last executing test programs:

10.371341952s ago: executing program 1 (id=3260):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b0400000000000000000200000050000480400001800a0001006d6174636800000030000280080002400000000118000300c6a41d10fffff500e9ecffffffffffffff0000000a0001006f776e65720000000c00018008000100647570000900010073797a30000000000900020073797a32"], 0xa4}}, 0x4048010)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000058000000090a010400000000000000000100000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000041c000980100002800c00018008000140000000020800014000000003"], 0x364}}, 0x0)

10.3021654s ago: executing program 1 (id=3261):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={0x48, 0x0, 0x1, 0x5, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x1}]}, 0x48}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001000)=ANY=[@ANYBLOB="b7020000910c0000bfa30000000000000703000000feffff7a0af0ff0d00000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000009000000b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa00000000690e000000000000008b798b4f7458d1863cc67c4c6a06fa28e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc7a65d073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f838f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b32176066599783568628f0309c3a01716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d247714358d8b170c3b5cad11f72cd9d88e56b95fe9f3de5cfcfa5c1da8ba181580d9db035efe38834de171b64f4b4c1b242786dcc5679e3d0613cdf05b02d7ad4f3b8af27a696e9b8809c2d68fddfcbd451e81d37c11f95094b91fff61ab9e69780b133d1dbca5a78695131c34c855dd793f90ca3973a4bd5606151b3600373d2bbfb7b3638e713e7275af06107949ff5dffe24d3c448ae6e4646b346fe0a21eef1e55d0659eac930d00000000000ff52b98317c45417b900a47c1ae1103c09fc173c1cf28bf7ef7a61523c6b2dbb35f5ae29877bb8e1b3e257056c0d205d391ed7b2089a72a93885b9fc8430ff"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x4a)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x1f2f, 0xe80, 0x3253, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DISASSOCIATE(r2, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="0047962e", @ANYRES16=r3, @ANYBLOB="000829bd7000fbdbdf25280000000c00990005000000780000000600360007000000"], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x4000841)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x80}]}}]}, 0x40}}, 0x0)

9.731559128s ago: executing program 1 (id=3266):
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd1}, 0x50)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000008c0)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74", @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000500)=0x8, 0x4)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000002c0)="aefd", 0x2}], 0x1)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x8044)

9.573878111s ago: executing program 1 (id=3270):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x4}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0x2, 0x5, 0x9, 0x7, 0xc, 0x2, 0x4, 0x2, 0xf, 0x6, 0x0, 0x2, 0x2, 0x6, 0x4, 0x4], 0x3, [0x8b, 0x101, 0x200, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xfffe, 0xfff5, 0x3, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x8, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x2000000}, 0x0)

8.867433375s ago: executing program 1 (id=3276):
r0 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfc}, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r2, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r3}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
syz_genetlink_get_family_id$nfc(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0))
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r4, 0x112, 0xb, 0x0, 0x0)
write$nci(0xffffffffffffffff, &(0x7f00000005c0)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x1, 0x3, 0x5, 0xfc, @f_listen={0x7, 0x1, 0x4, 0x82, 0x80, 0x1, 0xe4, {0xb, "e205648dc0720397891c06"}, 0x4, 0x85, 0x4, 0x7, 0xe4, "7a94457cefc802a82afd6fff9cb6ee63617b217933457c6a27deb5782c55fc4b214b620b2165d1201f0ceb908adab5f8c2b9ff6c728767d3236c6e742032bed20f30e354651f256a21e6383e7dc3b67af14b5ffd626b245dfd2c06e204bfb78ca6d756d6e4c017223369ae5321c88def9341a6e63b05e6ac317068ada3c30182b5ce76546789152b95f5e6897912d3b4bfa489992eb4423bfa6c6074108a419aed21c1bddb42b56d9324990c797f06ed8b83acdf4f6c9c92465c43f98babf9eda4aa62400acdbc679ce2e556fd8efb345853e309338328acdf182162b26d3f741f4cbd8d"}}, 0xff)

5.686655425s ago: executing program 1 (id=3281):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0x5}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x12, r0, 0x4}, 0x38)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x64}, {0x6}]}, 0x10)
r3 = socket$inet6(0xa, 0x2, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmmsg$inet(r3, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x8000004)
r7 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000140)=@bloom_filter={0x1e, 0xe, 0x8, 0x7f, 0x40004, 0xffffffffffffffff, 0x5, '\x00', r6, 0xffffffffffffffff, 0x3, 0x4, 0x3, 0xf}, 0x50)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x13, r7, 0xa773a000)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000040)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x2040804)

5.683784866s ago: executing program 3 (id=3283):
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x100058d1}, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="68000000100001002fbd7000fddbdf2500000000", @ANYRES32, @ANYBLOB="0201000000000000140003006e657464657673696d3000000000000034001680300001802c"], 0x68}}, 0x24040800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="68000000100001002fbd7000fddbdf2500000000", @ANYRES32, @ANYBLOB="0201000000000000140003006e657464657673696d3000000000000034001680300001802c"], 0x68}}, 0x24040800)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x5, 0x0, 0x5cc7, 0x8}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000004000300}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x5, 0x0, 0x5cc7, 0x8}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000004000300}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="cb2da763bb3282b121692bc43eb4105000000003080106000240000000002c"], 0x50}}, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_type(r2, &(0x7f0000000380), 0x2, 0x0)
preadv(r3, &(0x7f0000000ac0)=[{&(0x7f00000004c0)=""/83, 0x53}], 0x1, 0x80000000, 0xffffffff) (async)
preadv(r3, &(0x7f0000000ac0)=[{&(0x7f00000004c0)=""/83, 0x53}], 0x1, 0x80000000, 0xffffffff)
socket$kcm(0x10, 0x2, 0x10) (async)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd00028008"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4080000400000006110540000000000a6000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2}, 0x48)
r6 = socket(0x10, 0x803, 0x0)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000400)=r5, 0x4) (async)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000400)=r5, 0x4)
sendmsg$nl_generic(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000005200010000000000000000080a00000008000100", @ANYRES64], 0x1c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001c00c92429bd70000000020007000000", @ANYRES32=r1, @ANYBLOB="80008f0b0a000200aaaaaaaaaaaa000008000f"], 0x30}, 0x1, 0x0, 0x0, 0xc0041}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000090a01040000000000000000010000029715f97f0000000008000640ffffff000900010073797a3000000000080005400000001c0900020073797a320000000008000340000000880c0009800800028004000180140000001000010000000000000000000784000a"], 0x80}, 0x1, 0x0, 0x0, 0x4404c810}, 0x0) (async)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000090a01040000000000000000010000029715f97f0000000008000640ffffff000900010073797a3000000000080005400000001c0900020073797a320000000008000340000000880c0009800800028004000180140000001000010000000000000000000784000a"], 0x80}, 0x1, 0x0, 0x0, 0x4404c810}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x1a, 0x1, 0x0, 0x0, {0x81}, [@FIB_RULE_POLICY=@FRA_TABLE={0x8, 0xf, 0xfe}]}, 0x24}}, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r7, 0x8010661b, &(0x7f0000000340))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xb, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4ff00000000711053000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x90)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$IPSET_CMD_TEST(r9, &(0x7f0000000280)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, 0xb, 0x6, 0x301, 0x0, 0x0, {0xa247aab2e510d6d2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x40}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8011}, 0x4040880)

5.399070461s ago: executing program 0 (id=3285):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x4}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0x2, 0x5, 0x9, 0x7, 0xc, 0x2, 0x4, 0x2, 0xf, 0x6, 0x0, 0x2, 0x2, 0x6, 0x4, 0x4], 0x3, [0x8b, 0x101, 0x200, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xfffe, 0xfff5, 0x3, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x8, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x3000000}, 0x0)

5.387655239s ago: executing program 4 (id=3180):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001e80)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa00000000000111503000008004e002d3501000000000095006e00000000006916000000000000bf67000000000000350604000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c88da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba751e4e174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000e90000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18532f4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32a103393c7c166215dab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095031dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa175740395ef9e4a0dc5ad"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

5.339974893s ago: executing program 3 (id=3286):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000080)=0x1, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv4_newrule={0x30, 0x20, 0x301, 0x3, 0x0, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x1f}, [@FRA_GENERIC_POLICY=@FRA_OIFNAME={0x14, 0x11, 'veth1_to_bridge\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x81}, 0x44004)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x439, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1313}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x40008c0)
ppoll(&(0x7f0000000180)=[{r1}], 0x1, &(0x7f00000000c0)={0x0, 0x3938700}, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000003e000701fcfffff7fddbdff6037c0000040036800c0001"], 0x24}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}}}}}}]}, 0x48}}, 0x0)

5.207573414s ago: executing program 4 (id=3289):
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd1}, 0x50)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000008c0)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74", @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000500)=0x8, 0x4)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000002c0)="aefd", 0x2}], 0x1)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b000000", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x8044)

4.8186177s ago: executing program 4 (id=3291):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'nicvf0\x00'})
r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8) (async)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x100, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c004}, 0x8000) (async)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000001c0)={<r3=>0x0, 0x1}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000240)={r3}, &(0x7f0000000280)=0xc) (async)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000002c0)={0xab, 0x7, 0x1, 0xff, 0x800, 0x3, 0x8001, 0x8, <r4=>r3}, &(0x7f0000000300)=0x20) (async)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000340)=<r5=>0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000380)=r5) (async, rerun: 64)
r6 = socket$netlink(0x10, 0x3, 0x6) (rerun: 64)
ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000400)=<r7=>0x0)
r8 = getuid()
sendmsg$netlink(r6, &(0x7f00000006c0)={&(0x7f00000003c0)=@kern={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)=[{&(0x7f0000000440)={0x234, 0x20, 0x300, 0x70bd27, 0x25dfdbfe, "", [@nested={0x72, 0x5c, 0x0, 0x1, [@typed={0xd, 0xed, 0x0, 0x0, @str='mptcp_pm\x00'}, @typed={0x8, 0x39, 0x0, 0x0, @ipv4=@rand_addr=0x64010101}, @typed={0x8, 0x65, 0x0, 0x0, @u32=0x7}, @generic="a439abb1f4e49d2482297ba38686dae4fca2fe52beb19848c499c2eb038b33d7fbf1", @generic="4df8192c2772dd", @nested={0x4, 0x129}, @typed={0x4, 0x37}, @generic="bdf7653ce984855f4afda0daf134c0ed9c2d13cf6dc04ee075", @nested={0x4, 0x105}]}, @nested={0x193, 0xa1, 0x0, 0x1, [@generic="0057a495c40b9954101b9987c4a874fe6dd0dd4f4a80c9da39101107566c7c731c7e369bca31b6c275e98269fba7d566ee8bdad5b2a1306f64febfb218e0499f4d0ed1951999e743d8766ae983dabea2230eba1e82bd9240c77f20aa63678e7d7ac5da2cc94cd5462988a53d9329d7a3f1cce92500210ef09c14bb9166", @typed={0xb, 0x5e, 0x0, 0x0, @str='nicvf0\x00'}, @typed={0x8, 0xb9, 0x0, 0x0, @pid=r7}, @generic="60380581f91db6f4d7b4c079f2ddac00c18aafa0dcd0dd5b1ec7ddbbeade196b0323f83c9ee4df129e9285c82bf3476305a5d7844c682d8843599e7ff88123315ec606b1a32c1b0d940c7dcce7832837c15468892dc77f96c2d0b434f2c472fd5727a4e0134a010df9a2c7d9410f72420e96b2268f513c07bdb6ee1a51f148b90b55baf68d18b026b14f34e31932ce0359aec9041b9be8264bcc8973967f310e95ce52efc7ae71eee65b9b722236d8c162ceecb5c8df97d1f260d26b71b64484de078fccb02e904bf2df695cefe190c9d80f63f9bd95e52a9943e90afa14e24095846dca72e18b2a57bdccfc86dd99076b00", @typed={0xc, 0x20, 0x0, 0x0, @u64=0x13e0000000000000}]}, @typed={0x8, 0x145, 0x0, 0x0, @uid=r8}, @typed={0x14, 0xec, 0x0, 0x0, @ipv6=@mcast1}]}, 0x234}], 0x1, 0x0, 0x0, 0x4000}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000780)=@mangle={'mangle\x00', 0x1f, 0x6, 0x490, 0xf0, 0x238, 0x0, 0x1a0, 0x360, 0x3f8, 0x3f8, 0x3f8, 0x3f8, 0x3f8, 0x6, &(0x7f0000000700), {[{{@ip={@rand_addr=0x64010100, @empty, 0x0, 0xff000000, 'team_slave_0\x00', 'pimreg0\x00', {0xff}, {}, 0x1d, 0x3, 0x24}, 0x0, 0xc0, 0xf0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x5, 0x0, @remote, 0x4e24}}}, {{@ip={@rand_addr=0x64010102, @local, 0xff, 0xff, 'team_slave_0\x00', 'dvmrp0\x00', {}, {0xff}, 0x16, 0x0, 0x8}, 0x0, 0x70, 0xb0}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x9, 0x4, @ipv4=@multicast1, 0x4e21}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x21, 0x9, 0x1}}}, {{@uncond, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@addrtype={{0x30}, {0x100, 0x40, 0x0, 0x1}}, @inet=@rpfilter={{0x28}, {0x3}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x0, 0x5, 0x4, 0x4, 0x4, 0x6], 0x4, 0x5}, {0x1, [0x7, 0x0, 0x5, 0x4, 0x3, 0x2], 0x2, 0x4}}}}, {{@uncond, 0x0, 0x70, 0x98}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x8, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4f0) (async, rerun: 32)
ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000c80)) (async, rerun: 32)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000cc0)={r4, 0xd05c}, 0x8) (async)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000d00)={<r9=>r4, 0x894}, &(0x7f0000000d40)=0xc)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r10, &(0x7f0000000e40)={&(0x7f0000000d80)={0x10, 0x0, 0x0, 0x8800000}, 0xc, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x28, 0x9, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x8004}, 0x4000) (async)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000ec0), r1)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f0000000fc0)={&(0x7f0000000e80)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000f80)={&(0x7f0000000f00)={0x44, r11, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}]}, 0x44}}, 0x40) (async)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001040), r1)
sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000001100)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x18, r12, 0x800, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x880}, 0x1) (async, rerun: 64)
r13 = accept4$inet6(r1, &(0x7f0000001140)={0xa, 0x0, 0x0, @empty}, &(0x7f0000001180)=0x1c, 0x80000) (rerun: 64)
getsockopt$inet6_int(r1, 0x29, 0x8, &(0x7f00000011c0), &(0x7f0000001200)=0x4) (async)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000001280)=@raw={'raw\x00', 0x9, 0x3, 0x358, 0x100, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x2c0, 0xffffffff, 0xffffffff, 0x2c0, 0xffffffff, 0x3, &(0x7f0000001240), {[{{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x3}}, @common=@set={{0x40}, {{0x1, [0x7, 0x4, 0x5, 0x1, 0x0, 0x5], 0x4, 0x5}}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x2c0}}, {{@uncond, 0x0, 0x98, 0x1c0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xe, 'system_u:object_r:cron_log_t:s0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8)
sendmsg$nl_xfrm(r1, &(0x7f0000001a80)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000001a40)={&(0x7f0000001680)=@getsa={0x390, 0x12, 0x28, 0x70bd27, 0x25dfdbfd, {@in=@rand_addr=0x64010100, 0x4d3, 0xa, 0x6c}, [@XFRMA_SET_MARK_MASK={0x8, 0x1e, 0xfffffff9}, @algo_crypt={0xa5, 0x2, {{'adiantum(xts-aes-neon,cipher_null-generic,sha256-avx)\x00'}, 0x2e8, "9c7d5f2d38a0c06833e6348c96803d63eac5f9b66cdac66938975a658622ef38c3ae4be26ffea531ebffb0446c655970d5d678f0c9f4af770beb3613da554ed661b7922390b4ea6d2418a61ab41d1736ca181cafc5e5956cbac0d028d2"}}, @policy_type={0xa}, @tmpl={0x184, 0x5, [{{@in=@multicast1, 0x4d4, 0x33}, 0xa, @in=@local, 0x0, 0x4, 0x0, 0x2, 0x9290, 0x1, 0x8}, {{@in=@loopback, 0x4d3, 0x3c}, 0xa, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x0, 0x1, 0x0, 0x4, 0x0, 0x4, 0x80000000}, {{@in=@dev={0xac, 0x14, 0x14, 0x3d}, 0x4d3, 0x2b}, 0xa, @in6=@rand_addr=' \x01\x00', 0x3502, 0x4, 0x1, 0x6, 0x6, 0x8, 0x6}, {{@in6=@private1, 0x4d5, 0x32}, 0x2, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x3502, 0x3, 0x2, 0x46, 0x7fffffff, 0x3, 0x3}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d6, 0x33}, 0xa, @in=@broadcast, 0x3500, 0x4, 0x2, 0x3, 0x57, 0x7, 0x4}, {{@in6=@remote, 0x4d6, 0x19}, 0xa, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x34ff, 0x4, 0x3, 0xe, 0x9, 0x9, 0x401}]}, @algo_auth_trunc={0x125, 0x14, {{'blake2s-224-x86\x00'}, 0x6c8, 0xc0, "b40ea80ab33c478098d935fe9986aa1bfd38559d548109a9924568544c24cc4c68b0533ac7347ee8228a0317aee19e63420b7a81fb868d98251ba5cf5b9576edd72c28e0dc589e63b9bfd66cc36b146abe2d2e012c85538ff9c741732053c0dbee09a4ac5607a170260f9d3d4f735c089e586dbac6f2ca872ae8b415c8d6b54e599d933f5d5b1e48f3f30fee63694838ce954755aff799c1d494dcaf419b556f94fc72a142c49767cec7df8e698b54dd56df7173b3fa2d7c87ae6adebe9128dce61f6827bb4565242702fc1015d1271ea97003db8f6b03df58"}}]}, 0x390}, 0x1, 0x0, 0x0, 0x20000015}, 0xc080)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r13, 0x84, 0x7b, &(0x7f0000001ac0)={r9, 0x7ff}, &(0x7f0000001b00)=0x8)
getpeername$qrtr(r1, &(0x7f0000001b40), &(0x7f0000001b80)=0xc)

4.764088882s ago: executing program 3 (id=3292):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x0, 0x3, 0x5, 0x7, @v={0x3, 0x2, 0x4, 0x6, 0x5, 0x10, 0x4d, {0x4, 0x9, "1b15ed536d2c5615"}, 0x7f, 0x3, 0x7f, 0x6}}, 0x19)

