last executing test programs:

2.588327515s ago: executing program 4 (id=3678):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$inet6(0x10, 0x3, 0x0) (async)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0x1, 0x4}, 0x6) (async)
getsockopt$inet6_tcp_int(r2, 0x6, 0x25, 0x0, &(0x7f0000000080))
sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="5500000020007fafb70000200000000080000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f1c46b7b31afdc1338d5e801e0b009000000000100005ae583de0dd7d8319f98af84fda542e718f9", 0x55}], 0x1}, 0x0) (async)
syz_emit_ethernet(0x6e, &(0x7f0000000240)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "d20040", 0x38, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x2}, @local, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "31c909", 0x0, 0x2b, 0xff, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, [@srh={0x6c, 0x0, 0x4, 0x0, 0x0, 0x28}]}}}}}}}, 0x0) (async)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="25390000200003"], 0x33fe0)
syz_emit_ethernet(0x4e, &(0x7f0000000880)={@multicast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010448", 0x7, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x8, '\x00', @empty}}}}}}, 0x0)

2.338428777s ago: executing program 2 (id=3680):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010023010006000000000200000008000100", @ANYRES32=r2, @ANYBLOB], 0x1c}}, 0x0)
read$nci(r1, &(0x7f0000000200)=""/100, 0x64)
write$nci(r1, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r1, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r1, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r1, &(0x7f0000000380)=""/100, 0x64)
write$nci(r1, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r4, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r1, &(0x7f0000000500)=""/100, 0x64)
write$nci(r1, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r1, &(0x7f00000005c0)=""/100, 0x64)
write$nci(r1, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r1, &(0x7f0000000680)=""/100, 0x64)
write$nci(r1, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r1, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r4, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r1, &(0x7f0000000840)=""/100, 0x64)
write$nci(r1, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)
r5 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$SIOCPNENABLEPIPE(r5, 0x89e0, 0x500)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000540)={<r6=>0xffffffffffffffff, 0x2, 0x8, 0x6})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000940)={@cgroup=r5, 0x16, 0x1, 0xfffd, &(0x7f00000000c0), 0x0, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0), <r7=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000980)={@fallback, 0xffffffffffffffff, 0x15, 0x2, r6, @void, @value, @void, @void, r7}, 0x20)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000003c0)={0x3, <r8=>0x0}, 0x8)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={@fallback=r0, r0, 0x1c, 0x21, r0, @void, @void, @void, @value=r8, r7}, 0x20)

2.273303607s ago: executing program 4 (id=3682):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
unshare(0x2c060000)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/mnt\x00')
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000002e00010026bdf000fcdbdf2504"], 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @local, 0x4e21, 0x3, 'lc\x00', 0x34, 0x283, 0x5}, {@rand_addr=0x64010102, 0x4e23, 0x10000, 0x1bd, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'ovf\x00', 0x0, 0x60000000, 0xc}, {@rand_addr=0x64010102, 0x4e23, 0x2000, 0x8, 0x48001}}, 0x44)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0)

2.082002846s ago: executing program 3 (id=3684):
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x5c, 0x10, 0x100, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @dev}, @IFLA_GENEVE_REMOTE={0x8, 0x2, @remote}, @IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x1e5}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x5c}}, 0x24000814) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x14, r0, 0x1}, 0x14}}, 0x0)

1.561870555s ago: executing program 3 (id=3688):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r0, 0x84, 0x72, &(0x7f0000001f00)=""/4062, &(0x7f00000004c0)=0x744)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$XFS_IOC_RTGROUP_GEOMETRY(r2, 0xc0805841, &(0x7f0000000300)={0x7, 0x5, 0xff, 0xff, 0xee40})
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x12, 0xc, 0x8, 0x3}, 0x31)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="700000001200230500"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000efff002100010007031c000a"], 0x70}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x7a05, 0x1700)
write$cgroup_int(r4, &(0x7f0000000200), 0x806000)
ioctl$FS_IOC_RESVSP(r4, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x4000, 0x9ffffc})
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r5, &(0x7f0000000280)={{0x3, @null, 0x5}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r2, 0x0)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/62, 0x1338000, 0x800}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket(0xa, 0x2, 0x3a)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c)
connect$unix(r7, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
r9 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63", 0x8}], 0x1}, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000040)=ANY=[@ANYBLOB="110000006a"], 0xfe33)
write$tun(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="0e80aaaaaaaaaabb08004521001c006500000301907864010102640101001200907800000080"], 0x2e)

1.56133781s ago: executing program 2 (id=3689):
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)={0x0, 0x2, 0x2, 0x1, 0x0, [@mcast2]}, 0x18)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000)={0x0, 0xea60}, 0x10)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000340)=ANY=[], 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x59, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r2}, 0x20)

1.543553137s ago: executing program 4 (id=3690):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010200000000000000000000000a20000000000a01040000000000000000010000000900010073797a3000000000e8000000020a01030000000000000000000000020900010073797a30000000005c0006005c3324cd045a20a11fe26ece7fcf4f621683256f9d2e6eba0b31440bfed6187ea25e8ffa20ecf2d1be57896bff540a86e9723cde9d85dc38d37756e60fe23a4f5965847c6a0c188dfb5dd17c39afbb82c8214e496f2b31220900010073797a31000000000c00044000000000000000040900010073797a30000000000c00044008000400000000032f0006001869f3b50efac414e7ccfa960800000000000000c5eb7540ce2177a24a43d0e66e85dc60d6ae6ce54ce213000c0004400000000000000003840000001c0a010400000000000000000100000008000b40000000005c000480300001800e000100696d6d6564696174650000001c0002800800014000000000100002800c0002800800018000000000280001800b0001006f626a72656600001800028008000140000000020900020073797a31000000000900010073797a30"], 0x1b4}}, 0x0) (async)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010200000000000000000000000a20000000000a01040000000000000000010000000900010073797a3000000000e8000000020a01030000000000000000000000020900010073797a30000000005c0006005c3324cd045a20a11fe26ece7fcf4f621683256f9d2e6eba0b31440bfed6187ea25e8ffa20ecf2d1be57896bff540a86e9723cde9d85dc38d37756e60fe23a4f5965847c6a0c188dfb5dd17c39afbb82c8214e496f2b31220900010073797a31000000000c00044000000000000000040900010073797a30000000000c00044008000400000000032f0006001869f3b50efac414e7ccfa960800000000000000c5eb7540ce2177a24a43d0e66e85dc60d6ae6ce54ce213000c0004400000000000000003840000001c0a010400000000000000000100000008000b40000000005c000480300001800e000100696d6d6564696174650000001c0002800800014000000000100002800c0002800800018000000000280001800b0001006f626a72656600001800028008000140000000020900020073797a31000000000900010073797a30"], 0x1b4}}, 0x0)

1.402112223s ago: executing program 4 (id=3693):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x22, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$int_in(r0, 0x5452, &(0x7f0000000280)=0xffffffffffffffff)
socket$inet(0x2, 0x2, 0x1)
r2 = socket(0x11, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x421, 0x4, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad, 0x26d2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x3}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x25}]}}}, @IFLA_BROADCAST={0xa}]}, 0x50}}, 0xc080)
getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x107, 0x14, 0x0, 0x20000000)
ioctl$SIOCX25GSUBSCRIP(r2, 0x89e0, &(0x7f0000000380)={'veth0_to_batadv\x00', 0x2, 0x4})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000040)=<r4=>0x0)
bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, r4, 0x0, 0x3, 0x1, 0x3, "0503dba2ea49591b9eb8996d4652dfffc23e3418906081968b28a9b710747b49d5ae422b8a1ae2441a334363778dc74438fde1a8510aefab6c8504e396a78a", 0x3a}, 0x60)
pselect6(0x40, &(0x7f0000000000)={0x3, 0x0, 0x3, 0x0, 0x8a3, 0x6}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

1.401254419s ago: executing program 3 (id=3694):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket(0x23, 0xa, 0x4)
syz_genetlink_get_family_id$batadv(0x0, r2)
getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ff01000000000000000000000000000100000000000000820000000033000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe880000000000000000001e308bba0100000000019f2bcc"], 0xf8}}, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080600400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f30000dd000280080003df76f4c01535a7e158d20496674c9b7c3441f16f108842886e84cefd1ee4f41fc2ddda23bba3b09f94f6dcfd5091b1501ee524673ebb6f36224b6475e3ee1ac62091afd6707a848d2c7a9c8f2dc3988ab5e33e303b3ac6391987fe3b9df34afa3d82e25d6f00359d783866746417fabf9d08a635d48a17d96c21252c43ff541a1c8b9fdf99767f0000000000000040a32b1d940038aac904d5703eeaa8602c66a44a7eb1b6110269c39b715c"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x800)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'lo\x00', <r7=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x20, 0x14, 0x503, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, r7}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'lo\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001640)=ANY=[@ANYBLOB="340000001400030540008000ffdbdf250218e4ff", @ANYRES32=r10, @ANYBLOB="080002007f00000114"], 0x34}, 0x1, 0x0, 0x0, 0x20000081}, 0x8840)
ioctl$sock_inet_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}})
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x48}}, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x3e, &(0x7f0000001680)=ANY=[@ANYBLOB="0180c200000000000000000008004600003000000000000490780000000000000000440482a100000000001890780400000000000000000000000000000023d845f2c1aee39921bb151c1c47"], 0x0)
r12 = accept4$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs, &(0x7f0000000140)=0x6e, 0x100000)
recvmmsg$unix(r12, &(0x7f0000001580)=[{{&(0x7f0000000180), 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/143, 0x8f}], 0x1}}, {{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/97, 0x61}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/96, 0x60}, {&(0x7f0000001400)=""/37, 0x25}, {&(0x7f0000001440)=""/29, 0x1d}], 0x5, &(0x7f0000001500)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x48}}], 0x2, 0x40010020, &(0x7f0000001600)={0x0, 0x989680})
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r13, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002fc0)=ANY=[@ANYBLOB="200000002e00090027bd7000000000000400000004001d000800098004"], 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r11, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000003c40)=ANY=[@ANYBLOB="3000000002010102000000000000000002000009100042800c400280050001003a0000000c0019800800fb00020000"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x50)

1.214323822s ago: executing program 0 (id=3696):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r1)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x14, r2, 0x1, 0x0, 0x0, {0x3}}, 0x14}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@bridge_newvlan={0x17, 0x70, 0x1, 0x0, 0x0, {}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8}}]}, 0x24}}, 0x0)

1.13427921s ago: executing program 3 (id=3697):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000240)=<r1=>0x0)
syz_open_procfs$namespace(r1, &(0x7f0000000300)='ns/pid\x00')
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3e8, 0xffffffff, 0xffffffff, 0x3e8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0xffff00, 0xff000000], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x88}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [0x0, 0x0, 0x0, 0xff000000], 'erspan0\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000327bd7000fedbdf251300000008000100706369303a30303a31302e3000000000080003000000000008000b00d00900000600110007000000080001"], 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x80)
r2 = socket(0x10, 0x3, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000200))
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r3, &(0x7f0000000080)=[{&(0x7f00000003c0)="00214717a70700000000430600000000000000000000721d5874f72c000000000000000feb56a29357215d78fc44fac3f44d", 0x32}], 0x1, 0x3e42, 0x407ff)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$IMHOLD_L1(r2, 0x80044948, &(0x7f0000000200)=0x1348c23)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB='..'])
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x5dc, {0x0, 0x6, "020002", 0x0, 0x2f, 0x0, @loopback={0x4000000}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}}}}}}}, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600)
pipe(&(0x7f0000000080)={<r7=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
tee(r7, r8, 0x81, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newtaction={0xb0, 0x30, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [{0x9c, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2, 0x9, 0x4, 0x8be6, 0x5}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x1}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_skbedit={0x48, 0x2, 0x0, 0x0, {{0xc}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x2, 0x0, 0x6, 0xffffffff, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4081}, 0x2400c800)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
r10 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/ipc\x00')
r11 = openat$cgroup(r10, &(0x7f0000000340)='syz1\x00', 0x200002, 0x0)
close(r11)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002100090002000000ffdbdf25020000000800080046"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x844)

1.099866593s ago: executing program 0 (id=3699):
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x2, 0x0, 0x3, 0x1, 0x0, 0x7a}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x6c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x40, 0x3, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x30, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xd}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x16}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf0}}, 0x0)
sendmsg$IEEE802154_SCAN_REQ(r1, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x14, r2, 0xd5c15c672e322a81}, 0x14}}, 0x0)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002ebd7000ffdbdf2514000000180001731a87ddd2922c392b66594b33829b00b4140002006e65746465767369"], 0x34}, 0x1, 0x0, 0x0, 0x984}, 0x4000050)

1.006359126s ago: executing program 0 (id=3700):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10) (async)
r1 = socket$inet(0xa, 0x801, 0x84)
writev(r0, &(0x7f0000000540)=[{&(0x7f0000000480)="24f8530733aae98b66b0f73c7634e2767b5b7774f272a1975077a5e1d9ccc9f4ec8a577c00f7995ae4d87ae2664f1e23dc3ea4f2d8aa06a294f261214b07d678fb15c85019bedc1d633df5c83e1a4b84eee1f374a85550a21209b9df7db011a8b534453c346e79f9500f6cd300e83b835d10bb46e4da8c2adc3d81b4954dd4d9339abd4a56532c7687c247b04c526cc5e8b7736de3b8", 0x96}], 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
getpid() (async)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r2)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xea}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20040000) (async)
setsockopt$sock_int(r1, 0x1, 0x23, &(0x7f00000000c0)=0x6, 0x4) (async)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0xfffe, @rand_addr=0x64010101}, 0x10) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet_udp(0x2, 0x2, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000440), 0x10) (async)
listen(r4, 0x0) (async)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) (async)
setsockopt$sock_timeval(r5, 0x1, 0x43, &(0x7f0000000040)={0x0, 0x2710}, 0x10) (async)
writev(r5, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2) (async)
listen(r1, 0x200) (async)
accept4(r1, 0x0, 0x0, 0x0)

929.57457ms ago: executing program 1 (id=3701):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8481f0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086", 0x17}], 0x1}, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x2c, r3, 0x8, 0x70bd27, 0x25dfdbfc, {0x24}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000040)={0x78, 0xf, 0x8, 0x201, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x8}, [@generic="48de0550bb74f08dbf628f98aa7521279d0ea8058c34d85bc22d9b3bc818b0d9a17d01a20c68e0552902c74790c060aa7ded0a2ff8d392d373c535bd2eff3bda88beb4861fe787d9914dc6331271e96515f60124b631f46b7492c6424f2c58070b"]}, 0x78}, 0x1, 0x0, 0x0, 0x20000810}, 0x840)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0)
sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x2c, 0xe, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6275d6444817c6fb}, 0x8801)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)=""/171, 0xab}, {&(0x7f0000000340)=""/49, 0x31}, {&(0x7f0000000380)=""/65, 0x41}, {&(0x7f0000000400)=""/68, 0x44}], 0x4, &(0x7f00000004c0)=""/225, 0xe1}, 0x40000000)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000780), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000a80)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000a40)={&(0x7f00000007c0)={0x27c, r6, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x40}, {0xc, 0x90, 0xea}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x16}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0xffffffffffffffff}, {0xc, 0x90, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}, {0xc}, {0xc, 0x90, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xec2c}, {0xc, 0x90, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x9}, {0xc, 0x90, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x8000000000000000}, {0xc, 0x90, 0xff0}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0xa}, {0xc, 0x90, 0x37b}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x82}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x10}}]}, 0x27c}, 0x1, 0x0, 0x0, 0x40000}, 0x24004800)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x8000})
ioctl$TUNGETVNETHDRSZ(r7, 0x800454d7, &(0x7f00000001c0))

905.976166ms ago: executing program 0 (id=3702):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, 0x0, 0x0, 0x20044890, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
syz_emit_ethernet(0x86, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=@ipv6_getroute={0x34, 0x1a, 0x10, 0x70bd29, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, [@RTA_PRIORITY={0x8, 0x6, 0x4}, @RTA_OIF={0x8}, @RTA_MARK={0x8}]}, 0x34}}, 0x20000000)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x8010800000000084)
sendmmsg$inet6(r4, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000600)=[{&(0x7f00000000c0)='/', 0x1}], 0x1}}, {{&(0x7f0000000400)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000d00)='[', 0x4d0}], 0x21}}], 0x2, 0x4008040)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r3, 0x6, 0x15, &(0x7f00000001c0), 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c000b"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
ioctl$sock_inet6_tcp_SIOCATMARK(r3, 0x8905, &(0x7f0000000100))
sendmmsg$inet6(r2, &(0x7f0000006800)=[{{&(0x7f0000000140)={0xa, 0x4e24, 0x0, @mcast2, 0xfffff000}, 0x1c, 0x0, 0x0, &(0x7f0000001200)=ANY=[@ANYBLOB="180000000000624ba1ffff00000000083a00"/30], 0x30}}], 0x1, 0x4044800)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r6, 0x0, 0x48b, &(0x7f0000000040)={0x2, 'lo\x00', 0x2}, 0x18)
setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000280)={{0x84, @rand_addr=0x64010102, 0x4e20, 0x3, 'nq\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x2000, 0xc24, 0x9, 0xfffffff9}}, 0x44)
syz_emit_ethernet(0xbe, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0)

