last executing test programs:

3.901768808s ago: executing program 0 (id=2453):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x4c, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
sendmsg$NL80211_CMD_TESTMODE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b400000063f59b6368a730a2e65f2ac773d3c84365b0014cd29fb6f5c151912ffc27535f613df8400693fce8848d02f0a51615e748e235b4f97f3c2894f834be42f099342348330f7c0eedde2ab49c9d7d3047e3185ef27558c84c21d4c230a9545d4d817d9ea060b48ee3b84c2559b6f8580e589acda67512da419acf82f514b20b4dec8c00ab3524bb31b3724582007c1646d28035f22e0fdc328a1e3214b8527a730567200a0f4d066e8e8b125f2572c6e98dae", @ANYRES16=0x0, @ANYBLOB="00022dbd7000ecffffff2d00000008000300", @ANYRES32=r3, @ANYBLOB="970045004781a34a20ec0753c100e3b79a67b657dcf86bede5fdda949a727cb37de2d48f50df29a81905cab3ae9aa9c8336414325cef5775972af0369de3a2b60cb46414ea4f36f22b5ba0ce09e0ed07c6ef4ff6b44df0185ebede5a085e5b31f911b506c0e29d8c3a07924e5be04397a48409c09ce3d40f1f34adfa431fcf996b3ac36c1b5d2b554dd7d44bb35d916d41dfaf115785f400"], 0xb4}}, 0x20000005)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1c, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="85000000520000007b0000000000000095"], &(0x7f0000002dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1b}, 0x94)

3.67694032s ago: executing program 0 (id=2455):
unshare(0x6a040000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f0000000140)={0x18, 0x0, {0x1, @empty, 'hsr0\x00'}})
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f00000000c0)=0x10)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000300)={r3, 0x6}, 0x8)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
ioctl$sock_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000100))
r5 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x4000000)
recvfrom(r4, &(0x7f0000000240)=""/63, 0x3f, 0x40000061, 0x0, 0x0)

3.171124377s ago: executing program 4 (id=2463):
r0 = socket$kcm(0x10, 0x3, 0x10) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) (async)
unshare(0x6020480) (async, rerun: 32)
unshare(0x26020480) (rerun: 32)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)

2.740745278s ago: executing program 0 (id=2468):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="01422006020607f6"], 0xa)
bind$bt_hci(r1, &(0x7f00000019c0)={0x1f, 0x3, 0x2}, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000084000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000838001180090001006c61737400000000280002800c00024000000000000000090800014000000ba308000140000010000800014000003f5e980000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000006c0003806800008008000340000000025c0002800c00028008000340000000024c000280080003400000000408000180fffffffd0800f1d7fffffffd0800034000000003090002007379"], 0x164}, 0x1, 0x0, 0x0, 0x4000819}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xc)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1b, 0x5, &(0x7f0000000500)=ANY=[@ANYRES32=r1, @ANYRESOCT=r0, @ANYRES8=r0, @ANYRES32=r3, @ANYRES64=r3, @ANYRESHEX=r2, @ANYRESOCT=r1], &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x88, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'veth1_macvtap\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000", @ANYRES32=<r6=>r5, @ANYBLOB="800202000a000200577f00"], 0x48}}, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRESOCT=r5, @ANYRESOCT=r6], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r8, 0x0, 0x138, 0x56, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000000480)=""/86, 0x7f, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x6, 0x0, 0x13}, 0x50)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='cubic', 0x6)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000000008010200000000000000000200ffff0600024022eb000005000300ffff00000900010073797a3000000000260004", @ANYRESOCT=r4, @ANYRESOCT=r0], 0x58}, 0x1, 0x0, 0x0, 0x20000015}, 0x20008000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r9, &(0x7f0000000200), 0x806000)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r11 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r12 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r12, 0x84, 0x6f, &(0x7f0000002080)={0x0, 0x10, &(0x7f0000002040)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000020c0)=0x10)
shutdown(r12, 0x1)

2.379567977s ago: executing program 3 (id=2471):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000005100001f12b000000ffdbdf250000000014ee729e4ea856fd6ee4ce025070362bbbf6ef", @ANYRES32=0x0, @ANYBLOB="00000000b0c4000014001680100001800c000400ffffff7f88000000140035006261746164765f736c6176655f300000"], 0x48}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000000)={0x5, 0x7, 0x5, 0xffff}, 0x10)
r1 = socket$l2tp(0x2, 0x2, 0x73)
getsockname$l2tp(r1, &(0x7f0000000040)={0x2, 0x0, @private}, &(0x7f0000000180)=0x10)

2.368706101s ago: executing program 4 (id=2472):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000c40)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4008040) (async)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$GTP_CMD_ECHOREQ(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)=ANY=[@ANYBLOB="4a00ffff", @ANYRES16=r2, @ANYBLOB="0002"], 0x4c}, 0x1, 0x0, 0x0, 0xc000400}, 0x4000)

2.249113722s ago: executing program 1 (id=2473):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYRES8, @ANYRES16=0x0, @ANYBLOB], 0x50)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCSPASS(r1, 0x40107447, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x10, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
pipe(0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_ACT={0x38, 0x3, [@m_connmark={0x34, 0x1, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x6c}}, 0x24000000)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(0x0, r4)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002100210107000000000000000a000000000000000000000008001a"], 0x24}}, 0x4004000)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.219009463s ago: executing program 3 (id=2474):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) (async)
recvmmsg(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)=""/9, 0x9}], 0x1, 0x0, 0x18}, 0xb7}], 0x1, 0x40002021, 0x0) (async)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f00000003c0)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)='/', 0x1}], 0x1, 0x0, 0x0, 0x1000a8d0}, 0x0) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x1ff) (async)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x8, 0xab00, 0x0, 0x7, {{0x5, 0x4, 0x0, 0x13, 0x14, 0x20, 0x0, 0x2b, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x3, 0x0}, @broadcast}}}})

2.18617365s ago: executing program 4 (id=2475):
r0 = socket$inet(0xa, 0x801, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="2539000020000365f507f62aa6172f7881"], 0x33fe0)
r2 = socket$inet6(0x10, 0x3, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x790f}, 0x94)
sendto$inet6(r2, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000060a0b04000000000000000002000002040004800900010073797a30000000000900020073f97a3200000000140000001100010000000000000000000000000a"], 0x58}}, 0x40000)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x8, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYRES8=r3, @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r6, 0x0, 0x1843}, 0x18)
r9 = socket$rds(0x15, 0x5, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f00000002c0)={'wpan1\x00'})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
setsockopt$inet_tcp_int(r0, 0x6, 0x4, &(0x7f0000000300)=0x1, 0x4)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000006c0)=ANY=[@ANYBLOB="6ede27ddcbdf3f421e85748958fa2cf8125aec0ca5718822d239b448f6fba93e3a4c6c8be4aae23feade58b5e21bd623381dffb483c83c971c31cafbe0756c54e9d3eefe5238ee0261394be3e144ea2d416b7575ffa31c78a033367962977e723c149e2a82011935be998b0638b295044ce248cadf6b868be5cce32dc7d1ea7cf4009ad267991f584d9b0632d45fb54af88d459d38b703c86ae7aff1ae93ded17059ead4eebe30acbeee", @ANYRES32=0x0, @ANYRESOCT=r9, @ANYRES32=r11, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

1.980958261s ago: executing program 1 (id=2476):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000003c6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae58e99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472ad529cefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc979ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa09acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b183940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822d8f4e2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340)={0x0, 0x2}, 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000200)={@private0, 0x0, 0x0, 0x1, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0xff, 0x9}, 0x20)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000300)={@local, 0x0, 0x0, 0x1}, &(0x7f00000004c0)=0x20)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_IMMEDIATE_DREG={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x20000814}, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000300)={0xa, 0x3, 0x40000008, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
getsockopt$inet6_mtu(r4, 0x29, 0x17, 0x0, &(0x7f0000000040))
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x98, 0x0, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0xb6}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x3}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x9}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x281}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0x40}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x7}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0xe}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x7fff}, @ETHTOOL_A_COALESCE_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x24000080}, 0x10)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0xfffffffe, 0xd99d}}]}]}}}]}, 0x70}}, 0x0)
sendto$packet(r5, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c288a8", 0x36, 0x830, &(0x7f0000000440)={0x11, 0x0, r8, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r9 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000740)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r1, @ANYRES16=r2, @ANYBLOB="ce907f41f231197a30ee172502bf10ec9dba609de9eb7e3a2f93eb42b8754193d1ef005d354e0a5402214d3bff8d0b32875c6b4d80b89a28a22cd7a0622d11a68414d676a3a2524a0bcfa3342bd2d1219eeb23ad9bd6e2c4cd6a1141c94a286bf96c9bbbe12c", @ANYBLOB="87df351b9f31c6a10a5dcef38a47fc5828a9e021b8c5a445cb146c071552f9c20221d7c37629e6279306758dd55fa7c976d2d694e0f69e9dc6081ce2637ac044ac38387d32cd1f04d87126ad884da10514b29afa046bd7c4d077eb9e923fd5545ab3c42b1714ac5d730a4f677cf3890cbddf48018ab620445cdd9637c7196f2e26c089167fa1978a68c7792186", @ANYRES64=r4], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r1, 0x0)

1.921425018s ago: executing program 0 (id=2477):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x76, &(0x7f0000000340)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x40, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @private2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}, [], "17c1ff182e8079f39240aaaa613e76c1"}}}}}}}, 0x0)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a000000080000644d"], 0x48)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01022bbd7000ffdbdf25000000000800020000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x4008044)

1.873874438s ago: executing program 1 (id=2478):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa000000000000015030000088d4e002d3501000000000095000000000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a81426104000000000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546ccd3f1d5ab2af27546e7c070000000000000095cb202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec85eeeb83ccaec388158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d0800e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb400f692f374dfab73f90000000000000000000000004000bc00f679629709e7e78f4d08000000ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43000000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d0000000000000000b712c1e47be511fe32fbc90e2364a55e9bb609c64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd4722a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1d913c3fd6edc9b9bfc8c6a14ff595eff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c835d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a0397c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed551c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff5af657a67463d7dbf85ae9321fad16ee751cd7dde94ec97549c2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8bf377b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059a6cffb92e2a0cfd81434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5c4d188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a5cbb8be3f7741b18007dff12eb95f9ddf30e066cc6bc256f0a12282224bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873d0ecdf904c2bdbef81f246d26f4b40df949e12bdac18092f4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054e5deb27f7922fe6c14eba96c9af409da03290e4009f872d5aac263dbe239efb1e02dd4fc07f8c5b070e2ddeb4b5afa6df2e7e162962e334d85fa4373d5b569ac3353cc56008ddc8277fa9e8f6684513bfa827686b6fb71259743f55f46fa7e6379312e93213faf275f0441d46bc5690181244c44bea45854ed4ccd99f3fd328110ae22ef1504ec0566652d742ed8a7e202539c6531824f7399b486fbb906a91b77f2a6ba27bf97ebc7482cea32278a7acd9f2210e6ed2defcbd112f29a92401c5a37c58835f870b056186ef3971d3d9effa5661cabc2ff070000cfb030dd4ac0fe54db67510d3e9a5d36b900000074000000000000000000000000006e96ba8f5e7e89bef4226173e20ebb17b924e9e6d0ee163713b2bd56f58dec64df91417beaac4061e6216774e048276e110d25ae7feb600897c8364af49ce59027a6ee5d7c6e12c0f45c0f376d9da065ca0499e209655d2420fcfa10fccf2cbe7b60161cc6cbd874c928689acd9d4e00cefacc887b76767ca1279e34d20b276dff8318e0ec5ab2929e63ef6a32b1abc55859804e2ec19e5b96a2df9f488e7e25a839701e37cdd850c2f26685047f1d492571482f993bb96642a3f56a0ea24d765c6edf2352e00bc4ff4a72"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_ifreq(r1, 0x8931, &(0x7f0000000000)={'syz_tun\x00', @ifru_hwaddr}) (async)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="700000001000010028bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="4cf2040000000000140003006e657464657673696d3000000000000034001680300001802c000c80140001"], 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x40)

1.7728659s ago: executing program 2 (id=2479):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002840)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, &(0x7f00000003c0), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x9, 0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x60, 0x80400)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, 0x500}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r5}, @IFLA_PHYS_SWITCH_ID={0x12, 0x24, "ea2007dee99a94b593cb22f0e780"}]}, 0x50}, 0x1, 0x0, 0x0, 0x24040844}, 0x8000)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r6, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r6, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0)
socket(0x2000000000000021, 0x2, 0x10000000000002)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="185ea4ae00000000000000000700"/30], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
socket(0x11, 0x800000003, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2c8, 0x0, 0x5, 0xffffff6a, 0x180, 0x0, 0x320, 0x258, 0x258, 0x320, 0x258, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'wg2\x00', 'macvlan1\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x328)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000a00)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="b7eb0100000000180000f8ffffff0200000066fbe212aa7b5a1a"], 0x0, 0x1a, 0x0, 0x0, 0xfc5b, 0x10000}, 0x28)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="0900000002000000700500000300000002000000", @ANYRES32, @ANYBLOB="01000000000000000000000000000000990905fb0cfcf54981c19639b46adc63f134777ec934c21e54a951f735f21d077f14ed5691b94cd6003c7d2d787d16ccc1746280f59c2cc3a2da0cad0cf8a8b41ac1eba72f119fca62e834bde3668988cea4c82949be65ca37fe03f0a8404e6f629717318e14000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000002c0)="04708bb27ec4bdf6fc283f27770d7dcb1ed87a844d9bb515d7b027d3932b73f589e7bf8bd3", &(0x7f0000000940)="f7d2fee45ee2d91a9282b469fde83e27cc0faa610e700962d8f0ade098b0ce3b4ed5bf9f65d0a83ba28ad4c17831cec82bc081472155e8a6c4434b36d6537b4d760e794b8f5284ec502b9415eeaaa27813b9e6e673a470cec873e211e214d400260a5fa610d0cd071d06fd5b31ecf0c35a5ea3568329970ef3c30c2344270967ef73035c6e51e10bb285ec2d547de645e4282d6809e6e93988be", 0xfffffffb, r8}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r8}, 0x38)

1.704384973s ago: executing program 0 (id=2480):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
syz_emit_ethernet(0xd2, &(0x7f00000003c0)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "9ea504", 0x9c, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast2, {[], {0x4e23, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "75477d9a6d0a5770e90bdd60ae3ebeab39f676409364a963dd2c1c77fd2f7017", "3a3fc7fad3d5282c51fb56c4202473e7e0a63474eee8b075cd64174e83a1315a729012d7a8db3a2bac9f6cffd8d70927", "4bfae8ea07d427b5264632e4cfc7382bb54bb31f4f4d532f26a9c603", {"624156eb1d0800", "626dc18ead41fce3878b510bdcf91b1c"}}}}}}}}, 0x0)
getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f0000000000)={@initdev, <r1=>0x0}, &(0x7f0000000080)=0x14)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl1\x00', r1, 0x4, 0x6, 0x8, 0xee, 0x2, @dev={0xfe, 0x80, '\x00', 0x41}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7, 0x700, 0x5, 0x7}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@can_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0x1d, 0x1, 0x8}, [@CGW_DST_IF={0x8}, @CGW_SRC_IF={0x8}, @CGW_FILTER={0xc, 0xb, {{0x1, 0x1, 0x1, 0x1}, {0x3, 0x1, 0x1}}}]}, 0x30}}, 0x0)

1.593209479s ago: executing program 1 (id=2481):
r0 = socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0xf0) (async)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
ioctl$sock_ax25_SIOCADDRT(r1, 0x891e, 0x0)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x5}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

1.496982176s ago: executing program 2 (id=2482):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001"], 0x7c}, 0x1, 0x0, 0x0, 0x4024}, 0x4000010)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aae", 0xb)
r2 = accept$alg(r1, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000002440)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000280)="57cd4e", 0x3}, {&(0x7f0000000580)="3222f0476ed4765dc271a2c4fc02", 0xe}], 0x2, &(0x7f0000001a40)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4000801}], 0x1, 0x40)
r3 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNGETOBJECT(r3, 0x89e0, &(0x7f0000000040)=0x2)
recvmmsg(r2, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}, 0xffffff0b}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000028c0)=""/4096, 0x1000}], 0x1}, 0xf}], 0x2, 0x2101, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={'ip6gretap0\x00', {0x2, 0x4e21, @multicast2}})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00'})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32, @ANYRES64=r0, @ANYRES64=r2], 0x54}}, 0x0)
r5 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r5, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000007000000890704ac14140f0011000000000000000000000001000000fc000000000000001400000000000000010000000c"], 0x68}, 0x0)

1.495232105s ago: executing program 1 (id=2483):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = socket$kcm(0x2d, 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x9, 0x4, 0x4, 0x14, 0x15, 0x4, 0x6}}, @TCA_CHOKE_STAB={0x104, 0x2, "18047d80edc79ded5baf17b8d4ef60c9b3b201ad412d10413208ddeec3ca63150ca2e8e880626d219622937291bf1a88f2a7e933b9de68b10c358ceb836b1269874d68178d5ca2a60691b8ac2b18bec75794ef929a921ba80fe335e76deda6606f266cad000e1e9f949c533252624fbdb25e28a005a01da7a07e844a72943d4959681afcb9a2b3b3c4b2b511416252a03ab78abf8be2fc63130f4387fb8c00ce678ba03763da61a574a9bc59b728aa3c02eedb176afb984194f31696e2b3357c5757fbf99bae1c8dde4cfedc5714471bdd688ce6ac6e3d2a149abd76a0fe9a44165ad7ea8d792273206fc444294e3bae3fc553bc9bd6d0b67ea837b7a0b7f9ef"}]}}]}, 0x14c}}, 0x0)
sendmsg$IPSET_CMD_LIST(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x2d, 0x0, 0x1f, 0x20}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x40041)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x9, 0xc5, @vifc_lcl_addr=@private=0xa010100, @remote}, 0x10)

1.491742166s ago: executing program 0 (id=2484):
socket$inet(0x2, 0x2, 0x0)
socket$inet(0x2b, 0x801, 0x0) (async)
r0 = socket$inet(0x2b, 0x801, 0x0)
listen(r0, 0x9)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000002ec0)=ANY=[@ANYBLOB="02000000040000000700000009"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="0d00000003000000040000000100000000000000", @ANYRES32=r2], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0)
close(0x3)
socket(0x2, 0x80805, 0x0) (async)
r4 = socket(0x2, 0x80805, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r7, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000400)={0xf8, r7, 0x0, 0x70bd2c, 0x25dfdbff, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000001}, 0x8880)
shutdown(r5, 0x0) (async)
shutdown(r5, 0x0)
close(0x3) (async)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={<r8=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={r8, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) (async)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
close(0x4)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)

1.427542518s ago: executing program 2 (id=2485):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x3f, 0x2000000000000033, &(0x7f0000000440)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000646c6c2500000000002008207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000a35000008500000006000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb70200000800"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r0}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xd, 0x12, r3, 0x1f4d2000)
close(r3)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x3f, 0x2000000000000033, &(0x7f0000000440)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000646c6c2500000000002008207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000a35000008500000006000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb70200000800"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r0}, 0x10) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) (async)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xd, 0x12, r3, 0x1f4d2000) (async)
close(r3) (async)

1.312824809s ago: executing program 2 (id=2486):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="05"], 0x1c}}, 0x0) (async)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet6_int(r2, 0x29, 0x16, 0x0, &(0x7f0000000340))
sendmsg$NL80211_CMD_DEL_PMK(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="740000009f5b136951b7b1db4b53024004328d09f3d4c5d5bd6f", @ANYRES16=r1, @ANYBLOB="000826bd7000fddbdf257c0000000c009900040000002b0000000a00060008021100000000000a00060008021100000000000a00060008021100000000000a00060008021100000000000a000600ffffffffffff00000a00060008021100000100000a0006000802110000010000"], 0x74}, 0x1, 0x0, 0x0, 0x40040}, 0x51) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'ip6erspan0\x00'}) (async)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="380000003f000758fefffffffeffffff017c0000040042800c00018006000600800a000014000280100014800c000680060001"], 0x38}, 0x1, 0x0, 0x0, 0x40008d1}, 0xc000)

