last executing test programs:

7m33.552621042s ago: executing program 0 (id=11247):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000fc0), r0)
sendmsg$NFC_CMD_SE_IO(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001080)={0x24, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x44040}, 0x2400cc84)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001800dd000000000000030000020000000000000600000000060080d3ef9426d910af150003000000"], 0x2c}, 0x1, 0x0, 0x0, 0x811}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_MOVE_RANGE(r6, 0xc020f509, &(0x7f0000000140)={r3, 0x10, 0x6, 0x6})
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="28000200", @ANYRES16=r4, @ANYBLOB="010026bd70000000000001000000000000000b000000000c001473797a3100000000"], 0x6}, 0x1, 0x0, 0x0, 0x48001}, 0x10000000)

7m32.08813037s ago: executing program 0 (id=11249):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket$l2tp(0x2, 0x2, 0x73)
getpeername$l2tp(r1, 0x0, 0x0) (async)
setsockopt$inet_mreqsrc(r1, 0x0, 0x25, &(0x7f0000000100)={@loopback, @multicast1, @private=0xa010102}, 0xc) (async, rerun: 32)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}, @IFLA_GRE_ERSPAN_DIR={0x5}, @IFLA_GRE_OKEY={0x8, 0x18}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x50}}, 0x0) (rerun: 32)

7m31.646610174s ago: executing program 0 (id=11256):
r0 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r2 = openat$cgroup_devices(r1, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB='b *:462', @ANYRESHEX=0x0], 0xa)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8}, @IFLA_GRE_OKEY={0x8}]}}}]}, 0xad}}, 0x0)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000ec0)=@mangle={'mangle\x00', 0x64, 0x6, 0x668, 0x2e0, 0x440, 0x440, 0x2e0, 0x2e0, 0x598, 0x598, 0x598, 0x598, 0x598, 0x6, 0x0, {[{{@ipv6={@empty, @local, [0xffffff00, 0xffffff00, 0xffffff00, 0xffffff00], [0xffffffff, 0xff000000, 0xff, 0xff000000], 'bridge_slave_0\x00', 'dummy0\x00', {0xff}, {}, 0x84, 0x5, 0x6, 0x4c}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}, 0x1}]}, @common=@unspec=@MARK={0x28}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @dev={0xfe, 0x80, '\x00', 0x3a}, [0x0, 0xffffff00, 0x0, 0xff000000], [0xffffff00, 0x0, 0xff, 0xffffffff], 'rose0\x00', 'batadv_slave_0\x00', {}, {}, 0x0, 0xc1, 0x5}, 0x0, 0x120, 0x160, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x3, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4]}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x10, 0x10001, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e21}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x2b}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffff00, 0xee5f356c6f495b18, 0x100fffe00, 0xff], [0x0, 0xff, 0xffffff00, 0xffffff00], 'veth1_macvtap\x00', 'dummy0\x00', {}, {}, 0x1d, 0x6, 0x4, 0x19}, 0x0, 0x118, 0x158, 0x0, {}, [@common=@dst={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}}, @common=@ipv6header={{0x28}, {0x22, 0x2, 0x1}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x9, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6c8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$XFS_IOC_FSGETXATTRA(r5, 0x801c582d, &(0x7f0000000000))
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f0000000440)={<r6=>0x0, 0x5, 0xc})
ioctl$BTRFS_IOC_RESIZE(r4, 0x50009403, &(0x7f0000000040)={{r4}, {@val={r6}, @actul_num={@val=0x2d, 0x80000001, 0x54}}})
sendto$inet6(r5, &(0x7f0000000100)="7800000018002507b9409b14ffff00000204be04020b06050e060909430009003f00064c0a0000000d0085a168d0bf46d32345653600648d0a000500eb16ff3959547f5090587529b2037616ec0fa4f872ba86c902000000004a32000402160009000a0000000000e000e218d1ddf66ed538f25232504c48", 0x78, 0x0, 0x0, 0x0)

7m31.220882877s ago: executing program 0 (id=11263):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$int_in(r0, 0x5421, &(0x7f0000000140)=0xfffffffffffffffe)
r1 = accept4$bt_l2cap(r0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[], 0x20}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$XFS_IOC_PATH_TO_HANDLE(r1, 0xc0385869, &(0x7f0000000500)={r3, &(0x7f00000000c0)='wpan3\x00', 0x4800, &(0x7f00000001c0)={@align=0x9, {0x8, 0x1800, 0xbf}}, 0xff, &(0x7f0000000480)={@_ha_fsid}, &(0x7f00000004c0)=0x6})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r5)
sendmsg$IEEE802154_START_REQ(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="010026bd7040fddbdf250300305206000e"], 0x1c}, 0x1, 0x0, 0x0, 0x20004090}, 0x8040)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000080)={'wpan3\x00', <r7=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000100)={'wpan1\x00', <r8=>0x0})
sendmsg$IEEE802154_LLSEC_GETPARAMS(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000427bd7000ffdbdf25240000000a0001007770616e330000000a0001007770616e3400000008000200", @ANYRES32=r7, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="0a0001007770616e310000000a0001007770616e3100000008000200", @ANYRES32=r8, @ANYBLOB="f85c4ec4ae1af5b96b81e5606cbadde0927802dc88e550a9027c2bdee9fc97e8d53ff60088be0e300adca2c617cf879c32076c094b159e15a6f8ea8bfd87e3b707605f5109e1459806cd733627ea1d79203643082826c9ab557d29f510221ceb8e7c15613a5d594210ad9745ff54f4c06ae4604161cfedd0e5bf0d6d7f730fd5ecce723f598de239dc5ae387ab27a3f9d4adce472e2fa7aa09e1aa5bb2253b41471e6babf4ebea91a1486ff30a64f1c1f8a9e0c8545f5240747a6854cb6ee51106a0dc11cbbf25f7d04292750dbe25ecdbbcc226b027e97a4e154f90053936355cd14d18576102677f25d5a9b425541f78"], 0x5c}}, 0x815)

7m30.830560125s ago: executing program 0 (id=11274):
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0xa, 0x0, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r1, 0x89e3, &(0x7f0000000140)={0x5e, 0x0, 0xa, 0x400000b, 0x36, 0x81})
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r2, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r2, 0xfff)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x5}, 0x8)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r4)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01400000000000000000067400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000e6ff06000700263a3a0914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)

7m29.731753426s ago: executing program 0 (id=11285):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000002c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x100000}}, 0x40)

7m14.66582325s ago: executing program 32 (id=11285):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000002c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x100000}}, 0x40)

4.231660831s ago: executing program 3 (id=16266):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) (async)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @remote, 0x9}, 0x1c)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@newqdisc={0x7c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x1ff}}, @TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9a, 0x7, 0x800, 0x1, 0x1, 0x4, 0x5}}, {0x4}}, {{0x1c, 0x1, {0xe, 0x8, 0xfffa, 0x7f, 0x2, 0xdaf, 0x6, 0x80000}}, {0x4}}]}]}, 0x7c}}, 0x0)
socket(0x400000000010, 0x3, 0x0) (async)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000036c0)=@newtfilter={0x90, 0x2c, 0xf35, 0x70bd23, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x2400}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_basic={{0xa}, {0x58, 0x2, [@TCA_BASIC_ACT={0x54, 0x3, [@m_simple={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x100, 0xd, 0xa, 0xffff, 0x7ff}}, @TCA_DEF_DATA={0x6, 0x3, '\xff\xff'}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0xff}}]}, 0x90}, 0x1, 0x0, 0x0, 0x440}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f00000002c0)={'ip6tnl0\x00', <r5=>0x0, 0x4, 0x38, 0xa, 0xb, 0x2a, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x10, 0x8, 0x7, 0x10}})
socket$nl_route(0x10, 0x3, 0x0) (async)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x523, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x21b4b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) (async)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x523, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x21b4b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
r8 = socket$netlink(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0) (async)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r10, {0xffe0}, {0x8}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0xc, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x1], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r11 = socket(0x10, 0x3, 0x0)
r12 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x17, 0x2, {{0xffff0000, 0x80000001, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0x4, 0x9, 0x80000001, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x5, 0x6739, 0x3}}}}]}, 0x78}}, 0x0) (async)
sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x17, 0x2, {{0xffff0000, 0x80000001, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0x4, 0x9, 0x80000001, 0x8, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x5, 0x6739, 0x3}}}}]}, 0x78}}, 0x0)
r14 = socket(0x10, 0x803, 0x0)
r15 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r15, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r16=>0x0})
sendmsg$nl_route_sched(r14, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r16, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) (async)
sendmsg$nl_route_sched(r14, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r16, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r14, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r16, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0x913fdc377908132b, 0x4}}]}}]}, 0x7c}}, 0x24040084) (async)
sendmsg$nl_route_sched(r14, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r16, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x1, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa, [{0x200, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0x913fdc377908132b, 0x4}}]}}]}, 0x7c}}, 0x24040084)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000004c0)={<r17=>0x0, @remote, @multicast2}, &(0x7f0000000500)=0xc)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000780)={&(0x7f0000000540)={0x218, 0x0, 0x500, 0x70bd27, 0x25dfdbff, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}]}]}, 0x218}, 0x1, 0x0, 0x0, 0x4}, 0x1)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000200)="7ff52214ebc9b6452bbe4774a3133f", 0xf}], 0x1}}], 0x1, 0x4000000) (async)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000200)="7ff52214ebc9b6452bbe4774a3133f", 0xf}], 0x1}}], 0x1, 0x4000000)

3.685269553s ago: executing program 3 (id=16270):
r0 = socket(0x2, 0x2, 0x1)
bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-neonbs\x00'}, 0x58)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={0x0, {0x2, 0x4e20, @local}, {0x2, 0x4e23, @broadcast}, {0x2, 0x4e24, @multicast1}, 0x380, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000080)='veth1\x00', 0x40, 0xffffffff80000001, 0x1})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)={0x54, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x54}}, 0x0)

3.524316756s ago: executing program 3 (id=16272):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x9c}}, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2}}, @func_proto]}}, 0x0, 0x3e}, 0x20) (async)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x2, 0x200000}})

3.523558599s ago: executing program 2 (id=16273):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000400000000010000000900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d657461000000001400028008000140000000120800024000000020"], 0xd8}, 0x1, 0x0, 0x0, 0x4880}, 0x0)

3.444623417s ago: executing program 3 (id=16274):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x800, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'pimreg\x00', 0x2})
socket$igmp(0x2, 0x3, 0x2) (async)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0xc, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, 0x10)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) (async)
bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000005c00)=[{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000002c0)="4bf02b7a7621598c6d2fcdeff42762d1c52427d4fdf8058c01e48b54dc8dc18b4bab651ee9a024c4a12b7a790bc57837c93de1f85a2017ed21f04af5b013d5171d346873d06f02a55d6e2e94f0e4b3698f6fe8c882a46d3b", 0x58}, {&(0x7f0000000480)="89c0e5e7bd1dbaa010853528", 0xc}], 0x2, &(0x7f0000002500)=ANY=[], 0x210, 0x40}], 0x1, 0x4000) (async)
sendmmsg$alg(r5, &(0x7f0000005c00)=[{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000002c0)="4bf02b7a7621598c6d2fcdeff42762d1c52427d4fdf8058c01e48b54dc8dc18b4bab651ee9a024c4a12b7a790bc57837c93de1f85a2017ed21f04af5b013d5171d346873d06f02a55d6e2e94f0e4b3698f6fe8c882a46d3b", 0x58}, {&(0x7f0000000480)="89c0e5e7bd1dbaa010853528", 0xc}], 0x2, &(0x7f0000002500)=ANY=[], 0x210, 0x40}], 0x1, 0x4000)
socket(0x10, 0x3, 0x2) (async)
r6 = socket(0x10, 0x3, 0x2)
bind$netlink(r6, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
close(0x3) (async)
close(0x3)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r7, &(0x7f0000002240)={&(0x7f0000000080)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000002200)=[{&(0x7f0000000180)=""/105, 0x69}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000000100)=""/19, 0x13}, {&(0x7f0000001200)=""/4096, 0x1000}], 0x4}, 0x40002000) (async)
recvmsg(r7, &(0x7f0000002240)={&(0x7f0000000080)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80, &(0x7f0000002200)=[{&(0x7f0000000180)=""/105, 0x69}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000000100)=""/19, 0x13}, {&(0x7f0000001200)=""/4096, 0x1000}], 0x4}, 0x40002000)
write$cgroup_pid(r1, &(0x7f0000000140), 0x12)

3.256416917s ago: executing program 2 (id=16278):
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$cgroup_int(r0, &(0x7f0000000140)=0xffffffffffffffff, 0x12)
write$cgroup_subtree(r0, 0x0, 0x12)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x2c, &(0x7f0000000100), 0x4)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000840), 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000a0000000060a010400000000000000000100000008000b400000000078000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000400001800c00010062697477697365003000028008000340000000040800014000000014080002400000001208000580040001000c000480080001006eee7e000900010073797a30"], 0x114}}, 0x800)

3.171769193s ago: executing program 2 (id=16280):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB="0200000000000cf82a6f4a832a086b23", @ANYRES8=r0, @ANYBLOB="01000000000001000000080000000c000280040001000400038018000180140002006970766c616e31000000000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x20000054}, 0x50)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r2 = gettid()
syz_open_procfs$namespace(r2, &(0x7f0000000000)='ns/uts\x00')
syz_open_procfs$namespace(r2, &(0x7f0000000100)='ns/net\x00')
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000140)={0x34, r3, 0x1, 0x70bd27, 0x805, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'wlan0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000810}, 0x440c0)
sendmsg$SMC_PNETID_ADD(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r3, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'macsec0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'dummy0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x4040000)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="1400000023004d012cbd7000f9ffffff02000000"], 0x14}, 0x1, 0x0, 0x0, 0x1000c957}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e22, @empty}], 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x4008014)
listen(r6, 0x3)
sendmsg$inet6(r6, &(0x7f0000001dc0)={&(0x7f0000000840)={0xa, 0x4e22, 0x906, @loopback, 0x7}, 0x1c, &(0x7f0000001d40)=[{&(0x7f0000000880)="fa", 0x1}], 0x1, 0x0, 0x33}, 0x40085)
r8 = socket$netlink(0x10, 0x3, 0x4)
writev(0xffffffffffffffff, &(0x7f00000008c0)=[{&(0x7f0000000380)="d6c08d", 0x3}], 0x1)
writev(r8, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600004e22590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x14, r1, 0xb15, 0x70bd2a, 0x25dfdbfd}, 0x5c}, 0x1, 0x0, 0x0, 0x10041}, 0x4)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)

3.034922686s ago: executing program 2 (id=16283):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x7, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}}, 0x8004)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, 0x0, &(0x7f0000000580)="004f28528714f2dfa69abbd8f2aef5138cdc4ed99544d356947c5317ec121817bfa4012e5fcee694f38ec49bbf652c0d2c67368b2046e8f939452aff4c1670376e55940ba803654348", 0x0}, 0x50)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000100)=0xb, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
r3 = socket(0x2, 0x80805, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x7fffd, 0x8, 0x0, 0x1}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000280)={r4, 0x0, 0x0}, 0x20)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r5=>0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000540), r3)
sendmsg$L2TP_CMD_SESSION_CREATE(r3, &(0x7f0000000800)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x54, r6, 0x800, 0x70bd26, 0x25dfdbfd, {}, [@L2TP_ATTR_IFNAME={0x14, 0x8, 'rose0\x00'}, @L2TP_ATTR_MTU={0x6, 0x1c, 0xff}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x26}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x100}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_SESSION_ID={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x44)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x2, 0x9, 0x100, @void}}}}}}}, 0x0)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r8, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x16}, 0x3}, {{0x0, 0x0, 0x0}, 0xa1}], 0x40000000000020a, 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r3, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYRES8=r5], 0x134}, 0x1, 0x0, 0x0, 0x4094}, 0x4021)
socket$nl_generic(0x10, 0x3, 0x10)

1.933049986s ago: executing program 2 (id=16294):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0xfff1, 0xfff3}, {}, {0x3, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8100}, @TCA_FLOWER_KEY_VLAN_ID={0x6, 0x17, 0x91d}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000810}, 0x20084084)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x6}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000340)=ANY=[@ANYBLOB="050000000000000071119e00000000008510000002000000850000007d00000095000000000000009500a5050000000082380a6c16cb23efcad64db91e674db95df8d0896824cb2691d06528024707d13584c797578afdc601c7f4a6f818b7f25410420f86e4b78db803197e79375fd430e64a4ed0ec3494217ffe488acb70e2fc2a3ed88e4e93d3"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

1.853783722s ago: executing program 4 (id=16295):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000100)={r1, 0x1000, 0x5, "caa5a27a"})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="eba70082528dd99cde06d0518bf1cb98af62126d28", @ANYRES16=r4, @ANYBLOB="01000000000000000000100000001800018014000200766574683000"/38], 0x2c}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x16}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
getpeername$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000400)=0x1c)
socket$rds(0x15, 0x5, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r5 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240)=0x10)
setsockopt$PNPIPE_HANDLE(r5, 0x113, 0x3, &(0x7f00000002c0)=0x6, 0x4)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_netprio_ifpriomap(r6, &(0x7f0000000040), 0x2, 0x0)
pipe(&(0x7f00000000c0))
write$cgroup_netprio_ifpriomap(r7, &(0x7f0000000080)=ANY=[@ANYRES16=r7], 0xa)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x90)

1.797243138s ago: executing program 3 (id=16296):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61103400000000006113380000000000bfa00000000000000700000008ffffffd50301001874004095000600000000006916000000000000bf67000000000000360607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c000000000000000000"], 0x610)
socket(0x1f, 0x6f05159ae9b0dc68, 0x9)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4004090)

1.668844992s ago: executing program 3 (id=16299):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000c80)={'veth0_to_batadv\x00'})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vxcan1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810)

1.668614952s ago: executing program 2 (id=16300):
socket$inet(0x2, 0x4000000000000001, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)) (async)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) (async)
sendmsg$tipc(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@initdev}, &(0x7f0000000180)=0x14) (async)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@initdev, <r2=>0x0}, &(0x7f0000000180)=0x14)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82004000000", @ANYRES32=r3, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280), 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x4, '\x00', r2, r4, 0x4, 0x3, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50)

1.412619989s ago: executing program 1 (id=16303):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x88, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x68, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0x2, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8}, {0x8}]}}, @AF_INET6={0x4}]}]}, 0x88}}, 0x0)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="4600010002"], 0x8) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x10448) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x3a, 0x1, 0x70bd25, 0x25dfdbf8, {0xb}}, 0x14}}, 0x4000000) (async)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="700000004d00000200"/20, @ANYRES32=0x0, @ANYBLOB="000002000c040100050027000000000008000500", @ANYRES32=r2, @ANYBLOB="0a000200ffffffffffff000024000e00020000000000000002000000000000000300000000000000020008050000000008001c00", @ANYRES32=r4, @ANYBLOB="0500100000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4800}, 0x0)

1.292502564s ago: executing program 1 (id=16305):
r0 = socket(0x10, 0x3, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'vlan0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x12, 0x10000000, 0x1, 0x7}}]}}]}, 0x44}}, 0x0) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600) (async)
r4 = socket$kcm(0x23, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x541b, &(0x7f0000000440)) (async)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) (async)
getsockopt$IP_VS_SO_GET_VERSION(r5, 0x0, 0x480, &(0x7f0000000080), &(0x7f00000000c0)=0x40) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_MSG_GETTABLE(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x20, 0x1, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_TABLE_NAME={0xfffffffffffffe8b, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24004000}, 0x40000)

1.084907985s ago: executing program 1 (id=16307):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYRES8=r0, @ANYRES32=r0, @ANYBLOB="01000000000002000000010000001c000180080003000a01010105000200bf000000080006000600000069043d8a88a546be591198e536aede059e20dae888b3c6326693b955520ee31f2541c877f465354db1167aaed9e19eb3b9422eae02195f4f1ad4ecdbcca5d90709aa975936a605186ceb5f37d51b0b984e3a4b2113b17e378f8bb13343db6d837f208bc333305c090fe1d8a915bdc28486f432a6b17446dfa6d60c53e9c4d1c0d508584f380f2b7b3035ac1a591e11578cc12392a35fb097ca0d52cb17330246a26f1a5dadb5a8e9ea8bea0ff21ae6b80efb73d08b8fff20d870c2c270c007faa37545546b65d1214633049c9705"], 0x30}}, 0x4004811)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[], 0x30}}, 0x0)