773.245614ms ago: executing program 0 (id=3703):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000002c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x7a)
r2 = accept4(r1, 0x0, 0x0, 0x800)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000006c0)={<r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f0000001880)={&(0x7f0000000700)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x3, 0x3}}, 0x10, 0x0}, 0x0)
r4 = accept$unix(r2, &(0x7f0000000140), &(0x7f00000001c0)=0x6e)
r5 = accept4$unix(r4, &(0x7f0000000400)=@abs, &(0x7f0000000480)=0x6e, 0x800)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r6)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xe, 0x4, 0x4, 0x9}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r8, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
ioctl$XFS_IOC_FD_TO_HANDLE(r4, 0xc038586a, &(0x7f0000000500)={<r9=>r5, &(0x7f0000000080)='-][,%\x00', 0x800, &(0x7f0000000200)={@align=0x7, {0x4, 0x56, 0x6e1a}}, 0x8, &(0x7f0000000380)={@_ha_fsid}, &(0x7f00000004c0)=0x2})
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000540)={'vlan0\x00', 0x2})
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x54, r7, 0x1, 0x70bd28, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0xfffffffffffffd39}, {0x6, 0x11, 0x7}, {0x8, 0x15, 0x5}}]}, 0x78}, 0x1, 0x0, 0x0, 0x80}, 0x4800)
sendmsg$can_bcm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x90}, 0x40048d0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0xfffffffe, @remote, 0x2}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4)
sendmmsg$inet6(r0, &(0x7f0000002f00)=[{{&(0x7f00000017c0)={0xa, 0x4e23, 0x7f, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}, 0x1c, &(0x7f0000002c40)=[{&(0x7f0000001800)="19c615645b1fb4382a17931f8d247a49c47a820e84fdd9b28e092dd8ab33754bc49743ade44440ae08b2e2", 0x2b}], 0x1}}], 0x1, 0x64000000)

726.485026ms ago: executing program 1 (id=3704):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8) (async)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000040)=0xdb50, 0x4) (async)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) (async)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) (async, rerun: 32)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x34}}, 0x10) (async, rerun: 32)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000003}, @IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x10}]}}}]}, 0x48}}, 0x0)

690.714507ms ago: executing program 0 (id=3705):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000001a40)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="23000300010007", 0x7)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
r4 = socket(0x40000000015, 0x5, 0x0)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000007b80)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000009c0)=ANY=[@ANYBLOB="280000001200010100000000e0ffffff07000000", @ANYRES32=0x0, @ANYBLOB="000000000040ead008001d00c3"], 0x28}}, 0x0)
write(r3, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x74, r2, 0x4, 0x70bd2c, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x74}, 0x1, 0x0, 0x0, 0x20004041}, 0x4048804)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r8=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000001c0)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100ffffffff0000000001000000100007800c00018008000100", @ANYRES32=r8, @ANYBLOB="0c0005006c010000000000000c000200ff7f000000000000400007800c00018008000100", @ANYRES32=r8, @ANYBLOB="0c00018008000100", @ANYRES32=r8], 0x7c}}, 0x20000000)

679.166107ms ago: executing program 1 (id=3706):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="14000000360001002dbd70000000000003"], 0x14}], 0x1, 0x0, 0x0, 0x24008080}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xa}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="5a6e41dea43e63a3f70cff11c72b", 0x0, 0x2e00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x1}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

590.263921ms ago: executing program 2 (id=3707):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) (async)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) (async)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) (async)
sendmmsg$unix(r0, &(0x7f0000006380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) (async)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r2, &(0x7f0000000100), &(0x7f0000000000), 0x2}, 0x20)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0)

548.508735ms ago: executing program 1 (id=3708):
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000004740)={<r1=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f0000007780)=0x6, 0x4) (async)
setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f0000007780)=0x6, 0x4)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000001280)=@mangle={'mangle\x00', 0x2, 0x6, 0x510, 0x450, 0x450, 0x0, 0x290, 0x360, 0x680, 0x680, 0x680, 0x680, 0x680, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'pimreg0\x00', 'macvtap0\x00', {}, {}, 0x21}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000010000000}}, @HL={0x28}}, {{@ipv6={@mcast2, @dev, [], [], 'veth1_macvtap\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {}, 0x300}}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv4=@loopback}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570) (async)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000001280)=@mangle={'mangle\x00', 0x2, 0x6, 0x510, 0x450, 0x450, 0x0, 0x290, 0x360, 0x680, 0x680, 0x680, 0x680, 0x680, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'pimreg0\x00', 'macvtap0\x00', {}, {}, 0x21}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000010000000}}, @HL={0x28}}, {{@ipv6={@mcast2, @dev, [], [], 'veth1_macvtap\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{}, {}, {}, 0x300}}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv4=@loopback}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570)
setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f0000000080)=0x4000007, 0x4) (async)
setsockopt$sock_int(r1, 0x1, 0x22, &(0x7f0000000080)=0x4000007, 0x4)
bind$llc(r2, &(0x7f0000000040), 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r4, 0xf501, 0x0)
socket(0x10, 0x3, 0x0) (async)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB="7800000600"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00P'], 0x78}}, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB="7800000600"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00P'], 0x78}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r8, @ANYBLOB="40005200060010"], 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'macvtap0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x8, 0xfff1}, {0xfff1, 0x2}, {0xb, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x24044801}, 0x20000000)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x34, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x14, 0x1, 0x0, 0x1, [@nested={0x10, 0x10, 0x0, 0x1, [@typed={0x6, 0x9, 0x0, 0x0, @str=':\x00'}, @nested={0x4, 0x10}]}]}, @typed={0x8, 0x2, 0x0, 0x0, @fd=r4}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) (async)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x34, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x14, 0x1, 0x0, 0x1, [@nested={0x10, 0x10, 0x0, 0x1, [@typed={0x6, 0x9, 0x0, 0x0, @str=':\x00'}, @nested={0x4, 0x10}]}]}, @typed={0x8, 0x2, 0x0, 0x0, @fd=r4}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae00"/24, 0x18) (async)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae00"/24, 0x18)

519.568359ms ago: executing program 4 (id=3709):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x4, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8000, 0x1}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x20044004}, 0x8000)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_PMK(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1020a00}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0xa4, r3, 0x800, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x28, 0x78}}}}, [@NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "3aec69edcaca66c06725d76c5b618df4"}, @NL80211_ATTR_PMK={0x14, 0xfe, "6474bad4f9df61946e4795f2623b2b60"}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_PMK={0x14, 0xfe, "24d695ac4a7e74c4b3cca035d55c7c03"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMK={0x14, 0xfe, "81591ef0eb7663e80775ce418384bd47"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "dc2419c7bb1156320ff6ddc5b2f47b6d"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x1}, 0x20040441)
r5 = socket$inet6(0xa, 0xe35949112cbc60d, 0x7b8)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000340)={0x1f, 0x6, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x0, 0x2}, 0xe)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x38, r3, 0x200, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7, 0x10}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x3c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x258}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x78}]}, 0x38}, 0x1, 0x0, 0x0, 0x400805c}, 0x14)
r6 = accept(r0, &(0x7f0000000480)=@nl, &(0x7f0000000500)=0x80)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r6, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x20, 0x140e, 0x800, 0x70bd29, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x880}, 0x8000)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r0)
sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x24, r7, 0x801, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0x4}, @NL80211_ATTR_TDLS_ACTION={0x5, 0x88, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008004}, 0x800)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000007c0), r6)
sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000a40)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000a00)={&(0x7f0000000800)={0x1f4, r8, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x1, 0x1d}}}}, [@NL80211_ATTR_FRAME_MATCH={0x81, 0x5b, "fc1f56332b3fdf7e80f6995aa1ce4cfa7ad4f8725c3c6f019361e0966a45cc0a07ce1a6ac3d576fe5937c42c0773a96a45db8b768c04077347e5fbd3369e6691999cc4d87d7fd3b7c9de4c4971232d0a65ad1b8a1e4e78d343ec5a8cbb881d215a56b454e54b24bbd0221132d44f293e61fca9cb8aa1829531a8e370ee"}, @NL80211_ATTR_FRAME_MATCH={0x53, 0x5b, "7700c06cbd75eb9111ffd9012ffa1fabb80ad5e182d097596f9fd0ce1b803454c7e985115274418ef256c704dfec6254476a61f744a2fdf49298a24288acb70ecbec75001de105db04c6aa5da5033d"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xd}, @NL80211_ATTR_FRAME_MATCH={0x45, 0x5b, "f5f605a64d0fba65561fa4dd8a8465572813262ea5bf7ee6a2f785fedadfc34fc6dff50c57ec74b0150bac92efdc6206190a45aabf793e4154ba532601f47ecf19"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x400}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0xecc}, @NL80211_ATTR_FRAME_MATCH={0x99, 0x5b, "1f72bfdf6e5225449dee50750e952c85e0482d15bac37d0e96db8758195a2e47c695a7767c632f54811d4153b73be40bbbf35c63851b834eb2f943d0c90265bdcb907b7ad3c4a712bd42ba6f3237580bfc52e94c34f9ee3c86092ddca4e1593a7b3bf54fcf79d7be28e166f96bdb17f1e9a14a17d2a6b34f748cb7b13ab903cd6eef3185ddfeec3be1abaca56051a7b6afc55e30ee"}]}, 0x1f4}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000810)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r6, 0x84, 0x1b, &(0x7f0000000a80)={<r9=>0x0, 0x1, ')'}, &(0x7f0000000ac0)=0x9)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000b00)={<r10=>0x0, @in6={{0xa, 0x4e21, 0xffffffff, @empty, 0x3}}, 0xffff, 0x9}, &(0x7f0000000bc0)=0x90)
getsockopt$inet_sctp_SCTP_STATUS(r6, 0x84, 0xe, &(0x7f0000000c00)={<r11=>r9, 0xe924, 0x2, 0x9, 0x4, 0x100, 0x4, 0x10, {r10, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}}, 0x3000, 0x9, 0x9, 0x3, 0x2}}, &(0x7f0000000cc0)=0xb0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r6, 0x84, 0x18, &(0x7f0000000d00)={r11, 0x50}, &(0x7f0000000d40)=0x8)
r12 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x73, &(0x7f0000000d80)={<r13=>0x0, 0x0, 0x0, 0x6, 0x8}, &(0x7f0000000dc0)=0x18)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r12, 0x84, 0x1f, &(0x7f0000000e00)={r13, @in6={{0xa, 0x4e22, 0x3, @remote, 0x1}}, 0x3, 0x1}, 0x90)
r14 = syz_genetlink_get_family_id$tipc(&(0x7f0000000f00), r6)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r6, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000f80)={&(0x7f0000000f40)={0x30, r14, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {}, {0x14, 0x18, {0xffffffff, @bearer=@udp='udp:syz2\x00'}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x14}, 0x840)
syz_genetlink_get_family_id$tipc(&(0x7f0000001000), r6)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r6, &(0x7f0000001100)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x24, r3, 0x4, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x3f6}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008801}, 0x4048050)
openat$tun(0xffffffffffffff9c, &(0x7f0000001140), 0x400000, 0x0)
bind$xdp(r6, &(0x7f0000001180)={0x2c, 0x6, 0x0, 0x26, r6}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000011c0))

353.624059ms ago: executing program 1 (id=3710):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="6c00000002060500000000000000000000000000120003006269746d61703a69702c6d616300000005000400000000000900020073797a310000000020000780050003001f0000000c0001800800014000000000080006000400000005000500020000000500010006"], 0x6c}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmsg(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000002440)=[{&(0x7f0000002a00)=""/4106, 0x679}, {&(0x7f0000001440)=""/4096, 0x1000}], 0x2}, 0x100)
sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a0000000600010018"], 0x1c}}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f00000000c0)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x80, 0x0, 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="88030000000000001201000010000000a9961e8c3d4201e78aa3531b875cd6050e85ee5eced2a886cb5fdf798e17c65535ec882f6deee562a60e0b906d6b498df1d61e4b74b221894a6a43b158cd1cb06f688ab942967f75b4374b6c26b20ecffc9254e2ccee26efc7a20e747146837ef8759ed146a16573db096a79f16dc1a1ed74c4596898075b34f0392399dddb7303b990c7def1b2a2cad5984f4f33c5c80241ebab81b5aad7ef922001f06707589d4ff809fed5f295915edd52ed25fded00cfb6d0193f3ad3b751b74a85e7e6907bdb1de99e41bfccbe4b2510836a26f2221defa507e96a42bcc5d23894454726f9dbf4d1b55de0eb39a741907755568c3de706caee476e9a761ddc8563891fa8863134e178508056380fa4f5f9dd0afe3e6fc372da62cba2c4ff280912a52a67c7ce3165010000000000000027383c955d67f4ddba6515b2c7c4879286dc0aa3efc03e258b6c76b2b7488bd38b89369a5fdd1c63a4bc8f625a3ed7fe6e3f6928ca1100ddb77977eeea63f947319aa761624532460516b69930c80da229c9de0bab93e69fd3d312d23e84113adae80c66034652d238ac1088193f62246749222fff9480943d97626bb36e178c84bab3e50deb9400b1d96ed0b427bd9c11f092f340f6acc6ae151314fabaaed564da80ba5eb079c59f42f24dd29d1ea0fed2539de15b80de868cba886fa5371556085f89a40ab865810c6731710bba989db3a63e6b523f9bfeabbc57680ab3c8a903c61f2dafb7f732a74ed5ae3eaef8c7dda86d21af4fde52afd65304a9452ea9f72d92a95920e93c019fb29cfbe3e24e769078d28aa943f02bba357ef43617306aed68f25606b5055b3d2a183bd7e10669abe0307e695aa6a6a41a06ad5a5e5a454578adb96fceb05f00434dc9dd875ef7efdc4eea75a034ea795ca73b597b0e7257cfe2cadf5a52f45c5d3c81356a08f7987ccf8d009468b721c4bf65ac89d675181fc254764c836387290ec1e389d20738ac5babbddaa2164c49d91ea1af0ad39180680550145fb670470533de48b33f4d8474ee7758b751e5bc226bed6ed4c39b55decd0701943064aa1a8fa6277d5e60fdd99d13b73a74a1f98f4f5da8be9aa0a60d212258da387f74a91f5538b0909341fb4a985539f1740d21d44e3262edcfca8a105457c7bcf29218d7e1da74f01d266e9e2ad5461decd95add8c5b37a403ce5fd955978b5fc631535a799aa05013739a26377e0686b17639bc31d0be1068e94ff4f143bc724900"], 0x388}, 0x880)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000007000000070000000020000000400000000e3ff01050000000300000005000093010004000a000000ffff00000600000002000000ff0f00000500000004000000400000000300000031e28cab08f3182c81000000100002007304000001000000060000000000000e0400000000000000000000000000000d"], 0x0, 0x8a, 0x0, 0x1, 0x6}, 0x28)
r3 = socket$kcm(0x11, 0x2, 0x0)
sendmsg$NFT_MSG_GETSET(r2, &(0x7f0000000840)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000800)={&(0x7f0000000500)={0x2b8, 0xa, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x6}, [@NFTA_SET_FLAGS={0x8}, @NFTA_SET_EXPRESSIONS={0xd4, 0x12, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_INNER_NUM={0x8}, @NFTA_INNER_NUM={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @limit={{0xa}, @void}}, {0x14, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x4}}}, {0x74, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x64, 0x2, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x9}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xf3e7}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x6}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x2}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xc}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x6}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7f}]}}}, {0x14, 0x1, 0x0, 0x1, @byteorder={{0xe}, @void}}]}, @NFTA_SET_EXPRESSIONS={0x1c8, 0x12, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @void}}, {0x40, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0xc, 0x1, 0x0, 0x1, @osf={{0x8}, @void}}, {0x28, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x17}]}}}, {0x74, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x64, 0x2, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x2}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x80}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x8}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x6}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xfff}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x4d}]}}}, {0x38, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_ID={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_OBJREF_IMM_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJREF_SET_SREG={0x8, 0x3, 0x1, 0x0, 0x13}, @NFTA_OBJREF_IMM_TYPE={0x8, 0x1, 0x1, 0x0, 0x5}]}}}, {0x54, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_DYNSET_TIMEOUT={0xc, 0x6, 0x1, 0x0, 0x7d401bcf}, @NFTA_DYNSET_FLAGS={0x8}, @NFTA_DYNSET_FLAGS={0x8}, @NFTA_DYNSET_SREG_KEY={0x8, 0x4, 0x1, 0x0, 0x14}, @NFTA_DYNSET_SREG_DATA={0x8, 0x5, 0x1, 0x0, 0x17}, @NFTA_DYNSET_SREG_KEY={0x8, 0x4, 0x1, 0x0, 0x8}]}}}, {0x38, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x19}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x14}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x11}]}}}]}]}, 0x2b8}, 0x1, 0x0, 0x0, 0xc084}, 0x40008c0)
sendmsg$kcm(r3, &(0x7f0000001780)={&(0x7f00000003c0)=@caif=@rfm={0x25, 0x15, "fb95785b587f23ba61bfb990191a2af1"}, 0x80, &(0x7f00000015c0)=[{&(0x7f0000001800)="a5", 0x48}], 0x1}, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
sendmsg$IPSET_CMD_SWAP(r1, &(0x7f00000008c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000880)={&(0x7f0000000440)={0x60, 0x6, 0x6, 0x3, 0x0, 0x0, {0x3, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x20004815}, 0x20000000)
r5 = openat$cgroup_devices(r4, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f0000000280)=ANY=[@ANYBLOB='b rm\x00\x00\x00\x00\x00'], 0x9)
r6 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_MAKE_EQUIV(r6, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, 0x3f7, 0x400, 0x70bd2a, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4004000}, 0x80)