1.188868583s ago: executing program 3 (id=2487):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
syz_emit_ethernet(0x6a, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00200000000808004b00005c0000000000069078ac141400ac1e0001890b6be0000001ac1414aa440c070300000000000000000000000000dab5fcf1c92cb73b9c11de524f3666dae20a136f90a93c7ad13e2b89a2fe0d86a535c885c55fea522325987ccf3ac8516bf8fa2b2e6c2d5039d8af7a2dd6fb66865a9c3857f6768f27b054c13041dbe66a9402d19d9a4b1b28692f8501f80c740749163deeedacbb782e78ed0cfec7804019899966891903703204fabd792974c1a123b06855d90a9fd42213f4449a241c1407882335a758ef3193d9886e1781ade4b45de4203a6ad71abc0b6eedadb9c4943ecc2adde640a9cd0503757e811af8a2522dfd6d4535d604807da8248853105c4a9ad3fda90de8418dc8e86a31019200"/299, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="c0007727907800000204080000fe5af989782e00220f2f95447b1cd3e351f40cce23cf00"], 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r2, &(0x7f0000000580)="81", 0x1, 0xc001, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x1c)
setsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f0000000000)={0xfffc, 0x0, 0xfffe, 0x7}, 0x8)
write$cgroup_int(r1, &(0x7f0000000200), 0x806000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r3, &(0x7f0000000200), 0xffffffc1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22052, r3, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/uts\x00')
ioctl$NS_GET_NSTYPE(r5, 0x8004b708, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r4, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004811)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r7, 0x11, 0x67, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r7, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080fffffffe0000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
recvmsg$kcm(r8, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x40)
r9 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r9, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r9, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1, 0x1000000000000}}], 0x48}, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000180), 0x4)
ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0xfca2})

1.183690398s ago: executing program 4 (id=2488):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x0, 0x18, 0x0, &(0x7f0000000080)="d4655cffe96df28dba8783c628be4e852a22da3296ac1e80", 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8}, 0x50)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000100)={'team0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x4, r2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x2000a804)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r5}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(r7, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000002700010000000000000000000c000080080023"], 0x1c}], 0x1}, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000d"], 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000080000000000000000000040000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESHEX=r6, @ANYRES32=r4, @ANYBLOB='\x00'/28], 0x50)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000001000000000000000000010018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r8, @ANYBLOB="0000000000020000b7080000090000017b8af8ff00000000bfa20000b15183246edf77d5a90321290000000007020000f8ffffffb703000008000000b70400000100000085000000030000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='tlb_flush\x00', r10}, 0x18)
sendmsg(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x18, r12, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0xc054}, 0x4)
r13 = socket(0x10, 0x80002, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab0925000900070007ab08000c000000f0007e93210001c000000000000000000000000000039915fa2c1ec28670e9889bb94b46fe0000000a0002", 0xff82)
r14 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r14, 0x10e, 0xc, &(0x7f0000000040)={0x200000c0, 0xffffffff, 0xfffffff8}, 0x10)
sendmsg$nl_route(r14, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000005200ed322abd7000ffdbdf2502"], 0x44}, 0x1, 0x0, 0x0, 0x20004004}, 0x0)
sendmmsg$alg(r13, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100), 0xc}], 0x492492492492856, 0x0)
r15 = epoll_create(0x5965)
epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, r0, &(0x7f00000000c0)={0x80000002})

1.162053873s ago: executing program 2 (id=2489):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfd, 0x808b9027}, 0xc)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
sendto$inet6(r0, 0x0, 0x0, 0x20000080, &(0x7f0000006080)={0xa, 0x4e23, 0x2004, @loopback, 0x4}, 0x1c)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc)

900.890014ms ago: executing program 2 (id=2490):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x4, 0x5, 0x2, 0x1000008, 0x4, @local, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0xd}})
unshare(0x6e060000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r6, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}, 0x1, 0x0, 0x0, 0x20000001}, 0x28040010)
r7 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000200)=0x60)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=<r8=>0x0)
connect$nfc_llcp(r7, &(0x7f0000000480)={0x27, r8, 0x0, 0x3, 0xb9, 0x6, "8c8716467595c45b0effaa7c7c58b60ad7d5966f4eecab7874787dd4c0c9fb95264d7673ebfdce4cccae1369871ddbc71005e213db5f08c7d45688d6eb6ae6", 0x28}, 0x60)
unshare(0x600)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r10 = socket$rxrpc(0x21, 0x2, 0x2)
connect$rxrpc(r10, &(0x7f0000000500)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0x3961, @remote, 0x6}}, 0x24)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r11, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, &(0x7f0000000340)=""/75, &(0x7f00000003c0)="6adcd3da9edb59240e8971b926407c19a8db884ccf7520c146ca6edb19f42d4968f43cd7a91f6ba3cfc2d4a4928cbf8fa0c9f5f856fa20b0f68eb27fdd7c1987a97ad1f49baa2def4f0c06178e846da8145f985c8c28e09877a6f224ff9052f2fd6ba0391e6ae51fe41d0fc111df8c4333c19c132d90d1610bb045ea7c38a353c2d06655128be785752e4518a82b52f9f2", &(0x7f0000000600)="d8b8554e0d1c686676f67bbefb4ee16c42942a8c43e0c658346dc9986923ceb17a2ef6127fde361aa8d16af81ded9ed06086bd48a6943f0e3993ab3e441b2b866b307d0d4e5acabed95342d9ce0f56481d96384ac6a0bd6dcbc7b3ceec14fa41bf168985127e0ec1bd704712757912095afc44cdde636606f69f55e83e43e019fa60dd8e6b9aa3087857dd2d1ed56f2e868a7c0b5bba892bf7fe2f37468c7fa01b9a318d20b26c3d407a933023079b751749ed22cf7fe6f6f5aa6d6b81504eae68dbfa27615014224736b18f102f2f060c1ca564f4c9beab26e0ec299942490f66bbe76d2c9c276c4e", 0x4, r2, 0x4}, 0x38)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, r1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r12}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sk_msg=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket(0x11, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x30}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

618.171995ms ago: executing program 3 (id=2491):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000020000000000000003000000180000000300000000000000040000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_buf(r0, 0x6, 0x8, &(0x7f0000000180)="d8dc494c", 0x4)
getsockopt$inet_tcp_int(r0, 0x6, 0x8, 0x0, &(0x7f0000001b80)) (async, rerun: 64)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (rerun: 64)
socket$inet(0x2b, 0x801, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) (async)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) (async)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x40000000000, 0x3, 0x4, 0x0, 0x0, 0x3, 0x8000000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x3ef74dec, 0x0, 0x7fffffff}, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async)
close(0x4)
bind$802154_dgram(r1, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800", @ANYRES32=r5], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x8000, r5}, 0x38) (async, rerun: 32)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

464.850326ms ago: executing program 4 (id=2492):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'ip6gre0\x00', 0x200})
socket$inet_udp(0x2, 0x2, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb000000000c0000000c00000002000000000000"], &(0x7f0000001f80)=""/226, 0x26, 0x81, 0x2}, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xfff3}}}, 0x24}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000021000100000000000000000002000000faff000000000000080018"], 0x34}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x44014)
recvmmsg(r6, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4082, 0xff2}, {&(0x7f0000002580)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/147, 0x93}], 0x3}, 0xffdffffc}], 0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB="4400000011002901800000000000000007000000", @ANYRES32=r7, @ANYBLOB="00000000000000001c001a800800038004000500080000003e"], 0x44}}, 0x100)
getsockopt$inet_buf(r1, 0x0, 0x12, &(0x7f0000000040)=""/43, &(0x7f0000000080)=0x2b)
socket$kcm(0x2, 0xa, 0x2)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f40000000001020f000000000000000005000008080008400000000b080003400000240074000d8014000500fe801b000000000000000000000000bb1400040000000000000000000000ffff640101013c000380060002004e220000060002004e230000060001004e210000060002004e240000060002004e240000060001004e230000060001004e2100000c000380060001004e21000008000740000001ff060012400002000044003094e36348761980080002003000000008000100100200000800020010010000080002001800000008000100230200000800020000020000080001002600000008000200000000000600"], 0xf4}, 0x1, 0x0, 0x0, 0x4000}, 0x4)
sendmsg$AUDIT_DEL_RULE(r8, &(0x7f0000001a40)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001a00)={&(0x7f00000015c0)=ANY=[@ANYBLOB="2c040000df0304002dbd7000fddbed2502000000010000001100000000000000ff0100000100008007000000050000008a00000008000000f80e000006000000010000000000000009000000090000000e00000006000000b50a0000a7000000000900000700000009000000000000004effffff81000000090000000600000009000000800000000101000008000000010400000400000001000000030000000c0000002bce000004000000f66fbb3403000000070000000100010002000000060000009c000000030000000f000000010000800100000000080000fdffffff09000000040000000000000001000100090000000600000000000000000000007a9b0000040000000200000001000000ff0000000600000006000000030000000b000000090000000600000007000000030000002b0900000500000000002001050000000300000000000000f7ffffff8100000002000000040000002a080000f3ec0000070000000300000002000000060000000b060000096bffff0100000007000000a500000009000000c4f9000001040000ff0f0000640b000050ffffff0300000006000000dc04000002000000e5000000ffffff7f0000000004000000080000000900000005000000580000000900000007000000f7ffffff05000000030000000f92000008000000e700000003000000ffffff7f020000000600000000100000c1080000ac0600001b0e0000cd0d0000f0fffffffe000000008000002004000007000000fdffffff9b304e5bf8ffffff00000000feffffff100000000500000007000000e30a000006000000010000800000000006000000c40500000000000003000000010000000000000009000000010000001fb90000000000b0ff030000810000003e000000f8ffffff04000000030000000600000000004000cc0900000001000003000000ff0300000700000003000000000000004000000009000000010000000c000000090000000d00000001000000050000000300000001000000d0ffffffffffffff05000000940700000800000009000000ffff0000400000000700000007000000000000800b00000000000000050000000004000001000080ff03000007000000400000007701000003000000010000000000000004000000ff0100004000000004000000a356000007000000020000002d03000024000000040000000180000018da000000000000080000007e0000000180ffff00000000b40000000900000003000000080000000300000008000000ffffffff0400000003000000ffffff7f080000000900000049000000030000000020001000000080ffff00000000ffff04000000f7ffffff7f00000004000000030000007f0000000000000002000000679e000000005000170a00000e00000005000000b6000000f8ffffff07000000000200000700000008000000070000000a000000270069703667726530000000"], 0x42c}}, 0x20044800)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000780)={'dummy0\x00', <r12=>0x0})
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r10, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010026bd6000000000002d9300000c00018008000100", @ANYRES32=r12], 0x20}, 0x1, 0x0, 0x0, 0xd4}, 0x24008000)
write$tun(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500561308005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000000cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000001a80)={{{@in6=@private2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r13=>0x0}}, {{@in6}, 0x0, @in6=@dev}}, &(0x7f0000001b80)=0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000001bc0)={{{@in=@remote, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e23, 0x7, 0x4e20, 0x2, 0x2, 0x80, 0x20, 0x2d, 0x0, r13}, {0x6, 0x9, 0x7, 0x8, 0xffffffff7fffffff, 0xfffffffffffffff7, 0x3, 0x2}, {0x3ff, 0x800, 0x9}, 0x5b, 0x6e6bb4, 0x2, 0x0, 0x1, 0x1}, {{@in6=@remote, 0x4d5, 0x33}, 0xa, @in6=@mcast1, 0x0, 0x4, 0x1, 0x1, 0x1, 0x400, 0x5}}, 0xe8)

272.870328ms ago: executing program 1 (id=2493):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000540)='hugetlb.1GB.usage_in_bytes\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0x806000)
ioctl$FS_IOC_RESVSP(r2, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newtfilter={0xac, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0x80, 0x2, [@TCA_U32_SEL={0x74, 0x5, {0x5, 0x6, 0x6, 0x5, 0x400, 0x2, 0x1, 0xc, [{0x8, 0x9df8, 0x5, 0xfffffffe}, {0xfff, 0xabac, 0x5d9, 0x6}, {0x7365, 0x200, 0x2, 0x3}, {0xaa2, 0x80000000, 0xc06f, 0x8001}, {0x9, 0x8001, 0x80, 0x7ff}, {0x10c00, 0x23e, 0x10000, 0x2}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0x1, 0xfff3}}]}}]}, 0xac}, 0x1, 0x0, 0x0, 0x50}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x13, &(0x7f0000000600)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @call={0x85, 0x0, 0x0, 0x4c}], &(0x7f0000000080)='syzkaller\x00', 0x81, 0x0, 0x0, 0x41100, 0x2, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000001c0)=[r0], &(0x7f00000002c0)=[{0x3, 0x3, 0x1, 0x7}, {0x5, 0x5, 0x1, 0x1}, {0x2, 0x3, 0xe, 0x3}, {0x5, 0x2, 0x2}, {0x4, 0x2, 0x5, 0x5}], 0x10, 0x400}, 0x94)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0x3, 0x2)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r7, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x3c, 0x3a, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @broadcast}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"4adcda08f6e83e2aa00e133f88a8349f246e"}}}}, 0x48)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000480)={r2, r2}, 0xc)

272.430026ms ago: executing program 3 (id=2494):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x28, 0x2b, 0x107, 0xfffffffe, 0x0, {0x4, 0x7c}, [@nested={0x8, 0x1, 0x0, 0x1, [@generic="629529dd"]}, @nested={0xc, 0x3, 0x0, 0x1, [@typed={0x8, 0x3, 0x0, 0x0, @fd}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4048011}, 0x4008084)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000240)='=', 0x1}], 0x1, 0x0)
splice(r0, 0x0, r3, 0x0, 0x4ffe0, 0x0)

96.195199ms ago: executing program 3 (id=2495):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x40, 0x0, 0x10, 0x70bd26, 0x25dfdc03, {}, [@IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x104}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40081c4}, 0x4044042)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100626f6e640000000018000280140008"], 0x48}}, 0x10000040)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0)

0s ago: executing program 4 (id=2496):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) (async, rerun: 64)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (rerun: 64)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x40800)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r4 = socket$inet6(0xa, 0x2, 0x0) (async)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syzkaller0\x00', <r7=>0x0}) (async)
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0xfffffffe, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) (async)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd2c, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff1, 0x6}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r11) (async)
socket(0x2, 0x5, 0x0) (async)
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
r12 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmmsg$inet(r4, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r13, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0) (async)
write$tun(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="034886dd09030004730081e949b9389ce643caf3565fb074d897bc3b0000000000007d01ff0200000000000000000075722d5f03a3dc7eb5f8edefb8856c243ff354c2675f293c478c0da445d40cab31b5a8696e763da97f3797934d89a9a71e520249a04ccc834a85d9d6dd316b094c01823e78226c7cc55083cd2c8859f0d1450b4479c34e627718de9a702e66132a9d45f34c6854e63e919cf6e0efa3e16d5d8ad7d9e4681b96a2577f750eb255cf3f3cccee34a9513213f963905bb0034f2e8484b9caad3a5f8e6b7fad3d7a959de2df571a67bb138a326565e72ba458af023b6cbe70fc90a3a0b9da0c89480f7dd4d281a1c1347f6d288a89fd2fc280848ae91a93eadf23408bf00729c19c9c6c7e2241da942c80652ac3026a4d30ba413d747d08430531eb9c1cca28ad7b9b8ab2b1129e5757398d266145241456b36b2a437d2a51622e019d3e0a2628877bf15c34"], 0xfdef) (async)
socket(0x40000000015, 0x5, 0x0) (async, rerun: 64)
socket$alg(0x26, 0x5, 0x0) (rerun: 64)
unshare(0x2040400)

kernel console output (not intermixed with test programs):