4.75152807s ago: executing program 0 (id=3293):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000100), 0x4)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6)
syz_emit_ethernet(0x20e, &(0x7f0000000780)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd6000021001d83a00fe8000000000000000000000000000bbff02000000000000000000000000000104009078000000000400000000000000000000000000000000000000000000010000000000000000000000000000000087000519680000000033000000000000050200000106000000000000009da17e9ab13f6e142b20582c8d220c698a74dbf13dfc0ad1f526dfc43313759300929090dd4792ce67ea9f8769d3246f94412c56e0247939ed4b318e4b6066b72d91d9aff97fcf30977dfd4028dea535a8e9d1682c4794d255d62089716f2f97577f9bef264da3cfd3e5511fb253122f61808a73cc2e760f93ceb68a0db2613cf0956b23235f057c2f980a19266a6bb4a33a17f550a571c5b4211c6fa37105020000008c65fd1a52737fa1ec00000000000000e0dd36bcffb376f4b35d4a5bc51b0f8fb9a273282a9c8ef192a4de26c8732765dbeb6ce083e81cebf0612d1cc7956b78fb34ce0e4a867c8b40cbd4c868c9af5ef0446869c2e09cbb94bab04b23680ba97ad5c624055e9004a7a121cf38a402a7aa80e05dbe56fecab8b014420231c0e997cbfda9bdc7f29e3a8b13dcfc396cf6ff1fcd8a7f43a107871fdd7e01020000000100015208f1390b0c74cba47ed1dbe3290d39f34bbe19939cbd16fe15f3802c8f12d8687cb72f6783172e63fafc0bc19fc7ea5e20fe65290cc5531784929dd4b5c8ff0df008542d00f6159b8059"], 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x800)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000500)=0x8, 0x4)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000002c0)="aefd", 0x2}], 0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x9b}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000bc0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xe8001, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2})
ioctl$TUNSETOFFLOAD(r4, 0x400454c9, 0xba98575a95aeb70d)
ioctl$TUNSETLINK(r4, 0x400454cd, 0x337)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000340)={r4, 0x4, 0x7, 0x5})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[], 0x6f4}, 0x1, 0x0, 0x0, 0x4000850}, 0x8044)

4.37394119s ago: executing program 4 (id=3295):
r0 = socket$netlink(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
write(r0, &(0x7f00000002c0)="29000000140005b7ff00000004eabdeb0101b6ff02159f7e5520756b0f33b49db96ad24d12595fbea5", 0x29)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x3c, r3, 0x1, 0x3, 0x0, {0x33}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}]}, 0x3c}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="24000000400019012bbd700000000000017c0000040042800800018004001e80040002"], 0x24}, 0x1, 0x0, 0x0, 0x48814}, 0xc000)
bind$unix(r1, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
syz_emit_ethernet(0x32, &(0x7f0000000a00)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @multicast1}, {0x4000, 0x17c1, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x6, 0x100}}}}}}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendfile(r6, r7, 0x0, 0x7feff000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, 0x2, 0x3, 0x3, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0xeb2a}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x10}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x26}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x27}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x25}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7ff}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000080}, 0x24020000)

4.121085323s ago: executing program 2 (id=3297):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000001c0)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x4}, 0x50)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x6, &(0x7f0000000040)=0x100000001, 0x4)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r3, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x5f, 0x3})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000140), &(0x7f0000000100)=r3}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r0, <r4=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500001700000085000000a50000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0xc}, 0x94)

4.007688363s ago: executing program 2 (id=3298):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x40000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)={0x3d8, 0x19, 0x1, 0x0, 0x25dfdbff, "", [@nested={0x3c5, 0x0, 0x0, 0x1, [@generic, @generic="e56dac7d2ae3ee291d3f531f299595539023ee2899ca5bcb5ba9408e06cd314dba68d96421097bd2ef57776174e39e76faa0d2a762910b75ebcd9e3b90badb1a5c6103a5a878cb04a3bb598ac40abb3c1a018989f26d27b41a5d86dda83ffcfc57c47d65bf54bb829d74c1f196e3e02e536bbb998790cca0924fd26aa6bd7a7111508c971b411593e24c0dd26614eabb98816e9302dd6d2e0e33773f85f090336aff94d991d81a45ddff65976a69bcbe8acf4b3a5c793c69673018fcd050bddfebefbdf56ad1e06dbd1107a21fe4b5e21953db01feff6249176545e84a332d0007c6a84046f7881592d84b9e5766b120ef64cc09bc9dc667ac91", @generic="3c176bebb2c70243e2d27c05b577b2623e28762108056cfc20d8ec60e4df02c55d2ed60256e44182ab7828f709b27101189f2a551e50e63c2bf3b018e34cc62c49902ed3d223b5dab44ad1aa324110228467f12f267e804d3cf7cbcdb2a30f1a7e10076e504c45e821babc002aafe4ae45cc7029db375e99ec849a9e43aa80eae9037487227cfe653ee659b636d11fede62b520f87f67ab321db36", @nested={0x22b, 0x15a, 0x0, 0x1, [@generic="ea58b24ef780bd56dd666239faf64e68ef91895c1ff5d9eb71c140fc8d8088ef9f64f70d0d883b1c8c0ba8106287e543be5b548b476f9e2e27bef7db26b03e2b7035552b8b52bb1b11ce", @nested={0x28, 0x78, 0x0, 0x1, [@typed={0x14, 0x5f, 0x0, 0x0, @ipv6=@empty}, @nested={0x4, 0x95}, @nested={0x4, 0xb9}, @typed={0x8, 0x62, 0x0, 0x0, @pid=0xffffffffffffffff}]}, @generic="3bef31e351e3b1cab769ede42a738adc921b0850c9402aaaea8a91acc70a5b247be24709bd9fcc3dc877de00eb7e4c5edca3a9633b65150a21d1cca4afd1a02b5c79e50f43ec156640b9b6b2df9287d8033f596815bf74f116a51f64885ffd1459c9de8f71b3d127557162dac80188b3132d9ff37f257ff1cecf810d8739e92045923d5780666954069afe1d625e90bf74b428444c0bfa94b6cb8255a26e4ff93c21772f3198a05d5aa6c24a861a22b3137c5eff71e86e947d71953ba8b274a71fd12d4ea2843abfc9faa1025ed67ee6c9a8d944b483e203bc04ead01c6d585e26b69ace5c67743cdba9d0ccde5415b4649278d33cfb36a367c4ae1a4dfa", @generic="280be1a0f496de599cc5e0fa16ee29a77c36286b66768a1556c054954a62efa99cd7a61730ecbbeed226cec433f60dec7d262adb3aa482b47bda1d2861a0556349a0c93b28c5f9ea23972ad385d4f7109efc91876ce41f18b1bace520ae7a528ea7c855cc5d7573dddd168f4b632d0380ea493da435e03686593e641ba30af32937adbeb4af33195dee9001d8fa73a6d8a7a5e113c679404ea4844e9d2886bf7d24d14c8e6a93e3f37b56b5816f572753a87b5158a4fd6"]}]}]}, 0x3d8}], 0x1}, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000020605000000000000000000000000030c000300686173683a6970000900020073797a320000000005000400000000000500050002000000050001000600000014000780080006400000000208000c"], 0x58}}, 0x20000000)
shutdown(r1, 0x1)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000007c0), r0)
sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000800)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="01002abd7000fcdbdf25030000003c00018008000b007369700007000600666f00000800080000c000000600010002000000060004004e200000060004004e2200000800050003000000"], 0x50}}, 0x4eb84b3d5f309c6c)

1.414413283s ago: executing program 2 (id=3299):
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000c08c)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0xed27c9fa5277b9b7}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ALPHA={0x1, 0x5, 0xd}, @TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xfffffff8}]}}]}, 0x44}}, 0x20008000)
shutdown(r0, 0x1)

1.392774292s ago: executing program 0 (id=3300):
sendmsg$IPCTNL_MSG_EXP_DELETE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd1}, 0x50)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000008c0)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="400001801400020070696d367265673000000000000000001400020073797a5f74", @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000500)=0x8, 0x4)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000002c0)="aefd", 0x2}], 0x1)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b000000", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x8044)

1.336012172s ago: executing program 3 (id=3301):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETOWNER(r1, 0x400454cc, 0xee01) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x102}) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000540)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000b00000040000580070001"], 0x54}}, 0x0) (async)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$can_raw(r4, &(0x7f0000000240)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)=""/22, 0x16}], 0x2, &(0x7f0000000140)=""/187, 0xbb}, 0x40000000)

1.335714724s ago: executing program 4 (id=3302):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x4}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0x2, 0x5, 0x9, 0x7, 0xc, 0x2, 0x4, 0x2, 0xf, 0x6, 0x0, 0x2, 0x2, 0x6, 0x4, 0x4], 0x3, [0x8b, 0x101, 0x200, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xfffe, 0xfff5, 0x3, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x8, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r6)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x4000000}, 0x0)

1.071014436s ago: executing program 0 (id=3303):
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000380)={'syztnl0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x29, 0x1, 0xf, 0x9, 0x2, @mcast2, @loopback, 0x80, 0x700, 0x6c68, 0x81}})
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x40000)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x400c84c)
sendmmsg$inet6(r2, &(0x7f0000019680)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141414}, 0xff00}, 0x1c, 0x0}}], 0x1, 0x20004855)

815.531286ms ago: executing program 2 (id=3304):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x188, 0x40, 0x1, 0x70bd2c, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x164, 0x1, 0x0, 0x1, [@nested={0x160, 0x10, 0x0, 0x1, [@nested={0x15c, 0xf, 0x0, 0x1, [@nested={0xec, 0x2c, 0x0, 0x1, [@nested={0xe5, 0xf2, 0x0, 0x1, [@nested={0x5c, 0x68, 0x0, 0x1, [@generic="88681881cd5ba9824fe1da2fabaa0bdfdd60f03103b63fd25ad5c70e03d8f348b935a01df45fb0980bc2fd725940f9df0c1895c8a420b19d46f652c7d2f3fcc21c5083d3266d26b00658e0a6a8fba322f6ed42dda11395b6"]}, @typed={0x8, 0xe, 0x0, 0x0, @pid}, @generic="3a40eb90f8d593d0f9b6183c04fe56fece862becddd7291d64d29bf64f1101744fcf890506a8e28f636ccf9b97b0ff7243f250eca135bee8efab4f05308fd75b90dfc2988243dd0161e3e4bc603b7aae01dda98b2f06ab0c6af6b36d082ac01f60ba1725c03f871e4be5c6f81c2bcf4a23728c6432e17590e8", @nested={0x4, 0x52}]}]}, @typed={0x4, 0x8d}, @nested={0x65, 0x150, 0x0, 0x1, [@generic="39586fcfbe8e9552ff2c622523d5424e53bab9ea3bdee36661409e6a91c0744bd70fb7d368bce6480981533258caecbd7cd7952c2b16594d82b4dcb298925ddd3f07aa1f3b52ed852da19e2d2feaddf2d938d8e7c72c2ac318df7e7c88ec42bc0c"]}]}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64=0x8}]}, 0x188}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r1)
sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f0000000080)={0x68, r3, 0x2, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x6, @link='broadcast-link\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
r4 = socket(0x1e, 0x4, 0x0)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r4, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000040}, 0x41)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_ALL_TARGETS={0x8, 0xa, 0xfffffffd}]}}}]}, 0x3c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x188, 0x40, 0x1, 0x70bd2c, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x164, 0x1, 0x0, 0x1, [@nested={0x160, 0x10, 0x0, 0x1, [@nested={0x15c, 0xf, 0x0, 0x1, [@nested={0xec, 0x2c, 0x0, 0x1, [@nested={0xe5, 0xf2, 0x0, 0x1, [@nested={0x5c, 0x68, 0x0, 0x1, [@generic="88681881cd5ba9824fe1da2fabaa0bdfdd60f03103b63fd25ad5c70e03d8f348b935a01df45fb0980bc2fd725940f9df0c1895c8a420b19d46f652c7d2f3fcc21c5083d3266d26b00658e0a6a8fba322f6ed42dda11395b6"]}, @typed={0x8, 0xe, 0x0, 0x0, @pid}, @generic="3a40eb90f8d593d0f9b6183c04fe56fece862becddd7291d64d29bf64f1101744fcf890506a8e28f636ccf9b97b0ff7243f250eca135bee8efab4f05308fd75b90dfc2988243dd0161e3e4bc603b7aae01dda98b2f06ab0c6af6b36d082ac01f60ba1725c03f871e4be5c6f81c2bcf4a23728c6432e17590e8", @nested={0x4, 0x52}]}]}, @typed={0x4, 0x8d}, @nested={0x65, 0x150, 0x0, 0x1, [@generic="39586fcfbe8e9552ff2c622523d5424e53bab9ea3bdee36661409e6a91c0744bd70fb7d368bce6480981533258caecbd7cd7952c2b16594d82b4dcb298925ddd3f07aa1f3b52ed852da19e2d2feaddf2d938d8e7c72c2ac318df7e7c88ec42bc0c"]}]}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64=0x8}]}, 0x188}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r1) (async)
sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f0000000080)={0x68, r3, 0x2, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x6, @link='broadcast-link\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) (async)
socket(0x1e, 0x4, 0x0) (async)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r4, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000040}, 0x41) (async)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_ALL_TARGETS={0x8, 0xa, 0xfffffffd}]}}}]}, 0x3c}}, 0x0) (async)

751.453958ms ago: executing program 0 (id=3305):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
syz_emit_ethernet(0x0, 0x0, 0x0) (async)
socket$netlink(0x10, 0x3, 0x8)
socket$unix(0x1, 0x1, 0x0) (async)
socket$netlink(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x2, 0x80805, 0x0) (async)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa000000}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r3, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r5=>0x0}) (async)
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r5, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r6, @ANYRES32=r6], 0x44}}, 0x2000800) (async)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x4c, 0x6, 0x6, 0x301, 0x0, 0x0, {0x3, 0x0, 0x5}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8881}, 0x24000400) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
read(r7, &(0x7f0000000300)=""/109, 0x6d) (async)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)

619.288529ms ago: executing program 3 (id=3306):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000000008"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x15, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000fcffffff000000008000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$netlink(0x10, 0x3, 0xc) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)=ANY=[@ANYBLOB="1400000010007c0000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000010900020073797a310000000008000a40fffffffc400000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180050001"], 0xa4}}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x21}, 0x94) (async)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async)
ioctl(r5, 0x8b1a, &(0x7f0000000040)) (async)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01010000000000000000010000000900030073797a310000000014000480080002400000000008000140000000000900010073797a300000000070000000060a010400000000000000000100000048000480240001800b00010072656a65637400001400028008000140000000000500020000000000200001800700010072740000140002800800014000000009080002400000000008000b40000000000900010073797a300000000014000000110001"], 0xf8}, 0x1, 0x0, 0x0, 0x2040441}, 0x4000094) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

529.588615ms ago: executing program 4 (id=3307):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1ff73331", @ANYRES16, @ANYBLOB="010000000000fcdbdf2512000000180001801400020076657468300000000000000008000000080009"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0) (async)
r0 = socket$inet6(0x10, 0x3, 0x0) (async)
r1 = socket(0x2a, 0x2, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x3, 0x9, 0x80}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x7}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x70}}, 0x1)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}}, 0x0) (async)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) (async)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000040)={'raw\x00', 0x4, [{}, {}, {}, {}]}, 0x68)

351.111023ms ago: executing program 3 (id=3308):
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b00)={{0x14}, [@NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x4c}}, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendto$inet(0xffffffffffffffff, &(0x7f0000000300)="ab", 0x1, 0x0, 0x0, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[], 0x50, 0x40488c2}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

350.788341ms ago: executing program 0 (id=3309):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000071120a000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x7, &(0x7f0000000200)=0xd, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r1=>0x0})
sendmsg$can_raw(r0, &(0x7f00000004c0)={&(0x7f0000000100)={0x1d, r1}, 0x10, &(0x7f00000001c0)={&(0x7f0000000680)=@canfd={{0x4}, 0x25, 0x2, 0x0, 0x0, "d9d2a7ae9dcf4d69beb15eec7d344087db3bf1d23ce4e5320ed7e06f51a642a2ffe41cecf2ed670bd1a9c6363fd3c9440abf43540285588003fd7e950b08d518"}, 0x48}, 0x1, 0x0, 0x0, 0x84844}, 0x400c890)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x6a}, [@ldst={0x4}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r3=>0x0})
syz_emit_ethernet(0x1e, &(0x7f0000001940)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa27000c0000825d359200005ac0c7d61001e90f"], 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r6=>0x0})
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000001c40)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000060000000400000000000007000000000000000061"], 0x0, 0x2a}, 0x20)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000001000)=@base={0x10, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x0, 0x1}, 0x48)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r8, 0x1, 0xb, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x30, r5, 0x5, 0x74bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @crypto_settings, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x8044090}, 0x4004084)
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xf1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}, @TCA_STAB={0x4}]}, 0x34}}, 0x0)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, 0x0, 0x0)
r11 = accept4(r10, 0x0, 0x0, 0x80000)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), r11)
sendto$l2tp6(r11, &(0x7f0000000000)="fd2e", 0x2, 0x88c0, 0x0, 0x0)
sendmsg$alg(r11, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x80}, 0x4004080)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000000c0)={0x5, [<r12=>0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000003c0)=0x18)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r11, 0x84, 0x66, &(0x7f0000000400)={r12, 0x9}, &(0x7f0000000440)=0x8)

347.095374ms ago: executing program 2 (id=3310):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f0000000340)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x0, 0x3, 0x5, 0x7, @v={0x3, 0x2, 0x4, 0x6, 0x5, 0x10, 0x4d, {0x4, 0x9, "1b15ed536d2c5615"}, 0x7f, 0x3, 0x7f, 0x6, 0x52, "56a991bce982b99e2cc14b916ea97eb4bb8aab1cd0eccc1221486565f9769792ea2310ed0d4da0cd3e8818e00c53d76480c3a58b851f8c1dc711072f0018f881228c0c71f677fd96591c06cbe104fe1c312b"}}, 0x6b)

0s ago: executing program 2 (id=3311):
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) (async)
r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0)
recvmmsg(r0, &(0x7f0000008380)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x2140, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4ff00000000711010000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x90)

kernel console output (not intermixed with test programs):