313.522799ms ago: executing program 2 (id=3711):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080), 0x8)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r4, 0x0)
mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r4, 0x0)
mmap(&(0x7f0000ae0000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x13, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018002020702500000000002020207b0af8ff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000000800000018010000202070250000ebfc0347b03bf0ebf5ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095000000000040007bac95eba72e1cd0f05a252ffbde43ee03bf40acd149f968fe031e699ee0d5751801839b6de1c8b7c8c4a738736dcd5421f44bdb0000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$kcm(0x10, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_type(r6, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r7, &(0x7f0000000280), 0x9)
r8 = openat$cgroup_procs(r6, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000c40), 0x12)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_ro(r9, &(0x7f0000000180)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000100000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0)
write$cgroup_int(r10, &(0x7f0000000200)=0x1, 0x12)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000001500)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'pim6reg\x00'}, @IFLA_NET_NS_FD={0x8}]}, 0x3c}}, 0x20000080)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xfffffc42, &(0x7f0000000080), 0x1}, 0x4)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000040)={'veth0_vlan\x00', 0x81})

185.470229ms ago: executing program 3 (id=3712):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
r4 = socket$rxrpc(0x21, 0x2, 0xa)
listen(r4, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)

157.264049ms ago: executing program 2 (id=3713):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1700000000470867462b2801b94a03f7000000008400000100000000000000", @ANYRES32=0x1, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, <r1=>0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20)
r2 = socket$inet6(0xa, 0x1, 0xffff)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x66, 0xfe74, &(0x7f0000000140)="b2cdeb970561bfec2d5de3b76f3110796c55c6719c889856da445da71b727f5b8f765b8bfc54c3d295ca698e976a47f2eac4cac2735302060b5f96466cbac7a07b91b9e8fabd3f2a32f4da3d45be06f6a3a3ddd8166505c4b8d8129b3ed78bcc52867379dfd7", &(0x7f0000000240)=""/112, 0x7, 0x0, 0xfd, 0x26, &(0x7f00000002c0)="bc1df1eaa638811460b85aa543636ff797419c062a676f430cfebc96ef4be084813d97631b5123cd293d2061935ae350c573227b3d8130ec1747777414dcf08f9b5ecbcebce9067d3bbb18bd980a4905937e3aa4ca5bd67c38bd7a4efcb583bd4f06daa5c8d3d5a4537db1c0fb95c8ad629f0c9c22d756e579bd04dfcdccebc430c577c4122f6dbed2b58aedc61b362a7b6bc5e7f0ba084d9aa012f908808a5ae105e598de47dab05dadc9d5498f4cf6ebb913be84fc277b6c231aa20b40509216a39dd8955e971e498758bede0bed1527a0269733c45cc52fac8d6f0bfb5c7be8bb49d33e0036166a1dc93ba289a1a2cb6fd864011d297e07b96c975d", &(0x7f00000003c0)="e46fadd2ca0a5ba9a8532712aedd009315daf531b402578879d5dafd8c47d3fed26940dc1321", 0x3, 0x0, 0x3}, 0x50)
listen(0xffffffffffffffff, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, 0x0, &(0x7f0000001780)=""/4096}, 0x20)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x4e24, 0x1ff, @local, 0x9}, @in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e21, @private=0xa010101}], 0x3c)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f00000001c0)={<r3=>0x0, 0x7}, &(0x7f0000000480)=0x8)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000004c0)={r3, 0xd4, "e7bf3dd1bc037c9f57c132bb183c33e5ea72bae31a1769e0b099d2e25f5c4dff69a89120fd407d542df832844f6fed8fcdd749a0825760648ec6a6c3a2d0a451947c4123aae1e1df0254853344c599f4eb604682240477c87258b3c91817bc4431f790856833664e04751eb3e39b25b57e7139c387deb432f5e66213dacb7559a2f67f73cf944bc9ba30e51fe82a5db5a8fdba610f49d4524f35fded63734dd5396cb3020df791e174ed9a7304c36460880adcb3129c3ffba9278ddcf07312e2be7df5cfeb57df9d6984b60863e70f1c46b754e7"}, &(0x7f00000005c0)=0xdc)

9.991095ms ago: executing program 1 (id=3714):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000030500000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="0815010021100000280012800b00010069703667726500001800028014000700fc01000000000000000000000000000108000a00", @ANYRES32=r3, @ANYBLOB="8b1c3328c757ade41cb696b7181538ffbf8f0c1b9904e6ce7a5c831ef966f4aa482f2c09387a9c9e491f7eb5727ac1cc65068dc436c082f8d2c7ce48dd745bc29493cce25d30bf2a83139e5ff36c6de3a6de55a98ff6"], 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, 0x101, 0x20000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44040}, 0x0)

9.434617ms ago: executing program 2 (id=3715):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r2 = socket$inet6(0xa, 0x400000000001, 0x0)
syz_emit_ethernet(0x79, &(0x7f00000004c0)={@link_local, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x6b, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558, 0x0, 0x0, [0x0, 0xfffd]}, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x800, [0x3]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "57a197f243aa2abb5f831e11b1"}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}}}}}}}}, 0x0)
bind$inet6(r2, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x24000088, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback, 0xfffffffe}, 0x1c)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000080)={0x4}, 0x4)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200)=0x3fd0, 0x4)
sendmmsg$inet6(r2, &(0x7f0000003600)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="14", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000035c0)=[{&(0x7f0000003580)='B', 0x1}], 0x1}}, {{&(0x7f0000000000)={0xa, 0x4e20, 0x81, @remote, 0x7}, 0x1c, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000003c0)="4181450273515f15dc5b48181c5d684acda496ac0025d7a85370d28c32a88d93289b8e16bc6f3f1a9f6ee9c44d822b9f17cb89e881c253e2e6619349fb126c911a339676", 0x44}, {0x0}], 0x4, &(0x7f00000016c0)=[@rthdr_2292={{0x18, 0x29, 0x39, {0xff, 0x0, 0x1, 0x1}}}], 0x18}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6042}, 0x1c, &(0x7f0000002ac0)=[{&(0x7f0000000240)="a33c1c44", 0x4}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x4, 0x84)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$inet6_tcp_TLS_RX(r1, 0x11a, 0x2, &(0x7f0000000040)=@gcm_256={{0x304}, "2b875c4dba89eaaf", "b144cd6f1e6801ee02d37138c6c49d600da928554995cc24db65a0730183ff63", "736700dc", "fa81907166736e06"}, 0x38)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000180)=@ccm_128={{0x304}, "8b99713c49ae53e4", "b26ac9163f2291edf70bc132ba23165e", "39a8b9d7", "a0391c4630086180"}, 0x28)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYRES8=r0], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0x17}]}}}, {0x10, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa4}, 0x1, 0x0, 0x0, 0x850}, 0x0)

7.154921ms ago: executing program 4 (id=3716):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005", 0x2b}], 0x1}, 0x48000) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000300020400bf050005", 0x2b}], 0x1}, 0x48000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00008088000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffffffff00000000000000004fc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c0000000a0000007f0000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000004d63200000000000000200100000000000000000000000000000000000000000000000000000700000000000000fc020000000000000000000000000001000000003c00000002000000ac141425000000000000000000000000043500000100000000000000000000000000000000000000000000000000000000000000000000003300000002000000fe8000000000000000000000000000000400000000000f00000000000000000000000000ac1414bb000000000000000000000000000000003200000002"], 0x23c}}, 0x4004000)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c00000040000701feffffff00000000017c0000040042800c00018006000600800a00000800028004"], 0x2c}, 0x1, 0x0, 0x0, 0x80c0}, 0xc000)

0s ago: executing program 3 (id=3717):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x10001, 0xffffffffffffffff, 0x3c, 0x3}, 0x400000000a}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) (async)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x68}}, 0x0) (async)
r3 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r3, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000300)="3001fb9064759bfd65452e947b", 0xd}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

kernel console output (not intermixed with test programs):