1.007260896s ago: executing program 1 (id=16308):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0xfffff000) (async)
mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x2000)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8, 0x11, r0, 0xfab16000)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xd6501, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
write$tun(r3, &(0x7f0000000040)={@val={0x6f01, 0x800}, @val={0x2, 0x4, 0x6, 0x6, 0x6, 0x81}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x1, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x8, 0x1, 0xfe, 0x0, 0x18, {[@timestamp={0x5, 0xa, 0xfffd, 0x88000}]}}}}}}, 0x42) (async)
r5 = socket(0x1d, 0x2, 0x6) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a0b0400000000000000000200000058000480540001800a0001006d617463680000004400028008000240000000002c00030026ad3dc548f0d8e54d23edfcbe6d55b57cb15e63c10080000000000000abc3d6ce2316334e8278ad0a0001006c696d69740000000900010073797a30000000000900020073797a32"], 0xac}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800) (async, rerun: 64)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5800000010000104000002000000000000000000", @ANYRES8=0x0, @ANYRES32=r4, @ANYRES16=r6], 0x58}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) (async, rerun: 64)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$bt_hci_HCI_TIME_STAMP(r5, 0x0, 0x3, 0x0, 0x0)

876.875324ms ago: executing program 4 (id=16309):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe8000000000"], 0x340a)

720.125872ms ago: executing program 5 (id=16310):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61103400000000006113380000000000bfa00000000000000700000008ffffffd50301001874004095000600000000006916000000000000bf67000000000000360607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c000000000000000000"], 0x610)
socket(0x1f, 0x6f05159ae9b0dc68, 0x9)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4004090)

685.994945ms ago: executing program 1 (id=16311):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x3e}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x2}, 0x0)
r2 = socket(0x10, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010000000000000000000a000000"], 0x14}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000280)={'gretap0\x00', &(0x7f0000000700)={'syztnl1\x00', <r4=>0x0, 0x7800, 0x1, 0x0, 0x2, {{0x2d, 0x4, 0x2, 0x6, 0xb4, 0x68, 0x0, 0x9f, 0x2f, 0x0, @loopback, @private=0xa010100, {[@rr={0x7, 0xb, 0xcb, [@remote, @multicast1]}, @end, @timestamp_addr={0x44, 0xc, 0x89, 0x1, 0x1, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x5}]}, @timestamp_addr={0x44, 0x34, 0xbb, 0x1, 0xa, [{@multicast2, 0x3}, {@private=0xa010102, 0xa}, {@multicast2, 0x9}, {@loopback, 0x8}, {@private=0xa010101, 0x2}, {@empty}]}, @timestamp_addr={0x44, 0x3c, 0x6f, 0x1, 0x4, [{@loopback, 0x4}, {@remote, 0x80000001}, {@local, 0x2}, {@multicast1, 0x101}, {@rand_addr=0x64010100, 0x101}, {@loopback, 0x9}, {@loopback, 0x2}]}, @lsrr={0x83, 0x7, 0xd7, [@multicast1]}, @rr={0x7, 0xf, 0x43, [@local, @loopback, @local]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000600)={'syztnl0\x00', r4, 0x4, 0x8, 0x7, 0x1, 0x20, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x0, 0x128, 0x8c}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYRES8=0x0, @ANYBLOB="3fb702f113f450fdd854729c645d5cfb9e169d6c7a7d89d1fe7f6a248e", @ANYBLOB="0000000009000104626f6c6400000000100002800b00000008004300011ecb5bb947716d690df810d40c48f320886436f93ff0d38048afdbd7d44b3ed9cbcf7ab57a73407ad260074577bdb9a2e01404248184f2c0be5604fa70ac269dc25a8cfc745acb41f28c577ba175c94d7ad54bc4c74ea21582660b440532a56c0b20baa38987ba9870da0c7f96dd637a2871603b786cc91119518aa951b390dc273efb224ade84d992898e9f944721860afcc19ff24e9014b450eb465154ad2a3a86ad3c74f829336a0dde393467bdff2f6529d24de5f09b6fd1b2936b181eebfed5e42ee8660bdadd11d2a2ae479d66d762b93d9063501952458545906ab6c4f2f5b752859f56", @ANYRES32=0x0, @ANYRESDEC=r0, @ANYRESDEC=r0, @ANYRES32=r0], 0x48}, 0x1, 0x0, 0x0, 0x400d}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4000000000000007b108a000000000004000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000140)='cgroup.kill\x00', 0x275a, 0x0)
write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12)
pipe(&(0x7f0000000140)={<r7=>0xffffffffffffffff})
socket$nl_rdma(0x10, 0x3, 0x14)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r8, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r8, 0x84, 0x17, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYBLOB="a0"], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r8, 0x84, 0x18, &(0x7f0000000300), 0x8)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x38}}, 0x0)
syz_emit_ethernet(0x1e, &(0x7f00000006c0)={@broadcast, @empty, @void, {@can={0xc, {{0x2, 0x0, 0x0, 0x1}, 0x5, 0x3, 0x0, 0x0, "f7b2d19f735caaf9"}}}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000180)={<r9=>0x0, @in6={{0xa, 0x4e21, 0x3, @mcast1, 0x6}}, 0xffffffff, 0x8000, 0x2, 0xea9, 0x4095cbf6f0563e3d, 0x10000, 0x9}, &(0x7f0000000040)=0x9c)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000100)={r9, 0x10, &(0x7f00000000c0)=[@in={0x2, 0x4e21, @multicast2}]}, &(0x7f0000000240)=0x10)

652.175356ms ago: executing program 5 (id=16312):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000010c0)={r0}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x18, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000eaffffff000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000002d000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000c00000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

635.656918ms ago: executing program 4 (id=16313):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000002100010000000000000000000a000000000000000000000008001b"], 0x24}}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000440)=@filter={'filter\x00', 0x4, 0x4, 0x370, 0xffffffff, 0xe8, 0xe8, 0x0, 0xfeffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x1f}, @loopback, [0xffffffff, 0xffffff00, 0xffffffff, 0xffffff00], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffff00], 'wlan1\x00', 'sit0\x00', {}, {0xff}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [0x0, 0x0, 0x0, 0xffffff00], [0x0, 0x0, 0xff000000, 0x1ffffff01], 'sit0\x00', 'batadv_slave_1\x00', {0xff}, {}, 0x34}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x5, {0x2000010}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYRES64=r0], 0xf8}, 0x1, 0x0, 0x0, 0x81}, 0x0)
socket$packet(0x11, 0x2, 0x300)

451.6661ms ago: executing program 5 (id=16314):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={<r4=>0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x5}]}, &(0x7f00000000c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=r4, &(0x7f0000000180)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2000000}, 0x48)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x5, [@func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0xc, 0x4}, {0xa}, {0x3}, {0x3}, {0x2}]}]}, {0x0, [0x5f, 0x61, 0x61]}}, &(0x7f0000000180)=""/220, 0x51, 0xdc, 0x1}, 0x20)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x5, 0x4}, {}, {0xffe0, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x38, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x9200}, @TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x9, 0x7, 0x1}, {{0x2, 0x1, 0x1, 0x1}, {0x3, 0x0, 0x1}}}}]}]}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0xc010)

451.187502ms ago: executing program 4 (id=16315):
r0 = socket$netlink(0x10, 0x3, 0x0) (async)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8) (async)
r2 = socket(0x1, 0x80802, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'veth0_to_batadv\x00', <r3=>0x0}) (async)
r4 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r4, &(0x7f00000001c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) (async)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) (async)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0xffff, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}, @multicast2}, "d33cffd98794e48a"}}}}}, 0x0) (async)
getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r6, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) (async)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0x503, 0x0, 0x703, {0x0, 0x0, 0x0, 0x0, 0x40220, 0x1006}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_PRIORITY={0x6, 0x6, 0x8001}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x440b0) (async)
socket$kcm(0xa, 0x3, 0x87) (async, rerun: 64)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (rerun: 64)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000000000000000000000020000850000008c000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$kcm(0x2, 0xa, 0x2) (async, rerun: 64)
r9 = socket$netlink(0x10, 0x3, 0x9) (rerun: 64)
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000001380)={'veth0\x00', &(0x7f0000001340)=@ethtool_cmd={0x18, 0x1ff, 0xffff38ce, 0x5, 0x9, 0x7f, 0x2, 0x3, 0x3, 0x3, 0x9, 0x2, 0x6, 0xb4, 0x3, 0x6, [0x9, 0x1]}}) (async)
pselect6(0x40, &(0x7f0000000040)={0x7, 0x100000000, 0x100000000000000, 0x1, 0xfdb1, 0xc, 0x288100000400000b, 0x6}, 0x0, 0x0, 0x0, 0x0) (async)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd010000000000140000006000000003088700fe88a43de1a400000000000000007d01ff020000000000000000000000000001"], 0xfdef) (async, rerun: 64)
socket$nl_rdma(0x10, 0x3, 0x14) (rerun: 64)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYRES8=r9], 0x20}}, 0x0) (async)
sendto$unix(r2, &(0x7f00000002c0)="4c44eec948f21cf0a148c623906370f924d55c0584241cb5bfb60b5fc327ea00ddc676277cfd2bb3200d5ebfc3f38e8854d609d7b9ede9caf0189dc9c0275e5cbc216ec9c382075cc7cd0a7ffc051525907e70bd131745e798f4f238db63ec9f3725a4", 0x63, 0x0, &(0x7f0000000400)=@abs={0x1, 0x0, 0x4e23}, 0x6e)

443.529218ms ago: executing program 1 (id=16316):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f903", 0x11}], 0x1}, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000034000000030a010200000000000000000100fffc0900030073790900000000000900010073797a30006d29b8dc000a40000000042c000000080a01080000000000000000010000000900020073797a32000000000900010073797a30"], 0xa8}}, 0x0)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r5], 0x1c}}, 0x4008054)
write$nci(r1, &(0x7f0000000240)=ANY=[@ANYBLOB='p\x00\t'], 0xc)
write$nci(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="5001"], 0x14)
unshare(0x20400)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="3c0000001000674b0400000000fcdbdf257a0000002f81a7c1ed9db0959f90bf41d01f81a74bed5a7e8564a402119326e67a59396461ee41e523de47e62c55ee6d1d08ceed5077926aefdb987dcfb9075b29477cdbe93153f11bc4f800084fb2d71cf7fa56ef86b13ae198263486e6d801f4dfcf39a4cb882b03b9acdf8cc0167d4d3e4fb0cc66476a591792d9b9aea1cdd532fa66443954f8a1ead285706e4af9d8695765669d935f5b49d6e7aa736c387969387e47ed3b454a99fce9b20fc2aa9d36edd3be237d4a9b5bb76e3f0259bf22f6d9b65d5450240a4bd0c9bb52969024e65f1875fb41964872458d51aeedabc36b3289f9525f645dba715d85a6d2e7", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c0002800800080088a8ffff"], 0x3c}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r7)
sendmsg$TIPC_NL_PEER_REMOVE(r7, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000180)={0x2c, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xdf3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x200}]}]}, 0x2c}}, 0x4048804)
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r6)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r7, &(0x7f0000000540)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r9, 0x800, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xb8}]}, 0x24}}, 0x0)
setsockopt$MRT6_FLUSH(r6, 0x29, 0xd4, &(0x7f0000000680)=0x8, 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{0xffffffffffffffff, <r10=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)='%+9llu \x00'}, 0x20)
sendmsg$IPSET_CMD_PROTOCOL(r6, &(0x7f0000000640)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20844860}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, 0x1, 0x6, 0x301, 0x0, 0x0, {0x3, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f00000003c0)={'syztnl1\x00', &(0x7f00000006c0)={'tunl0\x00', <r11=>0x0, 0x8000, 0x10, 0x6, 0x0, {{0x13, 0x4, 0x1, 0x33, 0x4c, 0x64, 0x0, 0x60, 0x4, 0x0, @multicast1, @multicast1, {[@rr={0x7, 0xb, 0x96, [@broadcast, @empty]}, @cipso={0x86, 0x2b, 0x3, [{0x7, 0x6, "58ec0869"}, {0x2, 0xf, "7074f055b57e12236b42dec220"}, {0x4, 0x4, "17af"}, {0x1, 0x4, "bbd9"}, {0x6, 0x8, "8405ebbadbf2"}]}]}}}}})
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x40, 0xfffff801, 0x380000, 0x40008, r10, 0x7ff, '\x00', r11, 0xffffffffffffffff, 0x0, 0x1, 0x1, 0xb}, 0x50)

356.793693ms ago: executing program 4 (id=16317):
r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)={'raw\x00', 0x0, [0x0, 0x401, 0xffffffff, 0x2, 0x5]}, 0x0)
setsockopt$MRT6_DEL_MFC(r0, 0x29, 0xcd, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @rand_addr, 0x3}, 0x1c)
r1 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f0000000040)=0x800000001, 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x4008800, &(0x7f0000000180)={0xa, 0x4e23, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0xffffffff}, 0x1c)
sendto$inet6(r1, &(0x7f00000001c0)='~', 0x1, 0x40000, 0x0, 0x0)
pselect6(0x40, &(0x7f00000002c0)={0x0, 0xfffffffffffffff9, 0x0, 0x3, 0x800, 0x0, 0x8000001000000000, 0x20000000}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x1, 0x2, 0x0, 0x9e22, 0x0, 0x9b}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

192.267418ms ago: executing program 5 (id=16318):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r1=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000240)={r1, 0x2}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket(0x2, 0x80805, 0x0) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8) (async)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000240)={r1, 0x2}, 0x8) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)

192.00609ms ago: executing program 4 (id=16319):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x0, 0x1, 0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x74, &(0x7f0000000500)={r2, 0x20, 0x30, 0x1, 0x4}, &(0x7f00000005c0)=0x18)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x2, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000006ec25a2698d283000000bf090000000000005509010000000000950000000000000085100000f5ffffffbf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x20, r3, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x841}, 0x0)

129.572597ms ago: executing program 5 (id=16320):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000004800)={0x0, 0x0, &(0x7f00000047c0)={&(0x7f0000004c40)=ANY=[@ANYBLOB="1400000010000100000000f5000004000a00000a840000000b0a0500000000000000000003000006640009806000028014000180080001400000000008000140000000801c0001800800014000000001080001400000000708000140000008002c0001800800014000000008f0ff0140000000000800014000000009080001400000000908000140000000000900010073797a300000000028000000090a010400000000000000000a0000090c000b18a4b1f30000000001080003400000008c2c000000030a01020000000000000000010000040900030073797a32000000000c000240000000000000000340000000030a01030000fffffffb000003000008080007006e6174000c0004800800024036a30bdf0a000700726f7574650000000900010073797a3100000000340000000c0a010800000000000000000300000408000440000000030900020077797a32000000000900010073797a31000000008c010000160a030000000000000000000a000008b80003800800024000000008a400038014000400000063766630000000000000000000001400010076657468305f766c616e00000000000014000100776730000000000000000000000000001400010067726574617030000000000000000000140001006d616373656330000000000000000000140001007866726d300000000000000000000000140001006e69637666300000000000000000000014"], 0x3d8}, 0x1, 0x0, 0x0, 0x10}, 0xc000)

0s ago: executing program 5 (id=16321):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r3, 0x890b, &(0x7f0000000300)={0x7ffffffe, @null, @bpq0, 0x9, 'syz1\x00', @null, 0x82e, 0x2, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]})
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r7, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000001c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r8, r7}, 0x14)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1006}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0)

kernel console output (not intermixed with test programs):