2119][T11226] 8021q: adding VLAN 0 to HW filter on device bond10
[  232.882120][T11230] bond9: (slave dummy0): Removing an active aggregator
[  232.891065][T11230] bond9: (slave dummy0): Releasing backup interface
[  232.913247][T11230] bond10: (slave dummy0): Enslaving as a backup interface with an up link
[  232.989372][ T1011] bond10: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  233.141764][   T13] bond10: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  233.211150][T11251] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma?
[  233.427437][T11261] bond9: option lp_interval: invalid value (0)
[  233.435790][T11261] bond9: option lp_interval: allowed values 1 - 2147483647
[  233.534338][T11261] bond9 (unregistering): Released all slaves
[  233.764958][ T6667] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0
[  233.780928][ T6667] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0
[  233.789918][ T6667] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0
[  233.810604][ T6667] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0
[  234.655473][T11324] validate_nla: 15 callbacks suppressed
[  234.655495][T11324] netlink: 'syz.0.1851': attribute type 21 has an invalid length.
[  234.705923][T11326] netlink: 'syz.0.1851': attribute type 1 has an invalid length.
[  234.788402][T11330] netlink: 'syz.3.1853': attribute type 12 has an invalid length.
[  234.801643][T11330] netlink: 'syz.3.1853': attribute type 29 has an invalid length.
[  235.220766][T11350] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  235.481341][T11363] __nla_validate_parse: 19 callbacks suppressed
[  235.481356][T11363] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1861'.
[  235.866610][T11375] netlink: 'syz.2.1866': attribute type 21 has an invalid length.
[  235.893592][T11375] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1866'.
[  235.932378][T11380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1867'.
[  235.933203][T11375] netlink: 'syz.2.1866': attribute type 1 has an invalid length.
[  235.971468][T11375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1866'.
[  236.008725][T11380] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1867'.
[  236.125923][T11389] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1871'.
[  236.255391][T11389] macvlan2: entered promiscuous mode
[  236.265020][T11389] macvlan2: entered allmulticast mode
[  236.276568][T11396] netlink: 'syz.3.1875': attribute type 1 has an invalid length.
[  236.370766][T11396] bond11: entered promiscuous mode
[  236.379463][T11396] 8021q: adding VLAN 0 to HW filter on device bond11
[  236.406459][T11396] bond11: (slave bridge1): making interface the new active one
[  236.419232][T11396] bridge1: entered promiscuous mode
[  236.426236][T11396] bond11: (slave bridge1): Enslaving as an active interface with an up link
[  236.755189][T11426] netlink: 'syz.2.1883': attribute type 21 has an invalid length.
[  236.773606][T11426] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1883'.
[  236.802710][T11426] netlink: 'syz.2.1883': attribute type 1 has an invalid length.
[  236.826454][T11426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1883'.
[  237.444456][T11457] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  237.622545][T11457] syzkaller0: entered promiscuous mode
[  237.634327][T11469] netlink: 'syz.4.1897': attribute type 21 has an invalid length.
[  237.645615][T11457] syzkaller0: entered allmulticast mode
[  237.658291][T11457] tipc: Resetting bearer <eth:syzkaller0>
[  237.684810][T11469] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1897'.
[  237.735135][T11454] tipc: Resetting bearer <eth:syzkaller0>
[  237.766990][T11474] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1897'.
[  237.899132][T11479] IPVS: set_ctl: invalid protocol: 50 172.20.20.170:20002
[  239.207000][T11454] tipc: Disabling bearer <eth:syzkaller0>
[  239.571946][T11505] geneve1: entered promiscuous mode
[  240.180279][T11547] validate_nla: 1 callbacks suppressed
[  240.180298][T11547] netlink: 'syz.2.1915': attribute type 21 has an invalid length.
[  240.221026][T11547] netlink: 'syz.2.1915': attribute type 1 has an invalid length.
[  240.548361][T11561] __nla_validate_parse: 4 callbacks suppressed
[  240.548395][T11561] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1918'.
[  240.659813][T11567] netdevsim netdevsim1 
: renamed from netdevsim0
[  240.897921][T11580] netlink: 'syz.1.1924': attribute type 2 has an invalid length.
[  240.925824][T11580] netlink: 'syz.1.1924': attribute type 2 has an invalid length.
[  240.989492][T11580] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1924'.
[  241.165075][T11595] netlink: 'syz.2.1928': attribute type 21 has an invalid length.
[  241.201365][T11595] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1928'.
[  241.223021][T11595] netlink: 'syz.2.1928': attribute type 1 has an invalid length.
[  241.260542][T11595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1928'.
[  241.305706][T11602] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1930'.
[  241.503210][T11614] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1933'.
[  241.582099][T11621] netlink: 'syz.2.1935': attribute type 1 has an invalid length.
[  241.605713][T11621] netlink: 363 bytes leftover after parsing attributes in process `syz.2.1935'.
[  242.294527][T11656] netlink: 'syz.0.1945': attribute type 21 has an invalid length.
[  242.333426][T11656] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1945'.
[  242.342694][T11659] netlink: 232 bytes leftover after parsing attributes in process `syz.3.1947'.
[  242.394726][T11656] netlink: 'syz.0.1945': attribute type 1 has an invalid length.
[  242.440661][T11656] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1945'.
[  242.613367][T11671] netlink: 'syz.2.1951': attribute type 21 has an invalid length.
[  244.066235][T11761] vxcan1: entered allmulticast mode
[  244.706530][T11801] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  245.100299][T11822] sctp: [Deprecated]: syz.2.1990 (pid 11822) Use of struct sctp_assoc_value in delayed_ack socket option.
[  245.100299][T11822] Use struct sctp_sack_info instead
[  245.360623][T11835] siw: device registration error -23
[  245.670353][T11855] __nla_validate_parse: 20 callbacks suppressed
[  245.670374][T11855] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2000'.
[  245.699219][T11856] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2000'.
[  245.866610][T11864] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2002'.
[  245.985704][T11876] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2005'.
[  246.029870][T11880] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2005'.
[  246.323930][T11890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2009'.
[  246.358416][T11890] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2009'.
[  246.493763][T11890] bond10: peer notification delay (7) is not a multiple of miimon (100), value rounded to 0 ms
[  246.573785][T11898] tipc: Started in network mode
[  246.579696][T11901] validate_nla: 8 callbacks suppressed
[  246.579713][T11901] netlink: 'syz.2.2013': attribute type 5 has an invalid length.
[  246.595709][T11898] tipc: Node identity ae5ee6935273, cluster identity 4711
[  246.606903][T11901] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2013'.
[  246.625216][T11898] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  246.835325][T11913] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2017'.
[  246.851562][T11906] syzkaller0: entered promiscuous mode
[  246.861794][T11913] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2017'.
[  246.873307][T11906] syzkaller0: entered allmulticast mode
[  246.893162][T11906] tipc: Resetting bearer <eth:syzkaller0>
[  247.008133][ T9290] tipc: Resetting bearer <eth:syzkaller0>
[  247.020228][T11912] IPv6: sit1: Disabled Multicast RS
[  247.027926][T11912] sit1: entered allmulticast mode
[  247.046365][T11915] netlink: 'syz.2.2018': attribute type 1 has an invalid length.
[  247.056057][T11896] tipc: Resetting bearer <eth:syzkaller0>
[  247.094747][T11926] netlink: 'syz.3.2020': attribute type 1 has an invalid length.
[  248.394432][T11896] tipc: Disabling bearer <eth:syzkaller0>
[  248.474211][T11929] bond13: (slave geneve2): making interface the new active one
[  248.507277][T11929] bond13: (slave geneve2): Enslaving as an active interface with an up link
[  248.557799][ T5788] tipc: Node number set to 4230866579
[  248.563987][ T9290] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[  248.573930][ T9290] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[  248.594460][ T9290] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[  248.606727][T11943] syz.2.2023 (11943) used obsolete PPPIOCDETACH ioctl
[  248.656774][T11944] bond9: peer notification delay (15) is not a multiple of miimon (100), value rounded to 0 ms
[  248.670527][ T9290] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[  248.715091][T11947] netlink: 'syz.0.2025': attribute type 29 has an invalid length.
[  248.749265][T11947] netlink: 'syz.0.2025': attribute type 29 has an invalid length.
[  249.210521][T11978] netlink: 'syz.2.2035': attribute type 3 has an invalid length.
[  249.393720][T11988] netlink: 'syz.3.2039': attribute type 29 has an invalid length.
[  249.404418][T11988] netlink: 'syz.3.2039': attribute type 29 has an invalid length.
[  249.737896][T12006] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  251.966646][T11961] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  252.158082][T12013] netlink: 'syz.0.2045': attribute type 21 has an invalid length.
[  252.185967][T12013] __nla_validate_parse: 5 callbacks suppressed
[  252.185984][T12013] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2045'.
[  252.268190][T12021] bond11: Removing last ns target with arp_interval on
[  252.276568][T12029] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2049'.
[  252.292468][T12013] netlink: 'syz.0.2045': attribute type 5 has an invalid length.
[  252.311983][T12013] netlink: 'syz.0.2045': attribute type 6 has an invalid length.
[  252.323155][T12013] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2045'.
[  252.491958][T12043] netlink: 'syz.0.2050': attribute type 29 has an invalid length.
[  252.540278][T12043] netlink: 'syz.0.2050': attribute type 29 has an invalid length.
[  252.935873][T12069] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2059'.
[  252.947805][T12069] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2059'.
[  253.117928][T12076] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2061'.
[  253.295499][ T6667] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x6
[  253.366844][T12099] netlink: 'syz.4.2065': attribute type 29 has an invalid length.
[  253.410570][T12099] netlink: 'syz.4.2065': attribute type 29 has an invalid length.
[  253.457726][T12099] netlink: 500 bytes leftover after parsing attributes in process `syz.4.2065'.
[  253.578524][T12103] geneve3: entered promiscuous mode
[  253.590372][T12103] geneve3: entered allmulticast mode
[  253.795634][T12113] bond8: (slave dummy0): Removing an active aggregator
[  253.815239][T12113] bond8: (slave dummy0): Releasing backup interface
[  253.868356][T12113] batman_adv: batadv0: Adding interface: dummy0
[  253.883202][T12113] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  253.913625][T12113] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  254.190721][T12136] netlink: 'syz.4.2079': attribute type 29 has an invalid length.
[  254.239532][T12136] netlink: 'syz.4.2079': attribute type 29 has an invalid length.
[  254.277581][T12136] netlink: 500 bytes leftover after parsing attributes in process `syz.4.2079'.
[  254.293404][T12140] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  254.480449][T12152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2085'.
[  254.496945][T12154] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2084'.
[  254.703988][T12153] netlink: 'syz.2.2083': attribute type 9 has an invalid length.
[  255.207932][T12200] bond12: option arp_missed_max: invalid value (0)
[  255.223037][T12200] bond12: option arp_missed_max: allowed values 1 - 255
[  255.452605][T12200] bond12 (unregistering): Released all slaves
[  255.539092][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  255.549342][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  256.571930][T12264] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  256.602177][T12264] syzkaller0: entered promiscuous mode
[  256.628471][T12264] syzkaller0: entered allmulticast mode
[  256.654589][T12265] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) !
[  256.766018][T12263] tipc: Resetting bearer <eth:syzkaller0>
[  256.821656][T12263] tipc: Disabling bearer <eth:syzkaller0>
[  256.894647][T12278] bridge6: entered promiscuous mode
[  256.910405][T12278] bridge6: entered allmulticast mode
[  257.234047][T12308] __nla_validate_parse: 17 callbacks suppressed
[  257.234066][T12308] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2127'.
[  257.260445][T12310] netlink: 232 bytes leftover after parsing attributes in process `syz.2.2129'.
[  257.278957][T12305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2127'.
[  257.431266][T12308] bond12: peer notification delay (96) is not a multiple of miimon (100), value rounded to 0 ms
[  257.463921][T12319] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2131'.
[  257.482755][T12319] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2131'.
[  257.498117][T12318] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2132'.
[  257.527126][T12318] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2132'.
[  257.568290][T12318] netlink: 240 bytes leftover after parsing attributes in process `syz.2.2132'.
[  257.808582][T12347] validate_nla: 11 callbacks suppressed
[  257.808604][T12347] netlink: 'syz.1.2138': attribute type 29 has an invalid length.
[  257.826250][T12347] netlink: 'syz.1.2138': attribute type 29 has an invalid length.
[  258.253954][T12364] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  258.441705][T12369] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'.
[  258.478332][T12369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2145'.
[  258.900403][T12401] netlink: 'syz.2.2150': attribute type 11 has an invalid length.
[  258.982689][T12393] 8021q: adding VLAN 0 to HW filter on device bond14
[  258.990751][T12393] bridge0: port 3(bond14) entered blocking state
[  258.997365][T12393] bridge0: port 3(bond14) entered disabled state
[  259.020019][T12393] bond14: entered allmulticast mode
[  259.028538][T12393] bond14: entered promiscuous mode
[  259.347052][T12418] netlink: 'syz.1.2160': attribute type 1 has an invalid length.
[  259.355015][T12418] netlink: 'syz.1.2160': attribute type 2 has an invalid length.
[  259.676746][T12435] veth0_to_bridge: vlans aren't supported yet for dev_uc|mc_add()
[  259.869055][T12449] syz.2.2169: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  259.911309][T12449] CPU: 1 UID: 0 PID: 12449 Comm: syz.2.2169 Not tainted syzkaller #0 PREEMPT(full) 
[  259.911354][T12449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  259.911367][T12449] Call Trace:
[  259.911375][T12449]  <TASK>
[  259.911383][T12449]  dump_stack_lvl+0xe8/0x150
[  259.911416][T12449]  warn_alloc+0x249/0x340
[  259.911447][T12449]  ? stack_trace_save+0xa9/0x100
[  259.911480][T12449]  ? __pfx_warn_alloc+0x10/0x10
[  259.911516][T12449]  ? kasan_save_track+0x4f/0x80
[  259.911541][T12449]  ? kasan_save_track+0x3e/0x80
[  259.911565][T12449]  ? __kasan_kmalloc+0x93/0xb0
[  259.911591][T12449]  ? __kmalloc_cache_noprof+0x31c/0x660
[  259.911618][T12449]  ? xskq_create+0x56/0x170
[  259.911654][T12449]  ? xsk_setsockopt+0x54c/0x990
[  259.911678][T12449]  ? do_sock_setsockopt+0x17c/0x1b0
[  259.911704][T12449]  ? __x64_sys_setsockopt+0x13d/0x1b0
[  259.911730][T12449]  ? do_syscall_64+0x174/0x580
[  259.911753][T12449]  __vmalloc_node_range_noprof+0x132/0x1750
[  259.911813][T12449]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  259.911849][T12449]  ? __kasan_kmalloc+0x93/0xb0
[  259.911884][T12449]  vmalloc_user_noprof+0xad/0xe0
[  259.911912][T12449]  ? xskq_create+0xbf/0x170
[  259.911941][T12449]  xskq_create+0xbf/0x170
[  259.911971][T12449]  xsk_init_queue+0x8a/0xe0
[  259.912001][T12449]  xsk_setsockopt+0x54c/0x990
[  259.912028][T12449]  ? __pfx_xsk_setsockopt+0x10/0x10
[  259.912052][T12449]  ? __pfx_aa_sk_perm+0x10/0x10
[  259.912084][T12449]  ? aa_sock_opt_perm+0xff/0x1a0
[  259.912116][T12449]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  259.912143][T12449]  ? __pfx_xsk_setsockopt+0x10/0x10
[  259.912170][T12449]  do_sock_setsockopt+0x17c/0x1b0
[  259.912205][T12449]  __x64_sys_setsockopt+0x13d/0x1b0
[  259.912237][T12449]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.912260][T12449]  do_syscall_64+0x174/0x580
[  259.912279][T12449]  ? trace_irq_disable+0x3b/0x140
[  259.912308][T12449]  ? clear_bhb_loop+0x40/0x90
[  259.912333][T12449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.912353][T12449] RIP: 0033:0x7f7896d9ce59
[  259.912371][T12449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  259.912387][T12449] RSP: 002b:00007f7897cbd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  259.912406][T12449] RAX: ffffffffffffffda RBX: 00007f7897015fa0 RCX: 00007f7896d9ce59
[  259.912420][T12449] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  259.912431][T12449] RBP: 00007f7896e32d6f R08: 0000000000000004 R09: 0000000000000000
[  259.912442][T12449] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  259.912453][T12449] R13: 00007f7897016038 R14: 00007f7897015fa0 R15: 00007ffd57a57808
[  259.912482][T12449]  </TASK>
[  259.914861][T12449] Mem-Info:
[  260.190594][T12449] active_anon:5678 inactive_anon:0 isolated_anon:0
[  260.190594][T12449]  active_file:3405 inactive_file:40026 isolated_file:0
[  260.190594][T12449]  unevictable:768 dirty:66 writeback:0
[  260.190594][T12449]  slab_reclaimable:10549 slab_unreclaimable:103691
[  260.190594][T12449]  mapped:29650 shmem:1293 pagetables:1328
[  260.190594][T12449]  sec_pagetables:0 bounce:0
[  260.190594][T12449]  kernel_misc_reclaimable:0
[  260.190594][T12449]  free:1320016 free_pcp:9521 free_cma:0
[  260.239074][T12449] Node 0 active_anon:22712kB inactive_anon:0kB active_file:13620kB inactive_file:159904kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118600kB dirty:264kB writeback:0kB shmem:3636kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14768kB pagetables:5188kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  260.274949][T12449] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  260.371670][T12458] netlink: 'syz.4.2170': attribute type 4 has an invalid length.
[  260.399763][T12449] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  260.493639][T12449] lowmem_reserve[]: 0 2492 2493 2493 2493
[  260.509841][T12449] Node 0 DMA32 free:1334020kB boost:0kB min:34188kB low:42732kB high:51276kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23112kB inactive_anon:0kB active_file:13620kB inactive_file:159904kB unevictable:1536kB writepending:264kB zspages:0kB present:3129332kB managed:2552804kB mlocked:0kB bounce:0kB free_pcp:39720kB local_pcp:19780kB free_cma:0kB
[  260.583373][T12449] lowmem_reserve[]: 0 0 0 0 0
[  260.593427][T12449] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:680kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB
[  260.689942][T12449] lowmem_reserve[]: 0 0 0 0 0
[  260.723787][T12449] Node 1 Normal free:3939744kB boost:0kB min:55704kB low:69628kB high:83552kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:752kB local_pcp:0kB free_cma:0kB
[  260.776356][T12449] lowmem_reserve[]: 0 0 0 0 0
[  260.788428][T12449] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  260.839486][T12449] Node 0 DMA32: 5024*4kB (UM) 2705*8kB (UME) 1152*16kB (UME) 112*32kB (UME) 199*64kB (UM) 292*128kB (UME) 245*256kB (UME) 156*512kB (UM) 104*1024kB (UME) 39*2048kB (UM) 219*4096kB (UM) = 1339848kB
[  260.905479][T12449] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  260.948096][T12449] Node 1 Normal: 1*4kB (M) 2*8kB (UM) 2*16kB (UM) 1*32kB (M) 2*64kB (UM) 2*128kB (UM) 4*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 960*4096kB (UM) = 3939796kB
[  261.015849][T12449] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  261.057346][T12449] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  261.107815][T12449] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  261.169430][T12449] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  261.214171][T12449] 44721 total pagecache pages
[  261.227565][T12449] 0 pages in swap cache
[  261.248186][T12449] Free swap  = 124996kB
[  261.266656][T12502] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  261.292642][T12449] Total swap = 124996kB
[  261.313933][T12449] 2097051 pages RAM
[  261.324211][T12449] 0 pages HighMem/MovableOnly