n process `syz.2.1979'.
[  307.848835][T13204] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1978'.
[  307.890849][T13204] netlink: 'syz.4.1978': attribute type 12 has an invalid length.
[  307.914744][T13204] netlink: 'syz.4.1978': attribute type 11 has an invalid length.
[  308.012776][T13217] netlink: 332 bytes leftover after parsing attributes in process `syz.1.1980'.
[  308.138200][T13219] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  308.971552][T13270] netem: change failed
[  309.121186][T13281] ±ÿ: renamed from team_slave_1
[  309.175297][T13284] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  309.527634][T13304] netlink: 'syz.1.2007': attribute type 1 has an invalid length.
[  309.548170][T13313] netlink: 'syz.0.2010': attribute type 1 has an invalid length.
[  309.570479][T13313] workqueue: Failed to create a rescuer kthread for wq "bond17": -EINTR
[  310.537120][T13381] F: renamed from gre0
[  310.554842][T13381] F: entered allmulticast mode
[  311.130573][T13411] __nla_validate_parse: 16 callbacks suppressed
[  311.130596][T13411] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2035'.
[  311.181843][T13411] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2035'.
[  311.256003][T13415] syzkaller0: entered promiscuous mode
[  311.262016][T13415] syzkaller0: entered allmulticast mode
[  311.270861][T13415] pim6reg1: entered promiscuous mode
[  311.277264][T13415] pim6reg1: entered allmulticast mode
[  311.387213][T13418] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  311.431899][T13418] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2037'.
[  311.550131][T13429] can: request_module (can-proto-5) failed.
[  311.852180][T13451] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2042'.
[  311.939267][T13427] syzkaller1: entered promiscuous mode
[  311.945383][T13427] syzkaller1: entered allmulticast mode
[  311.960449][T13443] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode
[  312.211747][T13466] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2047'.
[  312.241043][T13466] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2047'.
[  312.511611][T13486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2052'.
[  312.885525][T13513] lo speed is unknown, defaulting to 1000
[  312.896983][T13513] lo speed is unknown, defaulting to 1000
[  313.244210][T13513] lo speed is unknown, defaulting to 1000
[  315.223577][T13472] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  315.436699][T13559] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 1, id = 0
[  315.554615][T13563] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2068'.
[  315.744647][T13577] netlink: 'syz.3.2076': attribute type 64 has an invalid length.
[  315.757461][T13573] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap3
[  315.848791][T13582] netlink: set zone limit has 4 unknown bytes
[  317.129628][T13619] ip6erspan0: left allmulticast mode
[  317.139923][T13619] bond2: left promiscuous mode
[  317.146726][T13619] bridge2: left promiscuous mode
[  317.152606][T13619] bridge3: left promiscuous mode
[  317.158047][T13619] bond2: left allmulticast mode
[  317.164101][T13619] bridge2: left allmulticast mode
[  317.170535][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  317.182053][ T1301] aoe: packet could not be sent on veth1_macvtap.  consider increasing tx_queue_len
[  317.191734][T13619] bridge3: left allmulticast mode
[  317.216812][T13619] bridge4: left promiscuous mode
[  317.224898][T13619] bridge4: left allmulticast mode
[  317.239232][T13619] veth5: left allmulticast mode
[  317.256839][T13619] ip6gre1: left allmulticast mode
[  317.267699][T13619] vlan0: left allmulticast mode
[  317.274576][T13619] mac80211_hwsim hwsim6 wlan0: left allmulticast mode
[  317.374571][   T77] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  317.411284][   T77] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  317.420232][   T77] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0
[  317.489103][   T77] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  317.520993][   T77] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  317.529977][   T77] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0
[  317.561637][   T77] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  317.600982][   T77] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  317.639419][   T77] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0
[  317.650484][T13661] netlink: 'syz.4.2091': attribute type 8 has an invalid length.
[  317.682158][   T77] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  317.698028][   T77] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  317.723601][   T77] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0
[  317.922030][T13676] netem: incorrect ge model size
[  317.935306][T13676] netem: change failed
[  317.960541][T13679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2097'.
[  318.061834][T13679] 8021q: adding VLAN 0 to HW filter on device bond7
[  318.122219][T13689] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2098'.
[  318.282136][T13685] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2098'.
[  319.218695][   T30] audit: type=1107 audit(1775121937.004:4): pid=13756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ýdß:1V	Ã74MTC:ÜK²|ÙM/lgâC=(¿VÏÏúÝi–�ì�9mm\²Úƒ%Ä£q'
[  319.362488][T13762] netlink: 'syz.1.2115': attribute type 12 has an invalid length.
[  319.376020][T13762] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2115'.
[  319.442632][T13769] xt_hashlimit: overflow, try lower: 18446744073709551613/4
[  320.010673][T13790] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2123'.
[  320.029501][T13794] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2124'.
[  320.572661][T13841] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  320.897623][T13858] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2139'.
[  320.908307][T13858] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2139'.
[  320.920119][T13858] netlink: 31 bytes leftover after parsing attributes in process `syz.2.2139'.
[  320.930541][T13858] netlink: 'syz.2.2139': attribute type 3 has an invalid length.
[  320.939830][T13858] netlink: 'syz.2.2139': attribute type 2 has an invalid length.
[  320.950235][T13858] netlink: 31 bytes leftover after parsing attributes in process `syz.2.2139'.
[  321.043649][T13864] netlink: 'syz.1.2142': attribute type 1 has an invalid length.
[  321.082902][T13864] 8021q: adding VLAN 0 to HW filter on device bond8
[  321.113538][T13864] 8021q: adding VLAN 0 to HW filter on device bond8
[  321.120707][T13864] bond8: (slave vcan1): The slave device specified does not support setting the MAC address
[  321.143810][T13864] bond8: (slave vcan1): Error -95 calling set_mac_address
[  321.675205][T13896] netlink: 'syz.4.2152': attribute type 9 has an invalid length.
[  321.683064][T13896] netlink: 'syz.4.2152': attribute type 11 has an invalid length.
[  321.690996][T13896] netlink: 'syz.4.2152': attribute type 12 has an invalid length.
[  321.813518][T13907] rdma_rxe: rxe_newlink: failed to add lo
[  322.045842][T13913] bond6: (slave vlan0): Releasing backup interface
[  322.112728][T13913] tipc: Resetting bearer <eth:vlan0>
[  322.119148][T13913] tipc: Disabling bearer <eth:vlan0>
[  322.678089][T13945] netlink: 'syz.2.2165': attribute type 3 has an invalid length.
[  322.688116][T13945] netlink: 'syz.2.2165': attribute type 10 has an invalid length.
[  322.698987][T13945] team0: Device ipvlan1 failed to register rx_handler
[  322.966448][T13958] __nla_validate_parse: 4 callbacks suppressed
[  322.966469][T13958] netlink: 248 bytes leftover after parsing attributes in process `syz.2.2170'.
[  323.010615][T13959] netlink: 248 bytes leftover after parsing attributes in process `syz.2.2170'.
[  323.041201][T13963] bond9: option fail_over_mac: invalid value (16)
[  323.052664][T13963] bond9 (unregistering): Released all slaves
[  323.194560][T13972] mac80211_hwsim hwsim10 syzkaller0: left promiscuous mode
[  323.286061][T13978] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  323.297720][T13974] syzkaller0: entered promiscuous mode
[  323.303421][T13974] syzkaller0: entered allmulticast mode
[  323.314214][T13974] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2175'.
[  323.314615][T13978] netlink: 'syz.0.2177': attribute type 21 has an invalid length.
[  323.333091][T13978] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2177'.
[  323.344151][T13978] netlink: 'syz.0.2177': attribute type 4 has an invalid length.
[  323.361229][T13978] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2177'.
[  323.384362][T13979] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2177'.
[  323.394639][T13979] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2177'.
[  323.511631][T13984] netlink: 165 bytes leftover after parsing attributes in process `syz.4.2178'.
[  323.905070][T14013] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2185'.
[  324.230608][T14036] smc: ib device syz2 ibport 2 applied user defined pnetid SYZ1
[  324.759001][T14062] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2195'.
[  324.790849][T14052] syzkaller0: entered promiscuous mode
[  324.800729][T14052] syzkaller0: entered allmulticast mode
[  324.857286][T14062] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  324.872893][T14062] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  325.849681][T14081] xt_NFQUEUE: number of total queues is 0
[  325.852007][T14080] xt_NFQUEUE: number of total queues is 0
[  326.987505][T14092] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  327.012221][T14092] tunl0: entered promiscuous mode
[  327.031330][T14092] validate_nla: 6 callbacks suppressed
[  327.031353][T14092] netlink: 'syz.1.2205': attribute type 3 has an invalid length.
[  327.208626][T14103] syzkaller1: entered allmulticast mode
[  327.374260][T14114] 8021q: adding VLAN 0 to HW filter on device batadv0
[  328.224823][T14174] __nla_validate_parse: 4 callbacks suppressed
[  328.224845][T14174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2229'.
[  328.253022][T14176] macvtap1: entered promiscuous mode
[  328.258596][T14176] macvtap1: entered allmulticast mode
[  328.290933][T14176] veth1_vlan: entered allmulticast mode
[  328.384961][T14188] GUP no longer grows the stack in syz.3.2231 (14188): 200000003000-20000000a000 (200000001000)
[  328.418155][T14188] CPU: 0 UID: 0 PID: 14188 Comm: syz.3.2231 Not tainted syzkaller #0 PREEMPT(full) 
[  328.418185][T14188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  328.418204][T14188] Call Trace:
[  328.418212][T14188]  <TASK>
[  328.418221][T14188]  dump_stack_lvl+0xe8/0x150
[  328.418257][T14188]  __get_user_pages+0x2453/0x29d0
[  328.418291][T14188]  ? __lock_acquire+0x6b5/0x2cf0
[  328.418339][T14188]  ? __gup_longterm_locked+0xc4e/0x1630
[  328.418372][T14188]  ? down_read_killable+0x1bb/0x340
[  328.418408][T14188]  __gup_longterm_locked+0xdcf/0x1630
[  328.418467][T14188]  gup_fast_fallback+0x1d82/0x22e0
[  328.418533][T14188]  ? __pfx_gup_fast_fallback+0x10/0x10
[  328.418562][T14188]  ? futex_unqueue+0x22/0x240
[  328.418587][T14188]  ? futex_unqueue+0x22/0x240
[  328.418612][T14188]  ? is_valid_gup_args+0x11f/0x200
[  328.418647][T14188]  ? get_user_pages_fast+0x4d/0xb0
[  328.418681][T14188]  __iov_iter_get_pages_alloc+0x3b6/0xb10
[  328.418714][T14188]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  328.418742][T14188]  iov_iter_get_pages2+0x5e/0xa0
[  328.418776][T14188]  __se_sys_vmsplice+0x7b3/0x1490
[  328.418831][T14188]  ? __pfx___se_sys_vmsplice+0x10/0x10
[  328.418866][T14188]  ? __pfx_futex_wait+0x10/0x10
[  328.418911][T14188]  ? lockdep_hardirqs_on+0x7a/0x110
[  328.418999][T14188]  do_syscall_64+0x14d/0xf80
[  328.419027][T14188]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.419049][T14188]  ? clear_bhb_loop+0x40/0x90
[  328.419077][T14188]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.419110][T14188] RIP: 0033:0x7fd09199c819
[  328.419131][T14188] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  328.419150][T14188] RSP: 002b:00007fd0927df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[  328.419173][T14188] RAX: ffffffffffffffda RBX: 00007fd091c15fa0 RCX: 00007fd09199c819
[  328.419188][T14188] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000007
[  328.419200][T14188] RBP: 00007fd091a32c91 R08: 0000000000000000 R09: 0000000000000000
[  328.419213][T14188] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  328.419224][T14188] R13: 00007fd091c16038 R14: 00007fd091c15fa0 R15: 00007fffc9bfb0b8
[  328.419259][T14188]  </TASK>
[  329.000145][T14213] openvswitch: netlink: Duplicate or invalid key (type 0).
[  329.008160][T14213] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  329.026237][T14216] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2242'.
[  329.053319][T14216] veth0_to_bond: mtu less than device minimum
[  329.164796][T14223] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[  329.392675][T14228] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  329.414802][T14228] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  329.503872][T14228] ip6tnl1: left allmulticast mode
[  329.516189][T14228] bond2: left promiscuous mode
[  329.521826][T14228] bridge4: left promiscuous mode
[  329.534297][T14228] bond3: left promiscuous mode
[  329.539246][T14228] ip6gre2: left promiscuous mode
[  329.554190][T14228] bond4: left promiscuous mode
[  329.559260][T14228] bond4: left allmulticast mode
[  329.567456][T14228] bond5: left promiscuous mode
[  329.573332][T14228] bond5: left allmulticast mode
[  329.580326][T14228] bond6: left promiscuous mode
[  329.585878][T14228] bond6: left allmulticast mode
[  329.593662][T14228] bond7: left promiscuous mode
[  329.598717][T14228] bond7: left allmulticast mode
[  329.606569][T14228] bond8: left promiscuous mode
[  329.633512][T14228] bond8: left allmulticast mode
[  329.665676][T14228] bond9: left promiscuous mode
[  329.672592][T14228] bond9: left allmulticast mode
[  329.680132][T14228] bond10: left promiscuous mode
[  329.690692][T14228] bond10: left allmulticast mode
[  329.708135][T14228] bond11: left promiscuous mode
[  329.713724][T14228] bond11: left allmulticast mode
[  329.725289][T14228] bond12: left promiscuous mode
[  329.743296][T14228] bond12: left allmulticast mode
[  329.778855][T14228] bond13: left promiscuous mode
[  329.783953][T14228] bond13: left allmulticast mode
[  329.802845][   T58] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  329.866811][   T58] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  329.906618][   T58] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  329.917188][   T58] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  329.938342][   T58] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  329.958048][   T58] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  330.074312][T14249] netlink: 'syz.4.2254': attribute type 3 has an invalid length.
[  330.181386][T14254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2256'.
[  330.190568][T14254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2256'.
[  330.380767][T14270] netlink: 207952 bytes leftover after parsing attributes in process `syz.0.2262'.
[  330.497509][T14277] set match dimension is over the limit!
[  330.574141][T14236] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  330.790044][T14295] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2268'.
[  330.820064][T14297] SET target dimension over the limit!
[  330.918294][T14307] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2273'.
[  330.929210][T14305] netlink: 'syz.4.2272': attribute type 39 has an invalid length.
[  331.002208][T14314] netlink: 220 bytes leftover after parsing attributes in process `syz.3.2274'.
[  331.088280][T14316] syzkaller0: entered promiscuous mode
[  331.094229][T14316] syzkaller0: entered allmulticast mode
[  331.111670][T14318] openvswitch: netlink: Message has 8 unknown bytes.
[  331.121979][T14316] netlink: 'syz.0.2276': attribute type 4 has an invalid length.
[  331.152532][T14318] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  331.337553][T14332] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2280'.
[  331.423491][T14335] openvswitch: netlink: Unexpected mask (mask=4000040, allowed=10048)
[  331.521416][T14339] netlink: 'syz.3.2282': attribute type 4 has an invalid length.
[  332.148561][T14385] netlink: 'syz.4.2292': attribute type 11 has an invalid length.
[  332.319492][T14392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2296'.
[  332.471926][T14403] gre4: entered promiscuous mode
[  332.476943][T14403] gre4: entered allmulticast mode
[  332.484433][T14404] x_tables: (null)_tables: NFQUEUE.1 target: invalid size 8 (kernel) != (user) 16
[  333.289985][T14440] xt_l2tp: wrong L2TP version: 0
[  333.437683][T14457] syzkaller1: entered promiscuous mode
[  333.451846][T14459] netlink: 'syz.2.2317': attribute type 11 has an invalid length.
[  333.460202][T14457] syzkaller1: entered allmulticast mode
[  333.539416][T14470] __nla_validate_parse: 5 callbacks suppressed
[  333.539437][T14470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2320'.
[  333.955600][T14495] ip6t_srh: unknown srh match flags  4000
[  334.776172][T14533] SET target dimension over the limit!
[  334.929765][T14543] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2337'.
[  335.123863][T14551] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2340'.
[  335.224239][T14555] can: request_module (can-proto-0) failed.
[  335.508484][T14571] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  335.641113][T14580] netlink: 'syz.2.2349': attribute type 4 has an invalid length.
[  336.058706][T14612] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  336.084696][T14614] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2359'.
[  336.163211][T14614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2359'.
[  336.389234][T14628] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2364'.
[  336.628803][T14648] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2371'.
[  336.641238][T14646] veth1_to_team: entered promiscuous mode
[  336.647081][T14646] veth1_to_team: entered allmulticast mode
[  336.694135][T14648] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2371'.
[  336.888648][T14664] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  336.900532][T14664] SET target dimension over the limit!
[  337.024068][T14673] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2379'.
[  337.545128][T14683] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  337.555541][T14683] netlink: 'syz.4.2383': attribute type 1 has an invalid length.
[  337.581628][T14656] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  337.587309][T14683] 8021q: adding VLAN 0 to HW filter on device bond8
[  337.613257][T14683] bond8: (slave geneve2): making interface the new active one
[  337.623305][T14683] bond8: (slave geneve2): Enslaving as an active interface with an up link
[  337.638619][T13825] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  337.655119][T13825] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  337.679654][T13825] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  337.704945][T13825] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  337.747374][T14686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2384'.
[  337.879873][T14696] syzkaller1: entered promiscuous mode
[  337.886616][T14696] syzkaller1: entered allmulticast mode
[  338.151944][T14712] openvswitch: netlink: IPv6 tunnel dst address is zero
[  338.303901][T14728] bridge_slave_0 (unregistering): left allmulticast mode
[  338.311671][T14728] bridge_slave_0 (unregistering): left promiscuous mode
[  338.318759][T14728] bridge0: port 1(bridge_slave_0) entered disabled state
[  338.422560][T14734] : renamed from lo
[  338.781836][T14751] __nla_validate_parse: 6 callbacks suppressed
[  338.781858][T14751] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2408'.
[  338.801798][T14751] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2408'.
[  338.811349][T14751] netlink: 'syz.4.2408': attribute type 6 has an invalid length.
[  338.819236][T14751] netlink: 'syz.4.2408': attribute type 5 has an invalid length.
[  338.827834][T14751] netlink: 43 bytes leftover after parsing attributes in process `syz.4.2408'.
[  338.838417][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout
[  338.981501][T14761] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2410'.
[  338.994751][T14761] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2410'.
[  339.008025][T14765] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2411'.
[  339.305398][T14758] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2409'.
[  339.374421][T14786] netlink: 'syz.4.2418': attribute type 4 has an invalid length.
[  339.478674][T14789] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2419'.
[  339.494029][T14789] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2419'.
[  339.594226][T14794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2421'.
[  339.645152][T14795] syz.3.2421: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  339.684651][T14795] CPU: 0 UID: 0 PID: 14795 Comm: syz.3.2421 Not tainted syzkaller #0 PREEMPT(full) 
[  339.684682][T14795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  339.684695][T14795] Call Trace:
[  339.684704][T14795]  <TASK>
[  339.684712][T14795]  dump_stack_lvl+0xe8/0x150
