] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  301.692779][T18552] gretap0: entered promiscuous mode
[  301.708598][T18552] batadv_slave_1: entered promiscuous mode
[  301.730439][T18552] batadv_slave_1: left promiscuous mode
[  301.768093][T18552] gretap0: left promiscuous mode
[  301.984750][T18582] bridge_slave_0: left allmulticast mode
[  301.991151][T18582] bridge_slave_0: left promiscuous mode
[  301.997059][T18582] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.010674][T18582] bridge_slave_1: left allmulticast mode
[  302.016414][T18582] bridge_slave_1: left promiscuous mode
[  302.023644][T18582] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.045434][T18582] bond0: (slave bond_slave_0): Releasing backup interface
[  302.063893][T18582] bond0: (slave bond_slave_1): Releasing backup interface
[  302.081885][T18582] team_slave_0: left promiscuous mode
[  302.097736][T18582] team0: Port device team_slave_0 removed
[  302.105796][T18582] team_slave_1: left promiscuous mode
[  302.118306][T18582] team0: Port device team_slave_1 removed
[  302.124774][T18582] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  302.132600][T18582] batman_adv: batadv0: Removing interface: batadv_slave_0
[  302.141904][T18582] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  302.425830][T18602] 8021q: adding VLAN 0 to HW filter on device bond5
[  303.140271][T18644] openvswitch: netlink: Message has 16 unknown bytes.
[  303.182539][T18645] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  303.240389][T18648] "syz.2.3585" (18648) uses obsolete ecb(arc4) skcipher
[  303.436091][T18663] veth1_to_bond: entered allmulticast mode
[  303.512693][T18663] bond0: (slave bond_slave_1): Releasing backup interface
[  303.556105][T18663] veth1_to_bond (unregistering): left allmulticast mode
[  304.172937][T18701] syzkaller0: entered promiscuous mode
[  304.178450][T18701] syzkaller0: entered allmulticast mode
[  304.203757][T18703] validate_nla: 3 callbacks suppressed
[  304.203774][T18703] netlink: 'syz.0.3604': attribute type 5 has an invalid length.
[  304.341853][T18714] __nla_validate_parse: 15 callbacks suppressed
[  304.341872][T18714] netlink: 124 bytes leftover after parsing attributes in process `syz.4.3607'.
[  304.586120][T18729] x_tables: duplicate underflow at hook 1
[  304.621304][T18734] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  304.632300][T18734] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  304.645582][T18734] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  304.786680][T18740] netlink: 'syz.3.3614': attribute type 4 has an invalid length.
[  304.808812][T18740] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3614'.
[  305.063976][T18767] netlink: 'syz.0.3621': attribute type 11 has an invalid length.
[  305.126751][T18773] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3623'.
[  305.141196][T18773] bridge_slave_1: left allmulticast mode
[  305.147007][T18773] bridge_slave_1: left promiscuous mode
[  305.154221][T18773] bridge0: port 2(bridge_slave_1) entered disabled state
[  305.165708][T18773] bridge_slave_0: left allmulticast mode
[  305.171968][T18773] bridge_slave_0: left promiscuous mode
[  305.178081][T18773] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.203679][T18777] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3624'.
[  305.306621][T18780] netlink: 'syz.2.3626': attribute type 1 has an invalid length.
[  305.314866][T18780] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3626'.
[  305.348555][T18782] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  305.357346][T18782] syzkaller0: entered promiscuous mode
[  305.374486][T18782] syzkaller0: entered allmulticast mode
[  305.405857][T18782] tipc: Resetting bearer <eth:syzkaller0>
[  305.416898][T18785] xt_CT: You must specify a L4 protocol and not use inversions on it
[  305.437163][T18782] lo speed is unknown, defaulting to 1000
[  305.559619][T18792] netlink: 'syz.4.3631': attribute type 6 has an invalid length.