uration, please check.
[ 1090.628719][T13672] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1091.155762][T13691] netlink: 'syz.5.14732': attribute type 1 has an invalid length.
[ 1091.302981][T13703] netlink: 16 bytes leftover after parsing attributes in process `syz.5.14732'.
[ 1091.437501][T13710] netlink: 'syz.2.14735': attribute type 63 has an invalid length.
[ 1091.660281][T13723] openvswitch: netlink: IP tunnel dst address not specified
[ 1091.722833][T13726] netlink: 'syz.1.14738': attribute type 61 has an invalid length.
[ 1091.745558][T13723] netlink: 24 bytes leftover after parsing attributes in process `syz.5.14739'.
[ 1091.816799][T13736] syzkaller0: entered promiscuous mode
[ 1091.834587][T13736] syzkaller0: entered allmulticast mode
[ 1091.959437][T13748] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14746'.
[ 1092.164252][T13746] veth1_to_bond: entered allmulticast mode
[ 1092.186110][T13739] veth1_to_bond: left allmulticast mode
[ 1092.612806][T13778] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1092.852556][T13795] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14760'.
[ 1092.981552][T13798] syzkaller0: entered promiscuous mode
[ 1093.003354][T13798] syzkaller0: entered allmulticast mode
[ 1093.015196][T13804] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1093.560175][T13839] xt_hashlimit: size too large, truncated to 1048576
[ 1095.880074][T13831] syzkaller0: entered promiscuous mode
[ 1095.887050][T13831] syzkaller0: entered allmulticast mode
[ 1095.897618][T13849] netlink: 64 bytes leftover after parsing attributes in process `syz.5.14772'.
[ 1095.932197][T13849] netlink: 64 bytes leftover after parsing attributes in process `syz.5.14772'.
[ 1096.028599][T13867] pim6reg: entered allmulticast mode
[ 1096.334080][T13880] only policy match revision 0 supported
[ 1096.334105][T13880] unable to load match
[ 1096.405093][T13894] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14784'.
[ 1096.501130][T13893] syzkaller0: entered promiscuous mode
[ 1096.510470][T13893] syzkaller0: entered allmulticast mode
[ 1096.519668][T13897] netlink: 'syz.5.14787': attribute type 12 has an invalid length.
[ 1096.528201][T13897] netlink: 'syz.5.14787': attribute type 29 has an invalid length.
[ 1096.541289][T13897] netlink: 148 bytes leftover after parsing attributes in process `syz.5.14787'.
[ 1096.552956][T13897] netlink: 59 bytes leftover after parsing attributes in process `syz.5.14787'.
[ 1096.808507][T13907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14791'.
[ 1096.828239][T13907] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1096.854939][T13911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14791'.
[ 1096.890838][T13911] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1097.708125][T23778] lec:lec_start_xmit: lec0:No lecd attached
[ 1099.207782][T13921] netlink: 'syz.1.14794': attribute type 12 has an invalid length.
[ 1099.216275][T13921] netlink: 'syz.1.14794': attribute type 29 has an invalid length.
[ 1099.224920][T13921] netlink: 148 bytes leftover after parsing attributes in process `syz.1.14794'.
[ 1099.244177][T13921] netlink: 59 bytes leftover after parsing attributes in process `syz.1.14794'.
[ 1099.761389][T13972] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14816'.
[ 1099.802091][T13965] syzkaller0: entered promiscuous mode
[ 1099.810901][T13965] syzkaller0: entered allmulticast mode
[ 1102.932135][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5220 ms
[ 1102.940964][    C1] lec:lec_tx_timeout: lec0
[ 1103.057670][T14024] Cannot find set identified by id 1 to match
[ 1103.296817][T14034] netlink: 'syz.1.14832': attribute type 1 has an invalid length.
[ 1103.324859][T14034] __nla_validate_parse: 2 callbacks suppressed
[ 1103.324881][T14034] netlink: 224 bytes leftover after parsing attributes in process `syz.1.14832'.
[ 1103.327467][T14039] openvswitch: netlink: IP tunnel dst address not specified
[ 1103.362698][T14034] sctp: [Deprecated]: syz.1.14832 (pid 14034) Use of int in max_burst socket option.
[ 1103.362698][T14034] Use struct sctp_assoc_value instead
[ 1103.437356][T14035] syzkaller0: entered promiscuous mode
[ 1103.443081][T14035] syzkaller0: entered allmulticast mode
[ 1103.516565][T14048] netlink: 4 bytes leftover after parsing attributes in process `syz.5.14837'.
[ 1103.551722][T14052] FAULT_INJECTION: forcing a failure.
[ 1103.551722][T14052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1103.567075][T14052] CPU: 0 UID: 0 PID: 14052 Comm: syz.1.14839 Not tainted syzkaller #0 PREEMPT(full) 
[ 1103.567107][T14052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1103.567121][T14052] Call Trace:
[ 1103.567130][T14052]  <TASK>
[ 1103.567140][T14052]  dump_stack_lvl+0xe8/0x150
[ 1103.567179][T14052]  should_fail_ex+0x412/0x560
[ 1103.567213][T14052]  _copy_from_user+0x2d/0xb0
[ 1103.567250][T14052]  ___sys_recvmsg+0x175/0x590
[ 1103.567281][T14052]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1103.567332][T14052]  ? __fget_files+0x3a0/0x420
[ 1103.567377][T14052]  do_recvmmsg+0x334/0x800
[ 1103.567410][T14052]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1103.567447][T14052]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1103.567490][T14052]  __x64_sys_recvmmsg+0x198/0x250
[ 1103.567518][T14052]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1103.567554][T14052]  do_syscall_64+0x14d/0xf80
[ 1103.567585][T14052]  ? trace_irq_disable+0x3b/0x150
[ 1103.567617][T14052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1103.567641][T14052]  ? clear_bhb_loop+0x40/0x90
[ 1103.567669][T14052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1103.567690][T14052] RIP: 0033:0x7f252e19c799
[ 1103.567711][T14052] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1103.567731][T14052] RSP: 002b:00007f252f099028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1103.567755][T14052] RAX: ffffffffffffffda RBX: 00007f252e415fa0 RCX: 00007f252e19c799
[ 1103.567773][T14052] RDX: 0000000000000002 RSI: 0000200000000dc0 RDI: 0000000000000003
[ 1103.567786][T14052] RBP: 00007f252f099090 R08: 0000000000000000 R09: 0000000000000000
[ 1103.567800][T14052] R10: 0000000040010142 R11: 0000000000000246 R12: 0000000000000001
[ 1103.567814][T14052] R13: 00007f252e416038 R14: 00007f252e415fa0 R15: 00007fff94d85598
[ 1103.567847][T14052]  </TASK>
[ 1103.832591][T14055] netlink: 14 bytes leftover after parsing attributes in process `syz.5.14837'.
[ 1103.944981][T14062] netlink: 40 bytes leftover after parsing attributes in process `syz.1.14843'.
[ 1104.095730][T14073] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14845'.
[ 1104.367699][T14082] netlink: 8 bytes leftover after parsing attributes in process `syz.1.14848'.
[ 1104.377214][T14082] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14848'.
[ 1106.110899][T14048] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1106.126172][T14048] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1106.177246][T14075] vlan4: entered allmulticast mode
[ 1106.182936][T14075] bridge6: entered allmulticast mode
[ 1106.188606][T14076] bridge6: port 1(erspan0) entered blocking state
[ 1106.196195][T14076] bridge6: port 1(erspan0) entered disabled state
[ 1106.206250][T14076] erspan0: entered allmulticast mode
[ 1106.213937][T14076] erspan0: entered promiscuous mode
[ 1106.220700][T14076] bridge6: port 1(erspan0) entered blocking state
[ 1106.227328][T14076] bridge6: port 1(erspan0) entered forwarding state
[ 1106.336221][T14086] Cannot find set identified by id 1 to match
[ 1106.386571][T14091] netlink: 32 bytes leftover after parsing attributes in process `syz.1.14853'.
[ 1106.470395][T14089] syzkaller0: entered promiscuous mode
[ 1106.484529][T14089] syzkaller0: entered allmulticast mode
[ 1106.546624][T14100] netlink: 28 bytes leftover after parsing attributes in process `syz.1.14855'.
[ 1106.557816][T14097] netlink: 'syz.2.14854': attribute type 3 has an invalid length.
[ 1106.823863][T14107] syzkaller0: entered promiscuous mode
[ 1106.829482][T14107] syzkaller0: entered allmulticast mode
[ 1107.011523][T14127] netlink: 408 bytes leftover after parsing attributes in process `syz.4.14866'.
[ 1109.324757][T14156] netdevsim netdevsim4: Direct firmware load for . failed with error -2
[ 1109.397564][T14156] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[ 1109.526246][T14168] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14879'.
[ 1109.556505][T14173] netlink: 'syz.5.14880': attribute type 10 has an invalid length.
[ 1109.635242][T14176] netlink: 'syz.2.14881': attribute type 16 has an invalid length.
[ 1109.652306][T14176] netlink: 'syz.2.14881': attribute type 17 has an invalid length.
[ 1109.666830][T14173] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1109.674484][T14173] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1109.745781][T14176] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1109.968192][T14193] netlink: 244 bytes leftover after parsing attributes in process `syz.1.14886'.
[ 1110.511125][T14226] mac80211_hwsim hwsim49 �
: renamed from wlan1 (while UP)
[ 1110.569281][T14226] syzkaller1: entered promiscuous mode
[ 1110.582452][T14226] syzkaller1: entered allmulticast mode
[ 1110.713282][T14236] netdevsim netdevsim1: Direct firmware load for . failed with error -2
[ 1110.724086][T14236] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[ 1110.893822][T14242] netlink: 28 bytes leftover after parsing attributes in process `syz.3.14908'.
[ 1110.904849][T14242] netlink: 'syz.3.14908': attribute type 7 has an invalid length.
[ 1110.932136][T14242] netlink: 16 bytes leftover after parsing attributes in process `syz.3.14908'.
[ 1111.096802][T14255] xt_hashlimit: size too large, truncated to 1048576
[ 1111.496192][ T5156] block nbd0: Possible stuck request ffff88809ddb8000: control (read@0,1024B). Runtime 30 seconds
[ 1111.510122][ T5156] block nbd0: Possible stuck request ffff88809ddb8200: control (read@1024,1024B). Runtime 30 seconds
[ 1111.524050][ T5156] block nbd0: Possible stuck request ffff88809ddb8400: control (read@2048,1024B). Runtime 30 seconds
[ 1111.546349][ T5156] block nbd0: Possible stuck request ffff88809ddb8600: control (read@3072,1024B). Runtime 30 seconds
[ 1111.570235][T14279] syzkaller1: entered promiscuous mode
[ 1111.594527][T14279] syzkaller1: entered allmulticast mode
[ 1111.793647][T14289] netlink: 'syz.1.14923': attribute type 1 has an invalid length.
[ 1111.938592][T14297] netlink: 144 bytes leftover after parsing attributes in process `syz.1.14925'.
[ 1112.090139][T14306] syzkaller0: entered promiscuous mode
[ 1112.100385][T14306] syzkaller0: entered allmulticast mode
[ 1112.190878][T14311] netlink: 'syz.4.14929': attribute type 3 has an invalid length.
[ 1112.236906][T14311] netlink: 224 bytes leftover after parsing attributes in process `syz.4.14929'.
[ 1112.439331][T14321] netdevsim netdevsim5: Direct firmware load for . failed with error -2
[ 1112.514048][T14321] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[ 1112.598897][T14331] netlink: 10 bytes leftover after parsing attributes in process `syz.2.14937'.
[ 1112.909785][T14351] netlink: 12 bytes leftover after parsing attributes in process `syz.4.14944'.
[ 1112.975564][T14356] Bluetooth: MGMT ver 1.23
[ 1112.981919][T14358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14945'.
[ 1113.122386][T14365] netlink: 76 bytes leftover after parsing attributes in process `syz.1.14947'.
[ 1113.440426][T14383] xt_hashlimit: size too large, truncated to 1048576
[ 1113.597474][T14390] xt_hashlimit: size too large, truncated to 1048576
[ 1113.959279][T14407] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1114.252271][T14422] netlink: 'syz.2.14962': attribute type 3 has an invalid length.
[ 1114.640093][T14443] __nla_validate_parse: 6 callbacks suppressed
[ 1114.640115][T14443] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14966'.
[ 1114.772682][T14447] netlink: 27 bytes leftover after parsing attributes in process `syz.1.14968'.
[ 1114.869648][T14455] netlink: 20 bytes leftover after parsing attributes in process `syz.1.14971'.
[ 1115.204607][T14469] Cannot find set identified by id 1 to match
[ 1115.363192][T14473] netlink: 'syz.2.14978': attribute type 1 has an invalid length.
[ 1115.386126][T14481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14979'.
[ 1115.398603][T14480] Cannot find map_set index 65533 as target
[ 1115.407091][T14473] netlink: 224 bytes leftover after parsing attributes in process `syz.2.14978'.
[ 1115.423117][T14480] netem: incorrect ge model size
[ 1115.434769][T14473] sctp: [Deprecated]: syz.2.14978 (pid 14473) Use of int in max_burst socket option.
[ 1115.434769][T14473] Use struct sctp_assoc_value instead
[ 1115.451214][T14480] netem: change failed
[ 1115.467599][T14479] netlink: 60 bytes leftover after parsing attributes in process `syz.5.14981'.
[ 1115.681250][T14493] netlink: 'syz.5.14985': attribute type 4 has an invalid length.
[ 1115.700612][T14488] netlink: 20 bytes leftover after parsing attributes in process `syz.1.14984'.
[ 1115.745053][T14496] netlink: 48 bytes leftover after parsing attributes in process `syz.1.14984'.
[ 1115.998328][ T1298] clip:clip_start_xmit: skb_dst(skb) == NULL
[ 1116.007647][ T1298] lec:lec_start_xmit: lec0:No lecd attached
[ 1116.056606][T14507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.14991'.
[ 1116.068935][T14509] netlink: 'syz.1.14993': attribute type 1 has an invalid length.
[ 1116.077841][T14509] netlink: 224 bytes leftover after parsing attributes in process `syz.1.14993'.
[ 1116.126043][T14509] sctp: [Deprecated]: syz.1.14993 (pid 14509) Use of int in max_burst socket option.
[ 1116.126043][T14509] Use struct sctp_assoc_value instead
[ 1116.167829][T14511] vlan4: entered allmulticast mode
[ 1116.173314][T14511] bridge6: entered allmulticast mode
[ 1116.180508][T14511] bridge6: port 1(erspan0) entered blocking state
[ 1116.187761][T14511] bridge6: port 1(erspan0) entered disabled state
[ 1116.195278][T14511] erspan0: entered allmulticast mode
[ 1116.203470][T14511] erspan0: entered promiscuous mode
[ 1116.209614][T14513] x_tables: duplicate underflow at hook 2
[ 1116.386764][T14518] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1116.799076][T14539] netlink: 'syz.1.15005': attribute type 8 has an invalid length.
[ 1116.868578][T14543] vlan6: entered allmulticast mode
[ 1116.885407][T14543] bridge5: entered allmulticast mode
[ 1116.895266][T14543] bridge5: port 1(erspan0) entered blocking state
[ 1116.911867][T14543] bridge5: port 1(erspan0) entered disabled state
[ 1116.920195][T14543] erspan0: entered allmulticast mode
[ 1116.928912][T14543] erspan0: entered promiscuous mode
[ 1116.935858][T14543] bridge5: port 1(erspan0) entered blocking state
[ 1116.942522][T14543] bridge5: port 1(erspan0) entered forwarding state
[ 1117.013323][T14547] Cannot find set identified by id 1 to match
[ 1117.081878][T14550] netlink: 'syz.3.15012': attribute type 3 has an invalid length.
[ 1117.130943][T14551] team0: Device ip6gre1 is of different type
[ 1117.343158][T14556] netlink: 'syz.1.15013': attribute type 3 has an invalid length.
[ 1117.799788][T14582] delete_channel: no stack
[ 1117.861906][T14585] xt_hashlimit: size too large, truncated to 1048576
[ 1117.864230][T14581] vlan7: entered allmulticast mode
[ 1117.875885][T14581] bridge6: entered allmulticast mode
[ 1117.896576][T14581] erspan0: left allmulticast mode
[ 1117.903531][T14581] erspan0: left promiscuous mode
[ 1117.911687][T14587] netlink: 'syz.3.15024': attribute type 3 has an invalid length.
[ 1117.932509][T14581] bridge5: port 1(erspan0) entered disabled state
[ 1117.947211][T14581] bridge6: port 1(erspan0) entered blocking state
[ 1117.954134][T14581] bridge6: port 1(erspan0) entered disabled state
[ 1117.961058][T14581] erspan0: entered allmulticast mode
[ 1117.986217][T14581] erspan0: entered promiscuous mode
[ 1118.002142][T14581] bridge6: port 1(erspan0) entered blocking state
[ 1118.008735][T14581] bridge6: port 1(erspan0) entered forwarding state
[ 1118.100329][T14594] netlink: 'syz.1.15026': attribute type 1 has an invalid length.
[ 1118.661669][T14612] netlink: 'syz.4.15031': attribute type 4 has an invalid length.
[ 1118.680153][T14612] netlink: 'syz.4.15031': attribute type 4 has an invalid length.
[ 1118.730684][T14620] Cannot find set identified by id 1 to match
[ 1118.949113][T14625] bond4: invalid ARP target 0.0.0.0 specified for addition
[ 1118.956654][T14625] bond4: option arp_ip_target: invalid value (0)
[ 1118.985577][T14625] bond4 (unregistering): Released all slaves
[ 1119.205072][T14646] veth0: entered promiscuous mode
[ 1119.443641][T14658] FAULT_INJECTION: forcing a failure.
[ 1119.443641][T14658] name failslab, interval 1, probability 0, space 0, times 0
[ 1119.482297][T14658] CPU: 1 UID: 0 PID: 14658 Comm: syz.1.15044 Not tainted syzkaller #0 PREEMPT(full) 
[ 1119.482329][T14658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1119.482344][T14658] Call Trace:
[ 1119.482353][T14658]  <TASK>
[ 1119.482363][T14658]  dump_stack_lvl+0xe8/0x150
[ 1119.482403][T14658]  should_fail_ex+0x412/0x560
[ 1119.482447][T14658]  should_failslab+0xa8/0x100
[ 1119.482480][T14658]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 1119.482507][T14658]  ? __alloc_skb+0x1d0/0x7d0
[ 1119.482538][T14658]  ? __local_bh_enable_ip+0xd0/0x130
[ 1119.482573][T14658]  __alloc_skb+0x1d0/0x7d0
[ 1119.482616][T14658]  sock_wmalloc+0xb2/0x130
[ 1119.482647][T14658]  pppoe_sendmsg+0x2b4/0x7c0
[ 1119.482783][T14658]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1119.482814][T14658]  ? __pfx_pppoe_sendmsg+0x10/0x10
[ 1119.482844][T14658]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1119.482875][T14658]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1119.482912][T14658]  ____sys_sendmsg+0x972/0x9f0
[ 1119.482933][T14658]  ? __lock_acquire+0x6b5/0x2cf0
[ 1119.482969][T14658]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1119.483002][T14658]  ? import_iovec+0x73/0xa0
[ 1119.483041][T14658]  ___sys_sendmsg+0x2a5/0x360
[ 1119.483069][T14658]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1119.483096][T14658]  ? kstrtouint+0x6e/0xe0
[ 1119.483150][T14658]  ? __fget_files+0x2a/0x420
[ 1119.483182][T14658]  ? __fget_files+0x3a0/0x420
[ 1119.483226][T14658]  __sys_sendmmsg+0x27c/0x4e0
[ 1119.483254][T14658]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1119.483275][T14658]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1119.483328][T14658]  ? ksys_write+0x242/0x270
[ 1119.483355][T14658]  ? __pfx_ksys_write+0x10/0x10
[ 1119.483386][T14658]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1119.483409][T14658]  do_syscall_64+0x14d/0xf80
[ 1119.483426][T14658]  ? trace_irq_disable+0x3b/0x150
[ 1119.483460][T14658]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.483484][T14658]  ? clear_bhb_loop+0x40/0x90
[ 1119.483511][T14658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.483533][T14658] RIP: 0033:0x7f252e19c799
[ 1119.483555][T14658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1119.483575][T14658] RSP: 002b:00007f252f099028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1119.483599][T14658] RAX: ffffffffffffffda RBX: 00007f252e415fa0 RCX: 00007f252e19c799
[ 1119.483615][T14658] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 0000000000000003
[ 1119.483629][T14658] RBP: 00007f252f099090 R08: 0000000000000000 R09: 0000000000000000
[ 1119.483643][T14658] R10: 0000000024048084 R11: 0000000000000246 R12: 0000000000000001
[ 1119.483656][T14658] R13: 00007f252e416038 R14: 00007f252e415fa0 R15: 00007fff94d85598
[ 1119.483692][T14658]  </TASK>
[ 1119.792336][T14660] __nla_validate_parse: 10 callbacks suppressed
[ 1119.792358][T14660] netlink: 224 bytes leftover after parsing attributes in process `syz.4.15045'.
[ 1119.809157][T14660] sctp: [Deprecated]: syz.4.15045 (pid 14660) Use of int in max_burst socket option.
[ 1119.809157][T14660] Use struct sctp_assoc_value instead
[ 1119.854323][T14654] syzkaller0: entered promiscuous mode
[ 1119.859960][T14654] syzkaller0: entered allmulticast mode
[ 1120.087640][T14672] netlink: 132 bytes leftover after parsing attributes in process `syz.5.15051'.
[ 1121.022290][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[ 1121.030322][    C1] lec:lec_tx_timeout: lec0
[ 1123.072091][T14672] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1123.509398][T14666] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1123.524839][T14674] netlink: 16070 bytes leftover after parsing attributes in process `syz.4.15048'.
[ 1124.074603][T14721] sctp: [Deprecated]: syz.4.15062 (pid 14721) Use of int in max_burst socket option.
[ 1124.074603][T14721] Use struct sctp_assoc_value instead
[ 1124.143923][T14724] netlink: 28 bytes leftover after parsing attributes in process `syz.1.15063'.
[ 1124.158912][T14725] C: renamed from lo (while UP)
[ 1124.249875][T14727] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1124.261904][T14725] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[ 1124.473446][T14745] validate_nla: 4 callbacks suppressed
[ 1124.473479][T14745] netlink: 'syz.5.15069': attribute type 16 has an invalid length.
[ 1124.541266][T14745] netlink: 'syz.5.15069': attribute type 17 has an invalid length.
[ 1124.652602][T14749] syzkaller0: entered promiscuous mode
[ 1124.658148][T14749] syzkaller0: entered allmulticast mode
[ 1124.682361][T14754] netlink: 'syz.3.15075': attribute type 4 has an invalid length.
[ 1124.719317][T14758] xt_bpf: check failed: parse error
[ 1124.866447][T14768] Cannot find set identified by id 1 to match