[  339.684748][T14795]  warn_alloc+0x249/0x340
[  339.684775][T14795]  ? stack_trace_save+0xa9/0x100
[  339.684801][T14795]  ? __pfx_warn_alloc+0x10/0x10
[  339.684833][T14795]  ? kasan_save_track+0x4f/0x80
[  339.684854][T14795]  ? kasan_save_track+0x3e/0x80
[  339.684875][T14795]  ? __kasan_kmalloc+0x93/0xb0
[  339.684897][T14795]  ? __kmalloc_cache_noprof+0x31c/0x660
[  339.684919][T14795]  ? xskq_create+0x56/0x170
[  339.684940][T14795]  ? xsk_setsockopt+0x54c/0x990
[  339.684976][T14795]  ? do_sock_setsockopt+0x17c/0x1b0
[  339.684999][T14795]  ? __x64_sys_setsockopt+0x13d/0x1b0
[  339.685045][T14795]  ? do_syscall_64+0x14d/0xf80
[  339.685075][T14795]  __vmalloc_node_range_noprof+0x132/0x1730
[  339.685135][T14795]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  339.685167][T14795]  ? __kasan_kmalloc+0x93/0xb0
[  339.685198][T14795]  vmalloc_user_noprof+0xad/0xe0
[  339.685222][T14795]  ? xskq_create+0xbf/0x170
[  339.685246][T14795]  xskq_create+0xbf/0x170
[  339.685271][T14795]  xsk_init_queue+0x8a/0xe0
[  339.685295][T14795]  xsk_setsockopt+0x54c/0x990
[  339.685337][T14795]  ? __pfx_xsk_setsockopt+0x10/0x10
[  339.685371][T14795]  ? __pfx_aa_sk_perm+0x10/0x10
[  339.685406][T14795]  ? aa_sock_opt_perm+0xff/0x1a0
[  339.685442][T14795]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  339.685465][T14795]  ? __pfx_xsk_setsockopt+0x10/0x10
[  339.685501][T14795]  do_sock_setsockopt+0x17c/0x1b0
[  339.685531][T14795]  __x64_sys_setsockopt+0x13d/0x1b0
[  339.685562][T14795]  do_syscall_64+0x14d/0xf80
[  339.685586][T14795]  ? trace_irq_disable+0x3b/0x150
[  339.685605][T14795]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.685627][T14795]  ? clear_bhb_loop+0x40/0x90
[  339.685654][T14795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.685675][T14795] RIP: 0033:0x7fd09199c819
[  339.685695][T14795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  339.685714][T14795] RSP: 002b:00007fd09279d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  339.685737][T14795] RAX: ffffffffffffffda RBX: 00007fd091c16180 RCX: 00007fd09199c819
[  339.685753][T14795] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000085
[  339.685766][T14795] RBP: 00007fd091a32c91 R08: 0000000000000004 R09: 0000000000000000
[  339.685779][T14795] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  339.685793][T14795] R13: 00007fd091c16218 R14: 00007fd091c16180 R15: 00007fffc9bfb0b8
[  339.685828][T14795]  </TASK>
[  339.688118][T14795] Mem-Info:
[  339.975602][T14795] active_anon:5685 inactive_anon:0 isolated_anon:0
[  339.975602][T14795]  active_file:3018 inactive_file:40022 isolated_file:0
[  339.975602][T14795]  unevictable:768 dirty:74 writeback:0
[  339.975602][T14795]  slab_reclaimable:12930 slab_unreclaimable:105530
[  339.975602][T14795]  mapped:30336 shmem:1359 pagetables:1339
[  339.975602][T14795]  sec_pagetables:0 bounce:0
[  339.975602][T14795]  kernel_misc_reclaimable:0
[  339.975602][T14795]  free:1321370 free_pcp:9486 free_cma:0
[  340.059305][T14795] Node 0 active_anon:22640kB inactive_anon:0kB active_file:12072kB inactive_file:159888kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121444kB dirty:296kB writeback:0kB shmem:3900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13744kB pagetables:5232kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  340.099269][T14795] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  340.132664][T14795] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  340.163083][T14795] lowmem_reserve[]: 0 2492 2493 2493 2493
[  340.168985][T14795] Node 0 DMA32 free:1326920kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22840kB inactive_anon:0kB active_file:12072kB inactive_file:159888kB unevictable:1536kB writepending:296kB zspages:0kB present:3129332kB managed:2552660kB mlocked:0kB bounce:0kB free_pcp:38156kB local_pcp:17056kB free_cma:0kB
[  340.210165][T14795] lowmem_reserve[]: 0 0 0 0 0
[  340.224120][T14795] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  340.273971][T14795] lowmem_reserve[]: 0 0 0 0 0
[  340.287659][T14795] Node 1 Normal free:3943000kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  340.337570][T14795] lowmem_reserve[]: 0 0 0 0 0
[  340.343034][T14795] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  340.356297][T14795] Node 0 DMA32: 5017*4kB (UM) 3158*8kB (UM) 1632*16kB (UM) 698*32kB (UME) 525*64kB (UM) 251*128kB (UM) 352*256kB (UM) 186*512kB (UME) 181*1024kB (UM) 101*2048kB (UM) 144*4096kB (UM) = 1326868kB
[  340.376465][T14795] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  340.389124][T14795] Node 1 Normal: 2*4kB (UM) 6*8kB (UM) 14*16kB (UM) 8*32kB (UM) 7*64kB (UM) 5*128kB (UM) 4*256kB (UM) 4*512kB (UM) 4*1024kB (UM) 1*2048kB (U) 960*4096kB (M) = 3943000kB
[  340.406742][T14795] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  340.417784][T14795] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  340.428027][T14795] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  340.442392][T14795] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  340.452556][T14795] 44395 total pagecache pages
[  340.459628][T14795] 0 pages in swap cache
[  340.469747][T14795] Free swap  = 124996kB
[  340.480464][T14795] Total swap = 124996kB
[  340.485204][T14795] 2097051 pages RAM
[  340.498577][T14795] 0 pages HighMem/MovableOnly
[  340.504233][T14795] 427051 pages reserved
[  340.508682][T14795] 0 pages cma reserved
[  340.697573][T14834] openvswitch: netlink: Message has 8 unknown bytes.
[  340.704963][T14834] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  340.745182][T14831] vlan2: entered allmulticast mode
[  340.758653][T14831] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode
[  340.817546][T14837] geneve3: entered promiscuous mode
[  340.823080][T14837] geneve3: entered allmulticast mode
[  340.830034][T13825] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 19999 - 0
[  340.840029][T13825] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 19999 - 0
[  340.865034][T13825] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 19999 - 0
[  340.893233][T13825] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 19999 - 0
[  341.080821][T14852] netlink: 'syz.4.2439': attribute type 1 has an invalid length.
[  341.235415][T14855] bond9: (slave vxcan3): The slave device specified does not support setting the MAC address
[  341.251756][T14855] bond9: (slave vxcan3): Error -95 calling set_mac_address
[  341.295657][T14845] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1500) !
[  341.356687][T14845] syzkaller0: entered promiscuous mode
[  341.362833][T14845] syzkaller0: entered allmulticast mode
[  341.378429][T14858] gretap4: entered promiscuous mode
[  341.384971][T14858] batman_adv: batadv0: Adding interface: gretap4
[  341.391655][T14858] batman_adv: batadv0: The MTU of interface gretap4 is too small (1462) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1532.
[  341.413312][T14858] batman_adv: batadv0: Not using interface gretap4 (retrying later): interface not active
[  341.710494][T14888] netlink: 'syz.4.2448': attribute type 21 has an invalid length.
[  343.598964][T14941] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  343.621953][T14948] netlink: 'syz.2.2458': attribute type 10 has an invalid length.
[  343.680149][T14940] can: request_module (can-proto-5) failed.
[  343.787149][T14955] netlink: 'syz.1.2460': attribute type 61 has an invalid length.
[  343.867415][T14961] netlink: 'syz.2.2463': attribute type 1 has an invalid length.
[  343.925240][T14961] 8021q: adding VLAN 0 to HW filter on device bond4
[  343.962465][T14967] bond4: (slave veth3): Enslaving as an active interface with a down link
[  343.995051][T14961] bond4: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  344.074271][T14961] bond4: (slave veth5): Enslaving as an active interface with a down link
[  344.213519][T14980] __nla_validate_parse: 17 callbacks suppressed
[  344.213540][T14980] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2469'.
[  344.249819][T14978] netlink: 'syz.3.2467': attribute type 3 has an invalid length.
[  344.285830][T14978] netlink: 766 bytes leftover after parsing attributes in process `syz.3.2467'.
[  344.302093][T14984] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2469'.
[  344.334909][T14982] ±ÿ=–a²š«: renamed from lo
[  344.369528][T14991] netlink: 'syz.4.2471': attribute type 4 has an invalid length.
[  344.514549][T14998] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2472'.
[  344.596251][T15005] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2473'.
[  344.648903][T15005] bond9: entered promiscuous mode
[  344.662290][T15005] 8021q: adding VLAN 0 to HW filter on device bond9
[  344.929097][T15027] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2481'.
[  344.966517][T15025] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  344.981557][T15031] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2482'.
[  345.034023][T15035] ieee802154 phy1 wpan1: encryption failed: -22
[  345.042610][T15035] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  345.358348][T15047] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2487'.
[  345.588534][T15057] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2489'.
[  345.619708][T15057] xt_CT: You must specify a L4 protocol and not use inversions on it
[  346.652783][T15105] netlink: 'syz.2.2504': attribute type 25 has an invalid length.
[  346.686206][T15105] netlink: 'syz.2.2504': attribute type 62 has an invalid length.
[  346.816862][T15109] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2506'.
[  347.106236][T15129] netlink: 'syz.1.2510': attribute type 1 has an invalid length.
[  347.159740][T15129] bond10: (slave gretap2): making interface the new active one
[  347.168567][T15129] bond10: (slave gretap2): Enslaving as an active interface with an up link
[  347.526656][T15144] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  347.527846][ T9807] IPVS: starting estimator thread 0...
[  347.650993][T15154] IPVS: using max 31 ests per chain, 74400 per kthread
[  348.538917][T15217] IPv6: sit2: Disabled Multicast RS
[  348.552429][T15217] sit2: entered allmulticast mode
[  349.590158][T15275] netlink: 'syz.0.2540': attribute type 9 has an invalid length.
[  349.634351][T15275] netlink: 'syz.0.2540': attribute type 12 has an invalid length.
[  349.928217][   T30] audit: type=1107 audit(1775121967.714:5): pid=15289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  350.040198][T15251] __nla_validate_parse: 10 callbacks suppressed
[  350.040220][T15251] netlink: 236 bytes leftover after parsing attributes in process `syz.3.2534'.
[  350.151240][T15251] netlink: 236 bytes leftover after parsing attributes in process `syz.3.2534'.
[  350.271123][ T5837] Bluetooth: hci4: command 0x0406 tx timeout
[  350.271912][T15306] netlink: 'syz.1.2549': attribute type 83 has an invalid length.
[  350.451142][T15318] netlink: 'syz.4.2552': attribute type 11 has an invalid length.
[  350.478498][T15318] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2552'.
[  350.497678][T15319] netlink: 'syz.2.2550': attribute type 2 has an invalid length.
[  350.525426][T15319] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2550'.
[  350.644799][T15331] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode
[  350.653238][T15331] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode
[  350.976616][T15347] bond6: option packets_per_slave: invalid value (18446744073709551615)
[  350.986816][T15347] bond6: option packets_per_slave: allowed values 0 - 65535
[  350.996488][T15347] bond6 (unregistering): Released all slaves
[  351.302603][T15366] netlink: 'syz.2.2566': attribute type 4 has an invalid length.
[  351.317190][T15366] netlink: 'syz.2.2566': attribute type 3 has an invalid length.
[  351.326010][T15366] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2566'.
[  351.500075][T15376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2572'.
[  351.802219][T15403] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2576'.
[  351.954859][T15408] syzkaller0: entered promiscuous mode
[  351.960952][T15408] syzkaller0: entered allmulticast mode
[  352.189207][T15422] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2586'.
[  352.230014][T15426] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2588'.
[  352.278786][T15422] nbd: must specify a device to reconfigure
[  352.439812][T15435] syzkaller0: entered promiscuous mode
[  352.454180][T15435] syzkaller0: entered allmulticast mode
[  353.011561][T15424] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  353.023823][T15424] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  353.103832][T15424] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  353.109994][T15424] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  353.132181][T15424] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  353.138483][T15424] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  353.189846][T15424] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  353.196062][T15424] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  353.963722][   T30] audit: type=1107 audit(1775121971.754:6): pid=15459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  354.101611][T15468] bond11: option arp_interval: mode dependency failed, not supported in mode 802.3ad(4)
[  354.204774][T15468] bond11 (unregistering): Released all slaves
[  354.734609][T15509] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2610'.
[  354.878734][T15517] sctp: [Deprecated]: syz.2.2612 (pid 15517) Use of struct sctp_assoc_value in delayed_ack socket option.
[  354.878734][T15517] Use struct sctp_sack_info instead
[  354.939322][T15517] netlink: 'syz.2.2612': attribute type 29 has an invalid length.
[  354.986894][T15517] netlink: 'syz.2.2612': attribute type 29 has an invalid length.
[  355.026946][T15525] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  355.072954][T15527] __nla_validate_parse: 2 callbacks suppressed
[  355.072976][T15527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2616'.
[  355.112717][T15527] block nbd0: Unsupported socket: should be TCP or UNIX.
[  355.341960][T15553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2619'.
[  355.714044][T15574] netlink: 'syz.2.2623': attribute type 39 has an invalid length.
[  355.768079][T15577] delete_channel: no stack
[  355.884915][T15583] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2627'.
[  355.920129][T15586] syzkaller1: entered promiscuous mode
[  355.925912][T15586] syzkaller1: entered allmulticast mode
[  356.007284][T15588] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2628'.
[  356.108626][T15595] netlink: 'syz.4.2631': attribute type 2 has an invalid length.
[  356.134256][T15595] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2631'.
[  356.157844][T15598] bond6: option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
[  356.168911][T15588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2628'.
[  356.195520][T15598] bond6 (unregistering): Released all slaves
[  356.228185][ T5143] block nbd0: Receive control failed (result -107)
[  356.238935][T15588] block nbd0: reconnected socket
[  356.716456][T15634] netlink: 'syz.1.2640': attribute type 15 has an invalid length.
[  357.017231][T15655] 
s5ÿÿø: renamed from vlan1
[  357.186255][T15671] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2651'.
[  357.281338][T15676] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2653'.
[  357.338422][T15676] netlink: 108 bytes leftover after parsing attributes in process `syz.4.2653'.
[  357.687698][T15704] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2659'.
[  357.813636][T15704] netlink: 'syz.3.2659': attribute type 1 has an invalid length.
[  359.474383][T15828] netlink: 'syz.4.2693': attribute type 10 has an invalid length.
[  359.580396][T15820] netlink: 'syz.1.2692': attribute type 1 has an invalid length.
[  359.850841][T15847] netlink: 'syz.1.2700': attribute type 51 has an invalid length.
[  360.076797][T15867] netlink: 'syz.0.2706': attribute type 3 has an invalid length.
[  360.102283][T15862] __nla_validate_parse: 11 callbacks suppressed
[  360.102307][T15862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2704'.
[  360.424400][T15886] openvswitch: netlink: Missing key (keys=40, expected=100)
[  360.483307][T15886] bond10: option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[  360.502613][T15886] bond10 (unregistering): Released all slaves
[  360.677933][T15899] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2713'.
[  360.699106][T15899] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2713'.
[  360.819629][T15905] netlink: 'syz.4.2714': attribute type 10 has an invalid length.
[  360.833528][T15905] team0: Port device dummy0 added
[  360.867346][T15907] ieee802154 phy1 wpan1: encryption failed: -22
[  360.875489][T15905] SET target dimension over the limit!
[  360.886323][T15907] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2715'.
[  361.236460][T15925] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  361.422357][T15938] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2723'.
[  361.566355][T15945] delete_channel: no stack
[  361.710716][T15959] tunl0: left promiscuous mode
[  361.841660][T15959] mac80211_hwsim hwsim6 wlan0: left promiscuous mode
[  361.876034][T15959] geneve3: left promiscuous mode
[  361.882441][T15959] geneve3: left allmulticast mode
[  361.897962][T15959] bond9: left promiscuous mode
[  361.943823][  T173] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 19999 - 0
[  361.983805][  T173] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 19999 - 0
[  362.001086][  T173] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 19999 - 0
[  362.018958][  T173] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 19999 - 0
[  362.102750][T15982] netlink: 187436 bytes leftover after parsing attributes in process `syz.1.2736'.
[  362.202404][T15988] netlink: 'syz.3.2738': attribute type 1 has an invalid length.
[  362.354629][T15988] bond3: entered promiscuous mode
[  362.360171][T15988] 8021q: adding VLAN 0 to HW filter on device bond3
[  362.522873][T16013] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2741'.
[  362.710610][T16030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2747'.
[  362.724639][T16024] lo speed is unknown, defaulting to 1000
[  362.758063][T16024] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  362.876876][T16038] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2748'.
[  363.057196][T16044] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2750'.
[  363.076648][T16044] nbd: illegal input index -8454144
[  363.198911][T16024]  speed is unknown, defaulting to 1000
[  363.302857][T16047] : entered promiscuous mode
[  363.651273][T16068] netlink: 'syz.3.2760': attribute type 3 has an invalid length.
[  363.839579][T16079] netlink: 'syz.3.2765': attribute type 15 has an invalid length.
[  363.985003][T16085] syz_tun: refused to change device tx_queue_len
[  364.212650][T16098] tc_dump_action: action bad kind
[  364.217953][T16097] tc_dump_action: action bad kind
[  364.329840][T16102] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  364.342971][T16103] ipt_ECN: cannot use operation on non-tcp rule
[  364.397318][T16109] tipc: Can't bind to reserved service type 0
[  364.475134][T16110] bond4: option arp_all_targets: invalid value (18446744073709551613)
[  364.517412][T16110] bond4 (unregistering): Released all slaves
[  364.925196][T16146] ipvlan2: entered promiscuous mode
[  364.933513][T16146] bridge0: port 3(ipvlan2) entered blocking state
[  364.940209][T16146] bridge0: port 3(ipvlan2) entered disabled state
[  364.947331][T16146] ipvlan2: entered allmulticast mode
[  364.954227][T16146] bridge0: entered allmulticast mode
[  364.964100][T16146] ipvlan2: left allmulticast mode
[  364.969155][T16146] bridge0: left allmulticast mode
[  365.136520][T16148] __nla_validate_parse: 43 callbacks suppressed
[  365.136543][T16148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2780'.
[  365.151966][T16148] bridge_slave_1: left allmulticast mode
[  365.157647][T16148] bridge_slave_1: left promiscuous mode
[  365.165384][T16148] bridge0: port 2(bridge_slave_1) entered disabled state
[  365.203043][T16148] bridge_slave_0: left allmulticast mode
[  365.218838][T16148] bridge_slave_0: left promiscuous mode
[  365.246361][T16148] bridge0: port 1(bridge_slave_0) entered disabled state
[  365.554400][T16177] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  365.605104][T16179] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2788'.
[  365.714956][T16183] lo speed is unknown, defaulting to 1000
[  365.735047][T16183] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  365.799050][T16185] xt_CT: No such helper "snmp_trap"
[  365.820803][T16190] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2792'.
[  366.162563][T16202] netlink: 640 bytes leftover after parsing attributes in process `syz.2.2796'.
[  366.175050][T16202] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  366.214069][T16183]  speed is unknown, defaulting to 1000
[  366.319680][T16203] lo speed is unknown, defaulting to 1000
[  366.346261][T16203] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  366.795322][T16203]  speed is unknown, defaulting to 1000
[  366.902113][T16224] netlink: 'syz.3.2803': attribute type 1 has an invalid length.
[  367.010616][T16233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2806'.