[  305.567724][T18781] tipc: Resetting bearer <eth:syzkaller0>
[  305.592317][T18781] tipc: Disabling bearer <eth:syzkaller0>
[  305.604558][T18792] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3631'.
[  305.625239][T18796] xt_hashlimit: size too large, truncated to 1048576
[  305.865515][T18807] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3633'.
[  305.922996][T18813] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3635'.
[  306.084563][T18816] netlink: 'syz.1.3635': attribute type 32 has an invalid length.
[  306.102410][T18816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3635'.
[  306.222678][T18816] bond6: option coupled_control: invalid value (52)
[  306.271261][T18816] bond6 (unregistering): Released all slaves
[  306.478442][T18834] syzkaller0: entered promiscuous mode
[  306.495486][T18834] syzkaller0: entered allmulticast mode
[  306.560989][T18834] netlink: 220 bytes leftover after parsing attributes in process `syz.3.3641'.
[  306.685537][T18853] netlink: 'syz.0.3644': attribute type 4 has an invalid length.
[  306.817730][T18863] !
: renamed from dummy0 (while UP)
[  307.056266][T18884] bond1: left promiscuous mode
[  307.066878][T18884] bridge0: port 3(bond1) entered disabled state
[  307.082123][T18884] bridge_slave_1: left promiscuous mode
[  307.096319][T18884] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.117540][T18884] bridge_slave_0: left allmulticast mode
[  307.133934][T18884] bridge_slave_0: left promiscuous mode
[  307.142687][T18884] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.577404][T18919] netlink: 'syz.0.3663': attribute type 2 has an invalid length.
[  307.588587][T18919] netlink: 'syz.0.3663': attribute type 1 has an invalid length.
[  307.922237][T18928] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  308.495726][T18937] xt_addrtype: ipv6 does not support BROADCAST matching
[  308.947003][T18934] netdevsim netdevsim4 ������: renamed from netdevsim0 (while UP)
[  309.201671][T18953] sctp: [Deprecated]: syz.3.3674 (pid 18953) Use of struct sctp_assoc_value in delayed_ack socket option.
[  309.201671][T18953] Use struct sctp_sack_info instead
[  309.343472][T18956] sctp: [Deprecated]: syz.1.3676 (pid 18956) Use of int in maxseg socket option.
[  309.343472][T18956] Use struct sctp_assoc_value instead
[  309.376268][T18955] C: renamed from lo (while UP)
[  309.377899][T18966] __nla_validate_parse: 4 callbacks suppressed
[  309.377914][T18966] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3678'.
[  309.425432][T18969] netlink: 64985 bytes leftover after parsing attributes in process `syz.4.3680'.
[  309.459491][T18967] xt_hashlimit: max too large, truncated to 1048576
[  309.544519][T18976] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3683'.
[  309.576430][T18977] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3681'.
[  309.578287][T18981] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3684'.
[  309.712670][T18987] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3682'.
[  309.744765][T18987] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3682'.
[  309.961365][T19011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3692'.
[  309.961407][T19012] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3691'.
[  309.999734][T19011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3692'.
[  310.102252][T19015] syzkaller0: entered promiscuous mode
[  310.114203][T19015] syzkaller0: entered allmulticast mode
[  310.339345][T19024] netlink: 'syz.3.3697': attribute type 21 has an invalid length.
[  311.073889][T19102] syzkaller0: entered promiscuous mode
[  311.081108][T19102] syzkaller0: entered allmulticast mode
[  311.241796][T19113] xt_l2tp: missing protocol rule (udp|l2tpip)
[  311.335906][T19117] bond2: option xmit_hash_policy: invalid value (64)
[  311.346476][T19117] bond2 (unregistering): Released all slaves
[  311.496753][T19129] syzkaller0: entered promiscuous mode
[  311.504065][T19129] syzkaller0: entered allmulticast mode
[  311.512874][T19128] tipc: Started in network mode
[  311.525749][T19127] netlink: 'syz.1.3728': attribute type 4 has an invalid length.