25106][ T7794] bond_slave_0: entered promiscuous mode
[  148.051872][ T7794] bond_slave_1: entered promiscuous mode
[  148.071103][ T7799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.453'.
[  148.097859][ T7799] bridge_slave_0: left allmulticast mode
[  148.103583][ T7799] bridge_slave_0: left promiscuous mode
[  148.131851][ T7799] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.391068][ T7811] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  148.768772][ T7830] xt_hashlimit: size too large, truncated to 1048576
[  148.912531][ T7833] vlan2: entered allmulticast mode
[  148.950683][ T7833] hsr_slave_1: entered allmulticast mode
[  149.024222][ T7835] netlink: 'syz.2.462': attribute type 10 has an invalid length.
[  149.055310][ T7835] 8021q: adding VLAN 0 to HW filter on device team0
[  149.089820][ T7835] team0: entered promiscuous mode
[  149.106110][ T7835] team_slave_0: entered promiscuous mode
[  149.130281][ T7835] team_slave_1: entered promiscuous mode
[  149.153062][ T7835] geneve0: entered promiscuous mode
[  149.193232][ T7835] bond0: (slave team0): Enslaving as an active interface with an up link
[  149.522072][  T197] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x6
[  149.787595][ T7852] netlink: 140 bytes leftover after parsing attributes in process `syz.4.467'.
[  150.215230][ T7877] syzkaller0: entered promiscuous mode
[  150.220879][ T7877] syzkaller0: entered allmulticast mode
[  150.656026][ T7899] IPVS: set_ctl: invalid protocol: 136 255.255.255.255:20001
[  150.804908][ T7891] netlink: 4 bytes leftover after parsing attributes in process `syz.3.473'.
[  151.180989][ T7923] netlink: 16 bytes leftover after parsing attributes in process `syz.4.478'.
[  151.211533][ T7923] netlink: 16 bytes leftover after parsing attributes in process `syz.4.478'.
[  151.408209][ T7926] macvlan2: entered promiscuous mode
[  151.413654][ T7926] vlan0: entered promiscuous mode
[  151.983351][ T7958] syzkaller1: entered allmulticast mode
[  152.009131][ T7960] netlink: 24 bytes leftover after parsing attributes in process `syz.2.490'.
[  152.155773][ T7974] netlink: 'syz.0.491': attribute type 1 has an invalid length.
[  152.187965][ T7974] netlink: 224 bytes leftover after parsing attributes in process `syz.0.491'.
[  152.265306][ T7975] netlink: 'syz.1.492': attribute type 1 has an invalid length.
[  152.322289][ T7981] netlink: 4 bytes leftover after parsing attributes in process `syz.1.492'.
[  152.502285][ T7975] 8021q: adding VLAN 0 to HW filter on device bond1
[  152.610118][ T7989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.497'.
[  152.638516][ T7989] netlink: 24 bytes leftover after parsing attributes in process `syz.3.497'.
[  152.722989][ T7981] bond1 (unregistering): Released all slaves
[  152.780059][ T7996] netlink: 56 bytes leftover after parsing attributes in process `syz.3.497'.
[  152.867404][ T7995] netlink: 'syz.2.498': attribute type 12 has an invalid length.
[  152.904340][ T7997] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  153.025597][ T8002] pim6reg0: tun_chr_ioctl cmd 2148553947
[  153.206679][ T8011] netlink: 'syz.4.501': attribute type 1 has an invalid length.
[  153.325407][ T8011] 8021q: adding VLAN 0 to HW filter on device bond2
[  153.400477][ T7465] IPVS: starting estimator thread 0...
[  153.477194][ T8017] bond2: (slave geneve3): making interface the new active one
[  153.512540][ T8017] bond2: (slave geneve3): Enslaving as an active interface with an up link
[  153.527840][ T8023] IPVS: using max 32 ests per chain, 76800 per kthread
[  153.572213][ T8024] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 0
[  153.658387][ T8038] netlink: 8 bytes leftover after parsing attributes in process `syz.2.506'.
[  153.689294][ T8038] netlink: 24 bytes leftover after parsing attributes in process `syz.2.506'.
[  153.776981][ T8046] netlink: 248 bytes leftover after parsing attributes in process `syz.1.509'.
[  153.851659][ T8052] bpq0: entered promiscuous mode
[  153.960045][ T8044] netlink: 8 bytes leftover after parsing attributes in process `syz.3.507'.
[  154.028223][ T8053] netlink: 248 bytes leftover after parsing attributes in process `syz.1.509'.
[  154.198507][ T8070] netlink: 20 bytes leftover after parsing attributes in process `syz.0.511'.
[  154.322111][ T8066] netlink: 12 bytes leftover after parsing attributes in process `syz.0.511'.
[  155.260269][ T8117] ip6tnl1: entered promiscuous mode
[  155.265568][ T8117] ip6tnl1: entered allmulticast mode
[  155.597184][ T8130] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  156.313360][ T8156] sctp: [Deprecated]: syz.2.529 (pid 8156) Use of int in maxseg socket option.
[  156.313360][ T8156] Use struct sctp_assoc_value instead
[  156.362687][ T8162] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  156.408398][ T8162] syzkaller0: entered promiscuous mode
[  156.421224][ T8162] syzkaller0: entered allmulticast mode
[  156.578273][ T8161] tipc: Resetting bearer <eth:syzkaller0>
[  156.682335][ T8161] tipc: Disabling bearer <eth:syzkaller0>
[  157.052250][ T8202] netlink: 'syz.0.537': attribute type 2 has an invalid length.
[  157.879996][ T8227] bond1: option packets_per_slave: mode dependency failed, not supported in mode 802.3ad(4)
[  158.021707][ T8227] bond1 (unregistering): Released all slaves
[  159.223039][ T8306] netlink: 'syz.1.557': attribute type 1 has an invalid length.
[  159.293531][ T8309] netlink: 'syz.0.559': attribute type 3 has an invalid length.
[  159.326097][ T8312] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  159.342881][ T8312] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  159.351676][ T8309] __nla_validate_parse: 10 callbacks suppressed
[  159.351711][ T8309] netlink: 224 bytes leftover after parsing attributes in process `syz.0.559'.
[  159.448756][ T8313] netlink: 'syz.2.560': attribute type 2 has an invalid length.
[  159.536723][ T8306] bond1: (slave bridge0): Enslaving as an active interface with a down link
[  159.648958][ T8326] gretap1: entered promiscuous mode
[  159.654462][ T8326] gretap1: entered allmulticast mode
[  159.669493][ T8326] bond1: (slave gretap1): making interface the new active one
[  159.699942][ T8326] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  159.762668][ T8336] netlink: 'syz.4.562': attribute type 10 has an invalid length.
[  159.769285][ T8332] netlink: 'syz.0.563': attribute type 1 has an invalid length.
[  159.801354][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.0.563'.
[  159.850518][ T8336] team0: Port device dummy0 added
[  160.623638][ T8358] netlink: 12 bytes leftover after parsing attributes in process `syz.2.567'.
[  161.089693][ T8377] netlink: 32 bytes leftover after parsing attributes in process `syz.1.573'.
[  161.295603][ T8388] netlink: 12 bytes leftover after parsing attributes in process `syz.3.570'.
[  161.498479][ T8388] vlan2: entered promiscuous mode
[  161.503596][ T8388] bond0: entered promiscuous mode
[  161.547531][ T8388] bond_slave_0: entered promiscuous mode
[  161.578032][ T8388] bond_slave_1: entered promiscuous mode
[  162.004169][ T8415] netlink: 24 bytes leftover after parsing attributes in process `syz.4.577'.
[  162.286213][ T8415] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.560982][ T8421] batadv0: entered promiscuous mode
[  162.661986][ T8421] 8021q: adding VLAN 0 to HW filter on device hsr1
[  162.924129][ T8415] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.012633][ T8448] netlink: 116 bytes leftover after parsing attributes in process `syz.1.584'.
[  163.016342][ T8452] netlink: 'syz.0.582': attribute type 10 has an invalid length.
[  163.088131][ T8455] netlink: 'syz.0.582': attribute type 10 has an invalid length.
[  163.127790][ T8455] netlink: 40 bytes leftover after parsing attributes in process `syz.0.582'.
[  163.240909][ T8415] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.320183][ T8452] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.346244][ T8452] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  163.383545][ T8455] batadv0: entered promiscuous mode
[  163.401679][ T8455] batadv0: entered allmulticast mode
[  163.448494][ T8455] bond0: (slave batadv0): Releasing backup interface
[  163.514104][ T8455] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  163.580003][ T8415] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.817563][ T8480] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  164.097476][ T8500] netlink: 'syz.1.593': attribute type 5 has an invalid length.
[  164.331191][ T8495] xt_NFQUEUE: number of total queues is 0
[  164.373133][ T8246] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  164.564852][ T8514] 8021q: adding VLAN 0 to HW filter on device bond0
[  164.575339][ T8514] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  164.606311][ T8246] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.688029][ T8246] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.726906][ T8246] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.104246][ T8531] netlink: 24 bytes leftover after parsing attributes in process `syz.1.598'.
[  165.263727][  T877] hid-generic 0005:0007:0008.0001: unknown main item tag 0x0
[  165.351735][ T8543] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  165.377768][  T877] hid-generic 0005:0007:0008.0001: item fetching failed at offset 1/2
[  165.386709][  T877] hid-generic 0005:0007:0008.0001: probe with driver hid-generic failed with error -22
[  165.598796][ T8557] netlink: 'syz.3.602': attribute type 1 has an invalid length.
[  165.697517][ T8557] bond3: entered promiscuous mode
[  165.709448][ T8557] 8021q: adding VLAN 0 to HW filter on device bond3
[  165.724320][ T8567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.602'.
[  165.737340][ T8567] netlink: 4 bytes leftover after parsing attributes in process `syz.3.602'.
[  165.813704][ T8566] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  165.897358][ T8566] netlink: 4 bytes leftover after parsing attributes in process `syz.2.604'.
[  166.102825][ T8566] bridge_slave_1: left allmulticast mode
[  166.110802][ T8566] bridge_slave_1: left promiscuous mode
[  166.116697][ T8566] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.130986][ T8566] bridge_slave_0: left allmulticast mode
[  166.136835][ T8566] bridge_slave_0: left promiscuous mode
[  166.162345][ T8566] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.625144][ T8608] FAULT_INJECTION: forcing a failure.
[  166.625144][ T8608] name failslab, interval 1, probability 0, space 0, times 0
[  166.640728][ T8608] CPU: 1 UID: 0 PID: 8608 Comm: syz.4.614 Not tainted syzkaller #0 PREEMPT(full) 
[  166.640756][ T8608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  166.640776][ T8608] Call Trace:
[  166.640785][ T8608]  <TASK>
[  166.640794][ T8608]  dump_stack_lvl+0x189/0x250
[  166.640829][ T8608]  ? __pfx____ratelimit+0x10/0x10
[  166.640863][ T8608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.640885][ T8608]  ? __pfx__printk+0x10/0x10
[  166.640912][ T8608]  ? __lock_acquire+0xab9/0xd20
[  166.640948][ T8608]  should_fail_ex+0x414/0x560
[  166.640987][ T8608]  should_failslab+0xa8/0x100
[  166.641016][ T8608]  kmem_cache_alloc_noprof+0x74/0x6e0
[  166.641039][ T8608]  ? skb_clone+0x212/0x3a0
[  166.641066][ T8608]  skb_clone+0x212/0x3a0
[  166.641091][ T8608]  __netlink_deliver_tap+0x404/0x850
[  166.641136][ T8608]  ? netlink_deliver_tap+0x2e/0x1b0
[  166.641168][ T8608]  netlink_deliver_tap+0x19c/0x1b0
[  166.641200][ T8608]  netlink_unicast+0x7fa/0x9e0
[  166.641237][ T8608]  ? __pfx_netlink_unicast+0x10/0x10
[  166.641267][ T8608]  ? netlink_sendmsg+0x642/0xb30
[  166.641295][ T8608]  ? skb_put+0x11b/0x210
[  166.641329][ T8608]  netlink_sendmsg+0x805/0xb30
[  166.641371][ T8608]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.641412][ T8608]  ? aa_sock_msg_perm+0xf1/0x1d0
[  166.641438][ T8608]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  166.641464][ T8608]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.641496][ T8608]  __sock_sendmsg+0x21c/0x270
[  166.641526][ T8608]  ____sys_sendmsg+0x505/0x830
[  166.641565][ T8608]  ? __pfx_____sys_sendmsg+0x10/0x10
[  166.641609][ T8608]  ? import_iovec+0x74/0xa0
[  166.641641][ T8608]  ___sys_sendmsg+0x21f/0x2a0
[  166.641664][ T8608]  ? __pfx____sys_sendmsg+0x10/0x10
[  166.641725][ T8608]  ? __fget_files+0x2a/0x420
[  166.641750][ T8608]  ? __fget_files+0x3a0/0x420
[  166.641787][ T8608]  __x64_sys_sendmsg+0x19b/0x260
[  166.641817][ T8608]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  166.641848][ T8608]  ? __pfx_ksys_write+0x10/0x10
[  166.641875][ T8608]  ? do_syscall_64+0xbe/0xfa0
[  166.641899][ T8608]  do_syscall_64+0xfa/0xfa0
[  166.641918][ T8608]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.641937][ T8608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.641957][ T8608]  ? clear_bhb_loop+0x60/0xb0
[  166.641983][ T8608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.642004][ T8608] RIP: 0033:0x7f8af038efc9
[  166.642022][ T8608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.642040][ T8608] RSP: 002b:00007f8af119d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.642062][ T8608] RAX: ffffffffffffffda RBX: 00007f8af05e5fa0 RCX: 00007f8af038efc9
[  166.642077][ T8608] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000000a
[  166.642090][ T8608] RBP: 00007f8af119d090 R08: 0000000000000000 R09: 0000000000000000
[  166.642103][ T8608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.642114][ T8608] R13: 00007f8af05e6038 R14: 00007f8af05e5fa0 R15: 00007ffe2d5f13c8
[  166.642150][ T8608]  </TASK>
[  167.322047][ T8619] veth0: entered promiscuous mode
[  167.542531][ T8616] netlink: 'syz.4.615': attribute type 16 has an invalid length.
[  167.607974][ T8616] netlink: 'syz.4.615': attribute type 17 has an invalid length.
[  168.129043][ T8616] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  168.165335][ T8646] netlink: 'syz.1.616': attribute type 29 has an invalid length.
[  168.239557][ T8613] veth0: left promiscuous mode
[  168.589563][ T1782] IPVS: starting estimator thread 0...
[  168.595442][ T8668] IPVS: lc: FWM 3 0x00000003 - no destination available
[  168.708791][ T8677] IPVS: using max 26 ests per chain, 62400 per kthread
[  168.779979][ T8680] rdma_op ffff8880583071f0 conn xmit_rdma 0000000000000000
[  168.848367][ T8682] FAULT_INJECTION: forcing a failure.
[  168.848367][ T8682] name failslab, interval 1, probability 0, space 0, times 0
[  168.874553][ T8682] CPU: 1 UID: 0 PID: 8682 Comm: syz.1.625 Not tainted syzkaller #0 PREEMPT(full) 
[  168.874594][ T8682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  168.874613][ T8682] Call Trace:
[  168.874626][ T8682]  <TASK>
[  168.874640][ T8682]  dump_stack_lvl+0x189/0x250
[  168.874680][ T8682]  ? __pfx____ratelimit+0x10/0x10
[  168.874729][ T8682]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.874757][ T8682]  ? __pfx__printk+0x10/0x10
[  168.874784][ T8682]  ? __pfx___might_resched+0x10/0x10
[  168.874818][ T8682]  should_fail_ex+0x414/0x560
[  168.874857][ T8682]  should_failslab+0xa8/0x100
[  168.874886][ T8682]  __kmalloc_cache_noprof+0x6f/0x6f0
[  168.874910][ T8682]  ? xfrm_policy_alloc+0x78/0x2b0
[  168.874946][ T8682]  xfrm_policy_alloc+0x78/0x2b0
[  168.874996][ T8682]  xfrm_policy_construct+0x39/0x6b0
[  168.875031][ T8682]  xfrm_add_policy+0x267/0x800
[  168.875058][ T8682]  ? __pfx_xfrm_add_policy+0x10/0x10
[  168.875075][ T8682]  ? apparmor_capable+0x137/0x1b0
[  168.875110][ T8682]  ? __nla_parse+0x40/0x60
[  168.875140][ T8682]  xfrm_user_rcv_msg+0x7a3/0xab0
[  168.875168][ T8682]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  168.875240][ T8682]  ? __pfx___mutex_trylock_common+0x10/0x10
[  168.875295][ T8682]  ? rcu_is_watching+0x15/0xb0
[  168.875327][ T8682]  ? trace_contention_end+0x39/0x120
[  168.875371][ T8682]  ? __mutex_lock+0x335/0x1350
[  168.875401][ T8682]  netlink_rcv_skb+0x208/0x470
[  168.875451][ T8682]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  168.875473][ T8682]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  168.875521][ T8682]  ? netlink_deliver_tap+0x2e/0x1b0
[  168.875559][ T8682]  ? netlink_deliver_tap+0x2e/0x1b0
[  168.875593][ T8682]  xfrm_netlink_rcv+0x79/0x90
[  168.875614][ T8682]  netlink_unicast+0x82f/0x9e0
[  168.875652][ T8682]  ? __pfx_netlink_unicast+0x10/0x10
[  168.875682][ T8682]  ? netlink_sendmsg+0x642/0xb30
[  168.875710][ T8682]  ? skb_put+0x11b/0x210
[  168.875745][ T8682]  netlink_sendmsg+0x805/0xb30
[  168.875788][ T8682]  ? __pfx_netlink_sendmsg+0x10/0x10
[  168.875825][ T8682]  ? aa_sock_msg_perm+0xf1/0x1d0
[  168.875851][ T8682]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  168.875879][ T8682]  ? __pfx_netlink_sendmsg+0x10/0x10
[  168.875911][ T8682]  __sock_sendmsg+0x21c/0x270
[  168.875941][ T8682]  ____sys_sendmsg+0x505/0x830
[  168.875982][ T8682]  ? __pfx_____sys_sendmsg+0x10/0x10
[  168.876027][ T8682]  ? import_iovec+0x74/0xa0
[  168.876060][ T8682]  ___sys_sendmsg+0x21f/0x2a0
[  168.876083][ T8682]  ? __pfx____sys_sendmsg+0x10/0x10
[  168.876147][ T8682]  ? __fget_files+0x2a/0x420
[  168.876184][ T8682]  ? __fget_files+0x3a0/0x420
[  168.876221][ T8682]  __x64_sys_sendmsg+0x19b/0x260
[  168.876244][ T8682]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  168.876275][ T8682]  ? __pfx_ksys_write+0x10/0x10
[  168.876302][ T8682]  ? do_syscall_64+0xbe/0xfa0
[  168.876326][ T8682]  do_syscall_64+0xfa/0xfa0
[  168.876347][ T8682]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.876366][ T8682]  ? asm_sysvec_call_function_single+0x1a/0x20
[  168.876386][ T8682]  ? clear_bhb_loop+0x60/0xb0
[  168.876412][ T8682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.876431][ T8682] RIP: 0033:0x7f8acc18efc9
[  168.876450][ T8682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.876468][ T8682] RSP: 002b:00007f8acd0e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  168.876489][ T8682] RAX: ffffffffffffffda RBX: 00007f8acc3e5fa0 RCX: 00007f8acc18efc9
[  168.876504][ T8682] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000000a
[  168.876517][ T8682] RBP: 00007f8acd0e7090 R08: 0000000000000000 R09: 0000000000000000
[  168.876529][ T8682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.876547][ T8682] R13: 00007f8acc3e6038 R14: 00007f8acc3e5fa0 R15: 00007ffdc8e5e538
[  168.876582][ T8682]  </TASK>
[  169.256913][ T8684] netlink: 4 bytes leftover after parsing attributes in process `syz.3.626'.
[  169.265938][ T8684] batadv1: left allmulticast mode
[  169.271533][ T8684] batadv1: left promiscuous mode
[  169.276738][ T8684] bridge0: port 3(batadv1) entered disabled state
[  169.286721][ T8684] bridge_slave_1: left allmulticast mode
[  169.332976][ T8686] netlink: 8 bytes leftover after parsing attributes in process `syz.3.626'.
[  169.354128][ T8684] bridge_slave_1: left promiscuous mode
[  169.382798][ T8684] bridge0: port 2(bridge_slave_1) entered disabled state
[  169.419483][ T8684] bridge_slave_0: left allmulticast mode
[  169.428235][ T8684] bridge_slave_0: left promiscuous mode
[  169.434071][ T8684] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.594201][ T8697] netlink: 24 bytes leftover after parsing attributes in process `syz.2.629'.
[  169.625625][ T8686] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  170.075110][ T8712] netlink: 'syz.2.633': attribute type 4 has an invalid length.
[  170.489763][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.636'.
[  170.510802][ T8728] netlink: 'syz.2.638': attribute type 1 has an invalid length.
[  170.600948][ T8728] 8021q: adding VLAN 0 to HW filter on device bond1
[  170.609308][ T8733] bond1: entered allmulticast mode
[  170.887022][ T5201] udevd[5201]: worker [6174] terminated by signal 33 (Unknown signal 33)
[  171.816604][ T8773] team0: Port device team_slave_0 removed
[  171.856900][ T8781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.652'.
[  171.959054][ T8781] netlink: 68 bytes leftover after parsing attributes in process `syz.4.652'.
[  172.023081][ T8786] netlink: 4 bytes leftover after parsing attributes in process `syz.4.652'.
[  172.142990][ T8786] hsr_slave_0: left promiscuous mode
[  172.163904][ T8786] hsr_slave_1: left promiscuous mode
[  172.641761][ T8807] netlink: 'syz.2.659': attribute type 32 has an invalid length.
[  172.667384][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'.
[  172.763330][ T8807] bond2: Setting coupled_control to off (0)
[  172.771772][ T8807] netlink: 'syz.2.659': attribute type 32 has an invalid length.
[  172.792575][ T8810] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  172.808353][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'.
[  173.016696][ T8807] bond3: Setting coupled_control to off (0)
[  173.023266][ T8807] netlink: 'syz.2.659': attribute type 32 has an invalid length.
[  173.031328][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'.
[  173.079897][ T8807] bond4: Setting coupled_control to off (0)
[  173.086334][ T8807] netlink: 'syz.2.659': attribute type 32 has an invalid length.
[  173.094204][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'.
[  173.135743][ T8807] bond5: Setting coupled_control to off (0)
[  173.158429][ T8807] netlink: 'syz.2.659': attribute type 32 has an invalid length.
[  173.166342][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'.
[  173.218084][ T8807] bond6: Setting coupled_control to off (0)
[  173.225555][ T8807] netlink: 'syz.2.659': attribute type 32 has an invalid length.
[  173.236714][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'.
[  173.296390][ T8807] bond7: Setting coupled_control to off (0)
[  173.323327][ T8807] netlink: 'syz.2.659': attribute type 32 has an invalid length.
[  173.461486][ T8807] bond8: Setting coupled_control to off (0)
[  173.856074][ T8859] workqueue: name exceeds WQ_NAME_LEN. Truncating to: žÀ^–>º>ùMv^µ
â侦¸ÑKc'A¥»–
[  174.078681][ T8871] netlink: 'syz.2.677': attribute type 1 has an invalid length.
[  174.123922][ T8871] bond9: entered promiscuous mode
[  174.131210][ T8871] 8021q: adding VLAN 0 to HW filter on device bond9
[  174.170627][ T8871] bond9: (slave bridge0): making interface the new active one
[  174.179328][ T8871] bridge0: entered promiscuous mode