[ 1124.937490][T14772] vlan2: entered allmulticast mode
[ 1124.947736][T14772] hsr0: entered allmulticast mode
[ 1124.956186][T14772] hsr_slave_0: entered allmulticast mode
[ 1124.966565][T14772] hsr_slave_1: entered allmulticast mode
[ 1125.269754][T14794] syzkaller0: entered promiscuous mode
[ 1125.276383][T14794] syzkaller0: entered allmulticast mode
[ 1125.745508][T14823] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15094'.
[ 1125.864824][T14826] vlan8: entered allmulticast mode
[ 1125.870286][T14826] bridge7: entered allmulticast mode
[ 1125.886055][T14823] erspan0: left allmulticast mode
[ 1125.899454][T14823] erspan0: left promiscuous mode
[ 1125.912421][T14823] bridge6: port 1(erspan0) entered disabled state
[ 1125.961386][T14823] bridge7: port 1(erspan0) entered blocking state
[ 1125.979962][T14823] bridge7: port 1(erspan0) entered disabled state
[ 1126.001786][T14823] erspan0: entered allmulticast mode
[ 1126.032864][T14823] erspan0: entered promiscuous mode
[ 1126.059612][T14823] bridge7: port 1(erspan0) entered blocking state
[ 1126.066292][T14823] bridge7: port 1(erspan0) entered forwarding state
[ 1126.110956][T14825] syzkaller0: entered promiscuous mode
[ 1126.134597][T14825] syzkaller0: entered allmulticast mode
[ 1126.336723][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15102'.
[ 1126.369043][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15102'.
[ 1126.409129][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15102'.
[ 1126.425306][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15102'.
[ 1126.450429][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15102'.
[ 1126.505522][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15102'.
[ 1126.524103][T14857] netlink: 132 bytes leftover after parsing attributes in process `syz.3.15103'.
[ 1126.542435][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15102'.
[ 1126.574217][T14854] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15102'.
[ 1126.625475][T14860] delete_channel: no stack
[ 1126.746886][T14871] netlink: 'syz.2.15108': attribute type 4 has an invalid length.
[ 1126.830636][T14873] netlink: 'syz.5.15110': attribute type 1 has an invalid length.
[ 1127.061313][T14890] xt_hashlimit: size too large, truncated to 1048576
[ 1127.715132][T14928] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1128.281212][T14958] netlink: 'syz.5.15143': attribute type 13 has an invalid length.
[ 1128.419351][T14966] netlink: 'syz.4.15146': attribute type 12 has an invalid length.
[ 1128.641638][T14978] vcan1: entered promiscuous mode
[ 1128.663632][T14978] vcan1: entered allmulticast mode
[ 1128.915111][T14996] netlink: 'syz.5.15155': attribute type 1 has an invalid length.
[ 1128.944181][T14996] netlink: 'syz.5.15155': attribute type 1 has an invalid length.
[ 1128.952749][T14995] syzkaller0: entered promiscuous mode
[ 1128.958245][T14995] syzkaller0: entered allmulticast mode
[ 1128.991036][T14996] bond5: entered promiscuous mode
[ 1128.997471][T14996] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1129.021203][T15002] macvtap0: entered allmulticast mode
[ 1129.133702][T14996] bond5: (slave bridge1): making interface the new active one
[ 1129.141397][T14996] bridge1: entered promiscuous mode
[ 1129.149932][T14996] bond5: (slave bridge1): Enslaving as an active interface with an up link
[ 1129.182345][T15010] netlink: 'syz.2.15161': attribute type 1 has an invalid length.
[ 1129.280357][T15016] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1129.437013][T15032] IPv6: addrconf: prefix option has invalid lifetime
[ 1129.849017][T15053] tun0: tun_chr_ioctl cmd 1074025675
[ 1129.862471][T15053] tun0: persist disabled
[ 1129.873986][T15053] tun0: tun_chr_ioctl cmd 3222336776
[ 1129.899245][T15053] tun0: tun_chr_ioctl cmd 1074025673
[ 1130.226953][T15076] netlink: 'syz.1.15181': attribute type 10 has an invalid length.
[ 1130.267147][T15076] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1130.282508][T15076] bridge_slave_1: left allmulticast mode
[ 1130.288382][T15076] bridge_slave_1: left promiscuous mode
[ 1130.295535][T15076] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1130.326363][T15076] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[ 1130.601258][T15098] netlink: 'syz.1.15189': attribute type 1 has an invalid length.
[ 1130.646834][T15098] sctp: [Deprecated]: syz.1.15189 (pid 15098) Use of int in max_burst socket option.
[ 1130.646834][T15098] Use struct sctp_assoc_value instead
[ 1130.982320][T15109] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1131.014239][T15109] bond2: (slave lo): Enslaving as an active interface with an up link
[ 1131.042651][T15109] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[ 1131.249303][T15127] sctp: [Deprecated]: syz.4.15197 (pid 15127) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1131.249303][T15127] Use struct sctp_sack_info instead
[ 1131.419076][T15131] xt_hashlimit: size too large, truncated to 1048576
[ 1131.503980][T15134] netlink: 'syz.3.15200': attribute type 16 has an invalid length.
[ 1131.532628][T15134] netlink: 'syz.3.15200': attribute type 17 has an invalid length.
[ 1131.987149][T15149] netlink: zone id is out of range
[ 1132.010187][T15149] netlink: zone id is out of range
[ 1132.029957][T15153] __nla_validate_parse: 72 callbacks suppressed
[ 1132.029978][T15153] netlink: 220 bytes leftover after parsing attributes in process `syz.5.15205'.
[ 1132.048311][T15149] netlink: zone id is out of range
[ 1132.058010][T15149] netlink: zone id is out of range
[ 1132.076675][T15149] netlink: zone id is out of range
[ 1132.094308][T15149] netlink: zone id is out of range
[ 1132.109879][T15149] netlink: zone id is out of range
[ 1132.319400][T15166] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15207'.
[ 1132.358822][ T6208] Bluetooth: hci3: link tx timeout
[ 1132.366316][ T6208] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1132.438968][T15170] vlan3: entered allmulticast mode
[ 1132.445971][T15170] bridge2: entered allmulticast mode
[ 1132.483252][T15166] bridge2: port 1(erspan0) entered blocking state
[ 1132.513124][T15166] bridge2: port 1(erspan0) entered disabled state
[ 1132.535470][T15166] erspan0: entered allmulticast mode
[ 1132.553025][T15166] erspan0: entered promiscuous mode
[ 1132.561678][T15166] bridge2: port 1(erspan0) entered blocking state
[ 1132.568384][T15166] bridge2: port 1(erspan0) entered forwarding state
[ 1132.675143][ T6208] Bluetooth: hci3: link tx timeout
[ 1132.680775][ T6208] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1132.702757][ T6208] Bluetooth: hci3: link tx timeout
[ 1132.707983][ T6208] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1132.947798][T15198] netlink: 'syz.3.15219': attribute type 1 has an invalid length.
[ 1133.099161][T15205] netlink: 'syz.5.15222': attribute type 12 has an invalid length.
[ 1133.124500][T15205] netlink: 'syz.5.15222': attribute type 29 has an invalid length.
[ 1133.146305][T15205] netlink: 148 bytes leftover after parsing attributes in process `syz.5.15222'.
[ 1133.182484][T15213] netlink: 92 bytes leftover after parsing attributes in process `syz.3.15225'.
[ 1133.197513][ T6208] Bluetooth: hci3: link tx timeout
[ 1133.202992][ T6208] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1133.257359][T15211] netlink: 92 bytes leftover after parsing attributes in process `syz.1.15224'.
[ 1133.440939][T15232] ip6t_srh: unknown srh invflags 4000
[ 1133.457409][T15232] netlink: 'syz.2.15229': attribute type 1 has an invalid length.
[ 1133.556918][T15232] bond1: entered promiscuous mode
[ 1133.567411][T15232] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1133.575025][ T6208] Bluetooth: hci3: link tx timeout
[ 1133.580273][ T6208] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1133.647256][T15237] bond1: (slave bridge8): making interface the new active one
[ 1133.669629][T15237] bridge8: entered promiscuous mode
[ 1133.677953][T15237] bond1: (slave bridge8): Enslaving as an active interface with an up link
[ 1134.021085][ T6208] Bluetooth: hci3: link tx timeout
[ 1134.026367][ T6208] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1134.212930][ T6208] Bluetooth: hci3: link tx timeout
[ 1134.218148][ T6208] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1134.403103][ T6208] Bluetooth: hci3: link tx timeout
[ 1134.408321][ T6208] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1134.452186][ T6208] Bluetooth: hci3: command 0x0406 tx timeout
[ 1136.163034][T15211] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1136.399615][T15278] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1136.445803][T15275] netlink: 'syz.1.15238': attribute type 12 has an invalid length.
[ 1136.463920][T15275] netlink: 'syz.1.15238': attribute type 29 has an invalid length.
[ 1136.477295][T15275] netlink: 148 bytes leftover after parsing attributes in process `syz.1.15238'.
[ 1136.498585][T15276] netlink: 'syz.5.15237': attribute type 4 has an invalid length.
[ 1136.767484][T15302] netlink: 'syz.1.15247': attribute type 3 has an invalid length.
[ 1136.842517][T15306] netlink: 'syz.1.15247': attribute type 3 has an invalid length.
[ 1136.979674][T15316] netlink: 'syz.5.15253': attribute type 12 has an invalid length.
[ 1136.988297][T15316] netlink: 'syz.5.15253': attribute type 29 has an invalid length.
[ 1136.998537][T15316] netlink: 148 bytes leftover after parsing attributes in process `syz.5.15253'.
[ 1137.014857][T15318] netlink: 'syz.1.15254': attribute type 4 has an invalid length.
[ 1137.169901][T15326] syzkaller1: entered promiscuous mode
[ 1137.179786][T15326] syzkaller1: entered allmulticast mode
[ 1137.287693][T15334] netlink: 16215 bytes leftover after parsing attributes in process `syz.1.15258'.
[ 1137.315758][T15334] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15258'.
[ 1137.328468][T15334] netlink: 2272 bytes leftover after parsing attributes in process `syz.1.15258'.
[ 1137.339242][T15334] netlink: 3004 bytes leftover after parsing attributes in process `syz.1.15258'.
[ 1137.349542][T15334] netlink: 696 bytes leftover after parsing attributes in process `syz.1.15258'.
[ 1137.490292][T15343] net_ratelimit: 5 callbacks suppressed
[ 1137.490313][T15343] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1137.645366][T15305] delete_channel: no stack
[ 1137.658723][T15354] netlink: 'syz.5.15266': attribute type 12 has an invalid length.
[ 1137.677641][T15354] netlink: 'syz.5.15266': attribute type 29 has an invalid length.
[ 1137.701073][T15354] netlink: 148 bytes leftover after parsing attributes in process `syz.5.15266'.
[ 1137.756182][T15360] netlink: 132 bytes leftover after parsing attributes in process `syz.4.15269'.
[ 1138.028367][T15384] block nbd4: not configured, cannot reconfigure
[ 1138.044580][T15382] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15276'.
[ 1138.080890][T15382] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[ 1138.315327][T15398] syz_tun: entered promiscuous mode
[ 1138.343734][T15398] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1138.383726][T15404] netlink: 16 bytes leftover after parsing attributes in process `syz.2.15284'.
[ 1138.412808][T15404] netlink: 48 bytes leftover after parsing attributes in process `syz.2.15284'.
[ 1138.620387][T15414] block nbd4: not configured, cannot reconfigure
[ 1138.897168][T15437] xt_nat: multiple ranges no longer supported
[ 1138.947173][T15439] x_tables: duplicate underflow at hook 2
[ 1139.101097][T15396] delete_channel: no stack
[ 1139.216041][T15454] block nbd4: not configured, cannot reconfigure
[ 1140.817270][T15516] netdevsim netdevsim5: Direct firmware load for . failed with error -2
[ 1140.862318][T15516] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[ 1141.575701][ T5156] block nbd0: Possible stuck request ffff88809ddb8000: control (read@0,1024B). Runtime 60 seconds
[ 1141.586848][ T5156] block nbd0: Possible stuck request ffff88809ddb8200: control (read@1024,1024B). Runtime 60 seconds
[ 1141.598549][ T5156] block nbd0: Possible stuck request ffff88809ddb8400: control (read@2048,1024B). Runtime 60 seconds
[ 1141.610268][ T5156] block nbd0: Possible stuck request ffff88809ddb8600: control (read@3072,1024B). Runtime 60 seconds
[ 1141.816520][T15573] validate_nla: 14 callbacks suppressed
[ 1141.816545][T15573] netlink: 'syz.3.15340': attribute type 22 has an invalid length.
[ 1141.849858][T15573] netlink: 'syz.3.15340': attribute type 22 has an invalid length.
[ 1141.849964][T29391] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1141.902919][T29391] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1141.911722][T29391] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1141.927520][T29391] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1142.051657][T15580] netlink: 'syz.2.15342': attribute type 2 has an invalid length.
[ 1142.059781][T15580] netlink: 'syz.2.15342': attribute type 2 has an invalid length.
[ 1142.306584][T15598] __nla_validate_parse: 70 callbacks suppressed
[ 1142.306606][T15598] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15345'.
[ 1142.788115][T15626] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15356'.
[ 1142.803880][T15628] netlink: 'syz.2.15355': attribute type 11 has an invalid length.
[ 1142.826924][T15628] netlink: 'syz.2.15355': attribute type 11 has an invalid length.
[ 1142.857769][T15628] netlink: 224 bytes leftover after parsing attributes in process `syz.2.15355'.
[ 1142.951803][T15636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15357'.
[ 1142.967809][T15628] smc: adding net device wlan0 with user defined pnetid SYZ0
[ 1142.970740][T15636] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15357'.
[ 1143.279190][T15643] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1143.384214][T15660] syzkaller0: entered promiscuous mode
[ 1143.389913][T15660] syzkaller0: entered allmulticast mode
[ 1143.563362][T15674] netdevsim netdevsim5: Direct firmware load for . failed with error -2
[ 1143.574569][T15674] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[ 1146.197758][T15647] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1146.475780][T15733] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1146.658385][T15746] netlink: 24 bytes leftover after parsing attributes in process `syz.2.15384'.
[ 1146.825390][T15751] block nbd5: not configured, cannot reconfigure
[ 1147.247389][T15778] Cannot find add_set index 0 as target
[ 1147.379861][T15781] bond3: ARP target 1.0.0.0 is already present
[ 1147.387292][T15781] bond3: option arp_ip_target: invalid value (1)
[ 1147.396111][T15781] bond3 (unregistering): Released all slaves
[ 1147.405411][T15787] netlink: 'syz.2.15396': attribute type 16 has an invalid length.
[ 1147.422129][T15787] netlink: 'syz.2.15396': attribute type 17 has an invalid length.
[ 1147.438941][T15782] bridge7: port 1(erspan0) entered disabled state
[ 1147.620859][T15794] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15402'.
[ 1147.646731][T15795] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15401'.
[ 1147.762986][T15801] netlink: 72 bytes leftover after parsing attributes in process `syz.2.15404'.
[ 1147.800024][T15803] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15404'.
[ 1147.910239][T15814] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1147.990750][T15818] netlink: 'syz.4.15406': attribute type 1 has an invalid length.
[ 1148.010844][T15819] Cannot find set identified by id 1 to match
[ 1148.159258][T15828] netlink: 'syz.1.15412': attribute type 4 has an invalid length.
[ 1148.206613][T15818] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1148.248150][T15835] netlink: 24 bytes leftover after parsing attributes in process `syz.1.15412'.
[ 1148.337295][T15823] bond3: (slave veth7): Enslaving as an active interface with a down link
[ 1148.421570][T15829] bond3: (slave veth0_to_bond): making interface the new active one
[ 1148.441067][T15829] veth0_to_bond: entered promiscuous mode
[ 1148.448893][T15829] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link
[ 1148.501830][T15818] bond3: (slave veth9): Enslaving as an active interface with a down link
[ 1148.511244][T15818] netlink: 'syz.4.15406': attribute type 1 has an invalid length.
[ 1148.528718][T15818] netlink: 'syz.4.15406': attribute type 2 has an invalid length.
[ 1149.012962][T15880] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15427'.
[ 1149.163501][T15893] netlink: 20 bytes leftover after parsing attributes in process `syz.4.15429'.
[ 1149.227715][T15896] openvswitch: netlink: Key type 30 is not supported
[ 1149.237455][T15896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15431'.
[ 1149.499281][T15919] netlink: 'syz.2.15433': attribute type 12 has an invalid length.
[ 1149.542037][T15919] netlink: 132 bytes leftover after parsing attributes in process `syz.2.15433'.
[ 1149.603910][T15922] block nbd5: not configured, cannot reconfigure
[ 1149.782498][T15933] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15442'.
[ 1149.875387][T15945] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 1149.936449][ T5191] udevd[5191]: worker [13192] /devices/virtual/block/nbd0 is taking a long time
[ 1150.164811][T15962] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1150.203198][T15963] syzkaller0: mtu less than device minimum
[ 1150.226727][T15962] netlink: 'syz.5.15452': attribute type 1 has an invalid length.
[ 1150.473493][T15980] netlink: 'syz.5.15457': attribute type 6 has an invalid length.
[ 1150.481389][T15980] netlink: 'syz.5.15457': attribute type 5 has an invalid length.
[ 1150.623181][T15989] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[ 1151.758491][T16077] openvswitch: netlink: IP tunnel dst address not specified
[ 1151.767408][T16084] netdevsim netdevsim1: Direct firmware load for . failed with error -2
[ 1151.782186][T16084] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[ 1152.146815][T16110] syzkaller0: entered promiscuous mode
[ 1152.164959][T16110] syzkaller0: entered allmulticast mode
[ 1152.425061][T16127] openvswitch: netlink: IPv6 tunnel dst address is zero
[ 1152.536679][T16130] Bluetooth: hci1: too big key_count value 32778
[ 1152.621850][T16134] gtp0: entered promiscuous mode
[ 1152.636172][T16134] gtp0: entered allmulticast mode
[ 1152.649147][T16137] __nla_validate_parse: 25 callbacks suppressed
[ 1152.649172][T16137] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15513'.
[ 1152.686087][T16137] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15513'.
[ 1152.843486][T16151] netlink: 592 bytes leftover after parsing attributes in process `syz.3.15516'.
[ 1152.876181][T16149] validate_nla: 1 callbacks suppressed
[ 1152.876203][T16149] netlink: 'syz.2.15517': attribute type 2 has an invalid length.
[ 1152.915804][T16153] openvswitch: netlink: Message has -2 unknown bytes.
[ 1153.267551][T16166] syzkaller0: entered promiscuous mode
[ 1153.314972][T16166] syzkaller0: entered allmulticast mode
[ 1153.452994][T16178] netlink: 108 bytes leftover after parsing attributes in process `syz.1.15526'.
[ 1153.474696][T16178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15526'.
[ 1153.643914][T16183] netlink: 20 bytes leftover after parsing attributes in process `syz.5.15527'.
[ 1153.919648][T16192] netlink: 28 bytes leftover after parsing attributes in process `syz.5.15531'.
[ 1153.947680][T16192] netlink: 8 bytes leftover after parsing attributes in process `syz.5.15531'.
[ 1153.998586][T16192] syzkaller0: entered promiscuous mode
[ 1154.007516][T16192] syzkaller0: entered allmulticast mode
[ 1154.078599][T16199] netlink: 248 bytes leftover after parsing attributes in process `syz.1.15533'.
[ 1154.142349][T16206] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15535'.
[ 1154.486071][T16215] netlink: 'syz.3.15539': attribute type 16 has an invalid length.
[ 1154.504481][T16215] netlink: 'syz.3.15539': attribute type 17 has an invalid length.
[ 1154.633429][T16226] syzkaller0: entered promiscuous mode
[ 1154.645781][T16226] syzkaller0: entered allmulticast mode
[ 1154.810796][T16234] IPVS: Error connecting to the multicast addr
[ 1155.336122][T16261] netlink: 'syz.5.15554': attribute type 16 has an invalid length.
[ 1155.372670][T16261] netlink: 'syz.5.15554': attribute type 17 has an invalid length.
[ 1155.491577][T16267] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1155.705868][T16282] syzkaller0: entered promiscuous mode
[ 1155.711538][T16282] syzkaller0: entered allmulticast mode
[ 1155.732220][ T5141] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1155.738885][ T6208] Bluetooth: hci0: command 0x0419 tx timeout
[ 1156.047649][T16311] netlink: 'syz.2.15569': attribute type 16 has an invalid length.
[ 1156.088383][T16311] netlink: 'syz.2.15569': attribute type 17 has an invalid length.
[ 1156.223036][T16320] openvswitch: netlink: IP tunnel dst address not specified
[ 1156.543096][T16337] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[ 1156.608823][T16339] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[ 1156.619825][T16339] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1156.788434][T16332] wireguard1: entered promiscuous mode
[ 1156.794653][T16332] wireguard1: entered allmulticast mode
[ 1156.817686][T16332] team0: Device wireguard1 is of different type
[ 1157.060963][T16349] syzkaller0: entered promiscuous mode
[ 1157.067148][T16349] syzkaller0: entered allmulticast mode
[ 1157.355471][T16335] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1157.578575][T16374] netlink: 'syz.1.15586': attribute type 1 has an invalid length.
[ 1157.641760][T16379] netlink: 'syz.1.15586': attribute type 1 has an invalid length.