[  311.540064][T19128] tipc: Node identity 429dc9dd94e5, cluster identity 4711
[  311.547380][T19128] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  311.593387][T19132] netlink: 'syz.1.3728': attribute type 4 has an invalid length.
[  311.712223][T19130] tipc: Resetting bearer <eth:syzkaller0>
[  311.776798][T19130] tipc: Disabling bearer <eth:syzkaller0>
[  311.952897][T19158] syzkaller1: entered promiscuous mode
[  311.958523][T19158] syzkaller1: entered allmulticast mode
[  312.243136][T19177] vxcan1: tx drop: invalid sa for name 0x0000000000000003
[  312.274815][T19177] netlink: 'syz.4.3745': attribute type 1 has an invalid length.
[  313.062725][T19244] netlink: 'syz.1.3766': attribute type 29 has an invalid length.
[  313.087155][T19244] netlink: 'syz.1.3766': attribute type 29 has an invalid length.
[  313.146590][T19244] gretap0: entered promiscuous mode
[  313.161774][T19245] 0��{X��: renamed from gretap0
[  313.184680][T19245] 0��{X��: left promiscuous mode
[  313.206611][T19245] 0��{X��: entered allmulticast mode
[  313.234551][T19245] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  313.264100][T19252] bridge1: the hash_elasticity option has been deprecated and is always 16
[  313.539564][T19271] netlink: 'syz.1.3771': attribute type 4 has an invalid length.
[  313.621032][T19275] syz_tun: entered allmulticast mode
[  313.796368][T19279] netlink: 'syz.2.3777': attribute type 1 has an invalid length.
[  313.857456][T19274] syz_tun: left allmulticast mode
[  314.070284][T19304] netlink: 'syz.4.3782': attribute type 2 has an invalid length.
[  314.115112][T19304] �9: entered promiscuous mode
[  314.446816][T19329] __nla_validate_parse: 17 callbacks suppressed
[  314.446842][T19329] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3790'.
[  314.481578][T19329] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3790'.
[  314.709863][T19337] netlink: 'syz.3.3792': attribute type 1 has an invalid length.
[  314.766906][T19340] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  314.774911][T19340] syzkaller0: entered promiscuous mode
[  314.786424][T19340] syzkaller0: entered allmulticast mode
[  314.796425][T19340] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  314.873981][T19340] tipc: Resetting bearer <eth:syzkaller0>
[  314.896957][T19339] tipc: Resetting bearer <eth:syzkaller0>
[  314.952220][T19339] tipc: Disabling bearer <eth:syzkaller0>
[  314.968467][T19346] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3796'.
[  314.980277][T19347] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3795'.
[  315.019050][T19346] vxcan2: entered allmulticast mode
[  315.097387][T19350] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3795'.
[  315.121021][T19350] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3795'.
[  315.126671][T12223] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  315.144365][T12223] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  315.167983][T12223] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  315.199177][T12223] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  315.500990][T19363] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  315.607590][T19370] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3803'.
[  315.653525][T19372] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3804'.
[  315.682010][T19372] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3804'.
[  315.756028][T19377] geneve4: entered promiscuous mode
[  315.763677][T19377] geneve4: entered allmulticast mode
[  316.013109][T19395] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3811'.
[  316.674328][T19439] IPVS: set_ctl: invalid protocol: 0 10.1.1.1:20000
[  317.261386][T19466] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  317.546284][T19474] validate_nla: 5 callbacks suppressed
[  317.546312][T19474] netlink: 'syz.2.3835': attribute type 1 has an invalid length.
[  317.570946][T19476] bridge0: entered promiscuous mode
[  317.576217][T19476] bridge0: entered allmulticast mode
[  317.579531][T19474] netlink: 'syz.2.3835': attribute type 11 has an invalid length.
[  317.831041][ T5830] IPVS: starting estimator thread 0...