[  174.187255][ T8871] bond9: (slave bridge0): Enslaving as an active interface with an up link
[  174.518163][ T8880] syzkaller1: tun_chr_ioctl cmd 1074025675
[  174.535892][ T8882] ieee802154 phy1 wpan1: encryption failed: -90
[  174.538883][    T9] syzkaller1: tun_net_xmit 90
[  174.555361][ T8880] syzkaller1: persist disabled
[  174.576963][ T8890] syzkaller1: tun_chr_ioctl cmd 1074025677
[  174.605099][    T9] syzkaller1: tun_net_xmit 90
[  174.619788][ T8890] syzkaller1: Linktype set failed because interface is up
[  175.400293][ T8889] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  175.754130][ T8924] can: request_module (can-proto-4) failed.
[  175.768249][ T8920] bond2 (unregistering): Released all slaves
[  175.887023][ T8934] __nla_validate_parse: 9 callbacks suppressed
[  175.887044][ T8934] netlink: 64 bytes leftover after parsing attributes in process `syz.1.688'.
[  175.919233][ T8927] netlink: 'syz.0.689': attribute type 29 has an invalid length.
[  176.629743][ T8965] netlink: 68 bytes leftover after parsing attributes in process `syz.4.698'.
[  176.684012][ T8970] xt_hashlimit: max too large, truncated to 1048576
[  176.856363][ T8985] syz_tun: entered allmulticast mode
[  176.941177][ T8985] syz_tun: left allmulticast mode
[  177.148284][ T8999] netlink: 24 bytes leftover after parsing attributes in process `syz.1.704'.
[  177.165434][ T9000] IPVS: length: 43 != 8
[  177.376906][ T9007] netlink: 4 bytes leftover after parsing attributes in process `syz.4.709'.
[  177.642396][ T9007] vxcan1 (unregistering): left allmulticast mode
[  177.920601][ T9014] netlink: 'syz.0.711': attribute type 10 has an invalid length.
[  177.938192][ T9014] netlink: 40 bytes leftover after parsing attributes in process `syz.0.711'.
[  178.011035][ T9014] team0: Port device geneve0 added
[  178.019223][ T1312] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.032478][ T1312] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.069940][ T1312] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.219984][ T1312] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.519237][ T9024] xt_CT: No such helper "netbios-ns"
[  178.587888][ T5842] Bluetooth: hci4: command 0x0405 tx timeout
[  179.154933][   T30] audit: type=1800 audit(1760978569.380:4): pid=9048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.719" name=5D80CEFF4AA6DC5F710E8DF1F7582C892AF8D26C5BD9C07CAA9E7DED20F3F5CE5E3A882A02450DCF19 dev="tmpfs" ino=722 res=0 errno=0
[  179.198390][ T9050] netlink: 8 bytes leftover after parsing attributes in process `syz.4.720'.
[  179.663560][ T9063] netlink: 76 bytes leftover after parsing attributes in process `syz.3.721'.
[  180.121967][ T9088] netlink: 20 bytes leftover after parsing attributes in process `syz.2.727'.
[  180.158159][ T9086] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  180.272319][ T9090] netlink: 'syz.4.728': attribute type 3 has an invalid length.
[  180.294501][ T9090] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.728'.
[  180.317874][ T9086] hsr_slave_1 (unregistering): left promiscuous mode
[  180.668150][ T5842] Bluetooth: hci4: command 0x0405 tx timeout
[  180.713548][ T9110] netlink: 'syz.4.736': attribute type 3 has an invalid length.
[  180.902595][ T9109] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  180.973718][ T9113] netlink: 'syz.0.738': attribute type 26 has an invalid length.
[  181.258391][ T9109] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.342798][ T9128] __nla_validate_parse: 4 callbacks suppressed
[  181.342818][ T9128] netlink: 36 bytes leftover after parsing attributes in process `syz.0.740'.
[  181.371087][ T9128] 8021q: VLANs not supported on ipvlan1
[  181.410418][ T9130] macsec1: entered promiscuous mode
[  181.415807][ T9130] macsec1: entered allmulticast mode
[  181.477098][ T9109] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.652378][ T9109] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  181.693917][ T9140] netlink: 68 bytes leftover after parsing attributes in process `syz.1.743'.
[  181.890055][ T9143] netlink: 'syz.0.746': attribute type 9 has an invalid length.
[  182.045762][   T36] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  182.085800][   T36] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  182.135915][   T36] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  182.182665][   T36] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  182.238161][ T9159] netlink: 12 bytes leftover after parsing attributes in process `syz.1.749'.
[  182.361964][ T9159] 8021q: adding VLAN 0 to HW filter on device bond2
[  182.508819][ T9176] netlink: 'syz.2.755': attribute type 1 has an invalid length.
[  182.577161][ T9181] netlink: 8 bytes leftover after parsing attributes in process `syz.4.757'.
[  182.595280][ T9181] netlink: 8 bytes leftover after parsing attributes in process `syz.4.757'.
[  182.861172][ T9195] netlink: 12 bytes leftover after parsing attributes in process `syz.1.761'.
[  182.896876][ T9195] netlink: 'syz.1.761': attribute type 12 has an invalid length.
[  183.002584][ T9203] bpq0: left promiscuous mode
[  183.165938][ T9210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.765'.
[  183.185042][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.3.766'.
[  183.216540][ T9213] netlink: 'syz.1.767': attribute type 13 has an invalid length.
[  183.226676][ T9213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.767'.
[  183.910057][ T9255] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  184.056148][ T9260] pim6reg: entered allmulticast mode
[  184.065427][ T9260] pim6reg: left allmulticast mode
[  184.252957][ T9274] netlink: 28 bytes leftover after parsing attributes in process `syz.4.786'.
[  184.422329][ T9282] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  184.635253][ T9292] syzkaller0: entered promiscuous mode
[  184.641244][ T9292] syzkaller0: entered allmulticast mode
[  184.897035][ T9302] netlink: 'syz.4.791': attribute type 21 has an invalid length.
[  184.910168][ T9302] netlink: 'syz.4.791': attribute type 22 has an invalid length.
[  184.920149][ T9302] netlink: 'syz.4.791': attribute type 23 has an invalid length.
[  184.928161][ T9302] netlink: 'syz.4.791': attribute type 25 has an invalid length.
[  184.936721][ T9302] netlink: 'syz.4.791': attribute type 26 has an invalid length.
[  184.941099][ T9305] hsr_slave_0: left promiscuous mode
[  184.955532][ T9305] hsr_slave_1: left promiscuous mode
[  185.115911][ T9244] Bluetooth: hci1: Opcode 0x0401 failed: -4
[  185.428202][ T9336] netlink: 'syz.0.797': attribute type 4 has an invalid length.
[  185.526177][ T9329] netlink: 'syz.0.797': attribute type 4 has an invalid length.
[  185.868239][ T5848] Bluetooth: hci1: command 0x0401 tx timeout
[  186.361230][ T9374] xt_hashlimit: max too large, truncated to 1048576
[  186.432439][ T9377] __nla_validate_parse: 12 callbacks suppressed
[  186.432458][ T9377] netlink: 32 bytes leftover after parsing attributes in process `syz.3.811'.
[  186.462672][ T9382] netlink: 24 bytes leftover after parsing attributes in process `syz.4.813'.
[  186.473816][ T9377] netlink: 'syz.3.811': attribute type 1 has an invalid length.
[  186.621772][ T9377] vlan2: left promiscuous mode
[  186.647451][ T9377] bond3: left promiscuous mode
[  186.892819][ T9396] netlink: 44 bytes leftover after parsing attributes in process `syz.1.815'.
[  186.908502][ T9383] netlink: 16 bytes leftover after parsing attributes in process `syz.0.814'.
[  186.944603][ T9397] netlink: 28 bytes leftover after parsing attributes in process `syz.4.816'.
[  186.960137][ T9397] netlink: 24 bytes leftover after parsing attributes in process `syz.4.816'.
[  187.344842][ T9413] IPVS: length: 4096 != 8
[  187.519224][ T9421] IPVS: set_ctl: invalid protocol: 22 172.20.20.187:20002
[  187.582271][ T9424] veth0: entered promiscuous mode
[  187.652465][ T9426] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  187.698406][ T9424] netlink: 'syz.2.824': attribute type 16 has an invalid length.
[  187.798328][ T9424] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  187.863458][ T9432] netlink: 16 bytes leftover after parsing attributes in process `syz.3.826'.
[  187.879132][ T9426] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.030174][ T9434] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  188.042923][ T9440] netlink: 7 bytes leftover after parsing attributes in process `syz.3.828'.
[  188.065344][ T9426] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.144089][ T9426] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.285932][ T9424] veth0: left promiscuous mode
[  188.387620][ T9448] validate_nla: 1 callbacks suppressed
[  188.393709][ T9448] netlink: 'syz.1.832': attribute type 1 has an invalid length.
[  188.451850][ T9448] bond3: entered promiscuous mode
[  188.457343][ T9448] 8021q: adding VLAN 0 to HW filter on device bond3
[  188.484107][   T50] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  188.521412][ T9448] bond3: (slave bridge2): making interface the new active one
[  188.529130][ T9448] bridge2: entered promiscuous mode
[  188.537340][ T9448] bond3: (slave bridge2): Enslaving as an active interface with an up link
[  188.558067][   T36] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  188.588417][   T36] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  188.621092][ T1332] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  188.911459][ T9474] netlink: 24 bytes leftover after parsing attributes in process `syz.4.836'.
[  189.237088][ T9486] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  189.727069][ T9516] netlink: 8 bytes leftover after parsing attributes in process `syz.3.846'.
[  190.315582][ T9534] ieee802154 phy1 wpan1: encryption failed: -22
[  190.327730][ T9532] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  190.335727][ T9532] syzkaller0: entered promiscuous mode
[  190.361423][ T9532] syzkaller0: entered allmulticast mode
[  190.445709][ T9532] tipc: Resetting bearer <eth:syzkaller0>
[  190.499674][ T9531] tipc: Resetting bearer <eth:syzkaller0>
[  190.526409][ T9531] tipc: Disabling bearer <eth:syzkaller0>
[  190.757210][ T9547] netlink: 'syz.0.858': attribute type 1 has an invalid length.
[  190.818164][ T9547] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  191.153809][ T9565] netlink: 'syz.0.864': attribute type 3 has an invalid length.
[  191.382274][ T9570] macvtap0: entered promiscuous mode
[  191.400302][ T9570] veth1_to_hsr: entered promiscuous mode
[  191.406274][ T9570] macvtap0: entered allmulticast mode
[  191.415067][ T9570] veth1_to_hsr: entered allmulticast mode
[  191.481644][ T9578] bond4: entered promiscuous mode
[  191.520143][ T9578] __nla_validate_parse: 2 callbacks suppressed
[  191.520160][ T9578] netlink: 16 bytes leftover after parsing attributes in process `syz.1.867'.
[  191.596694][ T9578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.867'.
[  191.636018][ T9589] netlink: 104 bytes leftover after parsing attributes in process `syz.0.869'.
[  191.658462][ T9591] netlink: 134788 bytes leftover after parsing attributes in process `syz.4.870'.
[  191.816938][ T9598] bridge_slave_0: default FDB implementation only supports local addresses
[  192.145553][ T9609] netlink: 32 bytes leftover after parsing attributes in process `syz.3.875'.
[  192.165781][ T9612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.876'.
[  192.181859][ T9614] ieee802154 phy1 wpan1: encryption failed: -22
[  192.245027][ T9614] netlink: 152 bytes leftover after parsing attributes in process `syz.4.874'.
[  192.270171][ T9618] xt_l2tp: invalid flags combination: 8
[  192.446257][ T9623] syzkaller1: entered promiscuous mode
[  192.467701][ T9623] syzkaller1: entered allmulticast mode
[  192.661936][ T9637] netlink: 56 bytes leftover after parsing attributes in process `syz.4.880'.
[  192.921156][ T9652] ipvlan0: entered promiscuous mode
[  192.928831][ T9652] ipvlan0: left promiscuous mode
[  193.146354][ T9659] nbd: must specify a size in bytes for the device
[  193.316414][ T7462] IPVS: starting estimator thread 0...
[  193.473432][ T9675] IPVS: Scheduler module ip_vs_sip not found
[  193.484543][ T9688] IPVS: length: 141 != 8
[  193.567779][ T9677] IPVS: using max 29 ests per chain, 69600 per kthread
[  193.662122][ T9694] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.896'.
[  193.814986][ T9706] netlink: 'syz.1.902': attribute type 1 has an invalid length.
[  193.871317][ T9706] bond5: (slave bridge3): making interface the new active one
[  193.880552][ T9706] bond5: (slave bridge3): Enslaving as an active interface with an up link
[  194.078936][ T9718] netlink: 14 bytes leftover after parsing attributes in process `syz.1.906'.
[  194.408645][ T9718] bond0 (unregistering): Released all slaves
[  194.558858][ T9744] 8021q: adding VLAN 0 to HW filter on device ipvlan3
[  194.834522][ T9766] netlink: 'syz.4.916': attribute type 11 has an invalid length.
[  194.994978][ T9778] netlink: 'syz.1.917': attribute type 1 has an invalid length.
[  195.224624][ T9796] --map-set only usable from mangle table
[  195.766204][ T9799] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  195.800807][ T9799] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  196.081128][ T2998] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  196.118898][ T2998] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  196.158570][ T2998] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  196.167091][ T2998] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  196.367611][ T9834] netlink: 'syz.2.933': attribute type 4 has an invalid length.
[  196.450930][ T9845] pimreg: entered allmulticast mode
[  196.560146][ T9851] __nla_validate_parse: 7 callbacks suppressed
[  196.560166][ T9851] netlink: 8 bytes leftover after parsing attributes in process `syz.2.940'.
[  196.721689][ T9864] netlink: 52 bytes leftover after parsing attributes in process `syz.0.942'.
[  196.732770][ T9864] netlink: 'syz.0.942': attribute type 1 has an invalid length.
[  196.792692][ T9859] syzkaller0: entered promiscuous mode
[  196.807074][ T9859] syzkaller0: entered allmulticast mode
[  197.008417][ T9884] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  197.791037][ T9899] syzkaller0: entered promiscuous mode
[  197.797008][ T9899] syzkaller0: entered allmulticast mode
[  197.809894][ T9899] syzkaller0: left allmulticast mode
[  197.853318][ T9905] lo: entered promiscuous mode
[  197.861193][ T9905] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  197.940849][ T9910] netlink: 'syz.1.955': attribute type 12 has an invalid length.
[  198.175956][ T9934] SET target dimension over the limit!
[  198.287109][ T9941] netlink: 'syz.4.964': attribute type 1 has an invalid length.
[  198.326833][ T9941] 8021q: adding VLAN 0 to HW filter on device bond3
[  198.440200][ T9953] netlink: 'syz.4.967': attribute type 1 has an invalid length.
[  198.728176][ T9967] bond5: option fail_over_mac: invalid value (253)
[  198.736463][ T9967] bond5 (unregistering): Released all slaves
[  198.980533][ T9979] netlink: 28 bytes leftover after parsing attributes in process `syz.2.973'.
[  198.990144][ T9979] netlink: 28 bytes leftover after parsing attributes in process `syz.2.973'.
[  199.023286][ T9979] veth0: entered promiscuous mode
[  199.030899][ T9979] veth0: left promiscuous mode
[  199.235015][ T9993] veth0_to_bond: entered allmulticast mode
[  199.278438][ T9999] netlink: 32 bytes leftover after parsing attributes in process `syz.3.978'.
[  199.398455][T10003] sctp: [Deprecated]: syz.0.980 (pid 10003) Use of struct sctp_assoc_value in delayed_ack socket option.
[  199.398455][T10003] Use struct sctp_sack_info instead
[  199.441093][T10003] netlink: 128 bytes leftover after parsing attributes in process `syz.0.980'.
[  199.763509][T10025] trusted_key: syz.4.985 sent an empty control message without MSG_MORE.
[  199.769617][T10028] netlink: 'syz.1.984': attribute type 4 has an invalid length.
[  199.796378][T10029] netlink: 28 bytes leftover after parsing attributes in process `syz.4.985'.
[  199.820201][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  200.162503][T10048] netlink: 8 bytes leftover after parsing attributes in process `syz.0.991'.
[  200.347439][T10057] netlink: 68 bytes leftover after parsing attributes in process `syz.2.992'.
[  200.408592][T10060] netlink: 'syz.1.994': attribute type 1 has an invalid length.
[  200.427182][T10060] netlink: 8 bytes leftover after parsing attributes in process `syz.1.994'.
[  201.856373][T10099] tap0: tun_chr_ioctl cmd 1074025677
[  201.866223][T10099] tap0: linktype set to 804
[  201.961306][T10105] ieee802154 phy1 wpan1: encryption failed: -22
[  201.974925][T10103] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.008135][T10103] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  202.146924][T10103] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.173393][T10103] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  202.319061][T10103] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.339352][T10103] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  202.503171][T10103] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.537022][T10103] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  202.734605][T10142] Bluetooth: hci0: unsupported parameter 512
[  202.749983][T10142] Bluetooth: hci0: invalid length 0, exp 2 for type 26
[  203.118870][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  203.141972][   T12] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  203.181549][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  203.190527][   T12] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  203.301937][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  203.318936][   T12] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  203.337549][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  203.360075][   T12] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  203.557962][T10180] netlink: 'syz.2.1022': attribute type 1 has an invalid length.
[  203.565764][T10180] __nla_validate_parse: 2 callbacks suppressed
[  203.565784][T10180] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1022'.
[  203.600174][T10181] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1024'.
[  203.638170][T10180] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1022'.
[  204.679479][T10236] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1034'.
[  204.752023][T10240] netlink: 208 bytes leftover after parsing attributes in process `syz.3.1036'.
[  204.771808][T10236] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check.
[  204.968691][T10246] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1039'.
[  205.003234][T10253] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1042'.
[  205.152002][T10260] netlink: 'syz.4.1041': attribute type 13 has an invalid length.
[  205.696265][T10260] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.704250][T10260] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.946124][T10260] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  205.967574][T10260] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  206.298111][   T50] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  206.306621][   T50] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  206.326816][   T50] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  206.337965][   T50] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  206.489769][T10299] netlink: 'syz.0.1048': attribute type 13 has an invalid length.
[  206.675549][T10303] xt_hashlimit: max too large, truncated to 1048576
[  206.774356][T10299] veth1_to_hsr: left allmulticast mode
[  206.784350][T10299] veth1_to_hsr: left promiscuous mode
[  207.307051][T10301] bond0: (slave team0): Releasing backup interface
[  207.316717][T10301] team0: left promiscuous mode
[  207.325107][T10301] team_slave_0: left promiscuous mode
[  207.336347][T10301] team_slave_1: left promiscuous mode
[  207.342499][T10301] geneve0: left promiscuous mode
[  207.353966][T10301] bond0: (slave bond_slave_0): Releasing backup interface
[  207.362340][T10301] bond_slave_0: left promiscuous mode
[  207.370350][T10301] bond0: (slave bond_slave_1): Releasing backup interface
[  207.381690][T10301] bond_slave_1: left promiscuous mode
[  207.390498][T10301] team0: Port device team_slave_0 removed
[  207.398887][T10301] team0: Port device team_slave_1 removed
[  207.405054][T10301] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  207.421285][   T50] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  207.439333][ T2998] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  207.471130][ T2998] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  207.488215][   T12] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  207.801665][T10314] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1054'.
[  208.160685][T10333] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1058'.
[  208.183012][T10333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1058'.
[  208.287553][T10331] syzkaller0: entered promiscuous mode
[  208.293448][T10331] syzkaller0: entered allmulticast mode
[  209.952109][T10257] Set syz1 is full, maxelem 65536 reached
[  210.461445][T10371] netlink: 'syz.4.1066': attribute type 4 has an invalid length.
[  210.910674][T10369] netlink: 'syz.4.1066': attribute type 12 has an invalid length.
[  211.269054][T10396] netlink: 'syz.4.1072': attribute type 1 has an invalid length.
[  211.517018][T10401] __nla_validate_parse: 1 callbacks suppressed
[  211.517037][T10401] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1074'.
[  211.589338][T10402] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1074'.
[  211.823919][T10414] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1077'.
[  211.835157][T10414] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1077'.
[  212.069998][T10433] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  212.087142][T10431] syzkaller0: entered promiscuous mode
[  212.095392][T10431] syzkaller0: entered allmulticast mode
[  212.104765][T10439] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1084'.
[  212.108489][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  212.120089][   T52] Bluetooth: hci1: command 0x0401 tx timeout
[  212.126215][   T52] Bluetooth: hci3: command 0x0406 tx timeout