[ 1157.683674][T16379] __nla_validate_parse: 10 callbacks suppressed
[ 1157.683694][T16379] netlink: 224 bytes leftover after parsing attributes in process `syz.1.15586'.
[ 1158.139484][T16407] syzkaller0: entered promiscuous mode
[ 1158.155021][T16407] syzkaller0: entered allmulticast mode
[ 1158.194914][T16407] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15592'.
[ 1158.199045][T16414] syzkaller0: entered promiscuous mode
[ 1158.210025][T16414] syzkaller0: entered allmulticast mode
[ 1158.217882][T16409] netlink: 'syz.1.15593': attribute type 1 has an invalid length.
[ 1158.233931][T16407] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1158.245341][T16407] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1158.380653][T16409] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[ 1158.532509][ T6208] Bluetooth: hci2: command 0x041b tx timeout
[ 1158.597962][T16434] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15598'.
[ 1158.849344][T16448] netlink: 'syz.1.15603': attribute type 10 has an invalid length.
[ 1158.873997][T16448] syz_tun: entered promiscuous mode
[ 1158.924780][T16448] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[ 1159.014823][ T6208] Bluetooth: hci4: command 0x041b tx timeout
[ 1159.049908][T16464] bridge2: port 1(erspan0) entered disabled state
[ 1159.109314][T16467] netlink: 'syz.1.15609': attribute type 16 has an invalid length.
[ 1159.148870][T16467] netlink: 'syz.1.15609': attribute type 17 has an invalid length.
[ 1159.165294][T16466] netlink: 'syz.2.15610': attribute type 1 has an invalid length.
[ 1159.230645][T16475] xt_hashlimit: overflow, try lower: 3/0
[ 1159.381195][T16481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15615'.
[ 1159.384610][T16486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15615'.
[ 1159.563458][  T394] veth0_to_bond: left promiscuous mode
[ 1159.686917][T16493] syzkaller0: entered promiscuous mode
[ 1159.698220][T16493] syzkaller0: entered allmulticast mode
[ 1159.938043][T16522] syzkaller0: entered promiscuous mode
[ 1159.945660][T16522] syzkaller0: entered allmulticast mode
[ 1160.020779][T16528] netlink: 40 bytes leftover after parsing attributes in process `syz.4.15629'.
[ 1160.163863][T16539] macvlan0: entered promiscuous mode
[ 1160.322714][T16544] netlink: 36 bytes leftover after parsing attributes in process `syz.2.15634'.
[ 1160.392591][T16550] netlink: 'syz.5.15637': attribute type 16 has an invalid length.
[ 1160.407023][T16550] netlink: 'syz.5.15637': attribute type 17 has an invalid length.
[ 1160.422532][T16552] netlink: zone id is out of range
[ 1160.427746][T16552] netlink: del zone limit has 4 unknown bytes
[ 1160.623819][T16558] syzkaller0: entered promiscuous mode
[ 1160.629418][T16558] syzkaller0: entered allmulticast mode
[ 1160.629532][T16562] netlink: 'syz.1.15641': attribute type 1 has an invalid length.
[ 1160.648899][T16564] netlink: 68 bytes leftover after parsing attributes in process `syz.3.15643'.
[ 1160.803308][T16573] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[ 1160.882483][T16584] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15646'.
[ 1161.170471][T16593] SET target dimension over the limit!
[ 1161.225494][T16595] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15650'.
[ 1161.242679][T23778] lec:lec_start_xmit: lec0:No lecd attached
[ 1161.276267][T16597] netlink: 'syz.2.15652': attribute type 5 has an invalid length.
[ 1161.453297][T16611] netlink: 'syz.4.15653': attribute type 16 has an invalid length.
[ 1161.491111][T16605] bridge6: port 1(erspan0) entered disabled state
[ 1161.766646][T16620] syzkaller0: entered promiscuous mode
[ 1161.779966][T16620] syzkaller0: entered allmulticast mode
[ 1161.874048][T16629] SET target dimension over the limit!
[ 1162.226128][T16626] syzkaller0: entered promiscuous mode
[ 1162.231763][T16626] syzkaller0: entered allmulticast mode
[ 1162.387935][T16659] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1162.518388][T16661] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input5
[ 1165.109522][T16700] syzkaller0: entered promiscuous mode
[ 1165.124403][T16700] syzkaller0: entered allmulticast mode
[ 1165.293508][T16719] openvswitch: netlink: Missing key (keys=40, expected=2000)
[ 1165.319382][T16719] validate_nla: 2 callbacks suppressed
[ 1165.319403][T16719] netlink: 'syz.2.15685': attribute type 8 has an invalid length.
[ 1165.334435][T16719] __nla_validate_parse: 6 callbacks suppressed
[ 1165.334454][T16719] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15685'.
[ 1165.359814][T16719] bond0: entered promiscuous mode
[ 1165.368921][T16719] bond_slave_0: entered promiscuous mode
[ 1165.375541][T16723] netlink: 'syz.5.15687': attribute type 32 has an invalid length.
[ 1165.384761][T16719] bond_slave_1: entered promiscuous mode
[ 1165.392433][T16719] bridge0: entered promiscuous mode
[ 1165.400187][T16719] gretap0: entered promiscuous mode
[ 1165.423530][T16719] bond0: left promiscuous mode
[ 1165.443077][T16719] bond_slave_0: left promiscuous mode
[ 1165.461255][T16719] bond_slave_1: left promiscuous mode
[ 1165.473506][T16719] bridge0: left promiscuous mode
[ 1165.502795][T16719] gretap0: left promiscuous mode
[ 1165.795273][T16743] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15689'.
[ 1165.878666][T16748] veth1_to_hsr: default FDB implementation only supports local addresses
[ 1166.014614][T16753] netlink: 24 bytes leftover after parsing attributes in process `syz.4.15694'.
[ 1166.297754][T16771] syzkaller0: entered promiscuous mode
[ 1166.316857][T16771] syzkaller0: entered allmulticast mode
[ 1166.393758][T16775] netlink: 'syz.1.15704': attribute type 2 has an invalid length.
[ 1166.628835][T16789] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15707'.
[ 1166.740459][T16789] team0: Port device team_slave_0 removed
[ 1166.840777][T16799] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15710'.
[ 1166.864851][T16799] veth0: entered promiscuous mode
[ 1166.884086][T16798] sctp: [Deprecated]: syz.3.15709 (pid 16798) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1166.884086][T16798] Use struct sctp_sack_info instead
[ 1166.910604][T16799] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15710'.
[ 1166.941992][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5700 ms
[ 1166.950042][    C1] lec:lec_tx_timeout: lec0
[ 1167.037167][T16808] netlink: 'syz.5.15713': attribute type 16 has an invalid length.
[ 1167.052636][T16808] netlink: 'syz.5.15713': attribute type 3 has an invalid length.
[ 1167.060519][T16808] netlink: 132 bytes leftover after parsing attributes in process `syz.5.15713'.
[ 1167.119188][T16801] veth0: left promiscuous mode
[ 1167.194312][T16817] netlink: 224 bytes leftover after parsing attributes in process `syz.2.15715'.
[ 1167.376432][T16832] FAULT_INJECTION: forcing a failure.
[ 1167.376432][T16832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1167.405703][T16833] syzkaller0: entered promiscuous mode
[ 1167.406968][T16832] CPU: 1 UID: 0 PID: 16832 Comm: syz.1.15718 Not tainted syzkaller #0 PREEMPT(full) 
[ 1167.407043][T16832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1167.407083][T16832] Call Trace:
[ 1167.407112][T16832]  <TASK>
[ 1167.407136][T16832]  dump_stack_lvl+0xe8/0x150
[ 1167.407250][T16832]  should_fail_ex+0x412/0x560
[ 1167.407374][T16832]  _copy_from_user+0x2d/0xb0
[ 1167.407486][T16832]  ___sys_sendmsg+0x1c6/0x360
[ 1167.407572][T16832]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1167.407708][T16832]  ? __fget_files+0x2a/0x420
[ 1167.407797][T16832]  ? __fget_files+0x3a0/0x420
[ 1167.407909][T16832]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1167.407974][T16832]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1167.408059][T16832]  ? __pfx_ksys_write+0x10/0x10
[ 1167.408161][T16832]  do_syscall_64+0x14d/0xf80
[ 1167.408224][T16832]  ? trace_irq_disable+0x3b/0x150
[ 1167.408301][T16832]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.408363][T16832]  ? clear_bhb_loop+0x40/0x90
[ 1167.408439][T16832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.408494][T16832] RIP: 0033:0x7f252e19c799
[ 1167.408555][T16832] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1167.408608][T16832] RSP: 002b:00007f252f099028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1167.408694][T16832] RAX: ffffffffffffffda RBX: 00007f252e415fa0 RCX: 00007f252e19c799
[ 1167.408758][T16832] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[ 1167.408799][T16832] RBP: 00007f252f099090 R08: 0000000000000000 R09: 0000000000000000
[ 1167.408831][T16832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1167.408870][T16832] R13: 00007f252e416038 R14: 00007f252e415fa0 R15: 00007fff94d85598
[ 1167.408959][T16832]  </TASK>
[ 1167.659987][T16833] syzkaller0: entered allmulticast mode
[ 1167.951550][T16857] netlink: 'syz.4.15728': attribute type 3 has an invalid length.
[ 1167.964759][T16857] netlink: 224 bytes leftover after parsing attributes in process `syz.4.15728'.
[ 1168.088839][T16865] netlink: 20 bytes leftover after parsing attributes in process `syz.5.15727'.
[ 1168.177465][T16869] IPVS: set_ctl: invalid protocol: 22 172.30.0.5:20000
[ 1168.450513][ T6208] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1168.463201][ T6208] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1168.481049][ T6208] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1168.490995][ T6208] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1168.499499][ T6208] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1168.746507][T16884] FAULT_INJECTION: forcing a failure.
[ 1168.746507][T16884] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1168.760172][T16884] CPU: 1 UID: 0 PID: 16884 Comm: syz.1.15736 Not tainted syzkaller #0 PREEMPT(full) 
[ 1168.760201][T16884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1168.760215][T16884] Call Trace:
[ 1168.760231][T16884]  <TASK>
[ 1168.760241][T16884]  dump_stack_lvl+0xe8/0x150
[ 1168.760279][T16884]  should_fail_ex+0x412/0x560
[ 1168.760314][T16884]  _copy_from_user+0x2d/0xb0
[ 1168.760349][T16884]  ___sys_sendmsg+0x1c6/0x360
[ 1168.760378][T16884]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1168.760406][T16884]  ? kstrtouint+0x6e/0xe0
[ 1168.760461][T16884]  ? __fget_files+0x2a/0x420
[ 1168.760493][T16884]  ? __fget_files+0x3a0/0x420
[ 1168.760536][T16884]  __sys_sendmmsg+0x27c/0x4e0
[ 1168.760566][T16884]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1168.760586][T16884]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1168.760637][T16884]  ? ksys_write+0x242/0x270
[ 1168.760665][T16884]  ? __pfx_ksys_write+0x10/0x10
[ 1168.760697][T16884]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1168.760722][T16884]  do_syscall_64+0x14d/0xf80
[ 1168.760743][T16884]  ? trace_irq_disable+0x3b/0x150
[ 1168.760775][T16884]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1168.760798][T16884]  ? clear_bhb_loop+0x40/0x90
[ 1168.760825][T16884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1168.760848][T16884] RIP: 0033:0x7f252e19c799
[ 1168.760869][T16884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1168.760889][T16884] RSP: 002b:00007f252f099028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1168.760912][T16884] RAX: ffffffffffffffda RBX: 00007f252e415fa0 RCX: 00007f252e19c799
[ 1168.760929][T16884] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[ 1168.760944][T16884] RBP: 00007f252f099090 R08: 0000000000000000 R09: 0000000000000000
[ 1168.760958][T16884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1168.760972][T16884] R13: 00007f252e416038 R14: 00007f252e415fa0 R15: 00007fff94d85598
[ 1168.761007][T16884]  </TASK>
[ 1169.155245][T16889] syzkaller0: entered promiscuous mode
[ 1169.160816][T16889] syzkaller0: entered allmulticast mode
[ 1169.246900][ T7064] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1169.640471][ T7064] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1169.694903][T16908] syzkaller0: entered promiscuous mode
[ 1169.700505][T16908] syzkaller0: entered allmulticast mode
[ 1169.715676][T16904] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1169.723197][T16904] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1169.821025][ T7064] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1169.846806][T16913] openvswitch: netlink: Flow key attr not present in new flow.
[ 1169.860358][T16913] netlink: 'syz.2.15746': attribute type 7 has an invalid length.
[ 1169.964813][T16874] chnl_net:caif_netlink_parms(): no params data found
[ 1170.093957][ T7064] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1170.305642][  T394] netdevsim netdevsim3 eth5: set [0, 0] type 1 family 0 port 8472 - 0
[ 1170.422923][T16874] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1170.430129][T16874] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1170.471835][T16874] bridge_slave_0: entered allmulticast mode
[ 1170.494871][T16874] bridge_slave_0: entered promiscuous mode
[ 1170.508028][T16874] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1170.530297][T16874] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1170.537526][ T6208] Bluetooth: hci5: command tx timeout
[ 1170.578596][T16874] bridge_slave_1: entered allmulticast mode
[ 1170.601812][T16874] bridge_slave_1: entered promiscuous mode
[ 1170.716820][  T178] netdevsim netdevsim3 eth6: set [0, 0] type 1 family 0 port 8472 - 0
[ 1170.734160][  T178] netdevsim netdevsim3 eth7: set [0, 0] type 1 family 0 port 8472 - 0
[ 1170.786082][T16962] netlink: 'syz.4.15761': attribute type 1 has an invalid length.
[ 1170.841482][  T178] netdevsim netdevsim3 eth8: set [0, 0] type 1 family 0 port 8472 - 0
[ 1170.862301][T16964] __nla_validate_parse: 8 callbacks suppressed
[ 1170.862322][T16964] netlink: 44 bytes leftover after parsing attributes in process `syz.4.15761'.
[ 1170.889021][T16966] "syz.2.15763" (16966) uses obsolete ecb(arc4) skcipher
[ 1170.928060][T16874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1170.968496][T16874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1170.981506][T16966] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[ 1171.086222][ T7064] erspan0: left allmulticast mode
[ 1171.091335][ T7064] erspan0: left promiscuous mode
[ 1171.129133][ T7064] bridge6: port 1(erspan0) entered disabled state
[ 1171.196950][T16983] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15767'.
[ 1171.652939][ T5156] block nbd0: Possible stuck request ffff88809ddb8000: control (read@0,1024B). Runtime 90 seconds
[ 1171.663856][ T5156] block nbd0: Possible stuck request ffff88809ddb8200: control (read@1024,1024B). Runtime 90 seconds
[ 1171.675366][ T5156] block nbd0: Possible stuck request ffff88809ddb8400: control (read@2048,1024B). Runtime 90 seconds
[ 1171.686464][ T5156] block nbd0: Possible stuck request ffff88809ddb8600: control (read@3072,1024B). Runtime 90 seconds
[ 1171.975642][T17018] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15775'.
[ 1172.078716][ T7064] bond0 (unregistering): left promiscuous mode
[ 1172.085186][ T7064] bond_slave_0: left promiscuous mode
[ 1172.090793][ T7064] bond_slave_1: left promiscuous mode
[ 1172.102134][ T7064] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1172.112320][ T7064] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1172.121774][ T7064] bond0 (unregistering): Released all slaves
[ 1172.137669][ T7064] bond1 (unregistering): Released all slaves
[ 1172.157388][ T7064] bond2 (unregistering): (slave lo): Releasing backup interface
[ 1172.165930][ T7064] bond2 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[ 1172.179252][ T7064] bond2 (unregistering): Released all slaves
[ 1172.200252][ T7064] bond3 (unregistering): Released all slaves
[ 1172.241263][T16874] team0: Port device team_slave_0 added
[ 1172.324477][T17026] netlink: 20 bytes leftover after parsing attributes in process `syz.1.15775'.
[ 1172.427671][T16992] syzkaller0: entered promiscuous mode
[ 1172.433788][T16992] syzkaller0: entered allmulticast mode
[ 1172.460267][T17018] bond5: entered promiscuous mode
[ 1172.463989][T17028] netlink: 'syz.2.15776': attribute type 10 has an invalid length.
[ 1172.465829][T17018] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1172.488733][T16874] team0: Port device team_slave_1 added
[ 1172.612618][ T6208] Bluetooth: hci5: command tx timeout
[ 1174.692317][ T6208] Bluetooth: hci5: command tx timeout
[ 1174.748565][T17025] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[ 1174.752542][T17027] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[ 1174.794685][T17028] team0: Device vxcan1 is of different type
[ 1175.027719][T16874] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1175.041081][T17054] SET target dimension over the limit!
[ 1175.047720][T16874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1175.076953][T16874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1175.171149][T17060] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15783'.
[ 1175.185642][T16874] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1175.212570][T16874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1175.240898][T16874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1175.439317][T17060] sit0: entered promiscuous mode
[ 1175.454032][T17060] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15783'.
[ 1175.509657][T16874] hsr_slave_0: entered promiscuous mode
[ 1175.516800][T16874] hsr_slave_1: entered promiscuous mode
[ 1175.524337][T16874] debugfs: 'hsr0' already exists in 'hsr'
[ 1175.530471][T16874] Cannot create hsr debugfs directory
[ 1176.016162][ T7064] hsr_slave_0: left promiscuous mode
[ 1176.035598][ T7064] hsr_slave_1: left promiscuous mode
[ 1176.050952][ T7064] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1176.062527][T17096] SET target dimension over the limit!
[ 1176.083974][ T7064] pim6reg (unregistering): left allmulticast mode
[ 1176.177915][ T7064] team0 (unregistering): Port device batadv1 removed
[ 1176.556316][ T7064] team0 (unregistering): Port device team_slave_1 removed
[ 1176.663600][T17114] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15797'.
[ 1176.777361][ T6208] Bluetooth: hci5: command tx timeout
[ 1177.106935][T16874] netdevsim netdevsim3 eth8 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1177.306707][T17131] bond3: (slave ip6gretap1): making interface the new active one
[ 1177.345322][T17131] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[ 1177.394050][T17137] bridge2: the hash_elasticity option has been deprecated and is always 16
[ 1177.400282][T17145] netlink: 'syz.4.15806': attribute type 16 has an invalid length.
[ 1177.424315][ T1298] clip:clip_start_xmit: skb_dst(skb) == NULL
[ 1177.430926][ T1298] lec:lec_start_xmit: lec0:No lecd attached
[ 1177.457148][T17145] netlink: 'syz.4.15806': attribute type 17 has an invalid length.
[ 1177.640600][T16874] netdevsim netdevsim3 eth7 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1177.917288][T17173] FAULT_INJECTION: forcing a failure.
[ 1177.917288][T17173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1177.955314][T17173] CPU: 0 UID: 0 PID: 17173 Comm: syz.2.15810 Not tainted syzkaller #0 PREEMPT(full) 
[ 1177.955346][T17173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1177.955361][T17173] Call Trace:
[ 1177.955371][T17173]  <TASK>
[ 1177.955381][T17173]  dump_stack_lvl+0xe8/0x150
[ 1177.955420][T17173]  should_fail_ex+0x412/0x560
[ 1177.955455][T17173]  _copy_from_user+0x2d/0xb0
[ 1177.955492][T17173]  ___sys_sendmsg+0x1c6/0x360
[ 1177.955524][T17173]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1177.955585][T17173]  ? __fget_files+0x2a/0x420
[ 1177.955619][T17173]  ? __fget_files+0x3a0/0x420
[ 1177.955663][T17173]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1177.955690][T17173]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1177.955723][T17173]  ? __pfx_ksys_write+0x10/0x10
[ 1177.955762][T17173]  do_syscall_64+0x14d/0xf80
[ 1177.955784][T17173]  ? trace_irq_disable+0x3b/0x150
[ 1177.955818][T17173]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.955870][T17173]  ? clear_bhb_loop+0x40/0x90
[ 1177.955899][T17173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.955921][T17173] RIP: 0033:0x7f1f1ad9c799
[ 1177.955942][T17173] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1177.955962][T17173] RSP: 002b:00007f1f1bcd6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1177.955990][T17173] RAX: ffffffffffffffda RBX: 00007f1f1b016180 RCX: 00007f1f1ad9c799
[ 1177.956006][T17173] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000007
[ 1177.956021][T17173] RBP: 00007f1f1bcd6090 R08: 0000000000000000 R09: 0000000000000000
[ 1177.956035][T17173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1177.956049][T17173] R13: 00007f1f1b016218 R14: 00007f1f1b016180 R15: 00007ffd73f430e8
[ 1177.956084][T17173]  </TASK>
[ 1178.165699][T16874] netdevsim netdevsim3 eth6 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1178.251407][T17166] bond6: (slave gre0): Device is not bonding slave
[ 1178.264138][T17166] bond6: option active_slave: invalid value (gre0)
[ 1178.320910][T17183] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15812'.
[ 1178.333550][T17166] bond6 (unregistering): Released all slaves
[ 1178.488969][T16874] netdevsim netdevsim3 eth5 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1178.569882][ T7064] IPVS: stop unused estimator thread 0...
[ 1178.914165][T17214] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15822'.