[  261.352399][T12449] 427065 pages reserved
[  261.361800][T12449] 0 pages cma reserved
[  261.467582][T12516] netlink: 'syz.2.2184': attribute type 11 has an invalid length.
[  261.564058][T12504] bond11: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  261.609236][T12504] bond11 (unregistering): Released all slaves
[  262.375025][T12562] netlink: 'syz.3.2194': attribute type 21 has an invalid length.
[  262.383148][T12562] __nla_validate_parse: 9 callbacks suppressed
[  262.383162][T12562] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2194'.
[  262.425515][T12562] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2194'.
[  262.450354][T12562] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2194'.
[  262.470031][T12562] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2194'.
[  262.498111][T12562] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2194'.
[  262.717445][T12577] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2198'.
[  262.734110][T12578] netlink: 'syz.3.2199': attribute type 1 has an invalid length.
[  262.874879][T12591] netlink: 232 bytes leftover after parsing attributes in process `syz.0.2202'.
[  262.887048][T12589] netlink: 'syz.1.2201': attribute type 63 has an invalid length.
[  262.899898][T12578] 8021q: adding VLAN 0 to HW filter on device bond14
[  262.933551][T12587] bond10: (slave dummy0): Removing an active aggregator
[  262.944101][T12595] netlink: 'syz.1.2201': attribute type 63 has an invalid length.
[  262.953577][T12587] bond10: (slave dummy0): Releasing backup interface
[  262.972798][T12587] bond14: (slave dummy0): Enslaving as a backup interface with an up link
[  263.029481][   T12] bond14: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  263.181673][ T6677] bond14: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  263.611401][T12626] netlink: 'syz.4.2209': attribute type 1 has an invalid length.
[  263.651023][T12631] ieee802154 phy0 wpan0: encryption failed: -22
[  263.753107][T12626] 8021q: adding VLAN 0 to HW filter on device bond11
[  263.864378][T12644] netlink: 'syz.3.2214': attribute type 1 has an invalid length.
[  263.892694][T12643] netlink: 232 bytes leftover after parsing attributes in process `syz.0.2213'.
[  263.910239][T12644] 8021q: adding VLAN 0 to HW filter on device bond15
[  263.943737][T12644] bond14: (slave dummy0): Removing an active aggregator
[  263.964774][T12644] bond14: (slave dummy0): Releasing backup interface
[  264.009202][T12644] bond15: (slave dummy0): Enslaving as a backup interface with an up link
[  264.043113][   T58] bond15: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  264.220562][   T58] bond15: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  264.250836][T12659] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2219'.
[  264.277334][T12659] bridge_slave_1: left allmulticast mode
[  264.289411][T12659] bridge_slave_1: left promiscuous mode
[  264.302317][T12659] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.421507][T12659] bridge_slave_0: left allmulticast mode
[  264.430236][T12659] bridge_slave_0: left promiscuous mode
[  264.448970][T12659] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.605025][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2221'.
[  264.824591][T12680] vlan2: entered allmulticast mode
[  264.840830][T12680] bond0: entered allmulticast mode
[  264.866070][T12680] bond_slave_0: entered allmulticast mode
[  264.892312][T12680] bond_slave_1: entered allmulticast mode
[  265.076395][T12688] netlink: 'syz.2.2229': attribute type 1 has an invalid length.
[  265.178048][T12688] 8021q: adding VLAN 0 to HW filter on device bond15
[  265.249575][T12692] bond10: (slave dummy0): Removing an active aggregator
[  265.297269][T12692] bond10: (slave dummy0): Releasing backup interface
[  265.370872][T12692] bond15: (slave dummy0): Enslaving as a backup interface with an up link
[  265.379598][ T6667] bond15: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  265.607781][ T6677] bond15: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  265.928687][T12719] netlink: 'syz.3.2239': attribute type 1 has an invalid length.
[  266.854422][T12753] IPVS: set_ctl: invalid protocol: 50 127.0.0.1:20003
[  266.869671][T12753] SET target dimension over the limit!
[  267.391114][T12780] __nla_validate_parse: 43 callbacks suppressed
[  267.391137][T12780] netlink: 232 bytes leftover after parsing attributes in process `syz.4.2263'.
[  267.870878][T12801] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2269'.
[  267.998929][ T5788] IPVS: starting estimator thread 0...
[  268.098878][T12814] IPVS: using max 28 ests per chain, 67200 per kthread
[  268.370427][T12833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2278'.
[  268.518107][T12845] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  268.597488][T12853] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  269.066703][T12881] bond16: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  269.088395][T12881] bond16: (slave lo): Enslaving as an active interface with an up link
[  269.106830][T12881] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  269.137549][T12882] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2298'.
[  269.242390][T12890] netlink: 'syz.1.2299': attribute type 21 has an invalid length.
[  269.260603][T12890] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2299'.
[  269.273929][T12890] netlink: 'syz.1.2299': attribute type 1 has an invalid length.
[  269.285259][T12890] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2299'.
[  269.305427][ T4951] block nbd1: Receive control failed (result -32)
[  269.365371][T12894] openvswitch: netlink: Duplicate or invalid key (type 0).
[  269.372916][T12894] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  269.425290][T12896] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2303'.
[  269.724210][T12915] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2309'.
[  269.832942][T12919] syzkaller0: entered promiscuous mode
[  269.857628][T12919] syzkaller0: entered allmulticast mode
[  270.208504][T12939] netlink: 'syz.1.2316': attribute type 21 has an invalid length.
[  270.217206][T12939] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2316'.
[  270.230143][T12939] netlink: 'syz.1.2316': attribute type 1 has an invalid length.
[  270.240212][T12939] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2316'.
[  270.801908][T12963] geneve3: entered promiscuous mode
[  270.824788][T12963] geneve3: entered allmulticast mode
[  270.844118][ T9290] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  270.866185][ T9290] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  270.897911][ T9290] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  270.926797][ T9290] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  270.960502][T12971] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  271.016665][T12974] netlink: 'syz.3.2328': attribute type 21 has an invalid length.
[  271.054460][T12974] netlink: 'syz.3.2328': attribute type 1 has an invalid length.
[  271.293283][T12986] netlink: 'syz.3.2332': attribute type 11 has an invalid length.
[  271.326447][T12992] unsupported nla_type 7424
[  271.362715][ T6665] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  271.394847][ T6665] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  271.425273][ T6665] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  271.442906][ T6665] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  271.484194][T13001] lo: entered promiscuous mode
[  271.510099][T13001] lo: entered allmulticast mode
[  271.804184][T13019] netlink: 'syz.2.2342': attribute type 21 has an invalid length.
[  271.818513][T13019] netlink: 'syz.2.2342': attribute type 1 has an invalid length.
[  272.760663][ T6665] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  272.770727][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  274.234143][T12986] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  274.487048][T13052] __nla_validate_parse: 16 callbacks suppressed
[  274.487084][T13052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2350'.
[  274.521124][T13059] sctp: [Deprecated]: syz.4.2352 (pid 13059) Use of struct sctp_assoc_value in delayed_ack socket option.
[  274.521124][T13059] Use struct sctp_sack_info instead
[  274.788658][T13070] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2354'.
[  274.887856][T13075] netlink: 'syz.0.2358': attribute type 21 has an invalid length.
[  274.950793][T13081] netlink: 'syz.0.2358': attribute type 1 has an invalid length.
[  274.951184][T13075] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2358'.
[  275.009591][T13085] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2358'.
[  275.082651][T13092] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2362'.
[  275.152080][T13092] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2362'.
[  275.184962][ T6667] netdevsim netdevsim2 
: set [0, 0] type 1 family 0 port 8472 - 0
[  275.224108][ T6667] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  275.277816][ T6667] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  275.325058][ T6667] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  275.515952][T13116] netlink: 'syz.4.2367': attribute type 1 has an invalid length.
[  275.524691][T13112] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2364'.
[  275.678000][T13128] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2367'.
[  275.723969][T13124] 8021q: adding VLAN 0 to HW filter on device bond13
[  275.760337][T13124] bond12: (slave bond13): making interface the new active one
[  275.780425][T13124] bond12: (slave bond13): Enslaving as an active interface with an up link
[  275.838172][T13116] bond12: (slave gretap1): Enslaving as a backup interface with an up link
[  275.865334][T13138] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2363'.
[  275.895337][T13128] 8021q: adding VLAN 0 to HW filter on device bond12
[  275.916311][T13133] syzkaller0: entered promiscuous mode
[  275.925496][T13142] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2369'.
[  275.939324][T13133] syzkaller0: entered allmulticast mode
[  275.987178][T13137] bond16: (slave lo): Releasing backup interface
[  276.017948][T13137] bond16: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[  276.083617][T13147] netlink: 'syz.4.2371': attribute type 1 has an invalid length.
[  276.103885][T13137] bond15: (slave dummy0): Removing an active aggregator
[  276.114140][T13137] bond15: (slave dummy0): Releasing backup interface
[  276.148503][T13137] bond0: (slave bond_slave_0): Releasing backup interface
[  276.166868][T13137] bond0: (slave bond_slave_1): Releasing backup interface
[  276.185209][T13137] team_slave_0: left promiscuous mode
[  276.213671][T13137] team0: Port device team_slave_0 removed
[  276.220805][T13159] netlink: 'syz.4.2371': attribute type 10 has an invalid length.
[  276.230056][T13137] team_slave_1: left promiscuous mode
[  276.244349][T13137] team0: Port device team_slave_1 removed
[  276.251318][T13137] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  276.259966][T13137] batman_adv: batadv0: Removing interface: batadv_slave_0
[  276.270806][T13137] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  276.278372][T13137] batman_adv: batadv0: Removing interface: batadv_slave_1
[  276.292825][T13137] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  276.338990][T13142] 8021q: VLANs not supported on sit0
[  276.445167][T13147] 8021q: adding VLAN 0 to HW filter on device bond14
[  276.486247][T13167] netlink: 'syz.1.2373': attribute type 21 has an invalid length.
[  276.497047][T13155] batman_adv: batadv0: Removing interface: dummy0
[  276.555511][T13170] netlink: 'syz.1.2373': attribute type 1 has an invalid length.
[  276.567477][T13155] bond14: (slave dummy0): Enslaving as a backup interface with an up link
[  276.588726][T13159] dummy0: entered promiscuous mode
[  276.597096][T13159] bond14: (slave dummy0): Releasing backup interface
[  277.175435][T13200] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  277.277358][T13200] syzkaller0: entered promiscuous mode
[  277.294403][T13200] syzkaller0: entered allmulticast mode
[  277.306622][T13200] tipc: Resetting bearer <eth:syzkaller0>
[  277.320782][T13197] tipc: Resetting bearer <eth:syzkaller0>
[  277.374573][T13213] netlink: 'syz.1.2387': attribute type 21 has an invalid length.
[  277.438563][T13214] netlink: 'syz.1.2387': attribute type 1 has an invalid length.
[  277.471867][T13216] netlink: 'syz.0.2388': attribute type 9 has an invalid length.
[  277.562775][T13220] tipc: Failed to remove unknown binding: 66,0,0/3028260282:979413870/979413871
[  277.581494][T13220] tipc: Failed to remove unknown binding: 66,0,0/3028260282:979413870/979413871
[  278.071391][T13228] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  278.990094][T13197] tipc: Disabling bearer <eth:syzkaller0>
[  279.444436][T13259] openvswitch: netlink: nsh attr 5 is out of range max 3
[  279.769231][T13269] __nla_validate_parse: 11 callbacks suppressed
[  279.769253][T13269] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2405'.
[  279.810618][T13269] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2405'.
[  279.996869][T13279] validate_nla: 2 callbacks suppressed
[  279.996888][T13279] netlink: 'syz.3.2409': attribute type 2 has an invalid length.
[  280.002282][T13277] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  280.108265][T13277] syzkaller0: entered promiscuous mode
[  280.117290][T13277] syzkaller0: entered allmulticast mode
[  280.124445][T13277] tipc: Resetting bearer <eth:syzkaller0>
[  280.158295][T13287] bond14: entered allmulticast mode
[  280.166618][T13276] tipc: Resetting bearer <eth:syzkaller0>
[  280.281730][T13292] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2414'.
[  280.381008][T13295] netlink: 'syz.3.2413': attribute type 1 has an invalid length.
[  280.450377][T13301] IPv6: NLM_F_REPLACE set, but no existing node found!
[  281.742967][T13276] tipc: Disabling bearer <eth:syzkaller0>
[  281.771064][T13287] veth7: entered allmulticast mode
[  281.780274][T13287] bond14: (slave veth7): Enslaving as an active interface with an up link
[  281.791747][T13289] bond14 (unregistering): (slave veth7): Releasing backup interface
[  281.807019][T13289] bond14 (unregistering): Released all slaves
[  281.872048][T13295] workqueue: Failed to create a rescuer kthread for wq "bond17": -EINTR
[  282.125474][T13323] netlink: 'syz.4.2420': attribute type 21 has an invalid length.
[  282.151265][T13323] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2420'.
[  282.163132][T13323] netlink: 'syz.4.2420': attribute type 1 has an invalid length.
[  282.173272][T13323] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2420'.
[  282.362364][T13331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2423'.
[  282.405291][T13337] netlink: 'syz.4.2425': attribute type 1 has an invalid length.
[  282.516325][T13345] netlink: 'syz.4.2425': attribute type 10 has an invalid length.
[  282.530286][T13345] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2425'.
[  282.549532][T13337] 8021q: adding VLAN 0 to HW filter on device bond15
[  282.577513][T13339] dummy0: left promiscuous mode
[  282.626187][T13339] bond15: (slave dummy0): Enslaving as a backup interface with an up link
[  282.646348][   T12] bond15: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  282.676031][T13345] dummy0: entered promiscuous mode
[  282.719712][T13347] netlink: 640 bytes leftover after parsing attributes in process `syz.3.2428'.
[  282.729893][T13347] openvswitch: netlink: Unknown VXLAN extension attribute 0
[  282.750148][ T9290] bond15: (slave dummy0): link status up again after 0 ms
[  282.768956][ T9290] bond15: (slave dummy0): link status up again after 0 ms
[  282.782067][T13345] bond15: (slave dummy0): Removing an active aggregator
[  282.791623][ T9290] bond15: Warning: Found an uninitialized port
[  282.804863][T13345] bond15: (slave dummy0): Releasing backup interface
[  283.043166][T13344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2426'.
[  283.055406][T13362] bond0: left promiscuous mode
[  283.063671][T13362] bond_slave_0: left promiscuous mode
[  283.069496][T13362] bond_slave_1: left promiscuous mode
[  283.078678][T13362] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.087730][T13363] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2432'.
[  283.186495][T13363] gretap1: entered promiscuous mode
[  283.194120][T13363] gretap1: entered allmulticast mode
[  283.203335][T13362] syzkaller1: entered promiscuous mode
[  283.210595][T13362] syzkaller1: entered allmulticast mode
[  283.516705][T13382] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  283.835551][T13400] netlink: 'syz.2.2441': attribute type 1 has an invalid length.
[  283.987347][T13400] 8021q: adding VLAN 0 to HW filter on device bond17
[  284.007395][T13406] netlink: 'syz.2.2441': attribute type 10 has an invalid length.
[  284.016156][T13402] bond15: (slave dummy0): Removing an active aggregator
[  284.024390][T13402] bond15: (slave dummy0): Releasing backup interface
[  284.047187][T13402] bond17: (slave dummy0): Enslaving as a backup interface with an up link
[  284.058171][T13406] dummy0: entered promiscuous mode
[  284.066047][T13406] bond17: (slave dummy0): Releasing backup interface
[  284.248541][T13413] syzkaller1: entered promiscuous mode
[  284.266499][T13413] syzkaller1: entered allmulticast mode
[  285.103575][T13466] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  285.297866][T13476] __nla_validate_parse: 9 callbacks suppressed
[  285.297899][T13476] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2466'.
[  285.356915][T13476] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2466'.
[  285.743684][T13497] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2473'.
[  285.778262][T13500] veth0_to_bond: entered allmulticast mode
[  285.801618][T13502] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2473'.
[  286.167798][T13525] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2480'.
[  286.177598][T13525] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2480'.
[  286.189970][T13525] netlink: 216 bytes leftover after parsing attributes in process `syz.4.2480'.
[  286.426779][T13534] netlink: 'syz.0.2483': attribute type 1 has an invalid length.
[  286.471917][T13534] 8021q: adding VLAN 0 to HW filter on device bond12
[  286.489757][T13534] bond10: (slave dummy0): Removing an active aggregator
[  286.497577][T13534] bond10: (slave dummy0): Releasing backup interface
[  286.511264][T13534] bond12: (slave dummy0): Enslaving as a backup interface with an up link
[  286.523432][T13534] netlink: 'syz.0.2483': attribute type 10 has an invalid length.
[  286.532366][T13534] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2483'.
[  286.543193][T13534] dummy0: entered promiscuous mode
[  286.553619][T13534] bond12: (slave dummy0): Releasing backup interface
[  288.840419][T13506] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  288.854238][T13528] netlink: 'syz.1.2481': attribute type 4 has an invalid length.
[  288.872271][T13528] netlink: 240 bytes leftover after parsing attributes in process `syz.1.2481'.
[  289.061774][T13554] netlink: 640 bytes leftover after parsing attributes in process `syz.1.2489'.
[  289.106059][T13554] openvswitch: netlink: Unknown VXLAN extension attribute 0
[  289.551875][T13587] netlink: 'syz.0.2499': attribute type 6 has an invalid length.
[  289.699573][T13593] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  289.701603][T13597] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  289.865209][T13606] netlink: 'syz.1.2504': attribute type 11 has an invalid length.
[  289.919098][T13610] netlink: 'syz.0.2506': attribute type 10 has an invalid length.
[  289.927615][T13610] veth1_virt_wifi: entered promiscuous mode
[  289.951834][T13611] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  290.121511][T13611] syzkaller0: entered promiscuous mode
[  290.127200][T13611] syzkaller0: entered allmulticast mode
[  290.136977][T13611] tipc: Resetting bearer <eth:syzkaller0>
[  290.192549][ T9290] tipc: Resetting bearer <eth:syzkaller0>
[  290.201416][T13621] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  290.240622][T13609] tipc: Resetting bearer <eth:syzkaller0>
[  291.939819][T13609] tipc: Disabling bearer <eth:syzkaller0>