[  212.202513][T10431] tipc: Resetting bearer <eth:syzkaller0>
[  212.259974][T10431] tipc: Disabling bearer <eth:syzkaller0>
[  212.561614][T10459] macvlan1: entered allmulticast mode
[  212.588166][T10470] netlink: 'syz.3.1089': attribute type 2 has an invalid length.
[  212.829193][T10482] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1095'.
[  213.036137][T10488] vxcan1: entered allmulticast mode
[  213.549015][T10527] batadv_slave_1: entered promiscuous mode
[  213.631385][T10524] batadv_slave_1: left promiscuous mode
[  213.639564][T10531] syz_tun: entered allmulticast mode
[  213.708541][T10532] netlink: 'syz.4.1106': attribute type 9 has an invalid length.
[  213.760195][T10534] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  213.877310][T10538] netlink: 312 bytes leftover after parsing attributes in process `syz.0.1109'.
[  213.901265][T10539] netlink: 'syz.2.1108': attribute type 4 has an invalid length.
[  213.935874][T10531] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1106'.
[  213.956010][T10544] netlink: 'syz.2.1108': attribute type 4 has an invalid length.
[  213.987930][T10530] syz_tun: left allmulticast mode
[  214.275129][T10562] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  214.288246][T10563] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  214.683676][T10572] syzkaller0: entered promiscuous mode
[  214.698523][T10572] syzkaller0: entered allmulticast mode
[  215.131884][T10601] af_packet: tpacket_rcv: packet too big, clamped from 39 to 4294967272. macoff=96
[  215.255775][T10608] gretap2: entered promiscuous mode
[  215.287353][T10612] netlink: 'syz.1.1123': attribute type 10 has an invalid length.
[  215.296945][T10612] veth1_vlan: entered allmulticast mode
[  215.323120][T10612] team0: Device veth1_vlan failed to register rx_handler
[  215.583865][T10634] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1129'.
[  216.713128][T10623] netlink: 'syz.1.1129': attribute type 29 has an invalid length.
[  216.888563][T10643] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1133'.
[  216.928270][T10643] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1133'.
[  217.168599][T10663] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1137'.
[  217.265825][T10674] netlink: 'syz.1.1138': attribute type 13 has an invalid length.
[  217.345393][T10674] netlink: 'syz.1.1138': attribute type 17 has an invalid length.
[  217.429767][T10674] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  217.457328][T10679] IPv6: sit1: Disabled Multicast RS
[  217.476703][T10679] sit1: entered allmulticast mode
[  217.736718][T10687] netlink: 'syz.2.1143': attribute type 3 has an invalid length.
[  217.747908][T10687] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1143'.
[  217.830457][T10685] syzkaller0: entered promiscuous mode
[  217.836299][T10685] syzkaller0: entered allmulticast mode
[  218.048133][T10706] netlink: 14204 bytes leftover after parsing attributes in process `syz.2.1148'.
[  219.425735][T10723] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1152'.
[  219.451012][T10723] block nbd0: reconnected socket
[  219.456382][T10723] nbd: socks must be embedded in a SOCK_ITEM attr
[  219.519301][ T1332] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  219.520783][T10723] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1152'.
[  219.534371][ T1332] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  219.547092][T10729] netlink: 'syz.4.1155': attribute type 1 has an invalid length.
[  219.563271][T10723] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1152'.
[  219.579511][T10727] ieee802154 phy1 wpan1: encryption failed: -22
[  219.609871][T10727] netlink: 'syz.0.1153': attribute type 4 has an invalid length.
[  219.653119][T10729] bond5: entered promiscuous mode
[  219.670082][T10729] 8021q: adding VLAN 0 to HW filter on device bond5
[  219.689499][ T1332] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  219.731233][T10735] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1156'.
[  219.746030][T10729] netlink: 220 bytes leftover after parsing attributes in process `syz.4.1155'.
[  219.756432][ T1332] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  219.796164][T10735] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  219.819019][T10735] syzkaller0: entered promiscuous mode
[  219.824721][T10735] syzkaller0: entered allmulticast mode
[  219.838978][T10734] tipc: Resetting bearer <eth:syzkaller0>
[  219.878075][T10734] tipc: Disabling bearer <eth:syzkaller0>
[  220.215321][ T5836] block nbd0: Receive control failed (result -32)
[  220.762119][T10772] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  220.777122][T10772] netlink: 'syz.3.1166': attribute type 29 has an invalid length.
[  221.184935][T10792] syzkaller1: entered promiscuous mode
[  221.200860][T10792] syzkaller1: entered allmulticast mode
[  221.221901][T10794] netlink: 'syz.4.1172': attribute type 1 has an invalid length.
[  221.250329][T10792] sctp: [Deprecated]: syz.2.1171 (pid 10792) Use of struct sctp_assoc_value in delayed_ack socket option.
[  221.250329][T10792] Use struct sctp_sack_info instead
[  221.520520][T10807] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  221.644251][T10807] tipc: Disabling bearer <eth:syzkaller0>
[  221.710362][T10820] netlink: 'syz.1.1179': attribute type 4 has an invalid length.
[  222.213711][T10841] hsr0: entered promiscuous mode
[  222.244315][T10840] hsr0: left promiscuous mode
[  222.252568][T10847] __nla_validate_parse: 5 callbacks suppressed
[  222.252586][T10847] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1186'.
[  222.495409][T10860] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1193'.
[  222.504949][T10860] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1193'.
[  222.527628][T10860] ip6erspan0: entered promiscuous mode
[  222.539844][T10861] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1193'.
[  222.550920][T10862] netlink: 'syz.4.1192': attribute type 1 has an invalid length.
[  222.558803][T10862] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1192'.
[  222.568619][T10862] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1192'.
[  222.638937][T10867] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1195'.
[  222.667407][T10870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  222.749615][T10867] bond11: entered promiscuous mode
[  222.754881][T10867] bond11: entered allmulticast mode
[  222.969136][T10878] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1198'.
[  223.113644][T10880] xt_CT: No such helper "syz1"
[  223.148733][T10885] Bluetooth: MGMT ver 1.23
[  223.572167][T10902] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1206'.
[  224.014104][T10938] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  224.036384][T10939] syzkaller0: entered promiscuous mode
[  224.065986][T10939] syzkaller0: entered allmulticast mode
[  224.131097][T10939] tipc: Resetting bearer <eth:syzkaller0>
[  224.160160][T10939] tipc: Disabling bearer <eth:syzkaller0>
[  224.973289][T10991] netlink: 'syz.3.1225': attribute type 10 has an invalid length.
[  224.981762][   T50] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  225.000089][   T50] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  225.055556][T10992] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check.
[  225.102146][   T50] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  225.121734][   T50] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  225.247943][T10998] netlink: 'syz.3.1228': attribute type 1 has an invalid length.
[  225.274424][T10998] netlink: 'syz.3.1228': attribute type 1 has an invalid length.
[  227.497263][T11070] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  227.631999][T11070] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  227.721131][T11070] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  227.821419][ T2998] nci: nci_rsp_packet: unsupported rsp opcode 0xf25
[  227.844928][T11070] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  228.069674][ T1332] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  228.092342][ T1332] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  228.192998][ T1332] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  228.220291][   T12] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  228.417409][T11103] syzkaller0: entered promiscuous mode
[  228.423722][T11103] syzkaller0: entered allmulticast mode
[  228.613323][T11106] sctp: [Deprecated]: syz.4.1249 (pid 11106) Use of int in maxseg socket option.
[  228.613323][T11106] Use struct sctp_assoc_value instead
[  228.699579][T11106] __nla_validate_parse: 74 callbacks suppressed
[  228.699599][T11106] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1249'.
[  228.725541][T11106] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1249'.
[  228.746310][T11109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1251'.
[  228.761396][T11109] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1251'.
[  229.022608][T11125] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1255'.
[  229.091189][T11130] sit0: entered promiscuous mode
[  229.104601][T11130] netlink: 'syz.1.1256': attribute type 1 has an invalid length.
[  229.112810][T11130] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1256'.
[  229.134817][T11130] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1256'.
[  229.160153][T11132] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1257'.
[  229.214561][T11137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1258'.
[  229.258136][T11137] 8021q: adding VLAN 0 to HW filter on device bond4
[  229.344207][T11142] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1258'.
[  229.649109][T11151] netlink: 'syz.0.1261': attribute type 9 has an invalid length.
[  229.689156][T11155] netlink: 'syz.3.1262': attribute type 9 has an invalid length.
[  230.112540][T11155] can: request_module (can-proto-0) failed.
[  231.414667][T11240] xt_CT: You must specify a L4 protocol and not use inversions on it
[  234.418675][T11274] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1287'.
[  234.455018][T11282] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma?
[  234.791015][T11304] netlink: 'syz.4.1297': attribute type 1 has an invalid length.
[  234.805084][T11304] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1297'.
[  235.126186][T11318] syzkaller1: entered promiscuous mode
[  235.136312][T11318] syzkaller1: entered allmulticast mode
[  235.237031][T11330] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1303'.
[  235.571302][T11338] ieee802154 phy1 wpan1: encryption failed: -22
[  235.789755][T11350] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1308'.
[  235.866993][T11354] netlink: 'syz.0.1311': attribute type 10 has an invalid length.
[  235.918995][T11356] xt_l2tp: missing protocol rule (udp|l2tpip)
[  235.937484][T11350] batadv0: entered promiscuous mode
[  235.978224][T11350] batadv0: entered allmulticast mode
[  235.997481][T11354] 8021q: adding VLAN 0 to HW filter on device team0
[  236.011385][T11354] bond0: (slave team0): Enslaving as an active interface with a down link
[  236.134131][T11365] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  236.197985][T11372] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1313'.
[  236.231957][T11372] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1313'.
[  236.244594][T11372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1313'.
[  236.255630][T11372] netlink: 'syz.1.1313': attribute type 19 has an invalid length.
[  236.270942][T11372] netlink: 'syz.1.1313': attribute type 20 has an invalid length.
[  236.582531][T11397] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1320'.
[  236.621824][T11397] netlink: 'syz.1.1320': attribute type 7 has an invalid length.
[  236.636309][T11397] netlink: 'syz.1.1320': attribute type 8 has an invalid length.
[  236.644437][T11397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1320'.
[  236.805807][T11397] veth1: entered promiscuous mode
[  236.812647][T11397] veth0: entered promiscuous mode
[  236.820838][T11397] veth1: left promiscuous mode
[  236.827098][T11397] veth0: left promiscuous mode
[  236.863319][T11411] bridge0: entered allmulticast mode
[  236.889554][T11415] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1326'.
[  236.937706][T11411] vlan3: entered promiscuous mode
[  236.942906][T11411] veth1: entered promiscuous mode
[  237.678114][T11461] syz_tun: entered allmulticast mode
[  237.908158][T11460] syz_tun: left allmulticast mode
[  238.559383][T11504] dvmrp0: entered allmulticast mode
[  238.888397][T11523] netlink: 'syz.4.1353': attribute type 13 has an invalid length.
[  238.896369][T11523] netlink: 'syz.4.1353': attribute type 17 has an invalid length.
[  238.941886][T11523] lo: left promiscuous mode
[  239.033965][T11523] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.052406][T11523] 8021q: adding VLAN 0 to HW filter on device team0
[  239.073157][T11523] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  239.123823][T11522] syzkaller1: entered promiscuous mode
[  239.130034][T11522] syzkaller1: entered allmulticast mode
[  239.171979][T11536] syzkaller1: left promiscuous mode
[  239.177318][T11536] syzkaller1: left allmulticast mode
[  240.028315][ T5848] Bluetooth: hci4: command 0x0405 tx timeout
[  240.555300][T11603] netlink: 'syz.0.1369': attribute type 23 has an invalid length.
[  241.089809][T11624] __nla_validate_parse: 13 callbacks suppressed
[  241.089830][T11624] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1375'.
[  241.200508][T11629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1377'.
[  241.222447][T11629] netlink: 'syz.4.1377': attribute type 5 has an invalid length.
[  241.253360][T11629] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1377'.
[  241.604492][T11641] netlink: 'syz.3.1378': attribute type 21 has an invalid length.
[  241.610110][T11647] sctp: [Deprecated]: syz.1.1381 (pid 11647) Use of struct sctp_assoc_value in delayed_ack socket option.
[  241.610110][T11647] Use struct sctp_sack_info instead
[  241.636680][T11648] sctp: [Deprecated]: syz.4.1382 (pid 11648) Use of int in maxseg socket option.
[  241.636680][T11648] Use struct sctp_assoc_value instead
[  241.653861][T11641] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1378'.
[  241.672886][T11648] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1382'.
[  241.685675][T11648] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1382'.
[  241.706020][T11644] netlink: 'syz.3.1378': attribute type 21 has an invalid length.
[  241.718097][T11644] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1378'.
[  242.480294][T11681] netlink: 'syz.3.1390': attribute type 6 has an invalid length.
[  242.521979][T11681] netlink: 'syz.3.1390': attribute type 6 has an invalid length.
[  242.575012][T11687] pim6reg: entered allmulticast mode
[  242.696875][T11691] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  242.784385][T11699] netlink: 'syz.3.1393': attribute type 30 has an invalid length.
[  243.376225][T11742] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1402'.
[  243.418574][T11742] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1402'.
[  243.580131][T11754] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  243.656614][T11754] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  243.740744][T11754] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  243.801717][T11754] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  243.936058][ T1312] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  243.971730][   T13] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  244.006982][   T13] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  244.016705][   T13] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  261.230532][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  303.503860][T11784] xt_CT: You must specify a L4 protocol and not use inversions on it
[  303.532902][T11792] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  303.757872][T11805] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1424'.
[  303.841121][T11809] pim6reg: entered allmulticast mode
[  303.882730][T11814] netlink: 'syz.3.1427': attribute type 1 has an invalid length.
[  303.888932][T11809] batadv_slave_0: entered promiscuous mode
[  303.892609][T11814] IPv6: NLM_F_REPLACE set, but no existing node found!
[  303.904920][T11814] netlink: 312 bytes leftover after parsing attributes in process `syz.3.1427'.
[  304.011348][T11807] pim6reg: left allmulticast mode
[  304.137278][T11807] batadv_slave_0: left promiscuous mode
[  304.336871][T11833] netlink: 'syz.3.1430': attribute type 1 has an invalid length.
[  304.445636][T11841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1431'.
[  304.471794][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1430'.
[  304.482950][T11841] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1431'.
[  304.579569][T11845] xt_TCPMSS: Only works on TCP SYN packets
[  304.689001][T11841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1431'.
[  304.880828][T11857] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1436'.
[  304.996284][T11864] netlink: 'syz.2.1440': attribute type 1 has an invalid length.
[  305.033031][T11865] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  305.083060][T11865] syzkaller0: entered promiscuous mode
[  305.089273][T11865] syzkaller0: entered allmulticast mode
[  305.108215][T11872] raw_sendmsg: syz.3.1442 forgot to set AF_INET. Fix it!
[  305.111131][T11863] tipc: Resetting bearer <eth:syzkaller0>
[  305.196427][T11863] tipc: Disabling bearer <eth:syzkaller0>
[  305.562631][T11902] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1450'.
[  305.776065][T11914] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1450'.
[  305.995511][T11933] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1457'.
[  306.099125][T11940] netlink: 'syz.0.1460': attribute type 4 has an invalid length.
[  306.117284][T11940] netlink: 'syz.0.1460': attribute type 1 has an invalid length.
[  306.264773][T11949] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  306.272140][T11949] IPv6: NLM_F_CREATE should be set when creating new route
[  306.296173][T11951] ip6tnl2: entered promiscuous mode
[  306.301730][T11951] ip6tnl2: entered allmulticast mode
[  306.309809][T11951] team0: Device ip6tnl2 is of different type
[  307.267536][T12000] IPVS: length: 120 != 24
[  307.292375][T11996] veth2: entered promiscuous mode
[  307.298247][T11996] veth2: entered allmulticast mode
[  307.559047][T12010] netlink: 'syz.1.1475': attribute type 83 has an invalid length.
[  308.534776][T12073] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  308.551890][T12057] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  308.654161][T12057] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  308.728294][T12080] netlink: 'syz.2.1493': attribute type 3 has an invalid length.
[  308.751259][T12057] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  308.807992][T12057] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  309.010435][ T1332] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  309.208785][ T1332] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  309.236549][ T1332] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  309.270957][T12095] __nla_validate_parse: 9 callbacks suppressed
[  309.270978][T12095] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1496'.
[  309.290536][T12105] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1499'.
[  309.369974][ T1332] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  309.919327][T12139] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1508'.
[  310.121565][T12149] netlink: 'syz.2.1514': attribute type 2 has an invalid length.
[  310.250041][T12158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1516'.
[  310.291596][T12160] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1518'.
[  310.485948][T12180] SET target dimension over the limit!
[  310.519739][T12179] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  310.533648][T12179] bond0 (unregistering): Released all slaves
[  310.810873][T12197] netlink: 'syz.4.1528': attribute type 7 has an invalid length.
[  310.843476][T12197] netlink: 'syz.4.1528': attribute type 8 has an invalid length.
[  310.861851][T12199] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1527'.
[  310.871132][T12197] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1528'.
[  310.921736][T12199] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1527'.
[  310.980741][T12211] netlink: 'syz.0.1531': attribute type 1 has an invalid length.
[  310.998387][T12211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1531'.
[  311.024972][T12211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1531'.
[  311.193348][T12226] netlink: 'syz.2.1534': attribute type 1 has an invalid length.
[  311.316086][T12232] xt_limit: Overflow, try lower: 268435456/134217728
[  311.724210][T12250] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  312.049597][T12261] xt_addrtype: ipv6 BLACKHOLE matching not supported
[  312.480979][T12272] netlink: 'syz.3.1548': attribute type 1 has an invalid length.
[  312.494908][T12272] netlink: 'syz.3.1548': attribute type 2 has an invalid length.
[  312.528904][T12275] netlink: 'syz.3.1548': attribute type 1 has an invalid length.
[  312.559287][T12275] netlink: 'syz.3.1548': attribute type 2 has an invalid length.
[  312.695898][T12280] veth0: entered promiscuous mode
[  312.701930][T12280] batadv_slave_0: entered promiscuous mode
[  312.724179][T12279] batadv_slave_0: left promiscuous mode
[  312.733067][T12279] veth0: left promiscuous mode
[  312.774510][T12293] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  313.124512][T12313] openvswitch: netlink: Flow key attr not present in new flow.
[  313.153919][T12313] netlink: 'syz.3.1561': attribute type 4 has an invalid length.
[  313.715582][T12338] IPVS: persistence engine module ip_vs_pe_ not found
[  314.219370][T12357] vlan4: entered promiscuous mode
[  314.244540][T12360] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  314.283652][T12358] tipc: Resetting bearer <eth:syzkaller0>
[  314.331063][T12356] tipc: Disabling bearer <eth:syzkaller0>