[  317.856615][T19487] IPv6: sit1: Disabled Multicast RS
[  317.885659][T19487] sit1: entered allmulticast mode
[  318.000782][T19489] IPVS: using max 27 ests per chain, 64800 per kthread
[  318.432550][T19262] Set syz1 is full, maxelem 65536 reached
[  318.581510][T19500] netlink: 'syz.1.3844': attribute type 33 has an invalid length.
[  318.800311][T19513] netlink: 'syz.2.3849': attribute type 1 has an invalid length.
[  318.855721][T19522] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  319.307439][T19550] geneve2: entered promiscuous mode
[  319.368490][T19550] geneve2: entered allmulticast mode
[  319.404706][T19554] lo speed is unknown, defaulting to 1000
[  319.545256][T19574] __nla_validate_parse: 22 callbacks suppressed
[  319.545273][T19574] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3866'.
[  319.726363][T19591] netlink: 'syz.4.3869': attribute type 4 has an invalid length.
[  319.743476][T19591] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3869'.
[  319.890235][T19601] netlink: 'syz.3.3874': attribute type 1 has an invalid length.
[  319.907947][T19603] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  319.915993][T19603] syzkaller0: entered promiscuous mode
[  319.922772][T19603] syzkaller0: entered allmulticast mode
[  319.979731][T19601] 8021q: adding VLAN 0 to HW filter on device bond2
[  320.067265][T19609] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3874'.
[  320.086856][T19616] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3877'.
[  320.109549][T19616] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3877'.
[  320.132107][T19611] tipc: Resetting bearer <eth:syzkaller0>
[  320.316314][T19602] tipc: Resetting bearer <eth:syzkaller0>
[  320.345440][T19602] tipc: Disabling bearer <eth:syzkaller0>
[  320.596298][T19647] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  321.009028][T19676] openvswitch: netlink: EtherType 50a is less than min 600
[  321.028979][T19679] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3897'.
[  321.233771][T19691] netlink: 'syz.1.3901': attribute type 23 has an invalid length.
[  321.369297][T19698] �
: renamed from veth1_vlan (while UP)
[  321.440990][T19702] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  321.507502][T19706] ------------[ cut here ]------------
[  321.514346][T19706] WARNING: CPU: 1 PID: 19706 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0
[  321.525309][T19706] Modules linked in:
[  321.529972][T19706] CPU: 1 UID: 0 PID: 19706 Comm: syz.3.3907 Not tainted syzkaller #0 PREEMPT(full) 
[  321.539361][T19706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  321.550014][T19706] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  321.556197][T19706] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 58 18 8c 00 cc e8 42 da 02 f7 90 0f 0b 90 eb e1 e8 37 da 02 f7 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  321.576708][T19706] RSP: 0018:ffffc9000c1a6f60 EFLAGS: 00010287
[  321.584021][T19706] RAX: ffffffff8abd2c59 RBX: ffff88807a280000 RCX: 0000000000080000
[  321.592210][T19706] RDX: ffffc9000cdfc000 RSI: 0000000000000454 RDI: 0000000000000455
[  321.600370][T19706] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8abd2773
[  321.608362][T19706] R10: dffffc0000000000 R11: ffffed100f450031 R12: 1ffff1100f45000a