[  367.019976][T16233] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2806'.
[  367.032681][T16233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2806'.
[  367.042154][T16233] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2806'.
[  367.057515][T16234] xt_hashlimit: size too large, truncated to 1048576
[  367.496702][T16251] netlink: 'syz.3.2811': attribute type 178 has an invalid length.
[  367.762037][T16258] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2814'.
[  368.194259][ T5837] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  368.208848][ T5837] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  368.218353][ T5837] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  368.228747][ T5837] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  368.253523][ T5837] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  368.288251][ T5143] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  368.296025][ T5143] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  368.305184][ T5143] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  368.323789][ T5143] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  368.342288][ T5143] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  368.510686][T16268] lo speed is unknown, defaulting to 1000
[  368.603613][T16268] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  369.301057][T16300] netlink: 'syz.4.2823': attribute type 1 has an invalid length.
[  369.404701][T16268]  speed is unknown, defaulting to 1000
[  369.437090][T16305] netlink: 'syz.1.2827': attribute type 1 has an invalid length.
[  369.473921][T16307] netlink: 'syz.3.2828': attribute type 3 has an invalid length.
[  369.502271][T16312] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2828'.
[  369.533309][T16311] veth0: entered promiscuous mode
[  369.553324][T16311] veth0: left promiscuous mode
[  369.764981][T16324] netlink: 'syz.3.2834': attribute type 7 has an invalid length.
[  369.802604][T16324] netlink: 'syz.3.2834': attribute type 8 has an invalid length.
[  369.983957][T16334] netlink: 'syz.0.2837': attribute type 39 has an invalid length.
[  370.153505][T16268] chnl_net:caif_netlink_parms(): no params data found
[  370.235183][T16347] netlink: 'syz.3.2842': attribute type 2 has an invalid length.
[  370.377803][T16268] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.401318][T16268] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.408661][T16268] bridge_slave_0: entered allmulticast mode
[  370.431257][ T5837] Bluetooth: hci5: command tx timeout
[  370.443035][T16268] bridge_slave_0: entered promiscuous mode
[  370.464682][T16268] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.472072][T16268] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.479348][T16268] bridge_slave_1: entered allmulticast mode
[  370.488707][T16268] bridge_slave_1: entered promiscuous mode
[  370.537949][T16268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  370.582719][T16268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  370.648939][T16377] __nla_validate_parse: 5 callbacks suppressed
[  370.648959][T16377] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2847'.
[  370.667763][T16378] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2847'.
[  370.710340][T16268] team0: Port device team_slave_0 added
[  370.723125][T16268] team0: Port device team_slave_1 added
[  370.728997][T16381] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2848'.
[  370.803785][T16268] batman_adv: batadv0: Adding interface: batadv_slave_0
[  370.810789][T16268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  370.860198][T16268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  370.876443][T16268] batman_adv: batadv0: Adding interface: batadv_slave_1
[  370.883984][T16268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  370.911152][T16268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  370.984962][T16389] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.2851'.
[  371.049129][T16268] hsr_slave_0: entered promiscuous mode
[  371.062896][T16268] hsr_slave_1: entered promiscuous mode
[  371.107618][T16385] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2850'.
[  371.354209][  T173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  371.362264][  T173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  371.482334][T16416] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2858'.
[  371.492958][T16419] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2859'.
[  371.719656][T16430] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2862'.
[  371.769446][T16433] netlink: 'syz.1.2864': attribute type 1 has an invalid length.
[  371.788494][T16434] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2863'.
[  371.865363][T16440] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2864'.
[  371.894695][T16433] 8021q: adding VLAN 0 to HW filter on device bond12
[  371.940097][T16440] bond12: up delay (136) is not a multiple of miimon (100), value rounded to 100 ms
[  371.953411][T16440] bond12: entered allmulticast mode
[  371.989732][T16440] bond12: (slave ip6gretap1): Enslaving as an active interface with an up link
[  372.082679][T16436] lo speed is unknown, defaulting to 1000
[  372.107055][T16436] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  372.328262][T16464] : Caught tx_queue_len zero misconfig
[  372.511315][ T5837] Bluetooth: hci5: command tx timeout
[  372.566076][T16436]  speed is unknown, defaulting to 1000
[  372.659781][T16268] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  372.700647][T16268] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  372.826344][T16268] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  372.844215][T16489] 8021q: VLANs not supported on gre0
[  372.870119][T16268] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  372.995070][T16496] netlink: 'syz.3.2880': attribute type 4 has an invalid length.
[  373.478397][T16268] 8021q: adding VLAN 0 to HW filter on device bond0
[  373.555494][T16268] 8021q: adding VLAN 0 to HW filter on device team0
[  373.606634][   T77] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.613874][   T77] bridge0: port 1(bridge_slave_0) entered forwarding state
[  373.676659][T16537] lo speed is unknown, defaulting to 1000
[  373.687935][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.695138][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[  373.714585][T16541] netlink: 'syz.1.2891': attribute type 21 has an invalid length.
[  373.730108][T16537] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  373.747489][T16541] netlink: 'syz.1.2891': attribute type 1 has an invalid length.
[  374.136326][T16551] netlink: 'syz.1.2894': attribute type 1 has an invalid length.
[  374.150109][T16551] netlink: 'syz.1.2894': attribute type 1 has an invalid length.
[  374.213093][T16556] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  374.462269][T16268] 8021q: adding VLAN 0 to HW filter on device batadv0
[  374.591261][ T5837] Bluetooth: hci5: command tx timeout
[  374.604050][T16537]  speed is unknown, defaulting to 1000
[  374.613876][T16268] veth0_vlan: entered promiscuous mode
[  374.636470][T16268] veth1_vlan: entered promiscuous mode
[  374.728301][T16268] veth0_macvtap: entered promiscuous mode
[  374.755637][T16268] veth1_macvtap: entered promiscuous mode
[  374.813298][T16268] batman_adv: batadv0: Interface activated: batadv_slave_0
[  374.855278][T16268] batman_adv: batadv0: Interface activated: batadv_slave_1
[  374.924773][T13821] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  374.945643][T16577] delete_channel: no stack
[  374.958162][T13821] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  374.983629][T13821] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  375.053958][T13821] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  375.323442][  T173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  375.342315][  T173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  375.419085][T16607] netlink: 'syz.0.2906': attribute type 3 has an invalid length.
[  375.572278][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  375.580357][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  376.012479][T16624] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  376.282662][T16641] netlink: 'syz.0.2916': attribute type 1 has an invalid length.
[  376.347748][T16647] __nla_validate_parse: 11 callbacks suppressed
[  376.347770][T16647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2916'.
[  376.467579][T16654] xt_l2tp: v2 doesn't support IP mode
[  376.580040][T16641] 8021q: adding VLAN 0 to HW filter on device bond17
[  376.589132][T16648] netlink: 188 bytes leftover after parsing attributes in process `syz.2.2915'.
[  376.629719][T16647] bond17: up delay (136) is not a multiple of miimon (100), value rounded to 100 ms
[  376.641383][T16647] bond17: entered allmulticast mode
[  376.677177][ T5837] Bluetooth: hci5: command tx timeout
[  376.765153][T16665] netlink: 'syz.1.2921': attribute type 2 has an invalid length.
[  376.847374][T16667] netlink: 'syz.3.2922': attribute type 21 has an invalid length.
[  376.881021][T16667] IPv6: NLM_F_CREATE should be specified when creating new route
[  376.942801][T16667] veth0: Caught tx_queue_len zero misconfig
[  377.093987][T16677] netlink: 'syz.3.2926': attribute type 1 has an invalid length.
[  377.169307][T16682] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2926'.
[  377.223007][ T5143] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  377.234638][ T5143] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  377.244469][ T5143] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  377.253909][ T5143] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  377.263416][ T5143] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  377.306902][T16677] 8021q: adding VLAN 0 to HW filter on device bond4
[  377.337411][T16678] nlmon0: Caught tx_queue_len zero misconfig
[  377.384935][T16685] bond4: (slave veth0_to_bond): Enslaving as an active interface with a down link
[  377.538029][T16684] lo speed is unknown, defaulting to 1000
[  377.570461][T16684] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  377.927446][T16710] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2935'.
[  378.052487][T16713] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2937'.
[  378.123670][T16718] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2939'.
[  378.147900][T16718] tipc: Started in network mode
[  378.164682][T16718] tipc: Node identity 4, cluster identity 4711
[  378.174814][T16718] tipc: Node number set to 4
[  378.215681][T16684]  speed is unknown, defaulting to 1000
[  378.312677][T16726] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2941'.
[  378.366785][T16735] netlink: 'syz.4.2945': attribute type 16 has an invalid length.
[  378.403898][T16735] netlink: 'syz.4.2945': attribute type 17 has an invalid length.
[  378.432922][T16735] F: left allmulticast mode
[  378.490570][T16735] 8021q: adding VLAN 0 to HW filter on device team0
[  378.511778][ T9808] syz_tun: tun_net_xmit 110
[  378.525435][T16735] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  378.551423][ T9807] lo speed is unknown, defaulting to 1000
[  378.557306][ T9807] syz0: Port: 1 Link ACTIVE
[  378.585864][  T173] syz_tun: tun_net_xmit 110
[  378.606877][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  378.613675][T16123] syz_tun: tun_net_xmit 110
[  378.676513][T16744] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.737303][T16743] bond12: left allmulticast mode
[  378.798592][T16743] syzkaller0: entered promiscuous mode
[  378.811821][T16743] syzkaller0: entered allmulticast mode
[  378.849808][T16744] tipc: Resetting bearer <eth:syzkaller0>
[  378.883417][T16742] tipc: Resetting bearer <eth:syzkaller0>
[  378.914473][T16742] tipc: Disabling bearer <eth:syzkaller0>
[  378.930003][T16748] syzkaller0: entered promiscuous mode
[  378.935809][T16748] syzkaller0: entered allmulticast mode
[  379.152635][T16755] macsec1: entered promiscuous mode
[  379.232306][T16122] syz_tun: tun_net_xmit 90
[  379.305601][T16684] chnl_net:caif_netlink_parms(): no params data found
[  379.324314][ T5143] Bluetooth: hci1: command tx timeout
[  379.444038][T16768] netdevsim netdevsim2: Direct firmware load for . failed with error -2
[  379.463690][T16768] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  379.471937][T16122] syz_tun: tun_net_xmit 110
[  379.613374][T16684] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.621709][T16684] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.629043][T16684] bridge_slave_0: entered allmulticast mode
[  379.639314][T16684] bridge_slave_0: entered promiscuous mode
[  379.699470][T16684] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.721334][T16684] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.728948][T16684] bridge_slave_1: entered allmulticast mode
[  379.737786][T16684] bridge_slave_1: entered promiscuous mode
[  379.818831][T16684] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.844065][T16684] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  379.880682][T16787] netlink: 'syz.3.2959': attribute type 2 has an invalid length.
[  379.894601][T16786] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2958'.
[  379.911558][T16784] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2958'.
[  379.942118][T16684] team0: Port device team_slave_0 added
[  379.967231][T16684] team0: Port device team_slave_1 added
[  380.053789][T16684] batman_adv: batadv0: Adding interface: batadv_slave_0
[  380.097176][T16684] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  380.138436][T16684] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  380.153291][T16684] batman_adv: batadv0: Adding interface: batadv_slave_1
[  380.160485][T16684] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  380.200409][T16684] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  380.314791][T16684] hsr_slave_0: entered promiscuous mode
[  380.323233][T16684] hsr_slave_1: entered promiscuous mode
[  380.331740][T16684] debugfs: 'hsr0' already exists in 'hsr'
[  380.337513][T16684] Cannot create hsr debugfs directory
[  380.659454][T16813] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2966'.
[  380.693599][T16813] bond0: (slave wlan0): Error: Device type is different from other slaves
[  380.826062][T16821] netlink: 'syz.2.2968': attribute type 1 has an invalid length.
[  380.853412][T16821] netlink: 'syz.2.2968': attribute type 3 has an invalid length.
[  381.376610][T16684] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  381.391530][ T5143] Bluetooth: hci1: command tx timeout
[  381.408674][T16684] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  381.448654][T16684] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  381.489949][T16684] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  381.519051][T16851] __nla_validate_parse: 4 callbacks suppressed
[  381.519073][T16851] netlink: 216 bytes leftover after parsing attributes in process `syz.2.2977'.
[  381.530081][T16854] netlink: 'syz.1.2979': attribute type 4 has an invalid length.
[  381.544994][T16851] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2977'.
[  381.803647][T16684] 8021q: adding VLAN 0 to HW filter on device bond0
[  381.842500][T16684] 8021q: adding VLAN 0 to HW filter on device team0
[  381.879780][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  381.887017][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  381.934573][T16880] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2983'.
[  381.948351][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  381.955696][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  381.974323][T16879] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2982'.
[  382.387955][T16684] 8021q: adding VLAN 0 to HW filter on device batadv0
[  382.441606][T16684] veth0_vlan: entered promiscuous mode
[  382.454765][T16684] veth1_vlan: entered promiscuous mode
[  382.490686][T16684] veth0_macvtap: entered promiscuous mode
[  382.504484][T16684] veth1_macvtap: entered promiscuous mode
[  382.513053][T16864] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  382.534149][T16684] batman_adv: batadv0: Interface activated: batadv_slave_0
[  382.549482][T16684] batman_adv: batadv0: Interface activated: batadv_slave_1
[  382.592394][   T77] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  382.615905][T13821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  382.648416][T13821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  382.720730][T13821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  382.813657][T13822] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.841510][T13822] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.858203][T16902] gre2: entered promiscuous mode
[  382.864116][T16902] gre2: entered allmulticast mode
[  382.931924][T13822] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.960196][T13822] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  383.057239][T16918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2993'.
[  383.111153][T16918] netlink: 'syz.2.2993': attribute type 1 has an invalid length.
[  383.139716][T16918] netlink: 'syz.2.2993': attribute type 2 has an invalid length.
[  383.351202][T16123] IPVS: starting estimator thread 0...
[  383.452267][T16938] IPVS: using max 25 ests per chain, 60000 per kthread
[  383.480356][ T5143] Bluetooth: hci1: command tx timeout
[  383.678898][T16960] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3003'.
[  383.738534][T16960] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3003'.
[  383.845176][T16964] sit1: entered promiscuous mode
[  383.860004][T16964] sit1: entered allmulticast mode
[  383.868085][T16965] netlink: 'syz.4.3004': attribute type 4 has an invalid length.
[  383.961676][T16968] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3007'.
[  383.974348][T16123] lo speed is unknown, defaulting to 1000
[  383.995673][T16123] syz0: Port: 1 Link DOWN
[  384.208857][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  384.217954][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  384.227717][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  384.238727][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  384.291943][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  384.854777][T16976] lo speed is unknown, defaulting to 1000
[  384.882073][T16976] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  384.903583][T17005] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048)
[  385.005868][T17012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  385.412697][T17027] netlink: 220 bytes leftover after parsing attributes in process `syz.0.3023'.
[  385.424286][T17027] netlink: 'syz.0.3023': attribute type 62 has an invalid length.
[  385.542436][T16976]  speed is unknown, defaulting to 1000
[  385.551113][ T5143] Bluetooth: hci1: command tx timeout
[  385.699997][T17036] xt_hashlimit: size too large, truncated to 1048576
[  385.958615][T17050] syzkaller0: entered promiscuous mode
[  385.967039][T17050] syzkaller0: entered allmulticast mode
[  386.344965][T17066] bond13: (slave 
2
6±ÿ=–a²š«): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  386.362388][ T5143] Bluetooth: hci2: command tx timeout
[  386.372944][T17066] bond13: (slave 
2
6±ÿ=–a²š«): Enslaving as an active interface with an up link
[  386.384286][T17066] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  386.406929][T16122] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  386.421006][T16122] syz2: Port: 1 Link ACTIVE
[  386.428107][T17067] syzkaller0: entered promiscuous mode
[  386.443186][T16122] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  386.458724][T16976] chnl_net:caif_netlink_parms(): no params data found
[  386.467248][T17067] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3034'.
[  386.577965][T17080] netlink: 164 bytes leftover after parsing attributes in process `syz.4.3038'.
[  386.682614][T16976] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.690104][T16976] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.697846][T16976] bridge_slave_0: entered allmulticast mode
[  386.706310][T16976] bridge_slave_0: entered promiscuous mode
[  386.716932][T16976] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.727019][T16976] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.734963][T16976] bridge_slave_1: entered allmulticast mode
[  386.743359][T16976] bridge_slave_1: entered promiscuous mode
[  386.782491][T16976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  386.809971][T16976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  386.826822][T17088] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  386.834159][T17088] IPv6: NLM_F_CREATE should be set when creating new route
[  386.841517][T17088] IPv6: NLM_F_CREATE should be set when creating new route
[  386.848783][T17088] IPv6: NLM_F_CREATE should be set when creating new route
[  386.874825][T16976] team0: Port device team_slave_0 added
[  386.882101][T17088] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  386.903963][T16976] team0: Port device team_slave_1 added
[  387.001883][T16976] batman_adv: batadv0: Adding interface: batadv_slave_0
[  387.008892][T16976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  387.060750][T16976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  387.141429][T16976] batman_adv: batadv0: Adding interface: batadv_slave_1