[  315.050882][T12412] __nla_validate_parse: 14 callbacks suppressed
[  315.050902][T12412] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1590'.
[  315.147825][ T5836] Bluetooth: hci4: command 0x0405 tx timeout
[  315.192823][T12423] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1592'.
[  315.432796][T12432] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1595'.
[  315.442029][T12432] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  315.449886][T12432] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1595'.
[  315.506357][T12438] validate_nla: 1 callbacks suppressed
[  315.506434][T12438] netlink: 'syz.0.1597': attribute type 1 has an invalid length.
[  316.216058][T12473] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1605'.
[  316.283660][T12479] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1609'.
[  316.319635][T12474] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1606'.
[  316.328963][T12479] netlink: 23 bytes leftover after parsing attributes in process `syz.2.1609'.
[  316.573620][T12483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1610'.
[  316.982164][T12498] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1614'.
[  317.216597][T12504] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  317.550085][T12527] netlink: 'syz.0.1623': attribute type 19 has an invalid length.
[  317.559191][T12527] netlink: 'syz.0.1623': attribute type 20 has an invalid length.
[  317.812114][T12534] tipc: Enabling of bearer <eth:vlan1> rejected, failed to enable media
[  318.029894][ T7457] IPVS: starting estimator thread 0...
[  318.039876][T12551] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  318.056527][T12553] netlink: 'syz.0.1631': attribute type 10 has an invalid length.
[  318.080569][T12553] bond0: (slave team0): Releasing backup interface
[  318.101437][T12553] team0: Cannot enslave team device to itself
[  318.131099][T12554] IPVS: using max 27 ests per chain, 64800 per kthread
[  318.201021][T12563] netlink: 'syz.4.1629': attribute type 6 has an invalid length.
[  318.392739][T12571] team1: entered promiscuous mode
[  318.412922][T12571] team1: entered allmulticast mode
[  318.435043][T12571] 8021q: adding VLAN 0 to HW filter on device team1
[  318.594873][T12585] Bluetooth: MGMT ver 1.23
[  319.962062][T12651] Bluetooth: hci0: invalid length 0, exp 2 for type 3
[  320.300808][T12674] __nla_validate_parse: 8 callbacks suppressed
[  320.300828][T12674] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1660'.
[  320.393884][T12676] netlink: 'syz.1.1659': attribute type 1 has an invalid length.
[  320.402810][T12676] netlink: 'syz.1.1659': attribute type 4 has an invalid length.
[  320.411526][T12676] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1659'.
[  320.425118][T12676] netlink: 'syz.1.1659': attribute type 1 has an invalid length.
[  320.427173][T12678] netlink: 'syz.1.1659': attribute type 1 has an invalid length.
[  320.433884][T12676] netlink: 'syz.1.1659': attribute type 4 has an invalid length.
[  320.459097][T12683] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1662'.
[  320.467089][T12678] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1659'.
[  320.468783][T12676] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1659'.
[  320.603843][T12696] dummy0: entered promiscuous mode
[  320.631945][T12696] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  320.830235][T12701] bond6 (unregistering): Released all slaves
[  321.148327][T12737] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1677'.
[  321.193750][T12725] team0 (unregistering): Port device team_slave_0 removed
[  321.203152][T12725] team0 (unregistering): Port device team_slave_1 removed
[  321.211828][T12725] team0 (unregistering): Port device geneve0 removed
[  321.238139][T12740] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  321.255283][T12735] syzkaller0: entered promiscuous mode
[  321.264223][T12735] syzkaller0: entered allmulticast mode
[  321.419565][T12735] tipc: Resetting bearer <eth:syzkaller0>
[  321.454343][T12746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1679'.
[  321.507980][T12734] tipc: Resetting bearer <eth:syzkaller0>
[  321.531792][T12734] tipc: Disabling bearer <eth:syzkaller0>
[  321.988726][T12770] IPVS: set_ctl: invalid protocol: 135 224.0.0.1:20000
[  321.989874][T12771] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1684'.
[  322.227963][T12787] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1688'.
[  322.406570][T12790] veth0_to_hsr: mtu less than device minimum
[  322.418049][T12795] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  322.671674][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  322.944018][T12826] bridge3: entered promiscuous mode
[  322.949538][T12826] bridge3: entered allmulticast mode
[  322.972481][T12825] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1699'.
[  322.995511][T12825] tipc: Invalid UDP bearer configuration
[  322.995566][T12825] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  323.067753][ T5836] Bluetooth: hci4: command 0x0405 tx timeout
[  323.120167][T12832] lo: entered allmulticast mode
[  323.251791][T12829] lo: left allmulticast mode
[  323.366060][T12842] nbd: must specify at least one socket
[  324.545297][T12939] validate_nla: 3 callbacks suppressed
[  324.545316][T12939] netlink: 'syz.2.1728': attribute type 29 has an invalid length.
[  324.605621][T12943] netlink: 'syz.1.1726': attribute type 3 has an invalid length.
[  324.709764][T12936] syzkaller0: entered promiscuous mode
[  324.717146][T12936] syzkaller0: entered allmulticast mode
[  326.532716][T12950] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  326.543027][T12954] __nla_validate_parse: 5 callbacks suppressed
[  326.543048][T12954] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1730'.
[  326.556065][T12961] vlan2: entered promiscuous mode
[  326.745529][T12972] netlink: 'syz.4.1734': attribute type 1 has an invalid length.
[  326.899818][T12986] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1739'.
[  326.939991][T12986] 8021q: adding VLAN 0 to HW filter on device bond6
[  327.007214][T12991] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1738'.
[  327.093680][T12999] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1739'.
[  327.292773][T13012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1743'.
[  327.345703][T13015] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1744'.
[  327.370071][T13015] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1744'.
[  327.421592][T13017] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1745'.
[  327.941851][T13038] lo: entered allmulticast mode
[  328.022226][T13041] netlink: 'syz.3.1752': attribute type 9 has an invalid length.
[  328.137062][T13038] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1752'.
[  328.212050][T13037] lo: left allmulticast mode
[  328.575501][T13072] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1759'.
[  328.624230][T13074] netlink: 'syz.3.1760': attribute type 4 has an invalid length.
[  328.674388][T13074] nbd: must specify an index to disconnect
[  328.681258][T13074] netlink: 'syz.3.1760': attribute type 9 has an invalid length.
[  328.807110][T13085] netlink: 'syz.3.1762': attribute type 32 has an invalid length.
[  329.677424][T13121] netlink: 'syz.4.1771': attribute type 7 has an invalid length.
[  329.689830][T13121] netlink: 'syz.4.1771': attribute type 8 has an invalid length.
[  330.374471][ T1312] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  330.387988][ T1312] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  330.397932][ T7426] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  330.721469][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806c8b1400: rx timeout, send abort
[  330.898292][ T7426] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  331.104709][T13195] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  331.222655][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806c8b3400: rx timeout, send abort
[  331.231686][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806c8b1400: abort rx timeout. Force session deactivation
[  331.239213][ T5848] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  331.387881][ T7426] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  331.599491][T13231] __nla_validate_parse: 12 callbacks suppressed
[  331.599512][T13231] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1801'.
[  331.730988][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806c8b3400: abort rx timeout. Force session deactivation
[  331.898840][T13255] SET target dimension over the limit!
[  332.081115][T13257] netlink: 'syz.0.1807': attribute type 10 has an invalid length.
[  332.140667][T13266] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1809'.
[  332.246789][T13273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1811'.
[  332.259108][T13273] veth0: entered promiscuous mode
[  332.275378][T13273] batadv_slave_0: entered promiscuous mode
[  332.282664][T13272] batadv_slave_0: left promiscuous mode
[  332.288604][T13272] veth0: left promiscuous mode
[  332.371766][T13279] netlink: 'syz.1.1813': attribute type 1 has an invalid length.
[  332.429903][T13279] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1813'.
[  332.588567][T13288] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1814'.
[  332.669260][T13288] bond1: (slave bridge0): Releasing active interface
[  332.776824][T13294] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1815'.
[  333.171132][T13315] openvswitch: netlink: Flow key attribute not present in set flow.
[  333.248676][T13315] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1821'.
[  333.403609][T13322] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1822'.
[  333.422558][T13326] netlink: 'syz.1.1824': attribute type 12 has an invalid length.
[  333.563176][T13330] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1825'.
[  333.622820][T13332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1825'.
[  334.001701][T13352] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  334.107852][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  334.187731][T13358] netlink: 'syz.2.1831': attribute type 4 has an invalid length.
[  334.371907][T13375] netlink: 'syz.4.1834': attribute type 4 has an invalid length.
[  334.425100][T13375] vlan1: entered allmulticast mode
[  334.586684][T13392] tap0: tun_chr_ioctl cmd 1074025680
[  334.639871][T13392] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  334.648199][T13392] D: renamed from syzkaller0
[  334.673707][T13392] tipc: Disabling bearer <eth:syzkaller0>
[  334.764718][T13406] netlink: 'syz.4.1842': attribute type 1 has an invalid length.
[  334.871150][T13406] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR
[  334.888722][T13408] veth11: entered promiscuous mode
[  335.240433][T13425] netlink: 'syz.1.1847': attribute type 9 has an invalid length.
[  336.074059][T13466] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[  336.098675][T13466] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  336.206562][T13468] batadv_slave_1: entered promiscuous mode
[  336.359218][T13479] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  336.367215][T13479] syzkaller0: entered promiscuous mode
[  336.375354][T13479] syzkaller0: entered allmulticast mode
[  336.408128][T13467] batadv_slave_1: left promiscuous mode
[  336.474200][T13479] tipc: Resetting bearer <eth:syzkaller0>
[  336.627997][T13478] tipc: Resetting bearer <eth:syzkaller0>
[  336.689032][T13478] tipc: Disabling bearer <eth:syzkaller0>
[  336.695967][T13492] FAULT_INJECTION: forcing a failure.
[  336.695967][T13492] name failslab, interval 1, probability 0, space 0, times 0
[  336.709402][T13492] CPU: 0 UID: 0 PID: 13492 Comm: syz.1.1867 Not tainted syzkaller #0 PREEMPT(full) 
[  336.709430][T13492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  336.709447][T13492] Call Trace:
[  336.709454][T13492]  <TASK>
[  336.709462][T13492]  dump_stack_lvl+0x189/0x250
[  336.709497][T13492]  ? __pfx____ratelimit+0x10/0x10
[  336.709528][T13492]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.709546][T13492]  ? __pfx__printk+0x10/0x10
[  336.709568][T13492]  ? __pfx___might_resched+0x10/0x10
[  336.709596][T13492]  ? fs_reclaim_acquire+0x7d/0x100
[  336.709625][T13492]  should_fail_ex+0x414/0x560
[  336.709660][T13492]  should_failslab+0xa8/0x100
[  336.709686][T13492]  __kmalloc_cache_noprof+0x6f/0x6f0
[  336.709706][T13492]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  336.709725][T13492]  ? __xdp_reg_mem_model+0x1d8/0x5a0
[  336.709749][T13492]  __xdp_reg_mem_model+0x1d8/0x5a0
[  336.709773][T13492]  ? __pfx___xdp_reg_mem_model+0x10/0x10
[  336.709793][T13492]  ? page_pool_create_percpu+0x7ea/0xbc0
[  336.709818][T13492]  xdp_reg_mem_model+0x22/0x40
[  336.709834][T13492]  bpf_test_run_xdp_live+0x21f/0x1b20
[  336.709862][T13492]  ? bpf_dispatcher_change_prog+0xb35/0xc90
[  336.709890][T13492]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  336.709917][T13492]  ? synchronize_rcu+0x11a/0x310
[  336.709947][T13492]  ? __pfx_synchronize_rcu+0x10/0x10
[  336.709980][T13492]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  336.710011][T13492]  ? bpf_dispatcher_xdp+0x800/0x1000
[  336.710057][T13492]  ? 0xffffffffa0201654
[  336.710073][T13492]  ? 0xffffffffa0202f14
[  336.710116][T13492]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  336.710157][T13492]  ? _copy_from_user+0x94/0xb0
[  336.710184][T13492]  ? bpf_test_init+0x113/0x150
[  336.710208][T13492]  ? xdp_convert_md_to_buff+0x5b/0x330
[  336.710246][T13492]  bpf_prog_test_run_xdp+0x75b/0x10e0
[  336.710291][T13492]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  336.710324][T13492]  ? __fget_files+0x2a/0x420
[  336.710354][T13492]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  336.710383][T13492]  bpf_prog_test_run+0x2c7/0x340
[  336.710414][T13492]  __sys_bpf+0x562/0x860
[  336.710440][T13492]  ? __pfx___sys_bpf+0x10/0x10
[  336.710481][T13492]  ? ksys_write+0x22a/0x250
[  336.710504][T13492]  ? __pfx_ksys_write+0x10/0x10
[  336.710532][T13492]  __x64_sys_bpf+0x7c/0x90
[  336.710555][T13492]  do_syscall_64+0xfa/0xfa0
[  336.710572][T13492]  ? lockdep_hardirqs_on+0x9c/0x150
[  336.710590][T13492]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.710609][T13492]  ? clear_bhb_loop+0x60/0xb0
[  336.710633][T13492]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.710651][T13492] RIP: 0033:0x7f8acc18efc9
[  336.710668][T13492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.710686][T13492] RSP: 002b:00007f8acd0e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  336.710715][T13492] RAX: ffffffffffffffda RBX: 00007f8acc3e5fa0 RCX: 00007f8acc18efc9
[  336.710729][T13492] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  336.710741][T13492] RBP: 00007f8acd0e7090 R08: 0000000000000000 R09: 0000000000000000
[  336.710753][T13492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  336.710765][T13492] R13: 00007f8acc3e6038 R14: 00007f8acc3e5fa0 R15: 00007ffdc8e5e538
[  336.710798][T13492]  </TASK>
[  337.087974][T13498] tipc: Started in network mode
[  337.094453][T13498] tipc: Node identity 4610b4ab536e, cluster identity 4711
[  337.124028][T13498] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  337.213460][T13498] tipc: Resetting bearer <eth:syzkaller0>
[  337.221339][T13496] tipc: Disabling bearer <eth:syzkaller0>
[  337.491457][T13532] sctp: [Deprecated]: syz.3.1875 (pid 13532) Use of int in max_burst socket option.
[  337.491457][T13532] Use struct sctp_assoc_value instead
[  337.538134][T13533] sctp: [Deprecated]: syz.3.1875 (pid 13533) Use of int in max_burst socket option.
[  337.538134][T13533] Use struct sctp_assoc_value instead
[  337.776250][T13550] __nla_validate_parse: 8 callbacks suppressed
[  337.776269][T13550] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1879'.
[  338.411089][T13571] syzkaller0: entered promiscuous mode
[  338.416690][T13571] syzkaller0: entered allmulticast mode
[  338.449590][T13571] netlink: 'syz.1.1885': attribute type 2 has an invalid length.
[  338.459226][T13571] netlink: 1244 bytes leftover after parsing attributes in process `syz.1.1885'.
[  338.746912][T13586] syzkaller1: entered promiscuous mode
[  338.753008][T13586] syzkaller1: entered allmulticast mode
[  338.860123][T13591] x_tables: duplicate entry at hook 2
[  339.281376][T13614] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1895'.
[  339.404640][T13605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'.
[  339.414007][T13605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'.
[  339.423324][T13605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'.
[  339.440842][T13605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'.
[  339.450272][T13605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'.
[  339.459592][T13605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'.
[  339.469385][T13605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'.
[  339.867725][T13643] 8021q: adding VLAN 0 to HW filter on device ipvlan0
[  340.063132][T13649] veth0: entered promiscuous mode
[  340.120165][T13649] veth0 (unregistering): left promiscuous mode
[  340.378022][T13663] bond15: invalid ARP target 0.0.0.0 specified for addition
[  340.385473][T13663] bond15: option arp_ip_target: invalid value (0)
[  340.395064][T13663] bond15 (unregistering): Released all slaves
[  340.581355][T13673] xt_l2tp: v2 doesn't support IP mode
[  340.890570][ T8246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  340.909706][ T8246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  340.922924][T13690] geneve3: entered promiscuous mode
[  340.943535][T13690] geneve3: entered allmulticast mode
[  340.979028][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  340.988164][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  341.115195][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  341.153669][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  341.228076][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  341.412665][T13711] syzkaller0: entered promiscuous mode
[  341.420900][T13711] syzkaller0: entered allmulticast mode
[  341.467301][T13717] vxcan1 (unregistering): left allmulticast mode
[  341.536167][T13724] netlink: 'syz.0.1921': attribute type 3 has an invalid length.
[  343.346679][T13742] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT
[  343.835238][T13762] __nla_validate_parse: 82 callbacks suppressed
[  343.835257][T13762] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1930'.
[  345.566317][T13796] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1938'.
[  345.616378][T13796] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1938'.
[  345.713919][T13803] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1936'.
[  345.755929][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  345.774885][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.842969][T13810] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1937'.
[  346.074204][T13810] ip6tnl1: entered promiscuous mode
[  346.096118][T13810] ip6tnl1: entered allmulticast mode
[  346.536022][T13838] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1944'.
[  346.676516][T13846] netlink: 'syz.0.1947': attribute type 2 has an invalid length.
[  346.693487][T13846] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1947'.
[  346.783239][T13846] : entered promiscuous mode
[  346.823736][T13846] bridge8: entered promiscuous mode
[  347.062797][T13861] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1951'.
[  347.653328][T13870] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1952'.
[  347.764070][T13890] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1956'.
[  348.656704][T13928] : entered promiscuous mode
[  348.834614][T13941] netlink: 'syz.4.1969': attribute type 1 has an invalid length.
[  348.916897][T13946] netlink: 'syz.1.1970': attribute type 2 has an invalid length.
[  348.926724][T13946] netlink: 'syz.1.1970': attribute type 1 has an invalid length.
[  348.934595][T13946] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1970'.
[  348.947015][T13946] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1970'.
[  349.338342][T13959] netlink: 712 bytes leftover after parsing attributes in process `syz.0.1974'.
[  349.347443][T13959] netlink: 712 bytes leftover after parsing attributes in process `syz.0.1974'.
[  349.396780][T13959] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1974'.
[  349.557143][T13964] bond7: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  349.609562][T13964] bond7 (unregistering): Released all slaves
[  350.286040][T14008] netlink: 'syz.2.1983': attribute type 10 has an invalid length.
[  350.363107][T14016] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  350.411369][T14021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1984'.
[  350.431366][T14008] veth0_vlan: entered allmulticast mode
[  350.462447][T14008] team0: Device veth0_vlan failed to register rx_handler
[  350.760102][T14029] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1989'.
[  350.807107][T14029] 8021q: adding VLAN 0 to HW filter on device bond7
[  351.004842][T14046] vlan0: entered promiscuous mode
[  351.068348][T14052] bond7: (slave macsec1): Error -34 calling dev_set_mtu
[  351.746879][T14073] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1998'.
[  351.756112][T14073] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1998'.
[  351.765388][T14073] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1998'.
[  352.122472][T14086] bond8: option broadcast_neighbor: invalid value (5)
[  352.200662][T14086] bond8 (unregistering): Released all slaves
[  352.343160][T14090] netlink: 'syz.4.2001': attribute type 23 has an invalid length.
[  353.293500][T14131] netlink: 'syz.0.2017': attribute type 83 has an invalid length.
[  353.554501][T14138] syzkaller0: entered promiscuous mode
[  353.562276][T14138] syzkaller0: entered allmulticast mode
[  353.584081][T14138] syzkaller0: tun_net_xmit 14
[  353.668770][ T8246] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20001 - 0
[  353.719073][ T8246] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20001 - 0
[  353.747828][ T8246] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20001 - 0