[  291.950459][T13626] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  291.964531][T13633] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  291.978570][T13633] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  291.989587][T13626] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  292.006705][T13626] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  292.071016][T13633] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  292.078267][T13633] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  292.113640][T13633] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  292.157722][T13633] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  292.210353][T13633] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  292.230203][T13633] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  292.284359][T13633] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  292.304393][T13633] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  292.736101][T13680] __nla_validate_parse: 3 callbacks suppressed
[  292.736120][T13680] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2524'.
[  292.774726][T13678] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2526'.
[  293.242760][T13702] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  293.244826][T13703] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2528'.
[  293.340830][T13702] syzkaller0: entered promiscuous mode
[  293.351711][T13702] syzkaller0: entered allmulticast mode
[  293.358617][T13702] tipc: Resetting bearer <eth:syzkaller0>
[  293.403749][ T9290] tipc: Resetting bearer <eth:syzkaller0>
[  293.412595][T13699] tipc: Resetting bearer <eth:syzkaller0>
[  294.992146][T13699] tipc: Disabling bearer <eth:syzkaller0>
[  295.073861][T13715] 8021q: adding VLAN 0 to HW filter on device bond16
[  295.111811][T13715] bridge0: port 3(bond16) entered blocking state
[  295.134033][T13715] bridge0: port 3(bond16) entered disabled state
[  295.155721][T13715] bond16: entered allmulticast mode
[  295.195258][T13715] bond16: entered promiscuous mode
[  295.211308][T13715] bridge0: port 3(bond16) entered blocking state
[  295.217846][T13715] bridge0: port 3(bond16) entered forwarding state
[  295.250712][   T12] bridge0: port 3(bond16) entered disabled state
[  295.586428][T13752] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  295.593782][T13752] IPv6: NLM_F_CREATE should be set when creating new route
[  295.717427][T13759] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2543'.
[  295.746413][T13757] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2542'.
[  295.781952][T13757] netlink: 'syz.3.2542': attribute type 1 has an invalid length.
[  295.812549][T13757] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2542'.
[  296.115790][T13769] syzkaller0: entered promiscuous mode
[  296.132478][T13769] syzkaller0: entered allmulticast mode
[  296.908515][T13820] x_tables: unsorted entry at hook 3
[  296.914264][T13822] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2554'.
[  298.230596][T13786] netlink: 'syz.0.2550': attribute type 12 has an invalid length.
[  298.495353][T13840] netlink: 'syz.2.2558': attribute type 1 has an invalid length.
[  298.644782][T13853] netlink: 'syz.2.2558': attribute type 10 has an invalid length.
[  298.710679][T13840] 8021q: adding VLAN 0 to HW filter on device bond18
[  298.743321][T13853] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2558'.
[  298.780346][T13849] dummy0: left promiscuous mode
[  298.857224][T13867] IPv6: NLM_F_CREATE should be specified when creating new route
[  298.884937][T13850] bond17: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  298.905369][T13867] IPv6: Can't replace route, no match found
[  298.912674][T13867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2564'.
[  298.928251][T13850] bond17 (unregistering): Released all slaves
[  298.974786][T13853] dummy0: entered promiscuous mode
[  299.166201][T13874] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2566'.
[  299.210151][T13880] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2567'.
[  299.318045][T13880] bond16: left allmulticast mode
[  299.325899][T13880] bond16: left promiscuous mode
[  299.340025][T13880] bridge0: port 3(bond16) entered disabled state
[  299.360107][T13880] bridge_slave_1: left allmulticast mode
[  299.384839][T13880] bridge_slave_1: left promiscuous mode
[  299.408555][T13880] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.438382][T13880] bridge_slave_0: left allmulticast mode
[  299.461419][T13880] bridge_slave_0: left promiscuous mode
[  299.483653][T13880] bridge0: port 1(bridge_slave_0) entered disabled state
[  299.729680][T13896] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2570'.
[  299.772282][T13896] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2570'.
[  299.804368][T13909] netlink: 260 bytes leftover after parsing attributes in process `syz.3.2572'.
[  300.078549][T13920] Cannot find add_set index 2 as target
[  300.187642][T13925] 8021q: VLANs not supported on ip_vti0
[  300.215918][T13929] syzkaller0: entered promiscuous mode
[  300.237166][T13929] syzkaller0: entered allmulticast mode
[  300.475017][T13947] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  300.521786][T13947] tipc: Resetting bearer <eth:syzkaller0>
[  300.654551][T13957] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2584'.
[  300.746845][T13954] veth0_to_bridge: vlans aren't supported yet for dev_uc|mc_add()
[  300.826731][T13954] bridge7: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  301.012719][T13969] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2589'.
[  301.201020][T13978] sctp: Trying to GSO but underlying device doesn't support it.
[  301.464897][T14000] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2602'.
[  301.885370][T14023] GUP no longer grows the stack in syz.0.2609 (14023): 200000003000-20000000a000 (200000001000)
[  301.896429][T14023] CPU: 1 UID: 0 PID: 14023 Comm: syz.0.2609 Not tainted syzkaller #0 PREEMPT(full) 
[  301.896456][T14023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  301.896469][T14023] Call Trace:
[  301.896477][T14023]  <TASK>
[  301.896485][T14023]  dump_stack_lvl+0xe8/0x150
[  301.896533][T14023]  __get_user_pages+0x2378/0x2730
[  301.896584][T14023]  ? __gup_longterm_locked+0xc4e/0x1630
[  301.896612][T14023]  ? down_read_killable+0x1bb/0x340
[  301.896644][T14023]  __gup_longterm_locked+0xdcf/0x1630
[  301.896675][T14023]  ? lock_acquire+0x106/0x350
[  301.896716][T14023]  gup_fast_fallback+0x1d84/0x20d0
[  301.896784][T14023]  ? __pfx_gup_fast_fallback+0x10/0x10
[  301.896813][T14023]  ? is_valid_gup_args+0x11f/0x200
[  301.896841][T14023]  ? get_user_pages_fast+0x4d/0xb0
[  301.896868][T14023]  __iov_iter_get_pages_alloc+0x370/0xa10
[  301.896903][T14023]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  301.896939][T14023]  iov_iter_get_pages2+0x5e/0xa0
[  301.896968][T14023]  __se_sys_vmsplice+0x7c7/0x1620
[  301.897017][T14023]  ? __pfx___se_sys_vmsplice+0x10/0x10
[  301.897049][T14023]  ? __pfx_futex_wake+0x10/0x10
[  301.897156][T14023]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.897181][T14023]  do_syscall_64+0x174/0x580
[  301.897201][T14023]  ? trace_irq_disable+0x3b/0x140
[  301.897230][T14023]  ? clear_bhb_loop+0x40/0x90
[  301.897255][T14023]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.897276][T14023] RIP: 0033:0x7f2f2359ce59
[  301.897295][T14023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  301.897312][T14023] RSP: 002b:00007f2f243f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[  301.897334][T14023] RAX: ffffffffffffffda RBX: 00007f2f23815fa0 RCX: 00007f2f2359ce59
[  301.897350][T14023] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000005
[  301.897363][T14023] RBP: 00007f2f23632d6f R08: 0000000000000000 R09: 0000000000000000
[  301.897376][T14023] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  301.897387][T14023] R13: 00007f2f23816038 R14: 00007f2f23815fa0 R15: 00007ffec6751468
[  301.897420][T14023]  </TASK>
[  302.111707][T14023] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  302.177147][T14026] netlink: 'syz.2.2611': attribute type 4 has an invalid length.
[  302.239406][T14031] netlink: 'syz.1.2610': attribute type 29 has an invalid length.
[  302.284925][T14034] team0: Device gtp0 is up. Set it down before adding it as a team port
[  302.340772][T14031] netlink: 'syz.1.2610': attribute type 29 has an invalid length.
[  302.405568][T14037] team0: Device gtp0 is up. Set it down before adding it as a team port
[  302.528023][T14057] workqueue: name exceeds WQ_NAME_LEN. Truncating to: KŠŸu™crµ±K:‘£ÿˆÌ¥ÝB�ßÝ£|“¼Ú
[  302.954244][T14082] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  303.021818][T14083] netlink: 'syz.4.2626': attribute type 29 has an invalid length.
[  303.058503][T14083] netlink: 'syz.4.2626': attribute type 29 has an invalid length.
[  303.225485][T14086] 8021q: adding VLAN 0 to HW filter on device bond19
[  303.386406][T14086] 8021q: adding VLAN 0 to HW filter on device bond20
[  303.423369][T14111] sctp: [Deprecated]: syz.1.2630 (pid 14111) Use of struct sctp_assoc_value in delayed_ack socket option.
[  303.423369][T14111] Use struct sctp_sack_info instead
[  303.428960][T14086] bond19: (slave bond20): Enslaving as an active interface with an up link
[  303.749791][T14128] __nla_validate_parse: 8 callbacks suppressed
[  303.749810][T14128] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2638'.
[  303.872446][T14134] netlink: 'syz.3.2641': attribute type 29 has an invalid length.
[  303.876386][T14131] xt_hashlimit: size too large, truncated to 1048576
[  303.890056][T14134] netlink: 'syz.3.2641': attribute type 29 has an invalid length.
[  303.916996][T14134] netlink: 500 bytes leftover after parsing attributes in process `syz.3.2641'.
[  304.469374][T14155] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2650'.
[  305.242136][T14202] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2665'.
[  305.308223][T14204] netlink: 'syz.2.2666': attribute type 29 has an invalid length.
[  305.385862][T14204] netlink: 500 bytes leftover after parsing attributes in process `syz.2.2666'.
[  305.633210][T14211] netlink: 'syz.2.2666': attribute type 29 has an invalid length.
[  306.327029][T14266] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2681'.
[  306.530009][T14266] 8021q: adding VLAN 0 to HW filter on device bond14
[  306.676842][T14276] netlink: 'syz.4.2683': attribute type 29 has an invalid length.
[  306.748165][T14276] netlink: 500 bytes leftover after parsing attributes in process `syz.4.2683'.
[  306.903640][T14284] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2685'.
[  306.942327][T14292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2689'.
[  306.952491][T14292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2689'.
[  306.980222][T14294] openvswitch: netlink: Flow key attr not present in new flow.
[  307.006859][T14292] IPv6: sit1: Disabled Multicast RS
[  307.061382][T14292] sit1: entered allmulticast mode
[  307.145909][T14302] bond0: (slave bond_slave_1): Releasing backup interface
[  307.636651][T14320] macvtap0: entered promiscuous mode
[  307.646775][T14320] vlan0: entered promiscuous mode
[  307.652866][T14320] macvtap0: entered allmulticast mode
[  307.658279][T14320] vlan0: entered allmulticast mode
[  307.663675][T14320] veth0_vlan: entered allmulticast mode
[  307.871591][T14332] validate_nla: 1 callbacks suppressed
[  307.871609][T14332] netlink: 'syz.2.2700': attribute type 29 has an invalid length.
[  307.920785][T14332] netlink: 'syz.2.2700': attribute type 29 has an invalid length.
[  308.137548][T14345] xt_CT: You must specify a L4 protocol and not use inversions on it
[  308.220826][T14349] bridge_slave_0: left allmulticast mode
[  308.237105][T14349] bridge_slave_0: left promiscuous mode
[  308.254379][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  308.259489][T14349] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.329932][T14349] bridge_slave_1: left allmulticast mode
[  308.335754][T14349] bridge_slave_1: left promiscuous mode
[  308.354783][T14349] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.433680][T14349] bond0: (slave bond_slave_0): Releasing backup interface
[  308.464300][T14349] bond0: (slave bond_slave_1): Releasing backup interface
[  308.487756][T14349] team0: Port device team_slave_0 removed
[  308.501151][T14349] team0: Port device team_slave_1 removed
[  308.508044][T14349] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.516850][T14349] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.534288][T14349] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  308.544924][T14349] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.557488][T14349] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  308.817010][T14387] netlink: 'syz.0.2715': attribute type 2 has an invalid length.
[  308.981474][T14392] netlink: 'syz.1.2716': attribute type 29 has an invalid length.
[  308.999937][T14395] __nla_validate_parse: 6 callbacks suppressed
[  308.999956][T14395] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2717'.
[  309.023529][T14392] netlink: 'syz.1.2716': attribute type 29 has an invalid length.
[  309.054085][T14400] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  309.087052][T14396] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  309.664867][T14441] netlink: 'syz.1.2731': attribute type 29 has an invalid length.
[  309.690240][T14441] netlink: 'syz.1.2731': attribute type 29 has an invalid length.
[  309.838488][T14447] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2732'.
[  309.873108][T14447] veth0_macvtap: left promiscuous mode
[  310.370298][T14475] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2739'.
[  310.808237][T14492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  311.196411][T14527] netlink: 'syz.2.2754': attribute type 29 has an invalid length.
[  311.220698][T14527] netlink: 'syz.2.2754': attribute type 29 has an invalid length.
[  311.229557][T14527] netlink: 500 bytes leftover after parsing attributes in process `syz.2.2754'.
[  311.654087][T14549] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2762'.
[  312.211384][T14573] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2770'.
[  312.273579][T14573] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2770'.
[  312.306625][T14573] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2770'.
[  312.368632][   T12] netdevsim netdevsim4 netdevsim0: set [0, 1] type 1 family 0 port 8472 - 0
[  312.389387][   T12] netdevsim netdevsim4 netdevsim1: set [0, 1] type 1 family 0 port 8472 - 0
[  312.412544][ T6667] netdevsim netdevsim4 netdevsim2: set [0, 1] type 1 family 0 port 8472 - 0
[  312.423561][ T6665] netdevsim netdevsim4 netdevsim3: set [0, 1] type 1 family 0 port 8472 - 0
[  312.573217][T14589] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2777'.
[  312.667247][T14592] sctp: [Deprecated]: syz.3.2778 (pid 14592) Use of int in maxseg socket option.
[  312.667247][T14592] Use struct sctp_assoc_value instead
[  312.723261][T14596] netlink: 'syz.1.2780': attribute type 1 has an invalid length.
[  312.766297][T14596] nbd: error processing sock list
[  312.878649][T14606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2784'.
[  313.683356][T14644] syzkaller1: entered promiscuous mode
[  313.697816][T14644] syzkaller1: entered allmulticast mode
[  313.891666][T14661] netlink: 'syz.4.2800': attribute type 29 has an invalid length.
[  313.946399][T14665] netlink: 'syz.4.2800': attribute type 29 has an invalid length.
[  314.288273][T14676] team0: Mode changed to "loadbalance"
[  314.303623][T14691] __nla_validate_parse: 6 callbacks suppressed
[  314.303644][T14691] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2807'.
[  314.508227][T14695] dummy0: left promiscuous mode
[  314.800177][T14717] netlink: 'syz.3.2814': attribute type 29 has an invalid length.
[  314.850625][T14717] netlink: 'syz.3.2814': attribute type 29 has an invalid length.
[  314.944285][T14728] netlink: 500 bytes leftover after parsing attributes in process `syz.3.2814'.
[  315.012723][ T5638] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  315.033948][ T5638] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  315.045946][ T5638] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  315.067230][ T5638] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  315.077972][ T5638] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  315.132597][ T4951] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  315.147221][ T4951] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  315.155109][ T4951] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  315.171075][ T4951] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  315.185263][ T4951] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  315.404873][T14735] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2815'.
[  315.699868][T14753] netlink: 'syz.3.2820': attribute type 30 has an invalid length.
[  315.701838][T14754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2819'.
[  316.057997][T14772] netlink: 'syz.4.2825': attribute type 1 has an invalid length.
[  316.210597][T14784] netlink: 336 bytes leftover after parsing attributes in process `syz.3.2827'.
[  316.230470][T14772] workqueue: Failed to create a rescuer kthread for wq "bond17": -EINTR
[  316.249444][T14778] netlink: 'syz.3.2827': attribute type 29 has an invalid length.
[  316.291320][T14782] netlink: 'syz.3.2827': attribute type 29 has an invalid length.
[  316.513419][T14794] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2830'.
[  316.560715][T14804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2832'.
[  316.588271][T14800] team0: No ports can be present during mode change
[  316.682541][T14808] x_tables: duplicate entry at hook 1
[  316.694409][T14808] x_tables: duplicate entry at hook 1
[  316.922674][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  316.930029][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  316.937279][ T1319] aoe: packet could not be sent on ipvlan1.  consider increasing tx_queue_len
[  317.244031][ T4951] Bluetooth: hci5: command tx timeout
[  317.309569][T14832] syzkaller0: entered promiscuous mode
[  317.315284][T14832] syzkaller0: entered allmulticast mode
[  317.448146][T14837] openvswitch: netlink: IP tunnel TTL not specified.
[  317.504726][T14839] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.2845'.
[  317.797190][T14722] bridge0: port 1(bridge_slave_0) entered blocking state
[  317.804938][T14722] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.812778][T14722] bridge_slave_0: entered allmulticast mode
[  317.820782][T14722] bridge_slave_0: entered promiscuous mode
[  317.832166][T14722] bridge0: port 2(bridge_slave_1) entered blocking state
[  317.839552][T14722] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.847247][T14722] bridge_slave_1: entered allmulticast mode
[  317.866399][T14722] bridge_slave_1: entered promiscuous mode
[  317.943907][T14722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  317.967235][T14722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  318.075652][T14722] team0: Port device team_slave_0 added
[  318.081546][T14866] macsec0: entered promiscuous mode
[  318.087450][T14866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2851'.
[  318.097094][T14722] team0: Port device team_slave_1 added
[  318.116931][T14866] macsec0 (unregistering): left promiscuous mode
[  318.186037][T14722] batman_adv: batadv0: Adding interface: batadv_slave_0
[  318.208822][T14722] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  318.244546][T14722] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  318.260151][T14722] batman_adv: batadv0: Adding interface: batadv_slave_1
[  318.278883][T14722] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  318.309751][T14875] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2853'.
[  318.339611][T14875] xt_policy: neither incoming nor outgoing policy selected
[  318.356209][T14722] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  318.713925][T14889] x_tables: unsorted underflow at hook 2
[  318.767905][T14722] hsr_slave_0: entered promiscuous mode
[  318.793515][T14722] hsr_slave_1: entered promiscuous mode
[  318.808363][T14722] debugfs: 'hsr0' already exists in 'hsr'
[  318.835870][T14722] Cannot create hsr debugfs directory
[  319.320149][ T4951] Bluetooth: hci5: command tx timeout
[  319.390526][T14928] __nla_validate_parse: 2 callbacks suppressed
[  319.390545][T14928] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2864'.
[  319.494182][T14722] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  319.522135][T14930] netlink: 'syz.3.2866': attribute type 29 has an invalid length.
[  319.539902][T14931] netlink: 'syz.3.2866': attribute type 29 has an invalid length.
[  319.556797][T14930] FAULT_INJECTION: forcing a failure.
[  319.556797][T14930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  319.574109][T14930] CPU: 1 UID: 0 PID: 14930 Comm: syz.3.2866 Not tainted syzkaller #0 PREEMPT(full) 
[  319.574133][T14930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  319.574147][T14930] Call Trace:
[  319.574154][T14930]  <TASK>
[  319.574164][T14930]  dump_stack_lvl+0xe8/0x150
[  319.574188][T14930]  should_fail_ex+0x412/0x560
[  319.574210][T14930]  _copy_from_user+0x2d/0xb0
[  319.574231][T14930]  ___sys_sendmsg+0x1c6/0x360