[  321.616923][T19706] R13: ffff888056af0e80 R14: 0000000000000001 R15: ffffffff8abd2773
[  321.624973][T19706] FS:  00007f7a90c056c0(0000) GS:ffff88812623b000(0000) knlGS:0000000000000000
[  321.634582][T19706] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  321.641649][T19706] CR2: 0000200000001080 CR3: 000000007a08e000 CR4: 00000000003526f0
[  321.650190][T19706] Call Trace:
[  321.653498][T19706]  <TASK>
[  321.656452][T19706]  rate_control_rate_init_all_links+0x109/0x1a0
[  321.662798][T19706]  sta_apply_auth_flags+0x1c2/0x400
[  321.668026][T19706]  sta_apply_parameters+0xe27/0x1570
[  321.673438][T19706]  ieee80211_add_station+0x424/0x6a0
[  321.678760][T19706]  rdev_add_station+0x108/0x290
[  321.684204][T19706]  nl80211_new_station+0x1755/0x1b70
[  321.689591][T19706]  ? __pfx_nl80211_new_station+0x10/0x10
[  321.695247][T19706]  ? netdev_run_todo+0xe1d/0xea0
[  321.700235][T19706]  ? nl80211_pre_doit+0x4f1/0x930
[  321.705258][T19706]  genl_family_rcv_msg_doit+0x215/0x300
[  321.711149][T19706]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  321.717233][T19706]  ? bpf_lsm_capable+0x9/0x20
[  321.721942][T19706]  ? security_capable+0x7e/0x2e0
[  321.726888][T19706]  genl_rcv_msg+0x60e/0x790
[  321.732107][T19706]  ? __pfx_genl_rcv_msg+0x10/0x10
[  321.737161][T19706]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  321.743154][T19706]  ? __pfx_nl80211_new_station+0x10/0x10
[  321.748812][T19706]  ? __pfx_nl80211_post_doit+0x10/0x10
[  321.754334][T19706]  ? __asan_memcpy+0x40/0x70
[  321.758947][T19706]  ? __pfx_ref_tracker_free+0x10/0x10
[  321.764818][T19706]  netlink_rcv_skb+0x208/0x470
[  321.770047][T19706]  ? __lock_acquire+0xab9/0xd20
[  321.774898][T19706]  ? __pfx_genl_rcv_msg+0x10/0x10
[  321.780001][T19706]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  321.785326][T19706]  ? down_read+0x1ad/0x2e0
[  321.789834][T19706]  genl_rcv+0x28/0x40
[  321.793833][T19706]  netlink_unicast+0x82f/0x9e0
[  321.798628][T19706]  ? __pfx_netlink_unicast+0x10/0x10
[  321.804473][T19706]  ? netlink_sendmsg+0x642/0xb30
[  321.809474][T19706]  ? skb_put+0x11b/0x210
[  321.813732][T19706]  netlink_sendmsg+0x805/0xb30
[  321.818491][T19706]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.823812][T19706]  ? aa_sock_msg_perm+0xf1/0x1d0
[  321.828743][T19706]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  321.834630][T19706]  ? __pfx_netlink_sendmsg+0x10/0x10
[  321.840441][T19706]  __sock_sendmsg+0x21c/0x270
[  321.845152][T19706]  ____sys_sendmsg+0x505/0x830
[  321.850000][T19706]  ? __pfx_____sys_sendmsg+0x10/0x10
[  321.855368][T19706]  ? import_iovec+0x74/0xa0
[  321.860396][T19706]  ___sys_sendmsg+0x21f/0x2a0
[  321.865087][T19706]  ? __pfx____sys_sendmsg+0x10/0x10
[  321.870334][T19706]  ? __fget_files+0x2a/0x420
[  321.874908][T19706]  ? __fget_files+0x3a0/0x420
[  321.879627][T19706]  __x64_sys_sendmsg+0x19b/0x260
[  321.884595][T19706]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  321.890608][T19706]  ? do_syscall_64+0xbe/0xfa0
[  321.895288][T19706]  do_syscall_64+0xfa/0xfa0
[  321.899814][T19706]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.905025][T19706]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.911119][T19706]  ? clear_bhb_loop+0x60/0xb0