[  353.786009][ T8246] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20001 - 0
[  354.182235][T14167] netlink: 'syz.3.2029': attribute type 11 has an invalid length.
[  354.230934][T14167] __nla_validate_parse: 5 callbacks suppressed
[  354.230953][T14167] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2029'.
[  354.397938][   T60] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  354.523216][T14183] siw: device registration error -23
[  354.535423][T14182] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  354.554160][T14188] geneve4: entered promiscuous mode
[  354.555941][T14182] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  354.562042][ T3019] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  354.575704][ T3019] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  354.588440][ T3019] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  354.597218][ T3019] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  354.641215][T14189] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2033'.
[  355.480685][T14221] netlink: 'syz.3.2041': attribute type 1 has an invalid length.
[  355.637147][T14230] netlink: 'syz.2.2043': attribute type 83 has an invalid length.
[  355.951337][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  357.206220][T14221] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR
[  357.231452][T14231] veth5: entered promiscuous mode
[  357.264146][T14233] 8021q: VLANs not supported on vcan0
[  357.287648][T14239] tipc: Cannot configure node identity twice
[  357.293691][T14239] tipc: Cannot configure node identity twice
[  357.435813][T14249] netlink: 'syz.2.2046': attribute type 4 has an invalid length.
[  357.476549][T14249] netlink: 'syz.2.2046': attribute type 4 has an invalid length.
[  357.514699][T14249] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2046'.
[  357.568725][T14259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2050'.
[  357.755185][T14272] dvmrp0: entered allmulticast mode
[  358.002838][T14299] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  358.039155][   T50] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  358.780005][T14303] netlink: 248 bytes leftover after parsing attributes in process `syz.2.2058'.
[  359.342556][T14337] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2066'.
[  359.358122][T14333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2065'.
[  359.378599][T14333] netlink: 45 bytes leftover after parsing attributes in process `syz.2.2065'.
[  359.424009][T14337] bridge9: entered promiscuous mode
[  359.429614][T14337] bridge9: entered allmulticast mode
[  359.565359][T14344] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2069'.
[  359.733973][T14353] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2071'.
[  360.275479][T14371] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2076'.
[  360.371491][T14366] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2074'.
[  360.658412][T14378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2077'.
[  362.966743][T14378] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  363.112576][T14384] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2078'.
[  363.155575][T14382] !
: renamed from dummy0 (while UP)
[  363.182067][T14382] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2080'.
[  363.184069][T14388] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  364.347391][T14462] netlink: 'syz.3.2090': attribute type 4 has an invalid length.
[  364.548942][T14481] __nla_validate_parse: 2 callbacks suppressed
[  364.548962][T14481] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2097'.
[  364.675332][T14476] syzkaller0: entered promiscuous mode
[  364.681247][T14476] syzkaller0: entered allmulticast mode
[  364.691943][T14481] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2097'.
[  364.719299][T14481] netlink: 34 bytes leftover after parsing attributes in process `syz.4.2097'.
[  365.127818][T14501] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2099'.
[  365.259885][T14504] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2102'.
[  365.269332][T14504] 0ªX¹¦À: renamed from caif0
[  365.338718][T14508] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2102'.
[  365.436104][T14504] 0ªX¹¦À: entered allmulticast mode
[  365.446021][T14504] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  365.658102][T14521] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2107'.
[  365.699044][T14521] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2107'.
[  365.717819][T14521] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2107'.
[  365.880759][T14531] ieee802154 phy1 wpan1: encryption failed: -22
[  366.127754][T14545] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2116'.
[  366.565788][T14569] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  366.586361][T14568] tipc: Disabling bearer <eth:syzkaller0>
[  366.944221][T14579] bond2: option arp_all_targets: invalid value (3)
[  366.958343][T14579] bond2 (unregistering): Released all slaves
[  366.972866][T14572] netlink: 'syz.3.2124': attribute type 4 has an invalid length.
[  367.339439][T14608] Bluetooth: hci0: invalid length 44, exp 2 for type 2
[  367.508997][T14623] openvswitch: netlink: Duplicate key (type 1).
[  367.520661][T14622] IPVS: lblc: SCTP 172.20.20.187:0 - no destination available
[  367.627042][T14617] veth11: entered promiscuous mode
[  368.023225][T14648] netlink: 'syz.0.2147': attribute type 4 has an invalid length.
[  368.204840][T14649] bridge_slave_1: left allmulticast mode
[  368.211406][T14649] bridge_slave_1: left promiscuous mode
[  368.217382][T14649] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.240568][T14649] bridge_slave_0: left promiscuous mode
[  368.246374][T14649] bridge0: port 1(bridge_slave_0) entered disabled state
[  368.425813][T14653] IPv6: sit1: Disabled Multicast RS
[  368.687972][T14671] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  369.787002][T14696] sit0: left promiscuous mode
[  370.642017][T14696] veth1_vlan: left allmulticast mode
[  370.670497][T14696] vlan0: left promiscuous mode
[  370.676156][T14696] macvlan1: left allmulticast mode
[  370.714338][T14696] geneve2: left promiscuous mode
[  370.724426][T14696] gretap1: left promiscuous mode
[  370.730662][T14696] gretap1: left allmulticast mode
[  370.743786][T14696] bond3: left promiscuous mode
[  370.750449][ T5848] Bluetooth: hci0: command tx timeout
[  370.755994][T14696] bridge2: left promiscuous mode
[  370.770031][T14696] bond4: left promiscuous mode
[  370.789017][T14696] ip6tnl1: left promiscuous mode
[  370.795164][T14696] ip6tnl1: left allmulticast mode
[  370.827467][T14698] ªªªªªªZ7nz>RAÌ: renamed from lo (while UP)
[  371.087004][T14720] 0ªX¹¦À: left allmulticast mode
[  371.092348][T14720] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  371.122708][T14722] syzkaller1: entered promiscuous mode
[  371.138529][T14722] syzkaller1: entered allmulticast mode
[  371.145588][T14744] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  371.184671][ T2998] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 20000 - 0
[  371.202586][ T2998] netdevsim netdevsim1 eth0: unset [1, 1] type 2 family 0 port 6081 - 0
[  371.377867][ T2998] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 20000 - 0
[  371.396854][ T2998] netdevsim netdevsim1 eth1: unset [1, 1] type 2 family 0 port 6081 - 0
[  371.413207][ T2998] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 20000 - 0
[  371.437864][ T2998] netdevsim netdevsim1 eth2: unset [1, 1] type 2 family 0 port 6081 - 0
[  371.485402][ T2998] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 20000 - 0
[  371.534199][ T2998] netdevsim netdevsim1 eth3: unset [1, 1] type 2 family 0 port 6081 - 0
[  371.560647][T14752] __nla_validate_parse: 10 callbacks suppressed
[  371.560668][T14752] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2172'.
[  371.600994][ T2998] bond0: (slave bond_slave_0): link status definitely down, disabling slave
[  371.620077][ T2998] bond0: (slave bond_slave_1): link status definitely down, disabling slave
[  371.631659][ T2998] bond0: now running without any active interface!
[  371.640366][T14761] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2175'.
[  371.732411][T14766] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2175'.
[  371.751992][T14761] 8021q: adding VLAN 0 to HW filter on device bond15
[  372.076505][T14784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2182'.
[  372.098457][T14786] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2184'.
[  372.121035][T14783] vlan5: entered promiscuous mode
[  372.126272][T14787] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2184'.
[  372.136264][T14783] team0: entered promiscuous mode
[  372.141546][T14783] geneve0: entered promiscuous mode
[  372.146683][T14789] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  372.170677][T14786] C: renamed from team_slave_0
[  372.179159][T14786] netlink: 164 bytes leftover after parsing attributes in process `syz.4.2184'.
[  372.191668][T14784] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  372.255346][T14793] tipc: Resetting bearer <eth:syzkaller0>
[  372.503690][T14812] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2187'.
[  372.557417][T14782] tipc: Disabling bearer <eth:syzkaller0>
[  372.865136][T14834] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2192'.
[  372.925453][T14837] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  373.023628][T14837] netlink: 'syz.2.2191': attribute type 10 has an invalid length.
[  373.376250][T14857] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2194'.
[  373.672365][T14863] syzkaller0: entered promiscuous mode
[  373.688109][T14863] syzkaller0: entered allmulticast mode
[  373.981674][T14881] bond7: option min_links: invalid value (18446744073709551612)
[  373.989830][T14881] bond7: option min_links: allowed values 0 - 2147483647
[  374.062134][T14881] bond7 (unregistering): Released all slaves
[  374.446493][T14900] ÿ: renamed from bond_slave_0
[  374.659684][T14908] netlink: 'syz.1.2207': attribute type 18 has an invalid length.
[  374.712946][T14915] tipc: Enabling <ib:lo> not permitted
[  374.722460][T14915] tipc: Enabling of bearer <ib:lo> rejected, failed to enable media
[  374.880794][T14917] IPVS: Unknown mcast interface: vcan0
[  375.098664][T14928] netlink: 'syz.1.2214': attribute type 1 has an invalid length.
[  375.280908][T14928] 8021q: adding VLAN 0 to HW filter on device bond0
[  375.315900][T14934] bond0: (slave geneve3): making interface the new active one
[  375.325858][T14934] bond0: (slave geneve3): Enslaving as an active interface with an up link
[  375.338910][   T60] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  375.352569][   T60] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  375.372819][T14938] bond0: entered promiscuous mode
[  375.380648][T14938] geneve3: entered promiscuous mode
[  375.400701][   T60] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  375.420190][   T60] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  376.062848][T14956] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  376.307421][T14956] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  376.451244][T14956] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  376.639176][T14970] syzkaller0: entered promiscuous mode
[  376.644985][T14970] syzkaller0: entered allmulticast mode
[  376.712248][T14979] netlink: 'syz.0.2226': attribute type 13 has an invalid length.
[  376.722394][T14956] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  378.391112][T15003] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  378.421809][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  378.439989][T15003] __nla_validate_parse: 12 callbacks suppressed
[  378.440010][T15003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2228'.
[  378.459840][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  378.498605][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  378.866488][T15005] team0 (unregistering): Port device team_slave_1 removed
[  378.881706][T15005] team0 (unregistering): Port device dummy0 removed
[  378.910801][T15033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2236'.
[  378.955494][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  379.086496][T15046] netlink: 396 bytes leftover after parsing attributes in process `syz.3.2240'.
[  379.098395][T15045] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2239'.
[  379.153780][T15045] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2239'.
[  379.203646][T15051] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2242'.
[  379.215702][T15050] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2241'.
[  379.270889][T15057] netlink: 'syz.2.2241': attribute type 4 has an invalid length.
[  379.329450][T15059] netlink: 'syz.4.2244': attribute type 2 has an invalid length.
[  379.359459][T15059] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2244'.
[  379.582910][T15073] netlink: 'syz.4.2247': attribute type 1 has an invalid length.
[  379.883868][T15090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2251'.
[  380.096389][T15096] netlink: 'syz.4.2252': attribute type 303 has an invalid length.
[  380.130438][T15096] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2252'.
[  380.654272][T15116] netlink: 'syz.1.2256': attribute type 1 has an invalid length.
[  380.776040][T15126] netlink: 'syz.4.2260': attribute type 10 has an invalid length.
[  381.086098][T15141] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6
[  381.348010][T15158] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  381.413118][T15163] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  381.629114][T15173] netlink: 'syz.4.2273': attribute type 1 has an invalid length.
[  381.823862][T15173] 8021q: adding VLAN 0 to HW filter on device bond7
[  382.077475][T15193] openvswitch: netlink: Message has 512 unknown bytes.
[  382.088712][T15193] openvswitch: netlink: Message has 512 unknown bytes.
[  382.106965][T15193] openvswitch: netlink: Message has 512 unknown bytes.
[  382.158772][T15193] openvswitch: netlink: Message has 512 unknown bytes.
[  382.168340][T15193] openvswitch: netlink: Message has 512 unknown bytes.
[  382.175814][T15193] openvswitch: netlink: Message has 512 unknown bytes.
[  382.231273][T15193] openvswitch: netlink: Message has 512 unknown bytes.
[  382.271307][T15193] openvswitch: netlink: Message has 512 unknown bytes.
[  382.557078][T15218] netlink: 'syz.2.2283': attribute type 1 has an invalid length.
[  382.619969][T15218] 8021q: adding VLAN 0 to HW filter on device bond16
[  382.694015][T15221] 8021q: adding VLAN 0 to HW filter on device bond16
[  382.705652][T15221] bond16: (slave vxcan1): The slave device specified does not support setting the MAC address
[  382.717138][T15221] bond16: (slave vxcan1): Error -95 calling set_mac_address
[  382.853189][T15218] veth5: entered promiscuous mode
[  382.856227][T15233] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma?
[  382.886583][T15218] bond16: (slave veth5): Enslaving as an active interface with a down link
[  383.323821][T15256] IPVS: set_ctl: invalid protocol: 229 0.0.0.0:20001
[  383.383437][T15256] netlink: 'syz.2.2291': attribute type 1 has an invalid length.
[  383.584997][T15263] __nla_validate_parse: 87 callbacks suppressed
[  383.585017][T15263] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2294'.
[  383.866424][T15273] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2295'.
[  384.113449][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  384.308677][T15302] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2306'.
[  384.747781][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  384.867169][T15330] wg1: entered promiscuous mode
[  384.872264][T15330] wg1: entered allmulticast mode
[  385.443243][T15358] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2319'.
[  385.542569][T15365] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.635512][T15365] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.726254][T15375] wg1 speed is unknown, defaulting to 1000
[  385.751343][T15375] wg1 speed is unknown, defaulting to 1000
[  385.770661][T15377] netlink: 'syz.3.2321': attribute type 1 has an invalid length.
[  385.792862][T15375] wg1 speed is unknown, defaulting to 1000
[  385.818245][T15375] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  385.838856][T15381] netlink: 'syz.0.2325': attribute type 1 has an invalid length.
[  385.846858][T15381] netlink: 140 bytes leftover after parsing attributes in process `syz.0.2325'.
[  385.857696][T15383] netlink: 'syz.4.2324': attribute type 1 has an invalid length.
[  385.870732][T15382] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2321'.
[  385.880576][T15381] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2325'.
[  385.888982][T15377] bond8: entered promiscuous mode
[  385.895030][T15377] 8021q: adding VLAN 0 to HW filter on device bond8
[  385.942120][T15375] wg1 speed is unknown, defaulting to 1000
[  385.954530][T15388] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2326'.
[  385.964653][T15388] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2326'.
[  385.995902][T15365] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.015508][T15382] bond8: entered allmulticast mode
[  386.034225][T15378] bond8: (slave vti0): The slave device specified does not support setting the MAC address
[  386.051556][T15378] bond8: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  386.065961][T15378] bond8: (slave vti0): making interface the new active one
[  386.074925][T15378] bond8: (slave vti0): Enslaving as an active interface with an up link
[  386.132368][T15375] wg1 speed is unknown, defaulting to 1000
[  386.141452][T15375] wg1 speed is unknown, defaulting to 1000
[  386.151558][T15375] wg1 speed is unknown, defaulting to 1000
[  386.160889][T15375] wg1 speed is unknown, defaulting to 1000
[  386.193993][T15365] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.231317][T15382] bond8: (slave bridge5): making interface the new active one
[  386.240446][T15382] bridge5: entered promiscuous mode
[  386.245950][T15382] bridge5: entered allmulticast mode
[  386.252656][T15382] bond8: (slave bridge5): Enslaving as an active interface with an up link
[  386.353134][T11592] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  386.381351][   T60] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.429136][   T60] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.464082][   T60] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.618792][T15409] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2334'.
[  386.718248][T15413] netlink: 'syz.3.2331': attribute type 13 has an invalid length.
[  386.742092][T15413] netlink: 'syz.3.2331': attribute type 17 has an invalid length.
[  386.906286][T15413] 8021q: adding VLAN 0 to HW filter on device bond0
[  386.933161][T15413] net_ratelimit: 57 callbacks suppressed
[  386.933173][T15413] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  387.048326][T15422] syzkaller0: entered promiscuous mode
[  387.054017][T15422] syzkaller0: entered allmulticast mode
[  387.837204][T15459] netlink: 'syz.0.2341': attribute type 4 has an invalid length.
[  387.894706][T15460] netlink: 'syz.0.2341': attribute type 4 has an invalid length.
[  388.775933][T15464] netlink: 'syz.1.2344': attribute type 21 has an invalid length.
[  388.795638][T15464] __nla_validate_parse: 2 callbacks suppressed
[  388.795656][T15464] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2344'.
[  388.814953][T15464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2344'.
[  389.044541][T15485] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2350'.
[  389.063226][T15485] erspan1: entered allmulticast mode
[  389.212385][T15492] wg1 speed is unknown, defaulting to 1000
[  389.525147][T15514] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2358'.
[  389.586159][T15514] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2358'.
[  389.947526][T15538] netlink: 'syz.1.2364': attribute type 13 has an invalid length.
[  389.956194][T15538] netlink: 'syz.1.2364': attribute type 17 has an invalid length.
[  390.087382][T15540] dvmrp1: entered allmulticast mode
[  390.191429][T15541] wg1 speed is unknown, defaulting to 1000
[  390.206493][T15542] dvmrp0: left allmulticast mode
[  390.212035][T15542] dvmrp1: left allmulticast mode
[  390.355576][T15551] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2366'.
[  390.401061][T15554] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2367'.
[  390.433891][T15554] debugfs: 'netdev:nicvf0' already exists in 'phy5'
[  390.614811][T15563] ip6gre1: entered promiscuous mode
[  390.881792][T15576] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2373'.
[  390.910128][T15576] vxcan2: entered allmulticast mode
[  391.257005][T15603] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2379'.
[  391.462510][T15612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2382'.
[  391.641352][T15616] wg1 speed is unknown, defaulting to 1000
[  391.784776][T15602] bridge0: entered promiscuous mode
[  392.107776][ T5836] Bluetooth: hci4: command 0x0405 tx timeout
[  392.160923][T15640] validate_nla: 3 callbacks suppressed
[  392.160943][T15640] netlink: 'syz.1.2391': attribute type 1 has an invalid length.
[  392.242334][T15653] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  392.279844][T15653] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  392.325472][T15658] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  392.369494][T15658] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  392.410174][T15661] 8021q: adding VLAN 0 to HW filter on device bond9
[  392.439030][T15669] syzkaller0: entered promiscuous mode
[  392.444708][T15669] syzkaller0: entered allmulticast mode
[  392.475207][T15669] veth1_to_hsr: mtu less than device minimum
[  392.557084][T15676] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  392.564511][T15676] IPv6: NLM_F_CREATE should be set when creating new route
[  392.571778][T15676] IPv6: NLM_F_CREATE should be set when creating new route
[  392.912845][T15685] netlink: 'syz.4.2402': attribute type 303 has an invalid length.