[  387.148439][T16976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  387.233367][T16976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  387.279432][T17107] netlink: 'syz.4.3046': attribute type 1 has an invalid length.
[  387.327524][T17107] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3046'.
[  387.348995][T16976] hsr_slave_0: entered promiscuous mode
[  387.358943][T17107] netlink: 658 bytes leftover after parsing attributes in process `syz.4.3046'.
[  387.372316][T16976] hsr_slave_1: entered promiscuous mode
[  387.394140][T16976] debugfs: 'hsr0' already exists in 'hsr'
[  387.400220][T17107] netlink: 'syz.4.3046': attribute type 1 has an invalid length.
[  387.438877][T16976] Cannot create hsr debugfs directory
[  387.892916][T16976] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  387.974043][T16976] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  388.258689][T16976] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  388.352563][T17152] netlink: 163944 bytes leftover after parsing attributes in process `syz.2.3058'.
[  388.403029][T17155] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3059'.
[  388.433604][ T5143] Bluetooth: hci2: command tx timeout
[  388.450384][T16976] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  388.540203][T17162] bond0: entered promiscuous mode
[  388.564900][T17162] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  388.583284][T17162] bond0: entered allmulticast mode
[  388.595215][T17162] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  388.615731][T17162] 8021q: adding VLAN 0 to HW filter on device bond0
[  388.643620][T17166] vlan2: entered allmulticast mode
[  388.655502][T17166] bridge0: entered allmulticast mode
[  388.673879][T17166] bridge0: port 3(vlan2) entered blocking state
[  388.688023][T17166] bridge0: port 3(vlan2) entered disabled state
[  388.736775][T17170] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3064'.
[  388.885614][T16976] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  388.944457][T16976] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  388.984620][T16976] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  389.012627][T16976] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  389.127505][T17180] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3068'.
[  389.256397][T17187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3069'.
[  389.325388][   T77] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  389.351702][   T77] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  389.362703][T17190] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3070'.
[  389.411146][   T77] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  389.430154][   T77] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  389.505515][T16976] 8021q: adding VLAN 0 to HW filter on device bond0
[  389.604719][T16976] 8021q: adding VLAN 0 to HW filter on device team0
[  389.650508][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.657747][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.732875][T17204] netlink: 'syz.0.3073': attribute type 4 has an invalid length.
[  389.753917][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.761146][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  390.514716][ T5143] Bluetooth: hci2: command tx timeout
[  390.630007][T16976] 8021q: adding VLAN 0 to HW filter on device batadv0
[  390.785985][T17247] syz_tun: tun_net_xmit 86
[  390.955735][T17251] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3087'.
[  390.970205][T17254] netlink: 'syz.1.3088': attribute type 1 has an invalid length.
[  390.978920][T17254] netlink: 'syz.1.3088': attribute type 1 has an invalid length.
[  390.987622][T17254] netlink: 'syz.1.3088': attribute type 8 has an invalid length.
[  391.009177][T16976] veth0_vlan: entered promiscuous mode
[  391.068993][T16976] veth1_vlan: entered promiscuous mode
[  391.133412][T16976] veth0_macvtap: entered promiscuous mode
[  391.144924][T16976] veth1_macvtap: entered promiscuous mode
[  391.184421][T16976] batman_adv: batadv0: Interface activated: batadv_slave_0
[  391.212382][T16976] batman_adv: batadv0: Interface activated: batadv_slave_1
[  391.243572][  T132] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  391.260458][  T132] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  391.294093][  T132] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  391.307182][  T132] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  391.461700][T13822] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.496845][T13822] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.546235][   T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  391.566873][   T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  391.793705][    C1] syz_tun: tun_net_xmit 86
[  392.059048][T17287] __nla_validate_parse: 4 callbacks suppressed
[  392.059071][T17287] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3098'.
[  392.100426][T17287] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3098'.
[  392.141994][T17287] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3098'.
[  392.165808][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  392.176640][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  392.184666][T17287] netlink: 31 bytes leftover after parsing attributes in process `syz.0.3098'.
[  392.204698][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  392.224860][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  392.236497][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  392.244403][T17287] netlink: 'syz.0.3098': attribute type 3 has an invalid length.
[  392.294869][T17287] netlink: 'syz.0.3098': attribute type 2 has an invalid length.
[  392.342465][T17287] netlink: 31 bytes leftover after parsing attributes in process `syz.0.3098'.
[  392.400222][T17292] lo speed is unknown, defaulting to 1000
[  392.446861][T17292] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  392.594553][ T5143] Bluetooth: hci2: command tx timeout
[  392.742960][T17308] tipc: Started in network mode
[  392.749508][T17308] tipc: Node identity ac14140f, cluster identity 4711
[  392.777621][T17308] tipc: New replicast peer: 172.20.20.187
[  392.803124][T17308] tipc: Enabled bearer <udp:syz2>, priority 10
[  392.831165][    C1] syz_tun: tun_net_xmit 86
[  392.857175][T17308] netlink: 'syz.0.3103': attribute type 10 has an invalid length.
[  392.916774][T17315] pimreg: entered allmulticast mode
[  392.964130][T17308] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.995817][T17308] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  393.064299][T17313] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3105'.
[  393.131434][T17292]  speed is unknown, defaulting to 1000
[  393.385734][T17330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3111'.
[  393.681577][T17340] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  393.721292][T17340] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3114'.
[  393.937631][   T77] bond12 (unregistering): (slave ip6gretap1): Releasing active interface
[  394.172999][   T77] bond10 (unregistering): (slave gretap2): Releasing active interface
[  394.228810][   T77] dvmrp8 (unregistering): left allmulticast mode
[  394.267325][   T77] bond3 (unregistering): (slave geneve2): Releasing active interface
[  394.351308][ T5143] Bluetooth: hci4: command tx timeout
[  394.458076][   T77] bond2 (unregistering): (slave bridge2): Removing an active aggregator
[  394.469150][   T77] bond2 (unregistering): (slave bridge2): Releasing backup interface
[  394.481995][   T77] bond2 (unregistering): (slave bridge2): the permanent HWaddr of slave - fa:f8:d7:01:60:88 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  394.547333][   T77] bond2 (unregistering): (slave bridge3): Releasing backup interface
[  394.707827][   T77] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  394.716816][   T77] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[  394.724215][   T77] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  394.732761][   T77] bond0 (unregistering): Released all slaves
[  394.744859][   T77] bond1 (unregistering): Released all slaves
[  394.765097][   T77] bond2 (unregistering): Released all slaves
[  394.788164][   T77] bond3 (unregistering): Released all slaves
[  394.812864][   T77] bond4 (unregistering): Released all slaves
[  394.838678][   T77] bond5 (unregistering): Released all slaves
[  394.856759][   T77] bond6 (unregistering): (slave veth5): Releasing backup interface
[  394.865914][   T77] bond6 (unregistering): Released all slaves
[  394.883380][   T77] bond7 (unregistering): Released all slaves
[  394.899385][   T77] bond8 (unregistering): Released all slaves
[  394.926461][   T77] bond9 (unregistering): Released all slaves
[  394.944616][   T77] bond10 (unregistering): Released all slaves
[  394.959404][   T77] bond11 (unregistering): Released all slaves
[  394.975068][   T77] bond12 (unregistering): Released all slaves
[  394.999429][   T77] bond13 (unregistering): (slave 
2
6±ÿ=–a²š«): Releasing backup interface
[  395.015787][   T77] bond13 (unregistering): (slave 
2
6±ÿ=–a²š«): last VLAN challenged slave left bond - VLAN blocking is removed
[  395.030021][   T77] bond13 (unregistering): Released all slaves
[  395.141373][ T9807] tipc: Node number set to 2886997007
[  395.157784][T16121] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  395.174333][T16121] syz2: Port: 1 Link DOWN
[  395.196336][T16121] ±ÿ=–a²š« speed is unknown, defaulting to 1000
[  395.247333][   T77] : left promiscuous mode
[  395.300439][T17378] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3121'.
[  395.310046][T17380] netlink: 'syz.2.3122': attribute type 4 has an invalid length.
[  395.352028][T17380] netlink: 240 bytes leftover after parsing attributes in process `syz.2.3122'.
[  395.461159][   T77] vþ: left promiscuous mode
[  395.616648][T17292] chnl_net:caif_netlink_parms(): no params data found
[  395.662456][   T77] tipc: Left network mode
[  395.767149][   T77] IPVS: stopping backup sync thread 13559 ...
[  396.187349][T17432] netlink: 'syz.3.3131': attribute type 11 has an invalid length.
[  396.226169][T17432] netlink: 'syz.3.3131': attribute type 4 has an invalid length.
[  396.269948][T17432] netlink: 'syz.3.3131': attribute type 5 has an invalid length.
[  396.311949][T17432] netlink: 'syz.3.3131': attribute type 6 has an invalid length.
[  396.368704][T17432] vxcan1: tx drop: invalid sa for name 0x0000000000000001
[  396.379378][T17432] openvswitch: netlink: IP tunnel dst address not specified
[  396.395965][T17440] xt_TPROXY: Can be used only with -p tcp or -p udp
[  396.424073][T17292] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.431386][ T5143] Bluetooth: hci4: command tx timeout
[  396.445339][T17292] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.463395][T17292] bridge_slave_0: entered allmulticast mode
[  396.482900][T17292] bridge_slave_0: entered promiscuous mode
[  396.607558][T17292] bridge0: port 2(bridge_slave_1) entered blocking state
[  396.623219][T17292] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.630538][T17292] bridge_slave_1: entered allmulticast mode
[  396.663401][T17292] bridge_slave_1: entered promiscuous mode
[  396.796418][T17459] sctp: [Deprecated]: syz.3.3136 (pid 17459) Use of int in maxseg socket option.
[  396.796418][T17459] Use struct sctp_assoc_value instead
[  396.954209][T17462] bond1: ARP target 1.0.0.0 is already present
[  396.978979][T17462] bond1: option arp_ip_target: invalid value (1)
[  397.016149][T17462] bond1 (unregistering): Released all slaves
[  397.064205][T17292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  397.086127][T17292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  397.127582][T17478] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 2, id = 0
[  397.167886][T17477] netlink: 'syz.3.3141': attribute type 13 has an invalid length.
[  397.337266][T17490] __nla_validate_parse: 8 callbacks suppressed
[  397.337287][T17490] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3144'.
[  397.372094][T17484] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3143'.
[  397.458051][T17490] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.465809][T17490] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.640712][T17292] team0: Port device team_slave_0 added
[  397.665671][T17502] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3146'.
[  397.704161][T17292] team0: Port device team_slave_1 added
[  397.975574][T17292] batman_adv: batadv0: Adding interface: batadv_slave_0
[  397.989355][T17292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  398.037364][T17292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  398.114363][T17292] batman_adv: batadv0: Adding interface: batadv_slave_1
[  398.125989][T17292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  398.155702][T17292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  398.245673][T17526] tipc: Started in network mode
[  398.258498][T17526] tipc: Node identity ac14140f, cluster identity 4711
[  398.308708][T17526] tipc: New replicast peer: 172.20.20.187
[  398.322479][T17526] tipc: Enabled bearer <udp:syz2>, priority 10
[  398.477079][T17292] hsr_slave_0: entered promiscuous mode
[  398.507358][T17292] hsr_slave_1: entered promiscuous mode
[  398.513235][ T5143] Bluetooth: hci4: command tx timeout
[  398.526970][T17292] debugfs: 'hsr0' already exists in 'hsr'
[  398.542859][T17292] Cannot create hsr debugfs directory
[  398.724699][T17544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3156'.
[  398.856066][T17550] tls_set_device_offload_rx: netdev not found
[  399.002154][T17551] "syz.3.3158" (17551) uses obsolete ecb(arc4) skcipher
[  399.013038][T17544] bond1: Invalid ad_actor_system MAC address.
[  399.019229][T17544] bond1: option ad_actor_system: invalid value (1)
[  399.069162][T17544] bond1 (unregistering): Released all slaves
[  399.219363][T17567] ipt_rpfilter: unknown options
[  399.243929][   T77] hsr_slave_0: left promiscuous mode
[  399.262016][   T77] hsr_slave_1: left promiscuous mode
[  399.349721][   T77] pim6reg (unregistering): left allmulticast mode
[  399.508578][T17585] netlink: 'syz.4.3163': attribute type 1 has an invalid length.
[  399.530205][T17585] netlink: 'syz.4.3163': attribute type 1 has an invalid length.
[  399.825260][T17597] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3167'.
[  399.835341][T17597] openvswitch: netlink: Tunnel attr 78 out of range max 16
[  399.854555][T13824] smc: removing ib device syz2
[  399.880196][T17571] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3162'.
[  399.895604][T17571] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3162'.
[  399.915335][ T9807] tipc: Node number set to 2886997007
[  399.976327][T17591] vlan2: entered promiscuous mode
[  400.021222][T17591] geneve1: entered promiscuous mode
[  400.027039][T17591] vlan2: entered allmulticast mode
[  400.032596][T17591] geneve1: entered allmulticast mode
[  400.167282][T17601] netlink: 'syz.4.3169': attribute type 5 has an invalid length.
[  400.270328][T17601] netlink: 140 bytes leftover after parsing attributes in process `syz.4.3169'.
[  400.371097][T17610] xt_hashlimit: size too large, truncated to 1048576
[  400.568390][T17609] pimreg3: entered allmulticast mode
[  400.591060][ T5143] Bluetooth: hci4: command tx timeout
[  402.295676][T17676] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3182'.
[  402.514453][T17292] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  402.539704][T17682] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  402.608032][T17292] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  402.626168][T17686] netlink: 'syz.2.3184': attribute type 1 has an invalid length.
[  402.677682][T17292] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  402.693636][T17689] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3184'.
[  402.702808][T17686] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3184'.
[  402.702836][T17686] netlink: 1 bytes leftover after parsing attributes in process `syz.2.3184'.
[  402.702853][T17686] netlink: 'syz.2.3184': attribute type 1 has an invalid length.
[  402.702869][T17686] netlink: 634 bytes leftover after parsing attributes in process `syz.2.3184'.
[  402.773541][T17690] netlink: 'syz.2.3184': attribute type 21 has an invalid length.
[  402.797995][T17292] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  403.118081][T17292] 8021q: adding VLAN 0 to HW filter on device bond0
[  403.199819][T17292] 8021q: adding VLAN 0 to HW filter on device team0
[  403.222957][T13822] bridge0: port 1(bridge_slave_0) entered blocking state
[  403.230171][T13822] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.263350][T13822] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.270575][T13822] bridge0: port 2(bridge_slave_1) entered forwarding state
[  403.286385][T17704] openvswitch: netlink: Key 6 has unexpected len 16 expected 2
[  403.369463][T17704] ±ÿ: renamed from team_slave_1 (while UP)
[  403.423643][T17713] netlink: 'syz.2.3187': attribute type 2 has an invalid length.
[  403.487842][T17292] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  403.671113][T17724] Dead loop on virtual device ip6_vti0, fix it urgently!
[  403.785558][T17727] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3192'.
[  404.073118][T17735] netlink: 260 bytes leftover after parsing attributes in process `syz.2.3194'.
[  404.436364][T17763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3200'.
[  404.479808][T17758] bond10 (unregistering): Released all slaves
[  404.491538][T17766] sctp: [Deprecated]: syz.2.3199 (pid 17766) Use of int in maxseg socket option.
[  404.491538][T17766] Use struct sctp_assoc_value instead
[  404.509588][T17767] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3198'.
[  404.523124][T17763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3200'.
[  404.548291][T17767] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  404.596476][T17769] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3199'.
[  404.663440][T17292] 8021q: adding VLAN 0 to HW filter on device batadv0
[  404.694798][T17761] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  404.826080][T17761] syzkaller0: entered promiscuous mode
[  404.838575][T17761] syzkaller0: entered allmulticast mode
[  404.845837][T17761] tipc: Resetting bearer <eth:syzkaller0>
[  404.952727][T17759] tipc: Resetting bearer <eth:syzkaller0>
[  407.055929][T17759] tipc: Disabling bearer <eth:syzkaller0>
[  407.086339][T17817] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  407.101309][T17817] batman_adv: batadv0: Removing interface: batadv_slave_0
[  407.113772][T17817] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  407.133611][T17817] batman_adv: batadv0: Removing interface: batadv_slave_1
[  407.288356][   T77] IPVS: stop unused estimator thread 0...
[  407.428310][T17292] veth0_vlan: entered promiscuous mode
[  407.489580][T17292] veth1_vlan: entered promiscuous mode
[  407.619412][T17292] veth0_macvtap: entered promiscuous mode
[  407.626651][T17881] IPVS: set_ctl: invalid protocol: 135 255.255.255.255:20002
[  407.655758][T17292] veth1_macvtap: entered promiscuous mode
[  407.709927][T17890] IPv6: sit1: Disabled Multicast RS
[  407.723465][T17890] sit1: entered allmulticast mode
[  407.761714][T17292] batman_adv: batadv0: Interface activated: batadv_slave_0
[  407.802619][T17292] batman_adv: batadv0: Interface activated: batadv_slave_1
[  407.825123][T17888] bond0: Caught tx_queue_len zero misconfig
[  407.879249][T13822] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  407.895759][T13822] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  407.907210][T13822] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  407.924771][T17896] __nla_validate_parse: 4 callbacks suppressed
[  407.924792][T17896] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3220'.
[  407.967036][T13822] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  408.153321][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  408.191894][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  408.259285][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  408.289653][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  408.550262][T17925] lo: Caught tx_queue_len zero misconfig
[  408.693682][T17934] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  408.727334][T17934] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3228'.
[  409.127742][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  409.141290][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  409.149968][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  409.158980][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  409.176685][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  409.254119][T17946] lo speed is unknown, defaulting to 1000
[  409.275205][T17946]  speed is unknown, defaulting to 1000
[  410.629298][T17995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3243'.
[  410.700320][T18001] netlink: 'syz.1.3245': attribute type 1 has an invalid length.
[  410.766773][T17946] chnl_net:caif_netlink_parms(): no params data found
[  410.821863][T18001] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3245'.
[  410.929779][T18009] netlink: 88 bytes leftover after parsing attributes in process `syz.3.3246'.