[ 1179.037862][T16874] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1179.091741][T16874] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1179.144067][T16874] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1179.193470][T17225] FAULT_INJECTION: forcing a failure.
[ 1179.193470][T17225] name failslab, interval 1, probability 0, space 0, times 0
[ 1179.211415][T16874] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1179.231668][T17225] CPU: 0 UID: 0 PID: 17225 Comm: syz.2.15823 Not tainted syzkaller #0 PREEMPT(full) 
[ 1179.231700][T17225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1179.231715][T17225] Call Trace:
[ 1179.231724][T17225]  <TASK>
[ 1179.231735][T17225]  dump_stack_lvl+0xe8/0x150
[ 1179.231772][T17225]  should_fail_ex+0x412/0x560
[ 1179.231808][T17225]  should_failslab+0xa8/0x100
[ 1179.231839][T17225]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 1179.231864][T17225]  ? __alloc_skb+0x186/0x7d0
[ 1179.231895][T17225]  ? __alloc_skb+0x1d0/0x7d0
[ 1179.231928][T17225]  ? __local_bh_enable_ip+0xd0/0x130
[ 1179.231962][T17225]  __alloc_skb+0x1d0/0x7d0
[ 1179.231997][T17225]  netlink_sendmsg+0x5d4/0xb40
[ 1179.232040][T17225]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1179.232074][T17225]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1179.232105][T17225]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1179.232134][T17225]  ____sys_sendmsg+0x972/0x9f0
[ 1179.232166][T17225]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1179.232198][T17225]  ? import_iovec+0x73/0xa0
[ 1179.232235][T17225]  ___sys_sendmsg+0x2a5/0x360
[ 1179.232264][T17225]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1179.232323][T17225]  ? __fget_files+0x2a/0x420
[ 1179.232355][T17225]  ? __fget_files+0x3a0/0x420
[ 1179.232399][T17225]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1179.232424][T17225]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1179.232457][T17225]  ? __pfx_ksys_write+0x10/0x10
[ 1179.232494][T17225]  do_syscall_64+0x14d/0xf80
[ 1179.232515][T17225]  ? trace_irq_disable+0x3b/0x150
[ 1179.232546][T17225]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.232568][T17225]  ? clear_bhb_loop+0x40/0x90
[ 1179.232595][T17225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.232628][T17225] RIP: 0033:0x7f1f1ad9c799
[ 1179.232650][T17225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1179.232668][T17225] RSP: 002b:00007f1f1bcd6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1179.232692][T17225] RAX: ffffffffffffffda RBX: 00007f1f1b016180 RCX: 00007f1f1ad9c799
[ 1179.232707][T17225] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000007
[ 1179.232722][T17225] RBP: 00007f1f1bcd6090 R08: 0000000000000000 R09: 0000000000000000
[ 1179.232736][T17225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1179.232749][T17225] R13: 00007f1f1b016218 R14: 00007f1f1b016180 R15: 00007ffd73f430e8
[ 1179.232785][T17225]  </TASK>
[ 1179.600218][T17238] netlink: 20 bytes leftover after parsing attributes in process `syz.4.15827'.
[ 1179.772216][T17249] netlink: 'syz.2.15829': attribute type 11 has an invalid length.
[ 1179.919631][T17256] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15830'.
[ 1180.056701][T16874] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1180.126117][T16874] 8021q: adding VLAN 0 to HW filter on device team0
[ 1180.178790][T22575] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1180.186058][T22575] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1180.226307][T17274] netlink: 'syz.5.15836': attribute type 3 has an invalid length.
[ 1180.259924][T22575] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1180.267239][T22575] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1180.272635][T17274] netlink: 224 bytes leftover after parsing attributes in process `syz.5.15836'.
[ 1180.459103][T17280] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15838'.
[ 1180.468806][T17280] netlink: 8 bytes leftover after parsing attributes in process `syz.4.15838'.
[ 1180.672605][T17291] openvswitch: netlink: Unknown key attributes 2
[ 1180.730807][T17291] mac80211_hwsim hwsim41 wlan0: entered promiscuous mode
[ 1180.825982][T17298] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15843'.
[ 1180.979687][T16874] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1181.069196][T17311] SET target dimension over the limit!
[ 1181.151827][T16874] veth0_vlan: entered promiscuous mode
[ 1181.213019][T16874] veth1_vlan: entered promiscuous mode
[ 1181.430768][T16874] veth0_macvtap: entered promiscuous mode
[ 1181.504692][T17329] netlink: 'syz.2.15852': attribute type 2 has an invalid length.
[ 1181.528529][T16874] veth1_macvtap: entered promiscuous mode
[ 1181.585821][T16874] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1181.630057][T16874] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1181.690792][T22575] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1181.731192][T22575] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1181.767802][T22575] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1181.776933][T22575] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1181.846800][T17337] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15855'.
[ 1182.059511][T17347] netlink: 52 bytes leftover after parsing attributes in process `syz.5.15857'.
[ 1182.240214][T22575] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1182.268250][T22575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1182.349756][ T7064] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1182.365265][ T7064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1182.476258][T17361] syzkaller0: entered promiscuous mode
[ 1182.481849][T17361] syzkaller0: entered allmulticast mode
[ 1182.508240][T17361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15861'.
[ 1182.517576][T17361] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1182.541071][T17361] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1182.616783][T17365] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15731'.
[ 1182.655406][T17365] 8021q: VLANs not supported on gre0
[ 1182.931984][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5500 ms
[ 1182.940081][    C1] lec:lec_tx_timeout: lec0
[ 1183.393644][ T5141] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1183.408572][ T5141] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1183.417661][ T5141] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1183.426523][ T5141] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1183.434520][ T5141] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1183.491741][T17404] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15872'.
[ 1183.644294][T17410] netlink: 52 bytes leftover after parsing attributes in process `syz.4.15871'.
[ 1184.022528][ T7445] bond0: (slave syz_tun): Releasing backup interface
[ 1184.076247][T17421] lo speed is unknown, defaulting to 1000
[ 1184.109431][T17421] lo speed is unknown, defaulting to 1000
[ 1184.148162][T17421] lo speed is unknown, defaulting to 1000
[ 1184.200442][T17421] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1184.347513][T17421] lo speed is unknown, defaulting to 1000
[ 1184.387256][T17400] chnl_net:caif_netlink_parms(): no params data found
[ 1184.424417][T17421] lo speed is unknown, defaulting to 1000
[ 1184.491498][T17421] lo speed is unknown, defaulting to 1000
[ 1184.513214][T17421] lo speed is unknown, defaulting to 1000
[ 1184.633212][T17421] lo speed is unknown, defaulting to 1000
[ 1184.678800][T17421] lo speed is unknown, defaulting to 1000
[ 1184.732083][T17421] lo speed is unknown, defaulting to 1000
[ 1184.861145][T17400] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1184.898130][T17400] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1184.923512][T17465] netlink: 'syz.2.15884': attribute type 11 has an invalid length.
[ 1184.931486][T17465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15884'.
[ 1184.945600][T17400] bridge_slave_0: entered allmulticast mode
[ 1184.964417][T17400] bridge_slave_0: entered promiscuous mode
[ 1184.985129][T17400] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1185.011699][T17400] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1185.024228][T17474] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15887'.
[ 1185.040253][T17400] bridge_slave_1: entered allmulticast mode
[ 1185.052838][T17400] bridge_slave_1: entered promiscuous mode
[ 1185.149241][T17474] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15887'.
[ 1185.201405][T17400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1185.271340][T17400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1185.362476][T17470] lo speed is unknown, defaulting to 1000
[ 1185.386843][T17474] netlink: 12 bytes leftover after parsing attributes in process `syz.5.15887'.
[ 1185.529200][T17400] team0: Port device team_slave_0 added
[ 1185.568186][T17400] team0: Port device team_slave_1 added
[ 1185.573980][ T5141] Bluetooth: hci1: command tx timeout
[ 1185.722559][T17400] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1185.729577][T17400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1185.799959][T17400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1185.876781][T17400] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1185.898111][T17400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1185.940838][T17400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1186.389163][T17400] hsr_slave_0: entered promiscuous mode
[ 1186.403626][T17400] hsr_slave_1: entered promiscuous mode
[ 1186.433951][T17400] debugfs: 'hsr0' already exists in 'hsr'
[ 1186.446858][T17400] Cannot create hsr debugfs directory
[ 1186.649294][T17548] openvswitch: netlink: nsh attribute has 2 unknown bytes.
[ 1186.945759][T17562] __nla_validate_parse: 7 callbacks suppressed
[ 1186.945781][T17562] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15909'.
[ 1186.967434][T17563] netlink: 256 bytes leftover after parsing attributes in process `syz.5.15908'.
[ 1187.188269][T17400] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1187.208561][T17571] netlink: 'syz.3.15911': attribute type 1 has an invalid length.
[ 1187.234655][T17574] netlink: 192 bytes leftover after parsing attributes in process `syz.4.15912'.
[ 1187.234872][T17566] veth0: entered promiscuous mode
[ 1187.276844][T17575] netlink: 16 bytes leftover after parsing attributes in process `syz.3.15911'.
[ 1187.292504][T17564] veth0: left promiscuous mode
[ 1187.378468][T17400] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1187.483963][T17582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15914'.
[ 1187.525412][T17582] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[ 1187.591348][T17588] netlink: 'syz.4.15915': attribute type 1 has an invalid length.
[ 1187.600581][T17588] netlink: 224 bytes leftover after parsing attributes in process `syz.4.15915'.
[ 1187.611871][T17588] sctp: [Deprecated]: syz.4.15915 (pid 17588) Use of int in max_burst socket option.
[ 1187.611871][T17588] Use struct sctp_assoc_value instead
[ 1187.634042][T17400] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1187.657059][ T5141] Bluetooth: hci1: command tx timeout
[ 1187.837642][T17400] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1187.875314][T17602] sctp: [Deprecated]: syz.3.15918 (pid 17602) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1187.875314][T17602] Use struct sctp_sack_info instead
[ 1187.981587][T17609] netlink: 256 bytes leftover after parsing attributes in process `syz.2.15920'.
[ 1188.027764][T17609] netlink: 256 bytes leftover after parsing attributes in process `syz.2.15920'.
[ 1188.068592][T17611] netlink: 192 bytes leftover after parsing attributes in process `syz.5.15922'.
[ 1188.199262][T17615] sctp: [Deprecated]: syz.2.15920 (pid 17615) Use of int in maxseg socket option.
[ 1188.199262][T17615] Use struct sctp_assoc_value instead
[ 1188.391830][T17400] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1188.431440][T17627] netlink: 'syz.4.15926': attribute type 1 has an invalid length.
[ 1188.439940][T17627] netlink: 224 bytes leftover after parsing attributes in process `syz.4.15926'.
[ 1188.456650][T17400] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1188.467317][T17627] sctp: [Deprecated]: syz.4.15926 (pid 17627) Use of int in max_burst socket option.
[ 1188.467317][T17627] Use struct sctp_assoc_value instead
[ 1188.488506][T17400] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1188.545510][T17629] ������5g�Q[�: renamed from lo (while UP)
[ 1188.578775][T17400] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1188.727771][T17632] vlan5: entered allmulticast mode
[ 1188.738616][T17632] bridge8: entered allmulticast mode
[ 1188.987679][T17400] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1189.065626][T17400] 8021q: adding VLAN 0 to HW filter on device team0
[ 1189.109574][T29390] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1189.116854][T29390] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1189.124143][T17660] netlink: 'syz.2.15937': attribute type 1 has an invalid length.
[ 1189.133684][T17660] sctp: [Deprecated]: syz.2.15937 (pid 17660) Use of int in max_burst socket option.
[ 1189.133684][T17660] Use struct sctp_assoc_value instead
[ 1189.184303][T29390] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1189.191568][T29390] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1189.734593][ T5141] Bluetooth: hci1: command tx timeout
[ 1189.762060][T17700] Unsupported ieee802154 address type: 0
[ 1189.895762][T17400] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1190.059834][T17400] veth0_vlan: entered promiscuous mode
[ 1190.089188][T17400] veth1_vlan: entered promiscuous mode
[ 1190.213539][T17400] veth0_macvtap: entered promiscuous mode
[ 1190.231012][T17400] veth1_macvtap: entered promiscuous mode
[ 1190.287596][T17400] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1190.332333][T17400] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1190.390014][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.434085][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.454371][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.491539][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1190.757272][T17747] bond4: option packets_per_slave: invalid value (18446744073709551615)
[ 1190.767617][T17747] bond4: option packets_per_slave: allowed values 0 - 65535
[ 1190.778409][T17747] bond4 (unregistering): Released all slaves
[ 1190.821326][T17746] netlink: 'syz.3.15964': attribute type 3 has an invalid length.
[ 1190.837063][ T7069] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1190.866790][ T7069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1191.000434][  T394] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1191.011025][  T394] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1191.231211][T17775] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1191.304500][T17775] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1191.317060][T17781] netlink: 'syz.3.15974': attribute type 1 has an invalid length.
[ 1191.356069][T17784] xt_l2tp: v2 doesn't support IP mode
[ 1191.395286][T17781] netlink: 'syz.3.15974': attribute type 1 has an invalid length.
[ 1191.682723][ T6208] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1191.699547][ T6208] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1191.712199][ T6208] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1191.722070][ T6208] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1191.751832][ T6208] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1191.815855][ T5141] Bluetooth: hci1: command tx timeout
[ 1191.850183][T17795] lo speed is unknown, defaulting to 1000
[ 1192.117339][T17811] syzkaller0: entered promiscuous mode
[ 1192.129386][T17811] syzkaller0: entered allmulticast mode
[ 1192.222392][T17795] chnl_net:caif_netlink_parms(): no params data found
[ 1192.301547][T17822] __nla_validate_parse: 15 callbacks suppressed
[ 1192.301569][T17822] netlink: 4 bytes leftover after parsing attributes in process `syz.5.15983'.
[ 1192.767310][T17795] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1192.817576][T17795] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1192.833975][T17795] bridge_slave_0: entered allmulticast mode
[ 1192.859339][T17795] bridge_slave_0: entered promiscuous mode
[ 1192.888596][T17795] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1192.905912][T17839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15986'.
[ 1192.913787][T17795] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1192.933338][T17795] bridge_slave_1: entered allmulticast mode
[ 1192.941377][T17795] bridge_slave_1: entered promiscuous mode
[ 1192.964965][T17842] netdevsim netdevsim4: Direct firmware load for . failed with error -2
[ 1192.976510][T17839] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.15986'.
[ 1192.992614][T17842] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[ 1193.001550][T17839] netlink: 192 bytes leftover after parsing attributes in process `syz.3.15986'.
[ 1193.091203][T17846] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_vlan, syncid = 2, id = 0
[ 1193.101719][T17795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1193.155456][T17795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1193.174950][T17845] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1193.313365][T17795] team0: Port device team_slave_0 added
[ 1193.345361][T17854] syzkaller0: entered promiscuous mode
[ 1193.359446][T17854] syzkaller0: entered allmulticast mode
[ 1193.402900][T17795] team0: Port device team_slave_1 added
[ 1193.444862][ T5141] Bluetooth: hci3: link tx timeout
[ 1193.450187][ T5141] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1193.458891][T17861] Cannot find set identified by id 1 to match
[ 1193.536569][T17863] netlink: 'syz.3.15993': attribute type 1 has an invalid length.
[ 1193.548289][T17795] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1193.562575][T17863] netlink: 224 bytes leftover after parsing attributes in process `syz.3.15993'.
[ 1193.565573][T17795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1193.583858][T17863] sctp: [Deprecated]: syz.3.15993 (pid 17863) Use of int in max_burst socket option.
[ 1193.583858][T17863] Use struct sctp_assoc_value instead
[ 1193.641080][T17795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1193.686620][T17795] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1193.694897][T17795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1193.732756][T17868] netlink: 'syz.3.15995': attribute type 4 has an invalid length.
[ 1193.753499][T17868] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15995'.
[ 1193.763398][T17868] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15995'.
[ 1193.765348][T17795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1193.812194][ T6208] Bluetooth: hci2: command tx timeout
[ 1193.909000][T17874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.15996'.
[ 1193.927051][T17795] hsr_slave_0: entered promiscuous mode
[ 1193.934754][T17795] hsr_slave_1: entered promiscuous mode
[ 1193.941289][T17795] debugfs: 'hsr0' already exists in 'hsr'
[ 1193.947745][T17795] Cannot create hsr debugfs directory
[ 1194.094277][T17876] vlan6: entered allmulticast mode
[ 1194.111900][T17876] bridge9: entered allmulticast mode
[ 1194.278200][T17892] netlink: 'syz.4.16004': attribute type 1 has an invalid length.
[ 1194.292347][T17892] netlink: 224 bytes leftover after parsing attributes in process `syz.4.16004'.
[ 1194.325129][T17892] sctp: [Deprecated]: syz.4.16004 (pid 17892) Use of int in max_burst socket option.
[ 1194.325129][T17892] Use struct sctp_assoc_value instead
[ 1194.402230][T17899] sctp: [Deprecated]: syz.5.16006 (pid 17899) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1194.402230][T17899] Use struct sctp_sack_info instead
[ 1194.435850][T17898] netlink: 'syz.1.16005': attribute type 83 has an invalid length.
[ 1194.435850][T17895] netlink: 'syz.1.16005': attribute type 83 has an invalid length.
[ 1194.612937][T17909] netlink: 8 bytes leftover after parsing attributes in process `syz.4.16008'.
[ 1194.636032][T17909] netlink: 'syz.4.16008': attribute type 2 has an invalid length.
[ 1194.657016][T17795] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1194.682121][T17795] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1194.724038][T17909] �9: entered promiscuous mode
[ 1194.750177][T17909] syzkaller1: entered promiscuous mode
[ 1194.760774][T17909] syzkaller1: entered allmulticast mode
[ 1194.839985][T17795] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1194.851095][T17795] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1195.026465][T17795] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1195.062676][T17795] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1195.181770][T17795] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1195.206910][T17795] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1195.243784][T17933] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1195.379054][T17940] xt_policy: neither incoming nor outgoing policy selected
[ 1195.404470][T17940] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1195.422326][T17937] netlink: 'syz.4.16017': attribute type 1 has an invalid length.
[ 1195.462433][T17937] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR
[ 1195.492618][ T6208] Bluetooth: hci3: command 0x0406 tx timeout
[ 1195.669299][T17795] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1195.709551][T17795] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1195.766723][T17795] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1195.793876][T17795] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1195.899905][ T5141] Bluetooth: hci2: command tx timeout