[  319.574246][T14930]  ? __lock_acquire+0x6b5/0x2cf0
[  319.574267][T14930]  ? __pfx____sys_sendmsg+0x10/0x10
[  319.574310][T14930]  ? __fget_files+0x2a/0x420
[  319.574340][T14930]  ? __fget_files+0x3a0/0x420
[  319.574365][T14930]  __x64_sys_sendmsg+0x1bd/0x2a0
[  319.574382][T14930]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  319.574403][T14930]  ? __pfx_ksys_write+0x10/0x10
[  319.574431][T14930]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.574448][T14930]  do_syscall_64+0x174/0x580
[  319.574463][T14930]  ? trace_irq_disable+0x3b/0x140
[  319.574487][T14930]  ? clear_bhb_loop+0x40/0x90
[  319.574505][T14930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.574520][T14930] RIP: 0033:0x7fc84179ce59
[  319.574534][T14930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  319.574549][T14930] RSP: 002b:00007fc8425f5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  319.574567][T14930] RAX: ffffffffffffffda RBX: 00007fc841a15fa0 RCX: 00007fc84179ce59
[  319.574578][T14930] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[  319.574587][T14930] RBP: 00007fc8425f5090 R08: 0000000000000000 R09: 0000000000000000
[  319.574595][T14930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.574604][T14930] R13: 00007fc841a16038 R14: 00007fc841a15fa0 R15: 00007ffeb369eba8
[  319.574627][T14930]  </TASK>
[  320.032425][T14722] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  320.069290][T14949] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2872'.
[  320.105203][T14948] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2872'.
[  320.146787][T14722] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  320.194052][T14949] veth1_to_team: entered promiscuous mode
[  320.202683][T14949] gretap0: entered promiscuous mode
[  320.211575][T14949] hsr1: entered promiscuous mode
[  320.248155][T14722] netdevsim netdevsim2 
 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  320.287860][T14966] netem: change failed
[  320.653229][T14980] netlink: 27 bytes leftover after parsing attributes in process `syz.3.2876'.
[  321.398988][ T4951] Bluetooth: hci5: command tx timeout
[  321.661032][ T6664] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  321.670792][ T6664] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  321.680292][ T6664] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0
[  321.690119][ T6664] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  321.702033][ T6664] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  321.711306][ T6664] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0
[  321.735658][ T6664] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  321.745063][ T6664] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  321.755133][ T6664] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0
[  321.786567][ T6664] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  321.809123][ T6664] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  321.819583][ T6664] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0
[  322.998354][T14953] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  323.026338][T14722] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  323.085579][T14722] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  323.098287][T14722] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  323.185613][T14722] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  323.214806][T15002] vlan4: entered promiscuous mode
[  323.220558][T15002] bridge0: entered promiscuous mode
[  323.251706][T14722] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  323.274447][T14722] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  323.283182][T14722] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  323.407105][T14722] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  323.478866][ T4951] Bluetooth: hci5: command tx timeout
[  323.735513][T15035] netlink: 'syz.4.2891': attribute type 29 has an invalid length.
[  323.757875][T15035] netlink: 'syz.4.2891': attribute type 29 has an invalid length.
[  323.775955][T15035] netlink: 500 bytes leftover after parsing attributes in process `syz.4.2891'.
[  323.803218][T15035] FAULT_INJECTION: forcing a failure.
[  323.803218][T15035] name failslab, interval 1, probability 0, space 0, times 0
[  323.832234][T15035] CPU: 1 UID: 0 PID: 15035 Comm: syz.4.2891 Not tainted syzkaller #0 PREEMPT(full) 
[  323.832262][T15035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  323.832275][T15035] Call Trace:
[  323.832282][T15035]  <TASK>
[  323.832291][T15035]  dump_stack_lvl+0xe8/0x150
[  323.832319][T15035]  should_fail_ex+0x412/0x560
[  323.832359][T15035]  should_failslab+0xa8/0x100
[  323.832379][T15035]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  323.832429][T15035]  ? __alloc_skb+0x1d0/0x7d0
[  323.832455][T15035]  ? __local_bh_enable_ip+0xd0/0x130
[  323.832482][T15035]  __alloc_skb+0x1d0/0x7d0
[  323.832509][T15035]  ? netlink_ack_tlv_len+0x6c/0x210
[  323.832553][T15035]  netlink_ack+0x146/0xa50
[  323.832583][T15035]  ? trace_contention_end+0x3d/0x140
[  323.832618][T15035]  netlink_rcv_skb+0x2b6/0x4b0
[  323.832647][T15035]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  323.832673][T15035]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  323.832715][T15035]  ? netlink_deliver_tap+0x2e/0x1b0
[  323.832743][T15035]  ? netlink_deliver_tap+0x2e/0x1b0
[  323.832773][T15035]  xfrm_netlink_rcv+0x79/0x90
[  323.832796][T15035]  netlink_unicast+0x75c/0x8e0
[  323.832832][T15035]  netlink_sendmsg+0x813/0xb40
[  323.832868][T15035]  ? __pfx_netlink_sendmsg+0x10/0x10
[  323.832900][T15035]  ? aa_sock_msg_perm+0xf1/0x1b0
[  323.832929][T15035]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  323.832957][T15035]  ____sys_sendmsg+0x972/0x9f0
[  323.832976][T15035]  ? __might_fault+0xaf/0x130
[  323.833006][T15035]  ? __pfx_____sys_sendmsg+0x10/0x10
[  323.833034][T15035]  ? import_iovec+0x73/0xa0
[  323.833061][T15035]  ___sys_sendmsg+0x2a5/0x360
[  323.833077][T15035]  ? __lock_acquire+0x6b5/0x2cf0
[  323.833101][T15035]  ? __pfx____sys_sendmsg+0x10/0x10
[  323.833152][T15035]  ? __fget_files+0x2a/0x420
[  323.833173][T15035]  ? __fget_files+0x3a0/0x420
[  323.833212][T15035]  __x64_sys_sendmsg+0x1bd/0x2a0
[  323.833233][T15035]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  323.833260][T15035]  ? __pfx_ksys_write+0x10/0x10
[  323.833295][T15035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.833316][T15035]  do_syscall_64+0x174/0x580
[  323.833334][T15035]  ? trace_irq_disable+0x3b/0x140
[  323.833360][T15035]  ? clear_bhb_loop+0x40/0x90
[  323.833383][T15035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.833400][T15035] RIP: 0033:0x7f621939ce59
[  323.833417][T15035] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  323.833432][T15035] RSP: 002b:00007f621a2ec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  323.833452][T15035] RAX: ffffffffffffffda RBX: 00007f6219615fa0 RCX: 00007f621939ce59
[  323.833464][T15035] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[  323.833475][T15035] RBP: 00007f621a2ec090 R08: 0000000000000000 R09: 0000000000000000
[  323.833486][T15035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  323.833496][T15035] R13: 00007f6219616038 R14: 00007f6219615fa0 R15: 00007ffe06747a68
[  323.833525][T15035]  </TASK>
[  324.142810][T14722] 8021q: adding VLAN 0 to HW filter on device bond0
[  324.206961][T15043] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  324.266907][T14722] 8021q: adding VLAN 0 to HW filter on device team0
[  324.286140][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state
[  324.293361][ T3318] bridge0: port 1(bridge_slave_0) entered forwarding state
[  324.343344][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state
[  324.350645][ T3318] bridge0: port 2(bridge_slave_1) entered forwarding state
[  324.662530][T15065] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2900'.
[  324.790178][T15063] syzkaller0: entered promiscuous mode
[  324.797149][T15063] syzkaller0: entered allmulticast mode
[  324.968281][T15082] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2902'.
[  324.980418][T15083] netlink: 336 bytes leftover after parsing attributes in process `syz.3.2903'.
[  326.470235][T15071] syzkaller0: entered promiscuous mode
[  326.475871][T15071] syzkaller0: entered allmulticast mode
[  326.483515][T15074] netlink: 'syz.3.2903': attribute type 29 has an invalid length.
[  326.695524][T15095] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2906'.
[  327.055348][T15113] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2912'.
[  327.256940][T15122] netlink: 'syz.1.2914': attribute type 29 has an invalid length.
[  327.298989][T15122] netlink: 'syz.1.2914': attribute type 29 has an invalid length.
[  327.463628][T14722] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.536925][T15130] lo speed is unknown, defaulting to 1000
[  327.550394][T15132] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2918'.
[  327.591522][T15130] lo speed is unknown, defaulting to 1000
[  327.617154][T15130] lo speed is unknown, defaulting to 1000
[  327.697428][T14722] veth0_vlan: entered promiscuous mode
[  327.810638][T14722] veth1_vlan: entered promiscuous mode
[  327.933116][T14722] veth0_macvtap: entered promiscuous mode
[  327.979759][T14722] veth1_macvtap: entered promiscuous mode
[  328.060245][T14722] batman_adv: batadv0: Interface activated: batadv_slave_0
[  328.076371][T15148] netlink: 'syz.3.2924': attribute type 1 has an invalid length.
[  328.103328][T14722] batman_adv: batadv0: Interface activated: batadv_slave_1
[  328.114013][T15151] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2923'.
[  328.118312][T15147] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2923'.
[  328.149743][T15151] openvswitch: netlink: Flow actions attr not present in new flow.
[  328.165729][T15152] netlink: 'syz.3.2924': attribute type 10 has an invalid length.
[  328.183788][T15152] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2924'.
[  328.205434][T15152] dummy0: entered promiscuous mode
[  328.308207][T15148] 8021q: adding VLAN 0 to HW filter on device bond17
[  328.337482][T15147] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2923'.
[  328.355080][  T146] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.384654][  T146] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.394421][  T146] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.414656][  T146] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.471851][ T9671] lo speed is unknown, defaulting to 1000
[  328.478658][T15130] infiniband s
z1: set active
[  328.484926][T15130] infiniband s
z1: added lo
[  328.498558][T15130] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[  328.506618][T15130] infiniband s
z1: Couldn't open port 1
[  328.541076][T15130] smbdirect: ib_dev[s
z1]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[  328.604971][T15130] smbdirect: ib_dev[s
z1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[  328.639115][T15130] smbdirect: ib_dev[s
z1]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[  328.657034][T15164] netlink: 'syz.4.2929': attribute type 29 has an invalid length.
[  328.667135][  T146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.682188][T15164] netlink: 'syz.4.2929': attribute type 29 has an invalid length.
[  328.690763][  T146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.745457][T15130] RDS/IB: s
z1: added
[  328.760918][T15130] smc: adding ib device s
z1 with port count 1
[  328.783103][T15130] smc:    ib device s
z1 port 1 has no pnetid
[  328.796631][T14982] lo speed is unknown, defaulting to 1000
[  328.817941][T15130] lo speed is unknown, defaulting to 1000
[  328.825697][ T6664] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.846941][ T6664] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.258423][T15130] lo speed is unknown, defaulting to 1000
[  329.294992][T15188] 8021q: VLANs not supported on lo
[  329.947102][ T5638] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  329.961308][ T5638] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  329.970413][ T5638] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  329.983686][ T5638] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  329.996105][T15209] netlink: 'syz.1.2945': attribute type 26 has an invalid length.
[  330.009449][ T5638] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  330.042512][T15209] __nla_validate_parse: 2 callbacks suppressed
[  330.042530][T15209] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2945'.
[  330.061573][T15213] netlink: 'syz.4.2946': attribute type 29 has an invalid length.
[  330.113054][T15213] netlink: 'syz.4.2946': attribute type 29 has an invalid length.
[  330.141830][T15130] lo speed is unknown, defaulting to 1000
[  330.147596][T15209] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2945'.
[  330.161429][T15213] netlink: 500 bytes leftover after parsing attributes in process `syz.4.2946'.
[  330.195367][T15217] erspan0: entered promiscuous mode
[  330.231930][T15217] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2947'.
[  330.494141][T15229] tipc: New replicast peer: 0.0.0.0
[  330.504849][T15229] tipc: Enabled bearer <udp:syz1>, priority 10
[  330.711981][T15239] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2951'.
[  330.830002][T15239] bond17: Invalid ad_actor_system MAC address.
[  330.856687][T15239] bond17: option ad_actor_system: invalid value (1)
[  330.878983][T15239] bond17 (unregistering): Released all slaves
[  330.927452][T15236] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  331.017920][T15130] lo speed is unknown, defaulting to 1000
[  331.235574][T15261] netdevsim netdevsim4: Direct firmware load for  failed with error -2
[  331.260782][T15261] netdevsim netdevsim4: Falling back to sysfs fallback for: 
[  331.426577][T15270] syzkaller0: entered promiscuous mode
[  331.437166][T15270] syzkaller0: entered allmulticast mode
[  331.467563][T15270] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2957'.
[  331.625867][T15130] lo speed is unknown, defaulting to 1000
[  331.702731][T15274] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2959'.
[  331.945484][T15282] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2961'.
[  332.086293][T15210] lo speed is unknown, defaulting to 1000
[  332.120067][ T4951] Bluetooth: hci1: command tx timeout
[  332.338446][T15287] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  332.636726][T15308] netlink: 830 bytes leftover after parsing attributes in process `syz.4.2969'.
[  332.666198][T15130] lo speed is unknown, defaulting to 1000
[  332.725088][T15313] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2970'.
[  333.083207][T15329] xt_hashlimit: size too large, truncated to 1048576
[  333.091522][T15327] xt_l2tp: invalid flags combination: 0
[  333.823971][T15210] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.850911][T15210] bridge0: port 1(bridge_slave_0) entered disabled state
[  333.872189][T15210] bridge_slave_0: entered allmulticast mode
[  333.884573][T15210] bridge_slave_0: entered promiscuous mode
[  333.906574][T15210] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.918282][T15210] bridge0: port 2(bridge_slave_1) entered disabled state
[  333.929193][T15210] bridge_slave_1: entered allmulticast mode
[  333.941304][T15210] bridge_slave_1: entered promiscuous mode
[  333.955807][T15370] validate_nla: 1 callbacks suppressed
[  333.955830][T15370] netlink: 'syz.0.2985': attribute type 29 has an invalid length.
[  334.067840][T15210] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  334.082061][T15210] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  334.176033][T15210] team0: Port device team_slave_0 added
[  334.201392][ T4951] Bluetooth: hci1: command tx timeout
[  334.201773][T15386] netlink: 'syz.2.2990': attribute type 1 has an invalid length.
[  334.215704][T15210] team0: Port device team_slave_1 added
[  334.289948][T15210] batman_adv: batadv0: Adding interface: batadv_slave_0
[  334.308789][T15210] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  334.342974][T15210] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  334.364329][T15210] batman_adv: batadv0: Adding interface: batadv_slave_1
[  334.404908][T15210] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  334.446814][T15210] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.710980][T15210] hsr_slave_0: entered promiscuous mode
[  334.737689][T15210] hsr_slave_1: entered promiscuous mode
[  334.764637][T15210] debugfs: 'hsr0' already exists in 'hsr'
[  334.789456][T15210] Cannot create hsr debugfs directory
[  334.937551][T15421] netlink: 'syz.2.3002': attribute type 3 has an invalid length.
[  334.954911][T15422] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  335.352512][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88807a1e3400: rx timeout, send abort
[  335.496628][T15448] macsec0: entered promiscuous mode
[  335.519871][T15448] __nla_validate_parse: 6 callbacks suppressed
[  335.519888][T15448] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3010'.
[  335.551520][T15448] veth1_macvtap: left promiscuous mode
[  335.571862][T15448] macsec0 (unregistering): left promiscuous mode
[  335.814442][T15455] bond1: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  335.830825][T15455] bond1 (unregistering): Released all slaves
[  335.852677][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888058530000: rx timeout, send abort
[  335.872001][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88807a1e3400: abort rx timeout. Force session deactivation
[  336.155964][T15472] xt_hashlimit: size too large, truncated to 1048576
[  336.278177][T15480] netlink: 212336 bytes leftover after parsing attributes in process `syz.0.3020'.
[  336.289958][ T4951] Bluetooth: hci1: command tx timeout
[  336.361114][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888058530000: abort rx timeout. Force session deactivation
[  336.392859][T15476] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3020'.
[  336.462380][T15486] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3022'.
[  336.570672][T15210] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  336.607895][T15210] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  336.631648][T15210] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  336.652036][T15210] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  336.670365][T15210] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  336.686058][T15210] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  336.708612][T15210] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  336.760912][T15210] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  336.955765][T15513] netlink: 'syz.4.3029': attribute type 1 has an invalid length.
[  337.073724][T15515] veth7: entered promiscuous mode
[  337.205691][T15530] sctp: [Deprecated]: syz.0.3033 (pid 15530) Use of struct sctp_assoc_value in delayed_ack socket option.
[  337.205691][T15530] Use struct sctp_sack_info instead
[  337.223422][T15531] sctp: [Deprecated]: syz.0.3033 (pid 15531) Use of struct sctp_assoc_value in delayed_ack socket option.
[  337.223422][T15531] Use struct sctp_sack_info instead
[  337.323496][T15526] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  337.335224][T15526] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.381493][T15210] 8021q: adding VLAN 0 to HW filter on device bond0
[  337.502454][T15526] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  337.513658][T15526] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.554340][ T6659] bond14: left allmulticast mode
[  337.561610][T15539] xt_recent: Unsupported userspace flags (000000b1)
[  337.571719][ T6659] bond14: left promiscuous mode
[  337.579038][ T6659] bridge0: port 3(bond14) entered disabled state
[  337.598283][ T6659] bridge_slave_1: left allmulticast mode
[  337.604315][ T6659] bridge_slave_1: left promiscuous mode
[  337.610791][ T6659] bridge0: port 2(bridge_slave_1) entered disabled state
[  337.630785][ T6659] bridge_slave_0: left allmulticast mode
[  337.636613][ T6659] bridge_slave_0: left promiscuous mode
[  337.643467][ T6659] bridge0: port 1(bridge_slave_0) entered disabled state
[  337.754570][ T6659] tipc: Resetting bearer <eth:syzkaller0>
[  338.104650][ T6659] tipc: Disabling bearer <eth:syzkaller0>
[  338.314361][ T6659] bond7 (unregistering): (slave bridge5): Releasing backup interface
[  338.359383][ T4951] Bluetooth: hci1: command tx timeout
[  338.454956][ T6659] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  338.465985][ T6659] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  338.476238][ T6659] bond0 (unregistering): Released all slaves
[  338.493350][ T6659] bond1 (unregistering): Released all slaves
[  338.511655][ T6659] bond2 (unregistering): Released all slaves
[  338.528129][ T6659] bond3 (unregistering): Released all slaves