[  393.022760][T15702] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  393.153136][T15702] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  393.244864][T15702] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  393.268441][T15712] wg1 speed is unknown, defaulting to 1000
[  393.391196][T15702] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  393.564328][T15729] netlink: 'syz.1.2414': attribute type 1 has an invalid length.
[  393.626788][T15724] wg1 speed is unknown, defaulting to 1000
[  393.887992][   T50] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  393.922703][   T50] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  394.082242][T15718] __nla_validate_parse: 13 callbacks suppressed
[  394.082262][T15718] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2410'.
[  394.116480][   T60] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  394.215439][   T60] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  394.841102][T15762] netlink: 280 bytes leftover after parsing attributes in process `syz.1.2421'.
[  395.109030][T15775] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2425'.
[  395.183051][T15775] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2425'.
[  395.250323][T15779] 8021q: adding VLAN 0 to HW filter on device bond2
[  395.312307][T15781] 8021q: adding VLAN 0 to HW filter on device bond3
[  395.361622][T15786] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  395.565018][T15800] wg1 speed is unknown, defaulting to 1000
[  395.597497][T15795] syzkaller0: entered promiscuous mode
[  395.603503][T15795] syzkaller0: entered allmulticast mode
[  395.966669][T15810] netlink: 'syz.4.2433': attribute type 1 has an invalid length.
[  395.974792][T15810] netlink: 248 bytes leftover after parsing attributes in process `syz.4.2433'.
[  396.177537][T15812] netlink: 'syz.0.2432': attribute type 10 has an invalid length.
[  396.220858][T15813] netlink: 596 bytes leftover after parsing attributes in process `syz.3.2434'.
[  396.561599][T15836] sctp: [Deprecated]: syz.2.2435 (pid 15836) Use of int in max_burst socket option deprecated.
[  396.561599][T15836] Use struct sctp_assoc_value instead
[  396.597218][T15841] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2441'.
[  396.661406][T15845] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  396.680179][T15842] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2441'.
[  396.725715][T15842] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2441'.
[  396.768317][T15842] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2441'.
[  397.047120][T15862] wg1 speed is unknown, defaulting to 1000
[  397.047406][T15866] netlink: 'syz.1.2448': attribute type 1 has an invalid length.
[  397.254307][T15874] wg1 speed is unknown, defaulting to 1000
[  397.312123][T15881] bond17: option packets_per_slave: invalid value (1802723700)
[  397.328977][T15881] bond17: option packets_per_slave: allowed values 0 - 65535
[  397.595800][T15881] bond17 (unregistering): Released all slaves
[  398.752828][T15906] wg1 speed is unknown, defaulting to 1000
[  399.057471][T15931] wg1 speed is unknown, defaulting to 1000
[  399.108189][T15937] netlink: 'syz.4.2463': attribute type 3 has an invalid length.
[  399.128865][T15937] __nla_validate_parse: 7 callbacks suppressed
[  399.128883][T15937] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2463'.
[  399.514534][T15959] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2468'.
[  399.705976][T15967] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2470'.
[  400.033711][T15984] netlink: 14679 bytes leftover after parsing attributes in process `syz.4.2475'.
[  400.155439][T15987] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2476'.
[  400.332524][T15992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2478'.
[  400.362053][T15995] netlink: 'syz.2.2479': attribute type 1 has an invalid length.
[  400.396412][T15995] 8021q: adding VLAN 0 to HW filter on device bond17
[  400.465087][T15995] 8021q: adding VLAN 0 to HW filter on device bond17
[  400.472657][T15995] bond17: (slave vxcan1): The slave device specified does not support setting the MAC address
[  400.485456][T15995] bond17: (slave vxcan1): Error -95 calling set_mac_address
[  400.575976][T16003] netlink: 'syz.1.2481': attribute type 5 has an invalid length.
[  400.625140][T16006] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2482'.
[  400.739344][T16014] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  400.750865][T16014] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  400.825504][T16014] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  400.856877][T16020] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  400.866674][T16014] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  401.019495][T16014] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  401.046195][T16014] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  401.103037][T16031] !
: left promiscuous mode
[  401.399253][T16042] netlink: 'syz.2.2490': attribute type 10 has an invalid length.
[  401.446560][T16031] team0 (unregistering): Port device C removed
[  401.462995][T16031] team0 (unregistering): Port device team_slave_1 removed
[  401.473948][T16043] netlink: 'syz.2.2490': attribute type 10 has an invalid length.
[  401.482060][T16043] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2490'.
[  401.492428][T16031] team0 (unregistering): Port device 
0!
 removed
[  401.534688][T16011] dvmrp0: entered allmulticast mode
[  401.554475][T16014] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  401.587687][T16014] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  401.658515][T16039] wg1 speed is unknown, defaulting to 1000
[  401.760252][T16048] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2492'.
[  401.845721][   T13] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  401.865821][   T13] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20001 - 0
[  401.927263][   T13] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  401.946293][   T13] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20001 - 0
[  401.982474][T11592] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  401.991583][T11592] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20001 - 0
[  402.038017][T16061] syzkaller1: entered promiscuous mode
[  402.043672][T16061] syzkaller1: entered allmulticast mode
[  402.051506][ T8246] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  402.063188][ T8246] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20001 - 0
[  402.087434][T16010] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  402.099990][T16010] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20001 - 0
[  402.180682][T16064] bond9 (unregistering): Released all slaves
[  402.212756][ T8246] ==================================================================
[  402.220892][ T8246] BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1350
[  402.228472][ T8246] Read of size 8 at addr ffff888082ae82b0 by task kworker/u8:11/8246
[  402.236563][ T8246] 
[  402.238921][ T8246] CPU: 0 UID: 0 PID: 8246 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) 
[  402.238947][ T8246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  402.238962][ T8246] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  402.239004][ T8246] Call Trace:
[  402.239012][ T8246]  <TASK>
[  402.239021][ T8246]  dump_stack_lvl+0x189/0x250
[  402.239044][ T8246]  ? __kasan_check_byte+0x12/0x40
[  402.239069][ T8246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  402.239089][ T8246]  ? lock_release+0x4b/0x3e0
[  402.239117][ T8246]  ? __virt_addr_valid+0x4a5/0x5c0
[  402.239139][ T8246]  print_report+0xca/0x240
[  402.239163][ T8246]  ? __mutex_lock+0x147/0x1350
[  402.239181][ T8246]  kasan_report+0x118/0x150
[  402.239204][ T8246]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  402.239241][ T8246]  ? __mutex_lock+0x147/0x1350
[  402.239264][ T8246]  __mutex_lock+0x147/0x1350
[  402.239285][ T8246]  ? __mutex_lock+0x5bb/0x1350
[  402.239307][ T8246]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  402.239340][ T8246]  ? __pfx___mutex_lock+0x10/0x10
[  402.239362][ T8246]  ? __lock_acquire+0xab9/0xd20
[  402.239392][ T8246]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  402.239426][ T8246]  ? process_scheduled_works+0x9ef/0x17b0
[  402.239453][ T8246]  ? process_scheduled_works+0x9ef/0x17b0
[  402.239480][ T8246]  process_scheduled_works+0xae1/0x17b0
[  402.239523][ T8246]  ? __pfx_process_scheduled_works+0x10/0x10
[  402.239558][ T8246]  worker_thread+0x8a0/0xda0
[  402.239600][ T8246]  kthread+0x711/0x8a0
[  402.239621][ T8246]  ? __pfx_worker_thread+0x10/0x10
[  402.239648][ T8246]  ? __pfx_kthread+0x10/0x10
[  402.239668][ T8246]  ? _raw_spin_unlock_irq+0x23/0x50
[  402.239695][ T8246]  ? lockdep_hardirqs_on+0x9c/0x150
[  402.239713][ T8246]  ? __pfx_kthread+0x10/0x10
[  402.239731][ T8246]  ret_from_fork+0x4bc/0x870
[  402.239759][ T8246]  ? __pfx_ret_from_fork+0x10/0x10
[  402.239788][ T8246]  ? __switch_to_asm+0x39/0x70
[  402.239810][ T8246]  ? __switch_to_asm+0x33/0x70
[  402.239832][ T8246]  ? __pfx_kthread+0x10/0x10
[  402.239850][ T8246]  ret_from_fork_asm+0x1a/0x30
[  402.239882][ T8246]  </TASK>
[  402.239890][ T8246] 
[  402.443408][ T8246] Allocated by task 16014:
[  402.447822][ T8246]  kasan_save_track+0x3e/0x80
[  402.452504][ T8246]  __kasan_kmalloc+0x93/0xb0
[  402.457100][ T8246]  __kmalloc_noprof+0x411/0x7f0
[  402.461951][ T8246]  udp_tunnel_nic_netdevice_event+0x4c3/0x1810
[  402.468113][ T8246]  notifier_call_chain+0x1b6/0x3e0
[  402.473241][ T8246]  register_netdevice+0x1608/0x1ae0
[  402.478450][ T8246]  nsim_create+0xae8/0xf10
[  402.482874][ T8246]  __nsim_dev_port_add+0x6b6/0xb10
[  402.487981][ T8246]  nsim_dev_port_add_all+0x37/0xf0
[  402.493095][ T8246]  nsim_dev_reload_up+0x451/0x780
[  402.498124][ T8246]  devlink_reload+0x4ec/0x8d0
[  402.502808][ T8246]  devlink_nl_reload_doit+0xb35/0xd50
[  402.508194][ T8246]  genl_family_rcv_msg_doit+0x215/0x300
[  402.513753][ T8246]  genl_rcv_msg+0x60e/0x790
[  402.518260][ T8246]  netlink_rcv_skb+0x208/0x470
[  402.523049][ T8246]  genl_rcv+0x28/0x40
[  402.527034][ T8246]  netlink_unicast+0x82f/0x9e0
[  402.531809][ T8246]  netlink_sendmsg+0x805/0xb30
[  402.536582][ T8246]  __sock_sendmsg+0x21c/0x270
[  402.541262][ T8246]  ____sys_sendmsg+0x505/0x830
[  402.546038][ T8246]  ___sys_sendmsg+0x21f/0x2a0
[  402.550713][ T8246]  __x64_sys_sendmsg+0x19b/0x260
[  402.555650][ T8246]  do_syscall_64+0xfa/0xfa0
[  402.560154][ T8246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.566046][ T8246] 
[  402.568367][ T8246] Freed by task 16010:
[  402.572430][ T8246]  kasan_save_track+0x3e/0x80
[  402.577107][ T8246]  __kasan_save_free_info+0x46/0x50
[  402.582317][ T8246]  __kasan_slab_free+0x5c/0x80
[  402.587087][ T8246]  kfree+0x19a/0x6d0
[  402.590982][ T8246]  udp_tunnel_nic_netdevice_event+0x11ab/0x1810
[  402.597241][ T8246]  notifier_call_chain+0x1b6/0x3e0
[  402.602390][ T8246]  unregister_netdevice_many_notify+0x1860/0x2390
[  402.608813][ T8246]  unregister_netdevice_queue+0x33c/0x380
[  402.614538][ T8246]  nsim_destroy+0x1dd/0x670
[  402.619051][ T8246]  __nsim_dev_port_del+0x14d/0x1b0
[  402.624166][ T8246]  nsim_dev_reload_destroy+0x288/0x490
[  402.629631][ T8246]  nsim_dev_reload_down+0x8a/0xc0
[  402.634750][ T8246]  devlink_reload+0x1b6/0x8d0
[  402.639452][ T8246]  devlink_nl_reload_doit+0xb35/0xd50
[  402.644831][ T8246]  genl_family_rcv_msg_doit+0x215/0x300
[  402.650391][ T8246]  genl_rcv_msg+0x60e/0x790
[  402.654915][ T8246]  netlink_rcv_skb+0x208/0x470
[  402.659683][ T8246]  genl_rcv+0x28/0x40
[  402.663666][ T8246]  netlink_unicast+0x82f/0x9e0
[  402.668442][ T8246]  netlink_sendmsg+0x805/0xb30
[  402.673227][ T8246]  __sock_sendmsg+0x21c/0x270
[  402.677913][ T8246]  ____sys_sendmsg+0x505/0x830
[  402.682690][ T8246]  ___sys_sendmsg+0x21f/0x2a0
[  402.687364][ T8246]  __x64_sys_sendmsg+0x19b/0x260
[  402.692304][ T8246]  do_syscall_64+0xfa/0xfa0
[  402.696828][ T8246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.702731][ T8246] 
[  402.705063][ T8246] Last potentially related work creation:
[  402.710796][ T8246]  kasan_save_stack+0x3e/0x60
[  402.715476][ T8246]  kasan_record_aux_stack+0xbd/0xd0
[  402.720685][ T8246]  insert_work+0x3d/0x330
[  402.725017][ T8246]  __queue_work+0xbaf/0xfb0
[  402.729539][ T8246]  queue_work_on+0x181/0x270
[  402.734135][ T8246]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  402.739777][ T8246]  udp_tunnel_push_rx_port+0x180/0x200
[  402.745244][ T8246]  geneve_offload_rx_ports+0xd7/0x160
[  402.750633][ T8246]  geneve_netdevice_event+0x6a/0x80
[  402.755826][ T8246]  notifier_call_chain+0x1b6/0x3e0
[  402.760940][ T8246]  call_netdevice_notifiers+0x88/0xc0
[  402.766321][ T8246]  udp_tunnel_nic_netdevice_event+0xdff/0x1810
[  402.772486][ T8246]  notifier_call_chain+0x1b6/0x3e0
[  402.777606][ T8246]  register_netdevice+0x1608/0x1ae0
[  402.782807][ T8246]  nsim_create+0xae8/0xf10
[  402.787225][ T8246]  __nsim_dev_port_add+0x6b6/0xb10
[  402.792337][ T8246]  nsim_dev_port_add_all+0x37/0xf0
[  402.797454][ T8246]  nsim_dev_reload_up+0x451/0x780
[  402.802500][ T8246]  devlink_reload+0x4ec/0x8d0
[  402.807210][ T8246]  devlink_nl_reload_doit+0xb35/0xd50
[  402.812593][ T8246]  genl_family_rcv_msg_doit+0x215/0x300
[  402.818140][ T8246]  genl_rcv_msg+0x60e/0x790
[  402.822660][ T8246]  netlink_rcv_skb+0x208/0x470
[  402.827433][ T8246]  genl_rcv+0x28/0x40
[  402.831418][ T8246]  netlink_unicast+0x82f/0x9e0
[  402.836193][ T8246]  netlink_sendmsg+0x805/0xb30
[  402.840990][ T8246]  __sock_sendmsg+0x21c/0x270
[  402.845675][ T8246]  ____sys_sendmsg+0x505/0x830
[  402.850453][ T8246]  ___sys_sendmsg+0x21f/0x2a0
[  402.855131][ T8246]  __x64_sys_sendmsg+0x19b/0x260
[  402.860072][ T8246]  do_syscall_64+0xfa/0xfa0
[  402.864575][ T8246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.870469][ T8246] 
[  402.872792][ T8246] Second to last potentially related work creation:
[  402.879391][ T8246]  kasan_save_stack+0x3e/0x60
[  402.884077][ T8246]  kasan_record_aux_stack+0xbd/0xd0
[  402.889289][ T8246]  insert_work+0x3d/0x330
[  402.893626][ T8246]  __queue_work+0xcd2/0xfb0
[  402.898137][ T8246]  queue_work_on+0x181/0x270
[  402.902738][ T8246]  __udp_tunnel_nic_add_port+0xb71/0xd60
[  402.908404][ T8246]  udp_tunnel_push_rx_port+0x180/0x200
[  402.913877][ T8246]  vxlan_offload_rx_ports+0x139/0x200
[  402.919254][ T8246]  vxlan_netdevice_event+0x111/0x470
[  402.924542][ T8246]  notifier_call_chain+0x1b6/0x3e0
[  402.929659][ T8246]  call_netdevice_notifiers+0x88/0xc0
[  402.935036][ T8246]  udp_tunnel_nic_netdevice_event+0xdff/0x1810
[  402.941203][ T8246]  notifier_call_chain+0x1b6/0x3e0
[  402.946331][ T8246]  register_netdevice+0x1608/0x1ae0
[  402.951530][ T8246]  nsim_create+0xae8/0xf10
[  402.955951][ T8246]  __nsim_dev_port_add+0x6b6/0xb10
[  402.961061][ T8246]  nsim_dev_port_add_all+0x37/0xf0
[  402.966171][ T8246]  nsim_dev_reload_up+0x451/0x780
[  402.971208][ T8246]  devlink_reload+0x4ec/0x8d0
[  402.975889][ T8246]  devlink_nl_reload_doit+0xb35/0xd50
[  402.981285][ T8246]  genl_family_rcv_msg_doit+0x215/0x300
[  402.986838][ T8246]  genl_rcv_msg+0x60e/0x790
[  402.991390][ T8246]  netlink_rcv_skb+0x208/0x470
[  402.996166][ T8246]  genl_rcv+0x28/0x40
[  403.000151][ T8246]  netlink_unicast+0x82f/0x9e0
[  403.004930][ T8246]  netlink_sendmsg+0x805/0xb30
[  403.009704][ T8246]  __sock_sendmsg+0x21c/0x270
[  403.014386][ T8246]  ____sys_sendmsg+0x505/0x830
[  403.019165][ T8246]  ___sys_sendmsg+0x21f/0x2a0
[  403.023847][ T8246]  __x64_sys_sendmsg+0x19b/0x260
[  403.028789][ T8246]  do_syscall_64+0xfa/0xfa0
[  403.033291][ T8246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.039188][ T8246] 
[  403.041596][ T8246] The buggy address belongs to the object at ffff888082ae8200
[  403.041596][ T8246]  which belongs to the cache kmalloc-256 of size 256
[  403.055659][ T8246] The buggy address is located 176 bytes inside of
[  403.055659][ T8246]  freed 256-byte region [ffff888082ae8200, ffff888082ae8300)
[  403.069462][ T8246] 
[  403.071806][ T8246] The buggy address belongs to the physical page:
[  403.078229][ T8246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x82ae8
[  403.086995][ T8246] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  403.095519][ T8246] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  403.103505][ T8246] page_type: f5(slab)
[  403.107500][ T8246] raw: 00fff00000000040 ffff88813ffa6b40 0000000000000000 dead000000000001
[  403.116098][ T8246] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  403.124689][ T8246] head: 00fff00000000040 ffff88813ffa6b40 0000000000000000 dead000000000001
[  403.133498][ T8246] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  403.142191][ T8246] head: 00fff00000000001 ffffea00020aba01 00000000ffffffff 00000000ffffffff
[  403.150867][ T8246] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  403.159569][ T8246] page dumped because: kasan: bad access detected
[  403.165995][ T8246] page_owner tracks the page as allocated
[  403.171712][ T8246] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13182, tgid 13181 (syz.3.1787), ts 331207434934, free_ts 314208648728
[  403.193258][ T8246]  post_alloc_hook+0x240/0x2a0
[  403.198034][ T8246]  get_page_from_freelist+0x2365/0x2440
[  403.203589][ T8246]  __alloc_frozen_pages_noprof+0x181/0x370
[  403.209426][ T8246]  alloc_pages_mpol+0x232/0x4a0
[  403.214283][ T8246]  allocate_slab+0x96/0x3a0
[  403.218823][ T8246]  ___slab_alloc+0xe94/0x18a0
[  403.223515][ T8246]  __slab_alloc+0x65/0x100
[  403.227945][ T8246]  __kmalloc_noprof+0x471/0x7f0
[  403.232805][ T8246]  iter_file_splice_write+0x1c6/0x10e0
[  403.238267][ T8246]  direct_splice_actor+0x101/0x160
[  403.243387][ T8246]  splice_direct_to_actor+0x5a8/0xcc0
[  403.248769][ T8246]  do_splice_direct+0x181/0x270
[  403.253637][ T8246]  do_sendfile+0x4da/0x7e0
[  403.258084][ T8246]  __se_sys_sendfile64+0x13e/0x190
[  403.263217][ T8246]  do_syscall_64+0xfa/0xfa0
[  403.267733][ T8246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.273631][ T8246] page last free pid 12333 tgid 12332 stack trace:
[  403.280139][ T8246]  __free_frozen_pages+0xbc4/0xd30
[  403.285264][ T8246]  tlb_remove_table_rcu+0x85/0x100
[  403.290391][ T8246]  rcu_core+0xcab/0x1770
[  403.294644][ T8246]  handle_softirqs+0x286/0x870
[  403.299431][ T8246]  do_softirq+0xec/0x180
[  403.303690][ T8246]  __local_bh_enable_ip+0x17d/0x1c0
[  403.308895][ T8246]  packet_poll+0x356/0x5c0
[  403.313317][ T8246]  sock_poll+0x325/0x3e0
[  403.317589][ T8246]  do_select+0x105e/0x17d0
[  403.322106][ T8246]  core_sys_select+0x6e2/0xa20
[  403.326868][ T8246]  __se_sys_pselect6+0x27a/0x300
[  403.331809][ T8246]  do_syscall_64+0xfa/0xfa0
[  403.336316][ T8246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.342217][ T8246] 
[  403.344556][ T8246] Memory state around the buggy address:
[  403.350201][ T8246]  ffff888082ae8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  403.358263][ T8246]  ffff888082ae8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  403.366325][ T8246] >ffff888082ae8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  403.374385][ T8246]                                      ^
[  403.380011][ T8246]  ffff888082ae8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  403.388118][ T8246]  ffff888082ae8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  403.396200][ T8246] ==================================================================
[  403.412356][ T8246] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  403.419602][ T8246] CPU: 1 UID: 0 PID: 8246 Comm: kworker/u8:11 Not tainted syzkaller #0 PREEMPT(full) 
[  403.429165][ T8246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  403.439244][ T8246] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[  403.446582][ T8246] Call Trace:
[  403.449875][ T8246]  <TASK>
[  403.452825][ T8246]  dump_stack_lvl+0x99/0x250
[  403.457443][ T8246]  ? __asan_memcpy+0x40/0x70
[  403.462066][ T8246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  403.467296][ T8246]  ? __pfx__printk+0x10/0x10
[  403.471941][ T8246]  vpanic+0x237/0x6d0
[  403.475959][ T8246]  ? __pfx_vpanic+0x10/0x10
[  403.480500][ T8246]  ? preempt_schedule+0xae/0xc0
[  403.485393][ T8246]  ? __pfx_preempt_schedule+0x10/0x10
[  403.490811][ T8246]  panic+0xb9/0xc0
[  403.494660][ T8246]  ? __pfx_panic+0x10/0x10
[  403.499123][ T8246]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  403.505063][ T8246]  ? __mutex_lock+0x147/0x1350
[  403.509882][ T8246]  check_panic_on_warn+0x89/0xb0
[  403.514828][ T8246]  ? __mutex_lock+0x147/0x1350
[  403.519686][ T8246]  end_report+0x78/0x160
[  403.523948][ T8246]  kasan_report+0x129/0x150
[  403.528457][ T8246]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  403.534378][ T8246]  ? __mutex_lock+0x147/0x1350
[  403.539167][ T8246]  __mutex_lock+0x147/0x1350
[  403.543783][ T8246]  ? __mutex_lock+0x5bb/0x1350
[  403.548550][ T8246]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[  403.554798][ T8246]  ? __pfx___mutex_lock+0x10/0x10
[  403.559821][ T8246]  ? __lock_acquire+0xab9/0xd20
[  403.564705][ T8246]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[  403.570799][ T8246]  ? process_scheduled_works+0x9ef/0x17b0
[  403.576526][ T8246]  ? process_scheduled_works+0x9ef/0x17b0
[  403.582250][ T8246]  process_scheduled_works+0xae1/0x17b0
[  403.587816][ T8246]  ? __pfx_process_scheduled_works+0x10/0x10
[  403.593814][ T8246]  worker_thread+0x8a0/0xda0
[  403.598424][ T8246]  kthread+0x711/0x8a0
[  403.602495][ T8246]  ? __pfx_worker_thread+0x10/0x10
[  403.607615][ T8246]  ? __pfx_kthread+0x10/0x10
[  403.612208][ T8246]  ? _raw_spin_unlock_irq+0x23/0x50
[  403.617410][ T8246]  ? lockdep_hardirqs_on+0x9c/0x150
[  403.622606][ T8246]  ? __pfx_kthread+0x10/0x10
[  403.627200][ T8246]  ret_from_fork+0x4bc/0x870
[  403.631800][ T8246]  ? __pfx_ret_from_fork+0x10/0x10
[  403.636936][ T8246]  ? __switch_to_asm+0x39/0x70
[  403.641706][ T8246]  ? __switch_to_asm+0x33/0x70
[  403.646471][ T8246]  ? __pfx_kthread+0x10/0x10
[  403.651062][ T8246]  ret_from_fork_asm+0x1a/0x30
[  403.655850][ T8246]  </TASK>
[  403.659287][ T8246] Kernel Offset: disabled
[  403.663617][ T8246] Rebooting in 86400 seconds..