[ 1196.240875][T17795] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1196.270518][T17795] 8021q: adding VLAN 0 to HW filter on device team0
[ 1196.348412][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1196.355668][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1196.402795][T17988] validate_nla: 1 callbacks suppressed
[ 1196.402826][T17988] netlink: 'syz.5.16029': attribute type 4 has an invalid length.
[ 1196.486393][T29390] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1196.493651][T29390] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1196.609828][T17795] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1196.948866][T18018] netlink: 'syz.3.16038': attribute type 1 has an invalid length.
[ 1196.972805][T18018] sctp: [Deprecated]: syz.3.16038 (pid 18018) Use of int in max_burst socket option.
[ 1196.972805][T18018] Use struct sctp_assoc_value instead
[ 1197.053741][T17795] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1197.167832][T17795] veth0_vlan: entered promiscuous mode
[ 1197.207689][T17795] veth1_vlan: entered promiscuous mode
[ 1197.360483][T17795] veth0_macvtap: entered promiscuous mode
[ 1197.392327][T17795] veth1_macvtap: entered promiscuous mode
[ 1197.461607][T18039] __nla_validate_parse: 7 callbacks suppressed
[ 1197.461628][T18039] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.486573][T17795] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1197.501607][T18039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.556200][T18039] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.593037][T18039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.618636][T18039] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.627788][T17795] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1197.645573][ T7069] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.670778][ T7069] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.703788][T18039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.748312][ T7069] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.760642][ T7069] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1197.791663][T18039] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.827934][T18039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.931162][T18039] netlink: 20 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.971073][T18039] netlink: 24 bytes leftover after parsing attributes in process `syz.4.16044'.
[ 1197.993536][ T5141] Bluetooth: hci2: command tx timeout
[ 1197.999625][T18056] netlink: 'syz.3.16051': attribute type 1 has an invalid length.
[ 1198.013044][T22575] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1198.020659][T18056] sctp: [Deprecated]: syz.3.16051 (pid 18056) Use of int in max_burst socket option.
[ 1198.020659][T18056] Use struct sctp_assoc_value instead
[ 1198.026012][T22575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1198.087398][T29390] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1198.122571][T29390] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1199.298811][T18123] syzkaller0: entered promiscuous mode
[ 1199.665605][T18139] sctp: [Deprecated]: syz.5.16066 (pid 18139) Use of int in max_burst socket option.
[ 1199.665605][T18139] Use struct sctp_assoc_value instead
[ 1200.052762][ T5141] Bluetooth: hci2: command tx timeout
[ 1201.256552][T18069] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1201.301389][T18136] netlink: 'syz.5.16066': attribute type 1 has an invalid length.
[ 1201.750418][ T5156] block nbd0: Possible stuck request ffff88809ddb8000: control (read@0,1024B). Runtime 120 seconds
[ 1201.762933][ T5156] block nbd0: Possible stuck request ffff88809ddb8200: control (read@1024,1024B). Runtime 120 seconds
[ 1201.774514][ T5156] block nbd0: Possible stuck request ffff88809ddb8400: control (read@2048,1024B). Runtime 120 seconds
[ 1201.788333][ T5156] block nbd0: Possible stuck request ffff88809ddb8600: control (read@3072,1024B). Runtime 120 seconds
[ 1201.815394][T18206] team0: Port device team_slave_0 removed
[ 1202.080245][T18225] 8021q: VLANs not supported on caif0
[ 1202.356601][T18239] vlan0: entered allmulticast mode
[ 1202.366433][T18239] veth0_vlan: entered allmulticast mode
[ 1203.086627][T18283] syzkaller0: entered promiscuous mode
[ 1203.093846][T18283] syzkaller0: entered allmulticast mode
[ 1203.169110][T18288] __nla_validate_parse: 64 callbacks suppressed
[ 1203.169132][T18288] netlink: 104 bytes leftover after parsing attributes in process `syz.3.16092'.
[ 1203.353716][T18296] netlink: 24 bytes leftover after parsing attributes in process `syz.2.16095'.
[ 1203.647741][T18302] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16096'.
[ 1203.749598][T18307] netlink: 36 bytes leftover after parsing attributes in process `syz.1.16099'.
[ 1204.035257][ T6208] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1204.045494][ T6208] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1204.055716][ T6208] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1204.065252][ T6208] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1204.075564][ T6208] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1204.133910][T18320] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1204.188517][T18322] Bluetooth: MGMT ver 1.23
[ 1204.213554][T18315] lo speed is unknown, defaulting to 1000
[ 1204.801530][T18346] syzkaller0: entered promiscuous mode
[ 1204.818816][T18346] syzkaller0: entered allmulticast mode
[ 1204.934558][ T7064] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1204.990982][T18362] FAULT_INJECTION: forcing a failure.
[ 1204.990982][T18362] name failslab, interval 1, probability 0, space 0, times 0
[ 1205.022089][T18362] CPU: 1 UID: 0 PID: 18362 Comm: syz.5.16116 Not tainted syzkaller #0 PREEMPT(full) 
[ 1205.022121][T18362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1205.022136][T18362] Call Trace:
[ 1205.022145][T18362]  <TASK>
[ 1205.022155][T18362]  dump_stack_lvl+0xe8/0x150
[ 1205.022193][T18362]  should_fail_ex+0x412/0x560
[ 1205.022227][T18362]  should_failslab+0xa8/0x100
[ 1205.022258][T18362]  __kmalloc_cache_noprof+0x88/0x660
[ 1205.022283][T18362]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1205.022308][T18362]  ? genl_start+0x1c9/0x6c0
[ 1205.022334][T18362]  genl_start+0x1c9/0x6c0
[ 1205.022354][T18362]  ? netlink_lookup+0x30/0x200
[ 1205.022388][T18362]  __netlink_dump_start+0x469/0x7e0
[ 1205.022426][T18362]  genl_family_rcv_msg_dumpit+0x213/0x310
[ 1205.022455][T18362]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 1205.022476][T18362]  ? genl_get_cmd+0x691/0x930
[ 1205.022510][T18362]  ? __pfx_genl_start+0x10/0x10
[ 1205.022529][T18362]  ? __pfx_genl_dumpit+0x10/0x10
[ 1205.022549][T18362]  ? __pfx_genl_done+0x10/0x10
[ 1205.022586][T18362]  genl_rcv_msg+0x5e8/0x7a0
[ 1205.022614][T18362]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1205.022635][T18362]  ? __pfx_ethnl_tsinfo_start+0x10/0x10
[ 1205.022766][T18362]  ? __pfx_ethnl_tsinfo_dumpit+0x10/0x10
[ 1205.022804][T18362]  ? __pfx_ethnl_tsinfo_done+0x10/0x10
[ 1205.022834][T18362]  ? __lock_acquire+0x6b5/0x2cf0
[ 1205.022873][T18362]  netlink_rcv_skb+0x232/0x4b0
[ 1205.022902][T18362]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1205.022927][T18362]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1205.022976][T18362]  ? down_read+0x272/0x2e0
[ 1205.022999][T18362]  ? genl_rcv+0xd/0x40
[ 1205.023022][T18362]  genl_rcv+0x28/0x40
[ 1205.023042][T18362]  netlink_unicast+0x80f/0x9b0
[ 1205.023077][T18362]  ? __pfx_netlink_unicast+0x10/0x10
[ 1205.023105][T18362]  ? netlink_sendmsg+0x650/0xb40
[ 1205.023131][T18362]  ? skb_put+0x11b/0x210
[ 1205.023169][T18362]  netlink_sendmsg+0x813/0xb40
[ 1205.023209][T18362]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1205.023244][T18362]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1205.023276][T18362]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1205.023304][T18362]  ____sys_sendmsg+0x972/0x9f0
[ 1205.023338][T18362]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1205.023370][T18362]  ? import_iovec+0x73/0xa0
[ 1205.023409][T18362]  ___sys_sendmsg+0x2a5/0x360
[ 1205.023438][T18362]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1205.023501][T18362]  ? __fget_files+0x2a/0x420
[ 1205.023533][T18362]  ? __fget_files+0x3a0/0x420
[ 1205.023576][T18362]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1205.023600][T18362]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1205.023632][T18362]  ? __pfx_ksys_write+0x10/0x10
[ 1205.023670][T18362]  do_syscall_64+0x14d/0xf80
[ 1205.023691][T18362]  ? trace_irq_disable+0x3b/0x150
[ 1205.023722][T18362]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1205.023745][T18362]  ? clear_bhb_loop+0x40/0x90
[ 1205.023772][T18362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1205.023802][T18362] RIP: 0033:0x7fbaee39c799
[ 1205.023824][T18362] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1205.023844][T18362] RSP: 002b:00007fbaec5ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1205.023867][T18362] RAX: ffffffffffffffda RBX: 00007fbaee615fa0 RCX: 00007fbaee39c799
[ 1205.023883][T18362] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[ 1205.023897][T18362] RBP: 00007fbaec5ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1205.023911][T18362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1205.023924][T18362] R13: 00007fbaee616038 R14: 00007fbaee615fa0 R15: 00007ffeacd741a8
[ 1205.023961][T18362]  </TASK>
[ 1205.047797][T18364] netlink: 'syz.3.16115': attribute type 16 has an invalid length.
[ 1205.406274][T18364] netlink: 'syz.3.16115': attribute type 17 has an invalid length.
[ 1205.420343][T18360] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1205.474583][T18360] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1205.563083][T18369] netlink: 192 bytes leftover after parsing attributes in process `syz.5.16118'.
[ 1205.601834][ T7064] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1205.708474][T18364] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1205.820952][T18377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16121'.
[ 1206.000330][T18382] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16120'.
[ 1206.133428][ T5141] Bluetooth: hci0: command tx timeout
[ 1208.025450][ T7064] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1208.049994][T18315] chnl_net:caif_netlink_parms(): no params data found
[ 1208.068090][T18371] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[ 1208.204281][T18377] team0: Port device team_slave_0 removed
[ 1208.223450][ T5141] Bluetooth: hci0: command tx timeout
[ 1208.252430][T18378] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1208.326886][ T7064] batman_adv: batadv0: Removing interface: netdevsim0
[ 1208.358382][ T7064] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1208.739022][T18410] bond6 (unregistering): Released all slaves
[ 1208.747930][T18415] netlink: 'syz.3.16130': attribute type 16 has an invalid length.
[ 1208.757700][T18415] netlink: 'syz.3.16130': attribute type 17 has an invalid length.
[ 1208.897485][T18415] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1208.915924][  T106] netdevsim netdevsim4 eth5: set [0, 0] type 1 family 0 port 8472 - 0
[ 1208.977426][T18315] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1208.999153][T18417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16131'.
[ 1209.002833][T18315] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1209.043836][T18315] bridge_slave_0: entered allmulticast mode
[ 1209.064067][T18315] bridge_slave_0: entered promiscuous mode
[ 1209.081508][  T106] netdevsim netdevsim4 eth6: set [0, 0] type 1 family 0 port 8472 - 0
[ 1209.090603][T18417] veth0_to_bond: entered allmulticast mode
[ 1209.107279][T18315] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1209.116103][T18315] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1209.123879][T18315] bridge_slave_1: entered allmulticast mode
[ 1209.132737][T18315] bridge_slave_1: entered promiscuous mode
[ 1209.173921][T18417] syzkaller1: entered promiscuous mode
[ 1209.186900][T18417] syzkaller1: entered allmulticast mode
[ 1209.206037][T18422] netlink: 256 bytes leftover after parsing attributes in process `syz.3.16132'.
[ 1209.244141][T22575] netdevsim netdevsim4 eth7: set [0, 0] type 1 family 0 port 8472 - 0
[ 1209.308644][T18315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1209.325449][T18315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1209.360705][T29390] netdevsim netdevsim4 eth8: set [0, 0] type 1 family 0 port 8472 - 0
[ 1209.463078][T18315] team0: Port device team_slave_0 added
[ 1209.510761][ T7064] erspan0: left allmulticast mode
[ 1209.519490][ T7064] erspan0: left promiscuous mode
[ 1209.525549][ T7064] bridge6: port 1(erspan0) entered disabled state
[ 1209.949895][ T7064] bond1 (unregistering): (slave bridge4): Releasing backup interface
[ 1209.958512][ T7064] bridge4 (unregistering): left promiscuous mode
[ 1210.261352][ T7064] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1210.273835][ T7064] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1210.285295][ T7064] bond0 (unregistering): Released all slaves
[ 1210.292622][ T5141] Bluetooth: hci0: command tx timeout
[ 1210.303179][ T7064] bond1 (unregistering): Released all slaves
[ 1210.319390][ T7064] bond2 (unregistering): Released all slaves
[ 1210.340791][ T7064] bond3 (unregistering): (slave veth7): Releasing active interface
[ 1210.348816][ T7064] veth0_to_bond: entered promiscuous mode
[ 1210.358024][ T7064] bond3 (unregistering): (slave veth0_to_bond): Releasing active interface
[ 1210.371227][ T7064] bond3 (unregistering): (slave veth9): Releasing active interface
[ 1210.387397][ T7064] bond3 (unregistering): Released all slaves
[ 1210.403234][ T7064] bond4 (unregistering): Released all slaves
[ 1210.419124][T18315] team0: Port device team_slave_1 added
[ 1210.434976][T18435] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[ 1210.443270][T18442] A link change request failed with some changes committed already. Interface ������5g�Q[� may have been left with an inconsistent configuration, please check.
[ 1210.550056][ T7064] : left promiscuous mode
[ 1210.646164][ T7064] �9: left promiscuous mode
[ 1210.706348][T18458] netlink: 'syz.5.16141': attribute type 16 has an invalid length.
[ 1210.774423][T18458] netlink: 'syz.5.16141': attribute type 17 has an invalid length.
[ 1210.963792][ T4209] lo speed is unknown, defaulting to 1000
[ 1210.991669][T18468] netlink: 108 bytes leftover after parsing attributes in process `syz.3.16146'.
[ 1211.024303][T18315] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1211.031313][T18315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1211.109054][T18473] netlink: 'syz.2.16147': attribute type 1 has an invalid length.
[ 1211.117762][T18473] netlink: 224 bytes leftover after parsing attributes in process `syz.2.16147'.
[ 1211.129298][T18473] sctp: [Deprecated]: syz.2.16147 (pid 18473) Use of int in max_burst socket option.
[ 1211.129298][T18473] Use struct sctp_assoc_value instead
[ 1211.146113][T18315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1211.197226][T18458] syz_tun: left promiscuous mode
[ 1211.225839][T18458] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1211.350671][T18315] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1211.384014][T18315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1211.452021][T18315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1211.873366][T18315] hsr_slave_0: entered promiscuous mode
[ 1211.880267][T18315] hsr_slave_1: entered promiscuous mode
[ 1211.913169][T18315] debugfs: 'hsr0' already exists in 'hsr'
[ 1211.919886][T18315] Cannot create hsr debugfs directory
[ 1212.191040][T18500] syzkaller0: entered promiscuous mode
[ 1212.196896][T18500] syzkaller0: entered allmulticast mode
[ 1212.255452][T18518] syz.3.16156: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1212.274012][T18518] CPU: 1 UID: 0 PID: 18518 Comm: syz.3.16156 Not tainted syzkaller #0 PREEMPT(full) 
[ 1212.274042][T18518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1212.274057][T18518] Call Trace:
[ 1212.274067][T18518]  <TASK>
[ 1212.274077][T18518]  dump_stack_lvl+0xe8/0x150
[ 1212.274114][T18518]  warn_alloc+0x249/0x340
[ 1212.274144][T18518]  ? stack_trace_save+0xa9/0x100
[ 1212.274173][T18518]  ? __pfx_warn_alloc+0x10/0x10
[ 1212.274207][T18518]  ? kasan_save_track+0x4f/0x80
[ 1212.274229][T18518]  ? kasan_save_track+0x3e/0x80
[ 1212.274251][T18518]  ? __kasan_kmalloc+0x93/0xb0
[ 1212.274275][T18518]  ? __kmalloc_cache_noprof+0x31c/0x660
[ 1212.274299][T18518]  ? xskq_create+0x56/0x170
[ 1212.274332][T18518]  ? xsk_setsockopt+0x54c/0x990
[ 1212.274361][T18518]  ? do_sock_setsockopt+0x17c/0x1b0
[ 1212.274393][T18518]  ? __x64_sys_setsockopt+0x13d/0x1b0
[ 1212.274426][T18518]  ? do_syscall_64+0x14d/0xf80
[ 1212.274468][T18518]  __vmalloc_node_range_noprof+0x132/0x1730
[ 1212.274532][T18518]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1212.274556][T18518]  ? __kasan_kmalloc+0x93/0xb0
[ 1212.274579][T18518]  vmalloc_user_noprof+0xad/0xe0
[ 1212.274597][T18518]  ? xskq_create+0xbf/0x170
[ 1212.274621][T18518]  xskq_create+0xbf/0x170
[ 1212.274646][T18518]  xsk_init_queue+0x8a/0xe0
[ 1212.274671][T18518]  xsk_setsockopt+0x54c/0x990
[ 1212.274695][T18518]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1212.274717][T18518]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1212.274740][T18518]  ? aa_sock_opt_perm+0xff/0x1a0
[ 1212.274764][T18518]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1212.274782][T18518]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1212.274805][T18518]  do_sock_setsockopt+0x17c/0x1b0
[ 1212.274834][T18518]  __x64_sys_setsockopt+0x13d/0x1b0
[ 1212.274863][T18518]  do_syscall_64+0x14d/0xf80
[ 1212.274878][T18518]  ? trace_irq_disable+0x3b/0x150
[ 1212.274901][T18518]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1212.274918][T18518]  ? clear_bhb_loop+0x40/0x90
[ 1212.274938][T18518]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1212.274957][T18518] RIP: 0033:0x7f6630d9c799
[ 1212.274973][T18518] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1212.274987][T18518] RSP: 002b:00007f6631b8a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1212.275005][T18518] RAX: ffffffffffffffda RBX: 00007f6631015fa0 RCX: 00007f6630d9c799
[ 1212.275017][T18518] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004
[ 1212.275026][T18518] RBP: 00007f6630e32c99 R08: 0000000000000004 R09: 0000000000000000
[ 1212.275036][T18518] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1212.275046][T18518] R13: 00007f6631016038 R14: 00007f6631015fa0 R15: 00007ffeaf8eec48
[ 1212.275072][T18518]  </TASK>
[ 1212.275322][T18518] Mem-Info:
[ 1212.373793][ T5141] Bluetooth: hci0: command tx timeout
[ 1212.376265][T18519] SET target dimension over the limit!
[ 1212.511509][T18518] active_anon:6798 inactive_anon:0 isolated_anon:0
[ 1212.511509][T18518]  active_file:3087 inactive_file:40725 isolated_file:0
[ 1212.511509][T18518]  unevictable:768 dirty:291 writeback:0
[ 1212.511509][T18518]  slab_reclaimable:12668 slab_unreclaimable:117294
[ 1212.511509][T18518]  mapped:35102 shmem:1380 pagetables:3655
[ 1212.511509][T18518]  sec_pagetables:0 bounce:0
[ 1212.511509][T18518]  kernel_misc_reclaimable:0
[ 1212.511509][T18518]  free:1285026 free_pcp:25435 free_cma:0
[ 1212.627334][T18518] Node 0 active_anon:27292kB inactive_anon:0kB active_file:12348kB inactive_file:162692kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:25720kB dirty:1160kB writeback:0kB shmem:3984kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14468kB pagetables:14472kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1212.701707][T18518] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98388kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1212.794722][T18518] Node 0 DMA free:15212kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:148kB local_pcp:76kB free_cma:0kB
[ 1212.832428][T18518] lowmem_reserve[]: 0 2492 2493 2493 2493
[ 1212.838453][T18518] Node 0 DMA32 free:1437052kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:26992kB inactive_anon:0kB active_file:12348kB inactive_file:162692kB unevictable:1536kB writepending:1160kB zspages:0kB present:3129332kB managed:2552760kB mlocked:0kB bounce:0kB free_pcp:41796kB local_pcp:21104kB free_cma:0kB
[ 1212.894118][T18527] netlink: 'syz.2.16158': attribute type 1 has an invalid length.
[ 1212.910182][T18518] lowmem_reserve[]: 0 0 0 0 0
[ 1212.925954][T18518] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1212.962364][T18527] netlink: 224 bytes leftover after parsing attributes in process `syz.2.16158'.
[ 1212.985079][T18527] sctp: [Deprecated]: syz.2.16158 (pid 18527) Use of int in max_burst socket option.
[ 1212.985079][T18527] Use struct sctp_assoc_value instead
[ 1213.018480][T18518] lowmem_reserve[]: 0 0 0 0 0
[ 1213.052822][T18518] Node 1 Normal free:3687128kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:59752kB local_pcp:30660kB free_cma:0kB
[ 1213.110258][T18518] lowmem_reserve[]: 0 0 0 0 0
[ 1213.115454][T18518] Node 0 DMA: 1*4kB (U) 1*8kB (U) 2*16kB (U) 2*32kB (U) 2*64kB (U) 1*128kB (U) 2*256kB (U) 0*512kB 2*1024kB (U) 2*2048kB (UM) 2*4096kB (UM) = 15212kB
[ 1213.131278][T18518] Node 0 DMA32: 7395*4kB (UM) 7651*8kB (UM) 5200*16kB (UME) 160*32kB (UME) 766*64kB (UME) 883*128kB (UME) 814*256kB (UME) 472*512kB (UME) 319*1024kB (UME) 153*2048kB (UM) 0*4096kB = 1431204kB