[  338.544110][ T6659] bond4 (unregistering): Released all slaves
[  338.563046][ T6659] bond5 (unregistering): Released all slaves
[  338.585295][ T6659] bond6 (unregistering): Released all slaves
[  338.608677][ T6659] bond7 (unregistering): Released all slaves
[  338.624919][ T6659] bond8 (unregistering): Released all slaves
[  338.641010][ T6659] bond9 (unregistering): Released all slaves
[  338.661841][ T6659] bond10 (unregistering): Released all slaves
[  338.685837][ T6659] bond11 (unregistering): Released all slaves
[  338.703812][ T6659] bond12 (unregistering): Released all slaves
[  338.726401][ T6659] bond13 (unregistering): Released all slaves
[  338.742846][ T6659] bond14 (unregistering): Released all slaves
[  338.761713][ T6659] bond15 (unregistering): Released all slaves
[  338.785327][ T6659] bond16 (unregistering): Released all slaves
[  338.804013][ T6659] bond17 (unregistering): Released all slaves
[  338.824379][ T6659] bond18 (unregistering): Released all slaves
[  338.843177][ T6659] bond19 (unregistering): (slave bond20): Releasing backup interface
[  338.852841][ T6659] bond19 (unregistering): Released all slaves
[  338.868270][ T6659] bond20 (unregistering): Released all slaves
[  338.891164][T15210] 8021q: adding VLAN 0 to HW filter on device team0
[  338.898397][T15539] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3037'.
[  338.962831][T15526] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  338.975141][T15526] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  339.035321][  T146] bridge0: port 1(bridge_slave_0) entered blocking state
[  339.042540][  T146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  339.097090][  T146] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.104303][  T146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  339.203540][T15526] netdevsim netdevsim1 
 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  339.271200][T15526] netdevsim netdevsim1 
 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  339.292950][T15557] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  339.331757][ T6659] tipc: Disabling bearer <udp:syz2>
[  339.346658][ T6659] tipc: Left network mode
[  339.511745][T15574] netlink: 'syz.0.3043': attribute type 21 has an invalid length.
[  339.540527][T15574] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3043'.
[  339.570433][T15574] netlink: 'syz.0.3043': attribute type 1 has an invalid length.
[  339.684536][T15580] x_tables: duplicate underflow at hook 2
[  339.700334][T15585] x_tables: duplicate underflow at hook 2
[  339.843473][T15579] bond18: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms
[  339.862178][T15583] syzkaller1: entered promiscuous mode
[  339.883768][T15583] syzkaller1: entered allmulticast mode
[  339.904026][  T146] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  339.932283][  T146] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  340.211003][ T3318] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  340.237179][ T3318] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  340.287837][ T9291] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  340.309813][ T9291] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  340.382545][T15607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3050'.
[  340.502031][ T9291] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  340.542060][ T9291] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.912886][T15626] netlink: 'syz.4.3055': attribute type 21 has an invalid length.
[  340.951060][T15626] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3055'.
[  340.981558][T15626] netlink: 'syz.4.3055': attribute type 1 has an invalid length.
[  341.367422][T15633] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  341.726510][T15642] netlink: 294 bytes leftover after parsing attributes in process `syz.2.3058'.
[  341.735843][T15642] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  341.982192][T15647] netlink: 'syz.2.3060': attribute type 1 has an invalid length.
[  342.095445][T15649] netlink: 'syz.2.3060': attribute type 10 has an invalid length.
[  342.104100][T15649] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3060'.
[  343.424910][ T6659] hsr_slave_0: left promiscuous mode
[  343.444792][ T6659] hsr_slave_1: left promiscuous mode
[  343.461150][ T6659] batman_adv: batadv0: Removing interface: batadv_slave_1
[  343.484740][ T6659] vlan0: left allmulticast mode
[  343.490831][ T6659] veth0_vlan: left allmulticast mode
[  343.584998][T15652] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3061'.
[  344.065294][ T6659] team0 (unregistering): Port device team_slave_1 removed
[  344.088607][ T6659] team0 (unregistering): Port device team_slave_0 removed
[  344.252693][T15605] lo speed is unknown, defaulting to 1000
[  344.296681][T15647] bond1: option mode: invalid value (7)
[  344.307665][T15647] bond1 (unregistering): Released all slaves
[  344.356018][T15649] dummy0: entered promiscuous mode
[  344.409766][T15651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3061'.
[  344.432721][T15652] workqueue: Failed to create a rescuer kthread for wq "bond15": -EINTR
[  344.474666][T15210] 8021q: adding VLAN 0 to HW filter on device batadv0
[  344.621394][T15658] netlink: 'syz.4.3063': attribute type 83 has an invalid length.
[  344.785255][T15664] netlink: 'syz.2.3065': attribute type 21 has an invalid length.
[  344.815142][T15664] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3065'.
[  344.825609][T15210] veth0_vlan: entered promiscuous mode
[  344.830823][T15664] netlink: 'syz.2.3065': attribute type 1 has an invalid length.
[  345.028302][T15210] veth1_vlan: entered promiscuous mode
[  345.061010][ T6659] IPVS: stop unused estimator thread 0...
[  345.117242][T15672] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3068'.
[  345.129922][T15673] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  345.151805][T15210] veth0_macvtap: entered promiscuous mode
[  345.203775][T15210] veth1_macvtap: entered promiscuous mode
[  345.280028][T15210] batman_adv: batadv0: Interface activated: batadv_slave_0
[  345.317771][T15684] netlink: 'syz.4.3071': attribute type 1 has an invalid length.
[  345.349021][T15210] batman_adv: batadv0: Interface activated: batadv_slave_1
[  345.473063][T15690] netlink: 'syz.4.3071': attribute type 10 has an invalid length.
[  345.518962][T15690] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3071'.
[  345.693981][T15684] 8021q: adding VLAN 0 to HW filter on device bond19
[  345.723753][T15690] dummy0: entered promiscuous mode
[  345.737354][ T6664] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  345.767789][ T6664] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  345.815192][ T6664] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  345.854006][ T6664] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  346.142054][ T6658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  346.178592][ T6658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  346.385636][ T6659] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  346.395780][ T6659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  346.615346][T15716] netlink: 'syz.4.3080': attribute type 7 has an invalid length.
[  346.756295][T15718] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2940'.
[  346.791977][T15718] netlink: 'syz.3.2940': attribute type 7 has an invalid length.
[  346.801272][T15718] netlink: 'syz.3.2940': attribute type 8 has an invalid length.
[  346.811025][T15718] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2940'.
[  346.851849][T15718] batadv0: entered promiscuous mode
[  346.872297][T15718] batadv0: left promiscuous mode
[  347.054289][ T5638] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  347.066246][ T5638] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  347.078110][ T5638] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  347.093718][ T5638] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  347.110279][ T5638] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  347.407366][T15736] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3083'.
[  347.430765][T15735] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3085'.
[  347.964515][T15758] x_tables: unsorted entry at hook 2
[  348.174110][T15767] netlink: 'syz.1.3094': attribute type 2 has an invalid length.
[  348.203545][T15768] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3094'.
[  348.217743][T15767] openvswitch: netlink: IP tunnel dst address not specified
[  348.596668][T15785] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3099'.
[  348.636352][T15772] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  348.679407][ T4951] Bluetooth: hci1: command tx timeout
[  348.703724][T15772] syzkaller0: entered promiscuous mode
[  348.732193][T15772] syzkaller0: entered allmulticast mode
[  348.845444][T15724] lo speed is unknown, defaulting to 1000
[  348.882321][T15794] netlink: 'syz.1.3103': attribute type 1 has an invalid length.
[  348.912253][T15795] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3104'.
[  349.022050][T15802] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  349.042627][T15794] 8021q: adding VLAN 0 to HW filter on device bond15
[  349.054008][T15798] dummy0: left promiscuous mode
[  349.077239][T15798] bond15: (slave dummy0): Enslaving as a backup interface with an up link
[  349.160492][ T4951] Bluetooth: hci4: command tx timeout
[  349.168132][ T3370] bond15: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  349.291918][ T3370] bond15: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  350.025169][T15724] bridge0: port 1(bridge_slave_0) entered blocking state
[  350.032853][T15724] bridge0: port 1(bridge_slave_0) entered disabled state
[  350.041004][T15724] bridge_slave_0: entered allmulticast mode
[  350.048834][T15724] bridge_slave_0: entered promiscuous mode
[  350.057377][T15724] bridge0: port 2(bridge_slave_1) entered blocking state
[  350.065186][T15724] bridge0: port 2(bridge_slave_1) entered disabled state
[  350.073727][T15724] bridge_slave_1: entered allmulticast mode
[  350.081858][T15724] bridge_slave_1: entered promiscuous mode
[  350.116959][T15724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  350.131034][T15724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  350.165925][T15724] team0: Port device team_slave_0 added
[  350.174430][T15724] team0: Port device team_slave_1 added
[  350.207729][T15724] batman_adv: batadv0: Adding interface: batadv_slave_0
[  350.215216][T15724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  350.241931][T15724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  350.255106][T15724] batman_adv: batadv0: Adding interface: batadv_slave_1
[  350.262718][T15724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  350.290488][T15724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  350.341914][T15724] hsr_slave_0: entered promiscuous mode
[  350.348454][T15724] hsr_slave_1: entered promiscuous mode
[  350.355533][T15724] debugfs: 'hsr0' already exists in 'hsr'
[  350.365817][T15724] Cannot create hsr debugfs directory
[  350.531327][T15724] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.621798][T15724] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.733875][T15724] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.819883][T15724] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.874935][T15850] netlink: 'syz.3.3115': attribute type 1 has an invalid length.
[  350.943300][T15852] openvswitch: netlink: Message has 8 unknown bytes.
[  350.952503][T15852] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  351.022945][T15854] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3117'.
[  351.239678][ T4951] Bluetooth: hci4: command tx timeout
[  352.283750][T15808] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  352.338090][T15724] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  352.401158][T15724] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  352.421584][T15724] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  352.454843][T15724] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  352.484760][T15724] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  352.531657][T15724] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  352.548224][T15865] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3121'.
[  352.605150][T15724] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  352.625806][T15724] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  352.863713][T15888] netlink: 'syz.1.3125': attribute type 1 has an invalid length.
[  353.325902][ T4951] Bluetooth: hci4: command tx timeout
[  354.677075][T15888] workqueue: Failed to create a rescuer kthread for wq "bond16": -EINTR
[  354.693271][T15892] bond15: (slave dummy0): Removing an active aggregator
[  354.710792][T15892] bond15: (slave dummy0): Releasing backup interface
[  354.943766][T15724] 8021q: adding VLAN 0 to HW filter on device bond0
[  355.014714][T15724] 8021q: adding VLAN 0 to HW filter on device team0
[  355.096680][ T3370] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.103913][ T3370] bridge0: port 1(bridge_slave_0) entered forwarding state
[  355.150905][ T3370] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.158121][ T3370] bridge0: port 2(bridge_slave_1) entered forwarding state
[  355.190973][T15908] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3133'.
[  355.405825][ T4951] Bluetooth: hci4: command tx timeout
[  355.535383][T15921] netlink: 232 bytes leftover after parsing attributes in process `syz.3.3139'.
[  356.310581][T15959] netlink: 232 bytes leftover after parsing attributes in process `syz.2.3151'.
[  356.345918][T15956] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3150'.
[  356.424011][T15724] 8021q: adding VLAN 0 to HW filter on device batadv0
[  356.543505][T15973] netlink: 'syz.2.3154': attribute type 30 has an invalid length.
[  356.609928][T15975] netlink: 16215 bytes leftover after parsing attributes in process `syz.1.3156'.
[  356.672992][T15973] bond1: option arp_missed_max: invalid value (0)
[  356.684050][T15973] bond1: option arp_missed_max: allowed values 1 - 255
[  356.701985][T15973] bond1 (unregistering): Released all slaves
[  356.822981][T15991] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  356.856516][T15724] veth0_vlan: entered promiscuous mode
[  356.906218][T15986] netlink: 'syz.4.3158': attribute type 1 has an invalid length.
[  357.051247][T15986] 8021q: adding VLAN 0 to HW filter on device bond20
[  357.121303][T15993] bond20: (slave veth0_to_bond): making interface the new active one
[  357.155061][T15993] bond20: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  357.172744][T15724] veth1_vlan: entered promiscuous mode
[  357.273191][T16014] netlink: 232 bytes leftover after parsing attributes in process `syz.1.3163'.
[  357.311400][T16009] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3161'.
[  357.448570][T15724] veth0_macvtap: entered promiscuous mode
[  357.492152][T15724] veth1_macvtap: entered promiscuous mode
[  357.593684][T15724] batman_adv: batadv0: Interface activated: batadv_slave_0
[  357.684008][T15724] batman_adv: batadv0: Interface activated: batadv_slave_1
[  357.737315][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  357.770236][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  357.791163][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  357.811112][T16037] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3168'.
[  357.835723][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  358.044312][T16045] netlink: 'syz.1.3173': attribute type 8 has an invalid length.
[  358.095827][ T6658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  358.104854][T16047] netlink: 232 bytes leftover after parsing attributes in process `syz.3.3174'.
[  358.124207][ T6658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  358.196876][ T6658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  358.209762][ T6658] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  358.301583][T16050] bridge0: port 1(gretap0) entered blocking state
[  358.335631][T16050] bridge0: port 1(gretap0) entered disabled state
[  358.354371][T16050] gretap0: entered allmulticast mode
[  358.364580][T16050] gretap0: entered promiscuous mode
[  359.015141][ T5638] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  359.032546][ T5638] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  359.043742][ T5638] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  359.053542][ T5638] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  359.067123][ T5638] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  359.157242][T16085] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3186'.
[  359.216231][T16085] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3186'.
[  359.422073][T16096] IPv6: NLM_F_CREATE should be specified when creating new route
[  359.492284][T16099] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3190'.
[  359.657199][T16106] Bluetooth: MGMT ver 1.23
[  359.787472][T16110] netlink: 'syz.1.3194': attribute type 4 has an invalid length.
[  359.821658][T16117] netlink: 'syz.1.3194': attribute type 13 has an invalid length.
[  359.838023][T16106] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  359.842596][T16117] netlink: 'syz.1.3194': attribute type 58 has an invalid length.
[  359.856316][T16119] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  359.883459][T16108] x_tables: duplicate underflow at hook 2
[  359.927009][T16117] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3194'.
[  359.964884][T16108] xt_hashlimit: size too large, truncated to 1048576
[  360.151405][T16134] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3197'.
[  360.270893][T16138] netlink: 232 bytes leftover after parsing attributes in process `syz.2.3199'.
[  360.461833][T16149] netlink: 232 bytes leftover after parsing attributes in process `syz.3.3202'.
[  360.551551][T16144] team0: Mode changed to "loadbalance"
[  360.613815][T16152] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3203'.
[  360.902957][T16160] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  361.038145][T16083] lo speed is unknown, defaulting to 1000
[  361.159838][ T4951] Bluetooth: hci0: command tx timeout
[  361.542349][T16186] team0: No ports can be present during mode change
[  362.668393][T16219] team0: No ports can be present during mode change
[  362.906792][T16083] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.940886][T16083] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.963280][T16083] bridge_slave_0: entered allmulticast mode
[  362.982212][T16083] bridge_slave_0: entered promiscuous mode
[  363.029424][T16083] bridge0: port 2(bridge_slave_1) entered blocking state
[  363.046045][T16083] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.048165][T16239] Cannot find set identified by id 1 to match
[  363.057993][T16083] bridge_slave_1: entered allmulticast mode
[  363.075330][T16241] Cannot find set identified by id 1 to match
[  363.082215][T16083] bridge_slave_1: entered promiscuous mode
[  363.200330][T16083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  363.230952][T16083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  363.249283][ T4951] Bluetooth: hci0: command tx timeout
[  363.315597][T16083] team0: Port device team_slave_0 added
[  363.324986][T16083] team0: Port device team_slave_1 added
[  363.382349][T16083] batman_adv: batadv0: Adding interface: batadv_slave_0
[  363.389449][T16083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  363.416202][T16083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  363.448475][T16083] batman_adv: batadv0: Adding interface: batadv_slave_1
[  363.467785][T16083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  363.506186][T16083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  363.546440][T16247] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  363.664168][T16249] syzkaller0: entered promiscuous mode
[  363.673081][T16249] syzkaller0: entered allmulticast mode
[  363.689633][T16249] tipc: Resetting bearer <eth:syzkaller0>
[  363.807533][   T12] tipc: Resetting bearer <eth:syzkaller0>
[  363.834285][T16246] tipc: Resetting bearer <eth:syzkaller0>
[  364.623555][T16294] __nla_validate_parse: 5 callbacks suppressed
[  364.623574][T16294] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3243'.
[  365.326081][ T4951] Bluetooth: hci0: command tx timeout
[  366.046911][T16246] tipc: Disabling bearer <eth:syzkaller0>
[  366.058895][T16259] team0: No ports can be present during mode change
[  366.095498][T16083] hsr_slave_0: entered promiscuous mode
[  366.115678][T16083] hsr_slave_1: entered promiscuous mode
[  366.131331][T16083] debugfs: 'hsr0' already exists in 'hsr'
[  366.160913][T16083] Cannot create hsr debugfs directory
[  366.288150][T16304] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3245'.