[  321.915787][T19706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.922280][T19706] RIP: 0033:0x7f7a8fd8f6c9
[  321.926709][T19706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.946770][T19706] RSP: 002b:00007f7a90c05038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  321.955790][T19706] RAX: ffffffffffffffda RBX: 00007f7a8ffe5fa0 RCX: 00007f7a8fd8f6c9
[  321.963808][T19706] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[  321.971814][T19706] RBP: 00007f7a8fe11f91 R08: 0000000000000000 R09: 0000000000000000
[  321.980076][T19706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  321.988131][T19706] R13: 00007f7a8ffe6038 R14: 00007f7a8ffe5fa0 R15: 00007ffc7fc13ae8
[  321.996147][T19706]  </TASK>
[  321.999169][T19706] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  322.006435][T19706] CPU: 1 UID: 0 PID: 19706 Comm: syz.3.3907 Not tainted syzkaller #0 PREEMPT(full) 
[  322.015797][T19706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  322.025844][T19706] Call Trace:
[  322.029200][T19706]  <TASK>
[  322.032120][T19706]  dump_stack_lvl+0x99/0x250
[  322.036708][T19706]  ? __asan_memcpy+0x40/0x70
[  322.041293][T19706]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.046483][T19706]  ? __pfx__printk+0x10/0x10
[  322.051070][T19706]  vpanic+0x237/0x6d0
[  322.055053][T19706]  ? __pfx_vpanic+0x10/0x10
[  322.059567][T19706]  panic+0xb9/0xc0
[  322.063292][T19706]  ? __pfx_panic+0x10/0x10
[  322.067714][T19706]  __warn+0x31b/0x4b0
[  322.071683][T19706]  ? rate_control_rate_init+0x64a/0x6e0
[  322.077221][T19706]  ? rate_control_rate_init+0x64a/0x6e0
[  322.082752][T19706]  report_bug+0x2be/0x4f0
[  322.087072][T19706]  ? rate_control_rate_init+0x64a/0x6e0
[  322.092604][T19706]  ? rate_control_rate_init+0x64a/0x6e0
[  322.098137][T19706]  ? rate_control_rate_init+0x64c/0x6e0
[  322.103714][T19706]  handle_bug+0x84/0x160
[  322.107942][T19706]  exc_invalid_op+0x1a/0x50
[  322.112432][T19706]  asm_exc_invalid_op+0x1a/0x20
[  322.117265][T19706] RIP: 0010:rate_control_rate_init+0x64a/0x6e0
[  322.123413][T19706] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 58 18 8c 00 cc e8 42 da 02 f7 90 0f 0b 90 eb e1 e8 37 da 02 f7 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00
[  322.143021][T19706] RSP: 0018:ffffc9000c1a6f60 EFLAGS: 00010287
[  322.149086][T19706] RAX: ffffffff8abd2c59 RBX: ffff88807a280000 RCX: 0000000000080000
[  322.157046][T19706] RDX: ffffc9000cdfc000 RSI: 0000000000000454 RDI: 0000000000000455
[  322.165014][T19706] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8abd2773
[  322.172980][T19706] R10: dffffc0000000000 R11: ffffed100f450031 R12: 1ffff1100f45000a
[  322.180947][T19706] R13: ffff888056af0e80 R14: 0000000000000001 R15: ffffffff8abd2773
[  322.188912][T19706]  ? rate_control_rate_init+0x163/0x6e0
[  322.194455][T19706]  ? rate_control_rate_init+0x163/0x6e0
[  322.199997][T19706]  ? rate_control_rate_init+0x649/0x6e0
[  322.205542][T19706]  rate_control_rate_init_all_links+0x109/0x1a0
[  322.211773][T19706]  sta_apply_auth_flags+0x1c2/0x400
[  322.216971][T19706]  sta_apply_parameters+0xe27/0x1570
[  322.222255][T19706]  ieee80211_add_station+0x424/0x6a0
[  322.227535][T19706]  rdev_add_station+0x108/0x290
[  322.232381][T19706]  nl80211_new_station+0x1755/0x1b70