[ 1213.154647][T18518] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1213.181568][T18518] Node 1 Normal: 2*4kB (U) 4*8kB (UM) 13*16kB (UM) 7*32kB (UM) 10*64kB (UM) 5*128kB (UM) 4*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 3*2048kB (U) 897*4096kB (UM) = 3687128kB
[ 1213.225622][T18518] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1213.244599][T18518] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1213.264334][T18518] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1213.274479][T18518] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1213.284876][T18518] 45188 total pagecache pages
[ 1213.289611][T18518] 0 pages in swap cache
[ 1213.302400][T18518] Free swap  = 124996kB
[ 1213.306779][T18518] Total swap = 124996kB
[ 1213.323104][T18518] 2097051 pages RAM
[ 1213.327110][T18518] 0 pages HighMem/MovableOnly
[ 1213.337262][T18518] 427026 pages reserved
[ 1213.347431][T18518] 0 pages cma reserved
[ 1213.596678][T18547] netlink: 256 bytes leftover after parsing attributes in process `syz.1.16161'.
[ 1213.721222][T18553] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16164'.
[ 1215.828928][ T7064] hsr_slave_0: left promiscuous mode
[ 1215.836097][ T7064] 0�: left promiscuous mode
[ 1215.841494][ T7064] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1215.861385][ T7064] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1215.870809][T18563] netlink: 'syz.1.16166': attribute type 16 has an invalid length.
[ 1215.883407][T18563] netlink: 'syz.1.16166': attribute type 17 has an invalid length.
[ 1215.890083][ T7064] veth1_macvtap: left promiscuous mode
[ 1215.897968][ T7064] veth0_macvtap: left promiscuous mode
[ 1215.904134][ T7064] veth1_vlan: left promiscuous mode
[ 1215.909541][ T7064] veth0_vlan: left promiscuous mode
[ 1216.260584][ T7064] team0 (unregistering): Port device team_slave_1 removed
[ 1216.477204][T18558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1216.507490][T18558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1216.664452][T18563] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1216.683336][T18562] lo: entered allmulticast mode
[ 1216.734140][T18576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16169'.
[ 1216.824044][T18562] lo: left allmulticast mode
[ 1216.878670][T18576] : entered promiscuous mode
[ 1217.164529][T18585] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[ 1217.191306][T18315] netdevsim netdevsim4 eth8 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1217.197498][T18585] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1217.350913][T18608] netlink: 'syz.5.16175': attribute type 1 has an invalid length.
[ 1217.378741][T18608] netlink: 224 bytes leftover after parsing attributes in process `syz.5.16175'.
[ 1217.434125][ T7064] IPVS: stop unused estimator thread 0...
[ 1217.448355][T18609] sctp: [Deprecated]: syz.5.16175 (pid 18609) Use of int in max_burst socket option.
[ 1217.448355][T18609] Use struct sctp_assoc_value instead
[ 1217.453594][T18315] netdevsim netdevsim4 eth7 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1217.698420][T18315] netdevsim netdevsim4 eth6 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1217.728017][T18616] netlink: 'syz.5.16177': attribute type 83 has an invalid length.
[ 1217.876935][T18315] netdevsim netdevsim4 eth5 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1218.234840][T18315] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1218.253953][T18315] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1218.278506][T18315] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1218.304314][T18315] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1218.503933][T18656] syzkaller0: entered promiscuous mode
[ 1218.534034][T18656] syzkaller0: entered allmulticast mode
[ 1218.813608][T18676] netlink: 24 bytes leftover after parsing attributes in process `syz.5.16190'.
[ 1218.823424][T18675] netlink: 24 bytes leftover after parsing attributes in process `syz.5.16190'.
[ 1218.834543][T18677] netlink: 7 bytes leftover after parsing attributes in process `syz.2.16189'.
[ 1219.021052][T18315] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1219.091449][T18315] 8021q: adding VLAN 0 to HW filter on device team0
[ 1219.139518][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1219.146791][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1219.207122][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1219.214402][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1219.373315][T18701] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16196'.
[ 1219.447663][T18708] vlan2: entered allmulticast mode
[ 1219.468709][T18708] bridge1: entered allmulticast mode
[ 1219.736290][T18716] netlink: 'syz.3.16198': attribute type 16 has an invalid length.
[ 1219.778828][T18716] netlink: 'syz.3.16198': attribute type 17 has an invalid length.
[ 1219.798952][T18725] pim6reg: entered allmulticast mode
[ 1219.949016][T18716] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1220.041887][T18315] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1220.453085][T18752] syzkaller0: entered promiscuous mode
[ 1220.458637][T18752] syzkaller0: entered allmulticast mode
[ 1220.515848][T18759] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.16204'.
[ 1220.586583][T18759] netlink: Unknown conntrack attr (0)
[ 1220.818186][T18770] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16209'.
[ 1221.109982][T18780] vlan2: entered allmulticast mode
[ 1221.129631][T18780] bridge2: entered allmulticast mode
[ 1221.422107][T18803] netlink: 192 bytes leftover after parsing attributes in process `syz.1.16213'.
[ 1221.496707][T18315] veth0_vlan: entered promiscuous mode
[ 1221.550261][T18315] veth1_vlan: entered promiscuous mode
[ 1221.612205][T18807] netlink: 'syz.2.16214': attribute type 10 has an invalid length.
[ 1221.649601][T18807] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[ 1221.711406][T18815] netlink: 'syz.5.16217': attribute type 62 has an invalid length.
[ 1221.795701][T18315] veth0_macvtap: entered promiscuous mode
[ 1221.846692][T18315] veth1_macvtap: entered promiscuous mode
[ 1221.923988][T18315] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1221.975747][T18315] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1222.041739][ T7064] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1222.092386][ T7064] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1222.155760][T18842] syzkaller0: entered promiscuous mode
[ 1222.194685][T18842] syzkaller0: entered allmulticast mode
[ 1222.219944][ T7064] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1222.244558][ T7064] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1222.826132][T18845] vlan1: entered promiscuous mode
[ 1222.831257][T18845] virtio_net virtio1 eth0: entered promiscuous mode
[ 1223.105066][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1223.120427][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1223.194248][T18863] netlink: 32 bytes leftover after parsing attributes in process `syz.5.16228'.
[ 1223.224713][T29390] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1223.234109][T29390] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1223.628656][T18885] netlink: 40 bytes leftover after parsing attributes in process `syz.1.16236'.
[ 1223.957479][T18902] netlink: 'syz.1.16242': attribute type 1 has an invalid length.
[ 1223.996562][T18902] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1224.066641][T18902] bond1: (slave veth3): Enslaving as an active interface with a down link
[ 1224.325546][T18922] ipt_rpfilter: unknown options
[ 1224.564541][T18931] netlink: 'syz.3.16250': attribute type 10 has an invalid length.
[ 1224.573731][T18933] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16249'.
[ 1224.587800][T18931] netlink: 40 bytes leftover after parsing attributes in process `syz.3.16250'.
[ 1224.628171][T18933] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1224.646968][T18933] team0: Port device batadv1 added
[ 1224.656672][T18931] dummy0: entered promiscuous mode
[ 1224.667787][T18931] bridge0: port 3(dummy0) entered blocking state
[ 1224.682612][T18931] bridge0: port 3(dummy0) entered disabled state
[ 1224.702346][T18931] dummy0: entered allmulticast mode
[ 1224.837249][T18948] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16256'.
[ 1224.849214][T18948] netlink: 12 bytes leftover after parsing attributes in process `syz.3.16256'.
[ 1224.940510][T18948] xfrm1: entered promiscuous mode
[ 1224.946500][T18948] xfrm1: entered allmulticast mode
[ 1225.077765][T23778] lec:lec_start_xmit: lec0:No lecd attached
[ 1225.357285][T18973] bond1: option lp_interval: invalid value (0)
[ 1225.364417][T18973] bond1: option lp_interval: allowed values 1 - 2147483647
[ 1225.384389][T18973] bond1 (unregistering): Released all slaves
[ 1225.432769][T18968] netlink: 'syz.5.16263': attribute type 4 has an invalid length.
[ 1225.465016][T18981] vcan1: entered promiscuous mode
[ 1225.470119][T18981] vcan1: entered allmulticast mode
[ 1225.605304][T18983] vcan1: entered promiscuous mode
[ 1225.622055][T18983] vcan1: entered allmulticast mode
[ 1225.965794][T18996] syzkaller0: entered promiscuous mode
[ 1225.971344][T18996] syzkaller0: entered allmulticast mode
[ 1226.698714][T19030] netlink: 27 bytes leftover after parsing attributes in process `syz.1.16284'.
[ 1226.758326][T19030] netlink: 'syz.1.16284': attribute type 1 has an invalid length.
[ 1227.247232][T19053] netlink: 192 bytes leftover after parsing attributes in process `syz.1.16289'.
[ 1227.902618][T19078] netlink: 16 bytes leftover after parsing attributes in process `syz.5.16297'.
[ 1227.924662][T19082] vxcan1 speed is unknown, defaulting to 1000
[ 1227.948525][T19082] vxcan1 speed is unknown, defaulting to 1000
[ 1227.960437][T19082] vxcan1 speed is unknown, defaulting to 1000
[ 1228.033631][T19089] Cannot find set identified by id 1 to match
[ 1228.168345][T19096] Bluetooth: MGMT ver 1.23
[ 1228.173074][T19096] Bluetooth: hci1: too big key_count value 32778
[ 1228.358730][ T4209] vxcan1 speed is unknown, defaulting to 1000
[ 1228.366347][T19082] infiniband syz2: set active
[ 1228.371517][T19082] infiniband syz2: added vxcan1
[ 1228.488932][T19082] RDS/IB: syz2: added
[ 1228.515230][T19082] smc: adding ib device syz2 with port count 1
[ 1228.552466][T19082] smc:    ib device syz2 port 1 has no pnetid
[ 1228.571187][ T4209] vxcan1 speed is unknown, defaulting to 1000
[ 1228.595871][T19082] vxcan1 speed is unknown, defaulting to 1000
[ 1228.614602][T19122] netlink: 56 bytes leftover after parsing attributes in process `syz.1.16308'.
[ 1229.138375][T19082] vxcan1 speed is unknown, defaulting to 1000
[ 1229.159936][T19143] netlink: 'syz.4.16315': attribute type 1 has an invalid length.
[ 1229.218804][T19142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16316'.
[ 1229.314059][T19153] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16316'.
[ 1229.506055][T19164] netlink: 192 bytes leftover after parsing attributes in process `syz.5.16320'.
[ 1229.549549][T19082] vxcan1 speed is unknown, defaulting to 1000
[ 1229.602438][T19167] netlink: 32 bytes leftover after parsing attributes in process `syz.5.16321'.
[ 1229.611882][T19167] ------------[ cut here ]------------
[ 1229.618380][T19167] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16)
[ 1229.630752][T19167] WARNING: net/sched/cls_u32.c:855 at u32_change+0x1da0/0x2720, CPU#0: syz.5.16321/19167
[ 1229.641894][T19167] Modules linked in:
[ 1229.647662][T19167] CPU: 0 UID: 0 PID: 19167 Comm: syz.5.16321 Not tainted syzkaller #0 PREEMPT(full) 
[ 1229.657430][T19167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1229.668586][T19167] RIP: 0010:u32_change+0x1daf/0x2720
[ 1229.674853][T19167] Code: 3d c7 d8 43 06 01 75 33 e8 4e fe 0d f8 eb 50 e8 47 fe 0d f8 48 8d 3d c0 07 69 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 60 74 e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 22 fe 0d f8 eb 24 e8 1b fe 0d f8
[ 1229.694780][T19167] RSP: 0018:ffffc90006b6efc0 EFLAGS: 00010287
[ 1229.700912][T19167] RAX: ffffffff89b79f69 RBX: ffff8880826da800 RCX: 0000000000000010
[ 1229.709784][T19167] RDX: ffffffff8ce17460 RSI: 0000000000000020 RDI: ffffffff9020a730
[ 1229.718176][T19167] RBP: ffffc90006b6f178 R08: 0000000000000dc0 R09: 00000000ffffffff
[ 1229.726468][T19167] R10: dffffc0000000000 R11: fffffbfff20232d7 R12: ffff888086f664e8
[ 1229.735358][T19167] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[ 1229.744411][T19167] FS:  00007fbaec5ee6c0(0000) GS:ffff888125460000(0000) knlGS:0000000000000000
[ 1229.754227][T19167] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1229.760880][T19167] CR2: 000000110c342ff1 CR3: 00000000501f2000 CR4: 00000000003526f0
[ 1229.769687][T19167] Call Trace:
[ 1229.773156][T19167]  <TASK>
[ 1229.776154][T19167]  ? __pfx_u32_change+0x10/0x10
[ 1229.781186][T19167]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1229.787046][T19167]  tc_new_tfilter+0xff8/0x1780
[ 1229.792643][T19167]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1229.797963][T19167]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1229.803344][T19167]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1229.808356][T19167]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1229.814006][T19167]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1229.819544][T19167]  ? ref_tracker_free+0x693/0x840
[ 1229.825306][T19167]  ? __copy_skb_header+0xa3/0x4a0
[ 1229.830431][T19167]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1229.835983][T19167]  netlink_rcv_skb+0x232/0x4b0
[ 1229.841842][T19167]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1229.848144][T19167]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1229.854184][T19167]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1229.859491][T19167]  netlink_unicast+0x80f/0x9b0
[ 1229.864438][T19167]  ? __pfx_netlink_unicast+0x10/0x10
[ 1229.869791][T19167]  ? netlink_sendmsg+0x650/0xb40
[ 1229.874919][T19167]  ? skb_put+0x11b/0x210
[ 1229.879278][T19167]  netlink_sendmsg+0x813/0xb40
[ 1229.884887][T19167]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1229.890256][T19167]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1229.896033][T19167]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1229.901399][T19167]  ____sys_sendmsg+0x972/0x9f0
[ 1229.906585][T19167]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1229.912771][T19167]  ? import_iovec+0x73/0xa0
[ 1229.917362][T19167]  ___sys_sendmsg+0x2a5/0x360
[ 1229.922219][T19167]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1229.927477][T19167]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1229.932975][T19167]  ? __fget_files+0x2a/0x420
[ 1229.937601][T19167]  ? __fget_files+0x3a0/0x420
[ 1229.943670][T19167]  __sys_sendmmsg+0x27c/0x4e0
[ 1229.948414][T19167]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1229.954385][T19167]  ? do_futex+0x333/0x420
[ 1229.958805][T19167]  ? rcu_is_watching+0x15/0xb0
[ 1229.963748][T19167]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1229.968659][T19167]  do_syscall_64+0x14d/0xf80
[ 1229.974047][T19167]  ? trace_irq_disable+0x3b/0x150
[ 1229.979144][T19167]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1229.985342][T19167]  ? clear_bhb_loop+0x40/0x90
[ 1229.990084][T19167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1229.996111][T19167] RIP: 0033:0x7fbaee39c799
[ 1230.000558][T19167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1230.020867][T19167] RSP: 002b:00007fbaec5ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1230.029452][T19167] RAX: ffffffffffffffda RBX: 00007fbaee615fa0 RCX: 00007fbaee39c799
[ 1230.037579][T19167] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[ 1230.047292][T19167] RBP: 00007fbaee432c99 R08: 0000000000000000 R09: 0000000000000000
[ 1230.056236][T19167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1230.064415][T19167] R13: 00007fbaee616038 R14: 00007fbaee615fa0 R15: 00007ffeacd741a8
[ 1230.073160][T19167]  </TASK>
[ 1230.076231][T19167] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1230.083561][T19167] CPU: 0 UID: 0 PID: 19167 Comm: syz.5.16321 Not tainted syzkaller #0 PREEMPT(full) 
[ 1230.093172][T19167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1230.103275][T19167] Call Trace:
[ 1230.106595][T19167]  <TASK>
[ 1230.109571][T19167]  vpanic+0x56c/0xa60
[ 1230.113606][T19167]  ? __pfx__printk+0x10/0x10
[ 1230.118242][T19167]  ? __pfx_vpanic+0x10/0x10
[ 1230.122808][T19167]  ? is_bpf_text_address+0x292/0x2b0
[ 1230.128172][T19167]  ? is_bpf_text_address+0x26/0x2b0
[ 1230.133436][T19167]  panic+0xc5/0xd0
[ 1230.137218][T19167]  ? __pfx_panic+0x10/0x10
[ 1230.141697][T19167]  __warn+0x315/0x4f0
[ 1230.145716][T19167]  ? u32_change+0x1da0/0x2720
[ 1230.150432][T19167]  ? u32_change+0x1da0/0x2720
[ 1230.155146][T19167]  __report_bug+0x29a/0x540
[ 1230.159796][T19167]  ? ___sys_sendmsg+0x2a5/0x360
[ 1230.164679][T19167]  ? __sys_sendmmsg+0x27c/0x4e0
[ 1230.169558][T19167]  ? __x64_sys_sendmmsg+0xa0/0xc0
[ 1230.174616][T19167]  ? u32_change+0x1da0/0x2720
[ 1230.179328][T19167]  ? __pfx___report_bug+0x10/0x10
[ 1230.184455][T19167]  report_bug_entry+0x19a/0x290
[ 1230.189390][T19167]  ? u32_change+0x1daf/0x2720
[ 1230.194091][T19167]  ? u32_change+0x1db4/0x2720
[ 1230.198811][T19167]  handle_bug+0xce/0x200
[ 1230.203108][T19167]  exc_invalid_op+0x1a/0x50
[ 1230.207656][T19167]  asm_exc_invalid_op+0x1a/0x20
[ 1230.212554][T19167] RIP: 0010:u32_change+0x1daf/0x2720
[ 1230.217889][T19167] Code: 3d c7 d8 43 06 01 75 33 e8 4e fe 0d f8 eb 50 e8 47 fe 0d f8 48 8d 3d c0 07 69 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 60 74 e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 22 fe 0d f8 eb 24 e8 1b fe 0d f8
[ 1230.237545][T19167] RSP: 0018:ffffc90006b6efc0 EFLAGS: 00010287
[ 1230.243653][T19167] RAX: ffffffff89b79f69 RBX: ffff8880826da800 RCX: 0000000000000010
[ 1230.251699][T19167] RDX: ffffffff8ce17460 RSI: 0000000000000020 RDI: ffffffff9020a730
[ 1230.259708][T19167] RBP: ffffc90006b6f178 R08: 0000000000000dc0 R09: 00000000ffffffff
[ 1230.267710][T19167] R10: dffffc0000000000 R11: fffffbfff20232d7 R12: ffff888086f664e8
[ 1230.275710][T19167] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[ 1230.283721][T19167]  ? u32_change+0x1d99/0x2720
[ 1230.288459][T19167]  ? __pfx_u32_change+0x10/0x10
[ 1230.293338][T19167]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1230.299026][T19167]  tc_new_tfilter+0xff8/0x1780
[ 1230.303862][T19167]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1230.309128][T19167]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1230.314364][T19167]  rtnetlink_rcv_msg+0x7d5/0xbe0
[ 1230.319347][T19167]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[ 1230.324495][T19167]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1230.329998][T19167]  ? ref_tracker_free+0x693/0x840
[ 1230.335054][T19167]  ? __copy_skb_header+0xa3/0x4a0
[ 1230.340112][T19167]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1230.345545][T19167]  netlink_rcv_skb+0x232/0x4b0
[ 1230.350373][T19167]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1230.355887][T19167]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1230.361257][T19167]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1230.366497][T19167]  netlink_unicast+0x80f/0x9b0
[ 1230.371297][T19167]  ? __pfx_netlink_unicast+0x10/0x10
[ 1230.376647][T19167]  ? netlink_sendmsg+0x650/0xb40
[ 1230.381616][T19167]  ? skb_put+0x11b/0x210
[ 1230.385895][T19167]  netlink_sendmsg+0x813/0xb40
[ 1230.390712][T19167]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1230.396030][T19167]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1230.401002][T19167]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1230.406344][T19167]  ____sys_sendmsg+0x972/0x9f0
[ 1230.411150][T19167]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1230.416469][T19167]  ? import_iovec+0x73/0xa0
[ 1230.421010][T19167]  ___sys_sendmsg+0x2a5/0x360
[ 1230.425720][T19167]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1230.430953][T19167]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1230.436297][T19167]  ? __fget_files+0x2a/0x420
[ 1230.440928][T19167]  ? __fget_files+0x3a0/0x420
[ 1230.445643][T19167]  __sys_sendmmsg+0x27c/0x4e0
[ 1230.450353][T19167]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1230.455575][T19167]  ? do_futex+0x333/0x420
[ 1230.459964][T19167]  ? rcu_is_watching+0x15/0xb0
[ 1230.464773][T19167]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1230.469654][T19167]  do_syscall_64+0x14d/0xf80
[ 1230.474266][T19167]  ? trace_irq_disable+0x3b/0x150
[ 1230.479321][T19167]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1230.485419][T19167]  ? clear_bhb_loop+0x40/0x90
[ 1230.490137][T19167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1230.496052][T19167] RIP: 0033:0x7fbaee39c799
[ 1230.500496][T19167] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1230.520124][T19167] RSP: 002b:00007fbaec5ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1230.528573][T19167] RAX: ffffffffffffffda RBX: 00007fbaee615fa0 RCX: 00007fbaee39c799
[ 1230.536586][T19167] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[ 1230.544596][T19167] RBP: 00007fbaee432c99 R08: 0000000000000000 R09: 0000000000000000
[ 1230.552597][T19167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1230.560598][T19167] R13: 00007fbaee616038 R14: 00007fbaee615fa0 R15: 00007ffeacd741a8
[ 1230.568629][T19167]  </TASK>
[ 1230.572300][T19167] Kernel Offset: disabled
[ 1230.576647][T19167] Rebooting in 86400 seconds..