[  366.300500][T16292] syzkaller0: entered promiscuous mode
[  366.305997][T16292] syzkaller0: entered allmulticast mode
[  366.319107][T16300] netlink: 'syz.3.3244': attribute type 21 has an invalid length.
[  366.339212][T16300] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3244'.
[  367.295714][T16312] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  367.409582][ T4951] Bluetooth: hci0: command tx timeout
[  368.926488][T16339] netlink: 232 bytes leftover after parsing attributes in process `syz.2.3252'.
[  368.954574][T16341] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3251'.
[  369.007457][T16343] team0: No ports can be present during mode change
[  369.227532][T16083] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  369.242596][T16353] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3256'.
[  369.255681][T16083] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  369.273187][T16083] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.288517][T16083] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  369.479470][ T4951] Bluetooth: hci0: command 0x0401 tx timeout
[  369.516098][T16083] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  369.539640][T16083] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  369.552741][T16083] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.564539][T16083] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  369.605600][T16367] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3258'.
[  369.695383][T16083] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  369.711572][T16083] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  369.737951][T16083] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.790100][T16083] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  369.857384][T16378] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.3262'.
[  369.961857][T16083] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  370.002280][T16083] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0
[  370.019705][T16083] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  370.032784][T16083] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  370.128369][T16390] team0: No ports can be present during mode change
[  370.375342][T16397] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.3267'.
[  370.398300][T16401] set match dimension is over the limit!
[  370.653484][T16414] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3272'.
[  370.761881][T16083] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  370.777065][T16083] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  370.787282][T16083] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  370.799719][T16083] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  370.807919][T16083] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  370.823392][T16083] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  370.857188][T16414] netlink: 'syz.3.3272': attribute type 1 has an invalid length.
[  370.887245][T16414] netlink: 'syz.3.3272': attribute type 2 has an invalid length.
[  370.925152][T16083] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  370.971472][T16083] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  371.206198][T16431] team0: Unable to change to the same mode the team is in
[  371.336281][T16083] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.383459][T16083] 8021q: adding VLAN 0 to HW filter on device team0
[  371.408589][ T3370] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.415907][ T3370] bridge0: port 1(bridge_slave_0) entered forwarding state
[  371.445003][ T3370] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.452273][ T3370] bridge0: port 2(bridge_slave_1) entered forwarding state
[  371.517272][T16432] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3277'.
[  371.958020][T16083] 8021q: adding VLAN 0 to HW filter on device batadv0
[  372.211705][T16083] veth0_vlan: entered promiscuous mode
[  372.232902][T16083] veth1_vlan: entered promiscuous mode
[  372.265446][T16083] veth0_macvtap: entered promiscuous mode
[  372.276660][T16083] veth1_macvtap: entered promiscuous mode
[  372.300424][T16083] batman_adv: batadv0: Interface activated: batadv_slave_0
[  372.315819][T16083] batman_adv: batadv0: Interface activated: batadv_slave_1
[  372.333266][   T35] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.342830][   T35] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.353962][   T35] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.364894][   T35] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  374.088752][T16433] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  374.273487][ T3318] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  374.293650][ T3318] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  374.337498][T16475] netlink: 212360 bytes leftover after parsing attributes in process `syz.3.3283'.
[  374.365504][ T9291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  374.391089][ T9291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  374.407763][T16476] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3283'.
[  374.454577][T16475] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3283'.
[  374.915936][T16505] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.3289'.
[  375.183340][ T5638] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  375.195883][ T5638] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  375.205492][ T5638] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  375.218259][ T5638] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  375.230354][ T5638] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  375.385827][T16532] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  375.513063][T16530] syzkaller1: tun_chr_ioctl cmd 1074025677
[  375.566783][T16530] syzkaller1: linktype set to 823
[  375.634267][T16541] openvswitch: netlink: Key type 30 is not supported
[  375.924063][ T9291] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  375.935456][ T9291] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.015321][ T9291] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  376.027324][ T9291] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.102264][ T9291] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  376.112904][ T9291] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.142227][T16510] lo speed is unknown, defaulting to 1000
[  376.185617][ T9291] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  376.196995][ T9291] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.523552][ T9291] pimreg3: left allmulticast mode
[  376.770173][ T9291] bond8 (unregistering): (slave gretap3): Releasing active interface
[  377.265230][ T9291] bond0 (unregistering): Released all slaves
[  377.276964][ T9291] bond1 (unregistering): Released all slaves
[  377.293283][ T9291] bond2 (unregistering): Released all slaves
[  377.315595][ T9291] bond3 (unregistering): Released all slaves
[  377.322593][ T5638] Bluetooth: hci2: command tx timeout
[  377.341929][ T9291] bond4 (unregistering): Released all slaves
[  377.358012][ T9291] bond5 (unregistering): Released all slaves
[  377.380840][ T9291] bond6 (unregistering): Released all slaves
[  377.405587][ T9291] bond7 (unregistering): Released all slaves
[  377.423604][ T9291] bond8 (unregistering): Released all slaves
[  377.445799][ T9291] bond9 (unregistering): Released all slaves
[  377.461948][ T9291] bond10 (unregistering): Released all slaves
[  377.478130][ T9291] bond11 (unregistering): Released all slaves
[  377.503224][ T9291] bond12 (unregistering): Released all slaves
[  377.520253][ T9291] bond13 (unregistering): Released all slaves
[  377.537027][ T9291] bond14 (unregistering): Released all slaves
[  377.553860][ T9291] bond15 (unregistering): Released all slaves
[  377.704546][ T9291] tipc: Disabling bearer <eth:macvlan1>
[  377.746079][ T9291] tipc: Left network mode
[  377.973607][T16510] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.981688][T16510] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.989597][T16510] bridge_slave_0: entered allmulticast mode
[  377.996991][T16510] bridge_slave_0: entered promiscuous mode
[  378.005819][T16510] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.013952][T16510] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.023446][T16510] bridge_slave_1: entered allmulticast mode
[  378.032316][T16510] bridge_slave_1: entered promiscuous mode
[  378.088509][T16510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  378.102107][T16510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  378.146817][T16510] team0: Port device team_slave_0 added
[  378.155918][T16510] team0: Port device team_slave_1 added
[  378.246353][T16510] batman_adv: batadv0: Adding interface: batadv_slave_0
[  378.253780][T16510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  378.283858][T16524] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  378.294204][T16510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  378.345711][T16510] batman_adv: batadv0: Adding interface: batadv_slave_1
[  378.357441][T16510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  378.395511][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  378.402105][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  378.409480][ T1319] aoe: packet could not be sent on ipvlan1.  consider increasing tx_queue_len
[  378.421429][T16510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  378.682485][T16563] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.3300'.
[  378.787165][T16510] hsr_slave_0: entered promiscuous mode
[  378.827080][T16510] hsr_slave_1: entered promiscuous mode
[  378.856635][T16510] debugfs: 'hsr0' already exists in 'hsr'
[  378.876220][T16510] Cannot create hsr debugfs directory
[  378.893229][T16571] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3299'.
[  379.244933][T16597] openvswitch: netlink: ERSPAN option length err (len 344, max 255).
[  379.399097][ T5638] Bluetooth: hci2: command tx timeout
[  379.431992][T16597] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  379.472179][ T9291] hsr_slave_0: left promiscuous mode
[  379.500525][T16613] netlink: 27 bytes leftover after parsing attributes in process `syz.4.3307'.
[  379.538023][ T9291] hsr_slave_1: left promiscuous mode
[  379.605627][ T9291] veth0_macvtap: left promiscuous mode
[  379.629036][ T9291] veth1_vlan: left promiscuous mode
[  379.649534][ T9291] veth0_vlan: left promiscuous mode
[  379.681954][T16618] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.3308'.
[  379.753148][ T6658] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x6
[  380.066937][ T3318] smc: removing ib device syz2
[  380.391617][ T5297] 8021q: adding VLAN 0 to HW filter on device eth1
[  380.414171][ T5825] ==================================================================
[  380.422383][ T5825] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x5e/0x170
[  380.431196][ T5825] Read of size 8 at addr ffff88802c7a22f0 by task kworker/0:7/5825
[  380.439115][ T5825] 
[  380.441470][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT(full) 
[  380.441494][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  380.441508][ T5825] Workqueue: events smc_ib_port_event_work
[  380.441551][ T5825] Call Trace:
[  380.441559][ T5825]  <TASK>
[  380.441569][ T5825]  dump_stack_lvl+0xe8/0x150
[  380.441593][ T5825]  print_address_description+0x55/0x1e0
[  380.441613][ T5825]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  380.441634][ T5825]  print_report+0x58/0x70
[  380.441670][ T5825]  kasan_report+0x117/0x150
[  380.441689][ T5825]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  380.441717][ T5825]  __ethtool_get_link_ksettings+0x5e/0x170
[  380.441742][ T5825]  ib_get_eth_speed+0x180/0x7f0
[  380.441771][ T5825]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  380.441802][ T5825]  ? do_raw_spin_unlock+0xf5/0x210
[  380.441836][ T5825]  rxe_query_port+0x93/0x3d0
[  380.441863][ T5825]  ib_query_port+0x170/0x830
[  380.441894][ T5825]  smc_ib_port_event_work+0x15a/0x940
[  380.441928][ T5825]  ? process_scheduled_works+0xa70/0x1860
[  380.441948][ T5825]  ? process_scheduled_works+0xa70/0x1860
[  380.441969][ T5825]  process_scheduled_works+0xb5d/0x1860
[  380.442006][ T5825]  ? __pfx_process_scheduled_works+0x10/0x10
[  380.442029][ T5825]  ? assign_work+0x3d5/0x5e0
[  380.442058][ T5825]  worker_thread+0xa53/0xfc0
[  380.442094][ T5825]  kthread+0x389/0x470
[  380.442118][ T5825]  ? __pfx_worker_thread+0x10/0x10
[  380.442138][ T5825]  ? __pfx_kthread+0x10/0x10
[  380.442163][ T5825]  ret_from_fork+0x514/0xb70
[  380.442185][ T5825]  ? __pfx_ret_from_fork+0x10/0x10
[  380.442217][ T5825]  ? __switch_to+0xc79/0x1410
[  380.442246][ T5825]  ? __pfx_kthread+0x10/0x10
[  380.442270][ T5825]  ret_from_fork_asm+0x1a/0x30
[  380.442301][ T5825]  </TASK>
[  380.442308][ T5825] 
[  380.615490][ T5825] Allocated by task 5655:
[  380.619880][ T5825]  kasan_save_track+0x3e/0x80
[  380.624591][ T5825]  __kasan_kmalloc+0x93/0xb0
[  380.629202][ T5825]  __kvmalloc_node_noprof+0x528/0x8a0
[  380.634595][ T5825]  alloc_netdev_mqs+0xa8/0x1210
[  380.639454][ T5825]  rtnl_create_link+0x31f/0xd70
[  380.644317][ T5825]  rtnl_newlink_create+0x277/0xb70
[  380.649451][ T5825]  rtnl_newlink+0x166a/0x1bb0
[  380.654148][ T5825]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  380.659103][ T5825]  netlink_rcv_skb+0x232/0x4b0
[  380.663889][ T5825]  netlink_unicast+0x75c/0x8e0
[  380.668668][ T5825]  netlink_sendmsg+0x813/0xb40
[  380.673459][ T5825]  __sys_sendto+0x672/0x710
[  380.677976][ T5825]  __x64_sys_sendto+0xde/0x100
[  380.682758][ T5825]  do_syscall_64+0x174/0x580
[  380.687367][ T5825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.693268][ T5825] 
[  380.695599][ T5825] Freed by task 9291:
[  380.699585][ T5825]  kasan_save_track+0x3e/0x80
[  380.704291][ T5825]  kasan_save_free_info+0x46/0x50
[  380.709334][ T5825]  __kasan_slab_free+0x5c/0x80
[  380.714123][ T5825]  kfree+0x1c5/0x640
[  380.718035][ T5825]  device_release+0xc4/0x1f0
[  380.722633][ T5825]  kobject_put+0x228/0x560
[  380.727055][ T5825]  netdev_run_todo+0xc75/0xde0
[  380.731831][ T5825]  default_device_exit_batch+0x967/0x9e0
[  380.737496][ T5825]  ops_undo_list+0x52b/0x940
[  380.742105][ T5825]  cleanup_net+0x56b/0x800
[  380.746545][ T5825]  process_scheduled_works+0xb5d/0x1860
[  380.752106][ T5825]  worker_thread+0xa53/0xfc0
[  380.756712][ T5825]  kthread+0x389/0x470
[  380.760800][ T5825]  ret_from_fork+0x514/0xb70
[  380.765403][ T5825]  ret_from_fork_asm+0x1a/0x30
[  380.770183][ T5825] 
[  380.772518][ T5825] The buggy address belongs to the object at ffff88802c7a2000
[  380.772518][ T5825]  which belongs to the cache kmalloc-cg-4k of size 4096
[  380.786843][ T5825] The buggy address is located 752 bytes inside of
[  380.786843][ T5825]  freed 4096-byte region [ffff88802c7a2000, ffff88802c7a3000)
[  380.800748][ T5825] 
[  380.803099][ T5825] The buggy address belongs to the physical page:
[  380.809544][ T5825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c7a0
[  380.818312][ T5825] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  380.826817][ T5825] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  380.834371][ T5825] page_type: f5(slab)
[  380.838369][ T5825] raw: 00fff00000000040 ffff88813fe33500 dead000000000100 dead000000000122
[  380.846961][ T5825] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  380.855559][ T5825] head: 00fff00000000040 ffff88813fe33500 dead000000000100 dead000000000122
[  380.864246][ T5825] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[  380.872929][ T5825] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[  380.881606][ T5825] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  380.890288][ T5825] page dumped because: kasan: bad access detected
[  380.896847][ T5825] page_owner tracks the page as allocated
[  380.902580][ T5825] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5645, tgid 5645 (syz-executor), ts 86343065072, free_ts 53162595639
[  380.925688][ T5825]  post_alloc_hook+0x22d/0x280
[  380.930478][ T5825]  get_page_from_freelist+0x2593/0x2610
[  380.936047][ T5825]  __alloc_frozen_pages_noprof+0x18d/0x380
[  380.941877][ T5825]  allocate_slab+0x77/0x660
[  380.946396][ T5825]  refill_objects+0x339/0x3d0
[  380.951078][ T5825]  __pcs_replace_empty_main+0x321/0x720
[  380.956636][ T5825]  __kvmalloc_node_noprof+0x657/0x8a0
[  380.962028][ T5825]  veth_dev_init+0x368/0x570
[  380.966641][ T5825]  register_netdevice+0x6c6/0x1ec0
[  380.971777][ T5825]  veth_newlink+0x67b/0xb70
[  380.976319][ T5825]  rtnl_newlink_create+0x329/0xb70
[  380.981452][ T5825]  rtnl_newlink+0x166a/0x1bb0
[  380.986150][ T5825]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  380.991112][ T5825]  netlink_rcv_skb+0x232/0x4b0
[  380.995906][ T5825]  netlink_unicast+0x75c/0x8e0
[  381.000791][ T5825]  netlink_sendmsg+0x813/0xb40
[  381.005570][ T5825] page last free pid 5433 tgid 5433 stack trace:
[  381.011896][ T5825]  __free_frozen_pages+0xc1c/0xd30
[  381.017021][ T5825]  __slab_free+0x274/0x2c0
[  381.021456][ T5825]  qlist_free_all+0x99/0x100
[  381.026061][ T5825]  kasan_quarantine_reduce+0x148/0x160
[  381.031530][ T5825]  __kasan_slab_alloc+0x22/0x80
[  381.036399][ T5825]  kmem_cache_alloc_noprof+0x2bc/0x650
[  381.041871][ T5825]  vm_area_dup+0x2b/0x680
[  381.046216][ T5825]  __split_vma+0x1dc/0xa50
[  381.050641][ T5825]  vms_gather_munmap_vmas+0x32d/0x1380
[  381.056107][ T5825]  mmap_region+0x921/0x22a0
[  381.060621][ T5825]  do_mmap+0xc39/0x10c0
[  381.064790][ T5825]  vm_mmap_pgoff+0x2c9/0x4f0
[  381.069392][ T5825]  ksys_mmap_pgoff+0x51e/0x760
[  381.074168][ T5825]  do_syscall_64+0x174/0x580
[  381.078769][ T5825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.084674][ T5825] 
[  381.087005][ T5825] Memory state around the buggy address:
[  381.092649][ T5825]  ffff88802c7a2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  381.100736][ T5825]  ffff88802c7a2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  381.108808][ T5825] >ffff88802c7a2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  381.116876][ T5825]                                                              ^
[  381.124591][ T5825]  ffff88802c7a2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  381.132664][ T5825]  ffff88802c7a2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  381.140737][ T5825] ==================================================================
[  381.207114][ T5825] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  381.214474][ T5825] CPU: 0 UID: 0 PID: 5825 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT(full) 
[  381.223876][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  381.233969][ T5825] Workqueue: events smc_ib_port_event_work
[  381.239828][ T5825] Call Trace:
[  381.243138][ T5825]  <TASK>
[  381.246095][ T5825]  vpanic+0x56c/0xa60
[  381.250246][ T5825]  ? __pfx_vpanic+0x10/0x10
[  381.254788][ T5825]  ? __pfx___schedule+0x10/0x10
[  381.259692][ T5825]  panic+0xc5/0xd0
[  381.263455][ T5825]  ? __pfx_panic+0x10/0x10
[  381.267924][ T5825]  ? preempt_schedule_common+0x82/0xd0
[  381.273424][ T5825]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  381.279425][ T5825]  check_panic_on_warn+0x89/0xb0
[  381.284384][ T5825]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  381.290381][ T5825]  end_report+0x73/0x170
[  381.294650][ T5825]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  381.300655][ T5825]  kasan_report+0x128/0x150
[  381.305186][ T5825]  ? __ethtool_get_link_ksettings+0x5e/0x170
[  381.311190][ T5825]  __ethtool_get_link_ksettings+0x5e/0x170
[  381.317027][ T5825]  ib_get_eth_speed+0x180/0x7f0
[  381.321895][ T5825]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  381.327289][ T5825]  ? do_raw_spin_unlock+0xf5/0x210
[  381.332425][ T5825]  rxe_query_port+0x93/0x3d0
[  381.337035][ T5825]  ib_query_port+0x170/0x830
[  381.341650][ T5825]  smc_ib_port_event_work+0x15a/0x940
[  381.347047][ T5825]  ? process_scheduled_works+0xa70/0x1860
[  381.352778][ T5825]  ? process_scheduled_works+0xa70/0x1860
[  381.358510][ T5825]  process_scheduled_works+0xb5d/0x1860
[  381.364085][ T5825]  ? __pfx_process_scheduled_works+0x10/0x10
[  381.370083][ T5825]  ? assign_work+0x3d5/0x5e0
[  381.374694][ T5825]  worker_thread+0xa53/0xfc0
[  381.379430][ T5825]  kthread+0x389/0x470
[  381.383538][ T5825]  ? __pfx_worker_thread+0x10/0x10
[  381.388678][ T5825]  ? __pfx_kthread+0x10/0x10
[  381.393307][ T5825]  ret_from_fork+0x514/0xb70
[  381.397930][ T5825]  ? __pfx_ret_from_fork+0x10/0x10
[  381.403058][ T5825]  ? __switch_to+0xc79/0x1410
[  381.407762][ T5825]  ? __pfx_kthread+0x10/0x10
[  381.412375][ T5825]  ret_from_fork_asm+0x1a/0x30
[  381.417169][ T5825]  </TASK>
[  381.420837][ T5825] Kernel Offset: disabled
[  381.425168][ T5825] Rebooting in 86400 seconds..