[  322.237673][T19706]  ? __pfx_nl80211_new_station+0x10/0x10
[  322.243295][T19706]  ? netdev_run_todo+0xe1d/0xea0
[  322.248257][T19706]  ? nl80211_pre_doit+0x4f1/0x930
[  322.253298][T19706]  genl_family_rcv_msg_doit+0x215/0x300
[  322.258857][T19706]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  322.264932][T19706]  ? bpf_lsm_capable+0x9/0x20
[  322.269604][T19706]  ? security_capable+0x7e/0x2e0
[  322.274542][T19706]  genl_rcv_msg+0x60e/0x790
[  322.279044][T19706]  ? __pfx_genl_rcv_msg+0x10/0x10
[  322.284059][T19706]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  322.289420][T19706]  ? __pfx_nl80211_new_station+0x10/0x10
[  322.295051][T19706]  ? __pfx_nl80211_post_doit+0x10/0x10
[  322.300505][T19706]  ? __asan_memcpy+0x40/0x70
[  322.305091][T19706]  ? __pfx_ref_tracker_free+0x10/0x10
[  322.310457][T19706]  netlink_rcv_skb+0x208/0x470
[  322.315210][T19706]  ? __lock_acquire+0xab9/0xd20
[  322.320059][T19706]  ? __pfx_genl_rcv_msg+0x10/0x10
[  322.325096][T19706]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  322.330400][T19706]  ? down_read+0x1ad/0x2e0
[  322.334809][T19706]  genl_rcv+0x28/0x40
[  322.338776][T19706]  netlink_unicast+0x82f/0x9e0
[  322.343541][T19706]  ? __pfx_netlink_unicast+0x10/0x10
[  322.348824][T19706]  ? netlink_sendmsg+0x642/0xb30
[  322.353748][T19706]  ? skb_put+0x11b/0x210
[  322.357983][T19706]  netlink_sendmsg+0x805/0xb30
[  322.362743][T19706]  ? __pfx_netlink_sendmsg+0x10/0x10
[  322.368016][T19706]  ? aa_sock_msg_perm+0xf1/0x1d0
[  322.372947][T19706]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  322.378217][T19706]  ? __pfx_netlink_sendmsg+0x10/0x10
[  322.383486][T19706]  __sock_sendmsg+0x21c/0x270
[  322.388158][T19706]  ____sys_sendmsg+0x505/0x830
[  322.392928][T19706]  ? __pfx_____sys_sendmsg+0x10/0x10
[  322.398232][T19706]  ? import_iovec+0x74/0xa0
[  322.402758][T19706]  ___sys_sendmsg+0x21f/0x2a0
[  322.407491][T19706]  ? __pfx____sys_sendmsg+0x10/0x10
[  322.412711][T19706]  ? __fget_files+0x2a/0x420
[  322.417297][T19706]  ? __fget_files+0x3a0/0x420
[  322.421978][T19706]  __x64_sys_sendmsg+0x19b/0x260
[  322.426915][T19706]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  322.432382][T19706]  ? do_syscall_64+0xbe/0xfa0
[  322.437060][T19706]  do_syscall_64+0xfa/0xfa0
[  322.441551][T19706]  ? lockdep_hardirqs_on+0x9c/0x150
[  322.446744][T19706]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.452800][T19706]  ? clear_bhb_loop+0x60/0xb0
[  322.457476][T19706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.463356][T19706] RIP: 0033:0x7f7a8fd8f6c9
[  322.467760][T19706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.487466][T19706] RSP: 002b:00007f7a90c05038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  322.495879][T19706] RAX: ffffffffffffffda RBX: 00007f7a8ffe5fa0 RCX: 00007f7a8fd8f6c9
[  322.503846][T19706] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000007
[  322.511848][T19706] RBP: 00007f7a8fe11f91 R08: 0000000000000000 R09: 0000000000000000
[  322.519812][T19706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  322.527774][T19706] R13: 00007f7a8ffe6038 R14: 00007f7a8ffe5fa0 R15: 00007ffc7fc13ae8
[  322.535810][T19706]  </TASK>
[  322.539090][T19706] Kernel Offset: disabled
[  322.543403][T19706] Rebooting in 86400 seconds..