[  410.955005][T18009] netem: invalid attributes len -24
[  410.984069][T18009] netem: change failed
[  411.245641][ T5143] Bluetooth: hci0: command tx timeout
[  411.286028][T17946] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.302240][T17946] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.309652][T17946] bridge_slave_0: entered allmulticast mode
[  411.317761][T17946] bridge_slave_0: entered promiscuous mode
[  411.326698][T17946] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.335719][T17946] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.345950][T17946] bridge_slave_1: entered allmulticast mode
[  411.368114][T17946] bridge_slave_1: entered promiscuous mode
[  411.523536][T17946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  411.585418][T17946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  411.743803][T17946] team0: Port device team_slave_0 added
[  411.767131][T17946] team0: Port device team_slave_1 added
[  411.895773][T17946] batman_adv: batadv0: Adding interface: batadv_slave_0
[  411.910919][T17946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  411.943469][T17946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  411.958643][T17946] batman_adv: batadv0: Adding interface: batadv_slave_1
[  411.966171][T17946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  411.993775][T18056] netlink: 'syz.2.3255': attribute type 10 has an invalid length.
[  412.021014][T18056] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3255'.
[  412.039293][T17946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  412.375467][T17946] hsr_slave_0: entered promiscuous mode
[  412.399291][T17946] hsr_slave_1: entered promiscuous mode
[  412.422135][T17946] debugfs: 'hsr0' already exists in 'hsr'
[  412.432557][T17946] Cannot create hsr debugfs directory
[  412.696016][T18083] xt_hashlimit: size too large, truncated to 1048576
[  412.873607][T18088] –: renamed from vxcan1 (while UP)
[  412.929140][T18098] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.3263'.
[  413.100296][T18105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3263'.
[  413.147034][T17946] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.236843][T17946] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.312355][ T5143] Bluetooth: hci0: command tx timeout
[  413.382763][T17946] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.389016][T18115] openvswitch: netlink: Key type 224 is out of range max 32
[  413.431168][T18115] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3268'.
[  413.441792][T18115] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.449176][T18115] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.514942][T17946] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.613509][T18120] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3269'.
[  413.691907][T18132] ieee802154 phy1 wpan1: encryption failed: -22
[  414.060288][T18144] netlink: 232 bytes leftover after parsing attributes in process `syz.1.3274'.
[  414.072900][T17946] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  414.112225][T17946] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  414.139826][T17946] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  414.178762][T18150] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3276'.
[  414.188809][T17946] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  414.271324][T18165] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3275'.
[  414.282571][T18150] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3276'.
[  414.513365][T17946] 8021q: adding VLAN 0 to HW filter on device bond0
[  414.542298][T18176] syzkaller0: entered promiscuous mode
[  414.602993][T17946] 8021q: adding VLAN 0 to HW filter on device team0
[  414.620491][T18182] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3281'.
[  414.637544][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  414.644783][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  414.668179][   T77] bridge0: port 2(bridge_slave_1) entered blocking state
[  414.675428][   T77] bridge0: port 2(bridge_slave_1) entered forwarding state
[  414.751894][T18184] netlink: 'syz.2.3282': attribute type 1 has an invalid length.
[  414.760149][T18184] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3282'.
[  414.836159][T18184] netlink: 658 bytes leftover after parsing attributes in process `syz.2.3282'.
[  415.234744][T18207] Bluetooth: MGMT ver 1.23
[  415.307573][T17946] 8021q: adding VLAN 0 to HW filter on device batadv0
[  415.392728][ T5143] Bluetooth: hci0: command tx timeout
[  415.639838][T18228] netlink: 'syz.1.3291': attribute type 23 has an invalid length.
[  415.674283][T18228] netlink: 'syz.1.3291': attribute type 33 has an invalid length.
[  415.809096][T18228] bond1: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0)
[  415.863272][T18228] bond1 (unregistering): Released all slaves
[  415.964197][T18247] syz_tun: entered allmulticast mode
[  416.251523][T17946] veth0_vlan: entered promiscuous mode
[  416.260382][T18260] netlink: 'syz.2.3297': attribute type 83 has an invalid length.
[  416.315118][T17946] veth1_vlan: entered promiscuous mode
[  416.348301][T18243] syz_tun: left allmulticast mode
[  416.453721][T17946] veth0_macvtap: entered promiscuous mode
[  416.488066][T17946] veth1_macvtap: entered promiscuous mode
[  416.526721][T17946] batman_adv: batadv0: Interface activated: batadv_slave_0
[  416.547008][T17946] batman_adv: batadv0: Interface activated: batadv_slave_1
[  416.557180][T18274] delete_channel: no stack
[  416.572520][  T132] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  416.583963][  T132] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  416.613268][  T132] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  416.631944][  T132] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  416.666064][T18270] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  416.921721][   T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  416.940570][   T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  417.015519][T18291] netlink: 'syz.0.3306': attribute type 1 has an invalid length.
[  417.065970][T18291] bond3: (slave bridge2): making interface the new active one
[  417.080543][T18291] bond3: (slave bridge2): Enslaving as an active interface with an up link
[  417.163855][T18295] lo speed is unknown, defaulting to 1000
[  417.175032][  T132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  417.193925][  T132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  417.214019][T18295] lo speed is unknown, defaulting to 1000
[  417.472519][ T5143] Bluetooth: hci0: command tx timeout
[  417.536735][T18325] ieee802154 phy1 wpan1: encryption failed: -22
[  417.575175][T18326] smc: adding net device veth1_to_batadv with user defined pnetid SYZ1
[  417.721441][T18330] lo speed is unknown, defaulting to 1000
[  417.729098][T18330]  speed is unknown, defaulting to 1000
[  418.063329][T18359] netlink: 'syz.3.3322': attribute type 2 has an invalid length.
[  418.281028][T18362] lo speed is unknown, defaulting to 1000
[  418.313109][T18361] lo speed is unknown, defaulting to 1000
[  418.544455][T18362]  speed is unknown, defaulting to 1000
[  419.062455][T18401] __nla_validate_parse: 7 callbacks suppressed
[  419.062476][T18401] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3330'.
[  419.087589][T18403] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3331'.
[  419.265949][T18361]  speed is unknown, defaulting to 1000
[  420.569896][T18434] lo speed is unknown, defaulting to 1000
[  420.618594][T18434]  speed is unknown, defaulting to 1000
[  420.640116][T18440] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3343'.
[  420.698965][T18440] bond0: entered promiscuous mode
[  420.712423][T18440] bond_slave_0: entered promiscuous mode
[  420.728711][T18440] bond_slave_1: entered promiscuous mode
[  420.792109][T18440] bond0: left promiscuous mode
[  420.797638][T18440] bond_slave_0: left promiscuous mode
[  420.806847][T18440] bond_slave_1: left promiscuous mode
[  420.826449][T18448] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.3342'.
[  420.859175][T18448] netlink: Conntrack attr has 3 unknown bytes
[  421.009180][T18455] netlink: 'syz.0.3344': attribute type 7 has an invalid length.
[  421.536196][T18466] syzkaller0: entered promiscuous mode
[  421.582521][T18466] syzkaller0: entered allmulticast mode
[  421.667481][T18460] syzkaller0: left promiscuous mode
[  421.676034][T18460] syzkaller0: left allmulticast mode
[  421.788901][T18489] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3352'.
[  421.821187][T18489] openvswitch: netlink: Flow actions attr not present in new flow.
[  423.396617][T18479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  423.410438][T18483] lo speed is unknown, defaulting to 1000
[  423.432938][T18483]  speed is unknown, defaulting to 1000
[  423.579460][T18509] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3359'.
[  423.592156][T18509] sctp: [Deprecated]: syz.2.3359 (pid 18509) Use of struct sctp_assoc_value in delayed_ack socket option.
[  423.592156][T18509] Use struct sctp_sack_info instead
[  423.627408][T18505] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3360'.
[  423.638266][T18505] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3360'.
[  423.651049][T18505] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3360'.
[  423.660297][T18505] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3360'.
[  424.075021][T18533] __nla_validate_parse: 1 callbacks suppressed
[  424.075043][T18533] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3367'.
[  424.129110][T18533] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3367'.
[  424.680709][T18563] delete_channel: no stack
[  424.736742][T18561] delete_channel: no stack
[  426.133289][T18603] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  426.239006][T18645] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3403'.
[  426.250979][T18645] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3403'.
[  426.281029][T18645] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3403'.
[  426.306052][T18643] bond2: option xmit_hash_policy: invalid value (130)
[  426.390797][T18643] bond2 (unregistering): Released all slaves
[  426.553343][T18653] openvswitch: netlink: IP tunnel TTL not specified.
[  426.594485][T18653] openvswitch: netlink: IP tunnel TTL not specified.
[  426.651516][T18659] netlink: 'syz.2.3407': attribute type 32 has an invalid length.
[  426.676315][T18659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3407'.
[  426.785685][T18659] bond1: option coupled_control: invalid value (6)
[  426.825459][T18659] bond1 (unregistering): Released all slaves
[  426.873678][T18683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3409'.
[  426.912769][T18683] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3409'.
[  426.939498][T18686] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  426.949845][T18674] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  427.299768][T18705] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3416'.
[  427.391028][ T5143] Bluetooth: hci0: command 0x0c20 tx timeout
[  427.456990][T18713] syzkaller0: entered promiscuous mode
[  427.464664][T18713] syzkaller0: entered allmulticast mode
[  427.507740][T18719] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3422'.
[  427.535567][T18719] geneve2: entered promiscuous mode
[  427.645496][T18725] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.881363][T18745] ip6tnl1: entered allmulticast mode
[  427.890342][T18747] sock: sock_set_timeout: `syz.0.3431' (pid 18747) tries to set negative timeout
[  428.074809][T18760] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  428.472779][T18783] syz_tun: entered allmulticast mode
[  428.612821][T18786] netlink: 'syz.0.3439': attribute type 11 has an invalid length.
[  428.785514][T18781] syz_tun: left allmulticast mode
[  428.967274][T18801] netlink: 'syz.3.3445': attribute type 4 has an invalid length.
[  429.068722][T18801] bond1: option mode: invalid value (133)
[  429.080383][T18801] bond1 (unregistering): Released all slaves
[  429.138115][T18825] __nla_validate_parse: 6 callbacks suppressed
[  429.138138][T18825] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3445'.
[  429.168337][T18817] netlink: 'syz.4.3450': attribute type 5 has an invalid length.
[  429.277039][T18829] netlink: 27 bytes leftover after parsing attributes in process `syz.1.3453'.
[  429.568359][T18843] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3458'.
[  429.589068][T18844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3458'.
[  429.611699][T18843] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  429.643678][T18846] ref_ctr_offset mismatch. inode: 0x46 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x6
[  429.667767][T18843] batman_adv: batadv0: Removing interface: batadv_slave_1
[  429.797280][T16120] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  429.926748][T18860] netlink: 'syz.3.3462': attribute type 23 has an invalid length.
[  429.928333][T18858] delete_channel: no stack
[  430.121634][T18869] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3468'.
[  430.139250][T18869] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3468'.
[  430.167638][T18871] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3467'.
[  430.200011][T18869] geneve3: entered promiscuous mode
[  430.208096][T18869] geneve3: entered allmulticast mode
[  430.271575][T13825] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.282346][ T9808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.291809][ T9744] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  430.354648][T18878] sctp: [Deprecated]: syz.3.3470 (pid 18878) Use of struct sctp_assoc_value in delayed_ack socket option.
[  430.354648][T18878] Use struct sctp_sack_info instead
[  430.424014][T18882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3473'.
[  431.878392][T16123] net_ratelimit: 5 callbacks suppressed
[  431.878413][T16123] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  432.153587][T18894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3475'.
[  432.244820][T18899] netlink: 'syz.3.3476': attribute type 32 has an invalid length.
[  432.263215][T18905] netlink: 'syz.1.3475': attribute type 21 has an invalid length.
[  432.271614][T18905] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3475'.
[  432.285028][T18901] Bluetooth: MGMT ver 1.23
[  432.432459][T18913] netlink: zone id is out of range
[  432.438105][T18913] netlink: get zone limit has 4 unknown bytes
[  432.602350][T18913] x_tables: duplicate underflow at hook 2
[  432.609811][T18922] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  432.621762][ T9744] IPVS: starting estimator thread 0...
[  432.748495][T18925] IPVS: using max 27 ests per chain, 64800 per kthread
[  432.911429][T16123] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  433.213337][T18955] xfrm1: entered allmulticast mode
[  433.220288][T18955] netlink: 'syz.3.3488': attribute type 2 has an invalid length.
[  433.471783][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  433.505227][T18969] bridge0: entered promiscuous mode
[  433.521410][T18969] macsec1: entered promiscuous mode
[  433.531163][T18969] macsec1: entered allmulticast mode
[  433.542623][T18969] bridge0: port 3(macsec1) entered blocking state
[  433.565861][T18969] bridge0: port 3(macsec1) entered disabled state
[  433.584163][T18969] bridge0: left promiscuous mode
[  433.889582][T18984] netlink: 'syz.0.3496': attribute type 10 has an invalid length.
[  433.935938][T18984] veth0_vlan: left promiscuous mode
[  433.951906][T16122] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  433.963405][T18984] veth0_vlan: entered promiscuous mode
[  433.972907][T18984] team0: Device veth0_vlan failed to register rx_handler
[  434.351101][ T5837] Bluetooth: hci2: command 0x0401 tx timeout
[  434.352665][ T5143] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  434.520021][T19021] __nla_validate_parse: 2 callbacks suppressed
[  434.520041][T19021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3504'.
[  434.551016][T19021] bridge0: port 2(bridge_slave_1) entered disabled state
[  434.743987][T19027] syzkaller0: entered promiscuous mode
[  434.749575][T19027] syzkaller0: entered allmulticast mode
[  434.910126][T19031] delete_channel: no stack
[  434.991374][T16123] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  435.552870][T13822] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  435.563762][ T9744] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  436.094319][T18948] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  436.317093][T19057] netlink: 'syz.3.3518': attribute type 1 has an invalid length.
[  436.419791][T19057] 8021q: adding VLAN 0 to HW filter on device bond1
[  436.706407][T19086] netlink: 212340 bytes leftover after parsing attributes in process `syz.4.3526'.
[  436.736641][T19084] syzkaller1: entered promiscuous mode
[  436.769248][T19084] syzkaller1: entered allmulticast mode
[  437.023881][T19110] net_ratelimit: 6 callbacks suppressed
[  437.023904][T19110] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  437.071482][T16122] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  437.426769][T19137] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3539'.
[  437.613451][T19146] veth0: entered promiscuous mode
[  437.624726][T19145] veth0: left promiscuous mode
[  437.648977][T19143] syzkaller0: entered promiscuous mode
[  437.654702][T19143] syzkaller0: entered allmulticast mode
[  437.756950][T19143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3541'.
[  437.772577][T19156] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3546'.
[  437.856745][T19164] netlink: 'syz.2.3548': attribute type 3 has an invalid length.
[  437.896614][T19164] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.3548'.
[  437.993469][T19167] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3551'.
[  438.049342][T19171] netlink: 'syz.1.3553': attribute type 1 has an invalid length.
[  438.064054][T19175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3553'.
[  438.106615][T19175] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3553'.
[  438.118123][T16122] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  438.144169][T19178] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3553'.
[  438.664072][T19211] xt_ecn: cannot match TCP bits for non-tcp packets
[  438.673876][T19212] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  438.683615][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  438.726497][T19213] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  438.735426][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  438.771569][  T132] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  438.782586][  T132] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  438.821056][  T132] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  438.846662][  T132] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  439.154458][T16123] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  439.247314][T19237] netlink: 'syz.3.3571': attribute type 1 has an invalid length.
[  439.264565][T19237] netlink: 'syz.3.3571': attribute type 1 has an invalid length.
[  439.341919][T19244] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  439.561494][ T9744] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  439.804753][T19265] lo: entered allmulticast mode
[  439.812760][T19266] __nla_validate_parse: 7 callbacks suppressed
[  439.812778][T19266] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3581'.
[  439.812895][T19265] lo: left allmulticast mode
[  440.036624][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  440.231945][T19287] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  440.394263][T19289] ipt_REJECT: ECHOREPLY no longer supported.
[  440.473263][T19293] bond5: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0)
[  440.499278][T19293] bond5 (unregistering): Released all slaves
[  440.631582][T19301] netlink: 'syz.4.3592': attribute type 64 has an invalid length.
[  441.076021][T19330] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3600'.
[  441.126169][T19327] xt_CT: No such helper "snmp_trap"
[  441.149494][T16121] IPVS: starting estimator thread 0...
[  441.189928][T19339] IPVS: set_ctl: invalid protocol: 117 172.20.20.170:20000
[  441.243698][T19340] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3603'.
[  441.263636][T19336] IPVS: using max 28 ests per chain, 67200 per kthread
[  441.340060][ T5837] Bluetooth: hci0: command 0x0c20 tx timeout
[  441.588335][T19365] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  441.604370][T19349] block nbd2: server does not support multiple connections per device.
[  441.615582][T19349] block nbd2: shutting down sockets
[  441.783230][T19367] netlink: 'syz.2.3610': attribute type 1 has an invalid length.
[  441.798041][T19378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3613'.
[  441.809105][T19367] netlink: 'syz.2.3610': attribute type 3 has an invalid length.
[  441.821892][T19367] netlink: 172 bytes leftover after parsing attributes in process `syz.2.3610'.
[  441.831290][T19367] NCSI netlink: No device for ifindex 813332851
[  441.839661][T19377] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3613'.
[  442.156463][T19397] ieee802154 phy1 wpan1: encryption failed: -22
[  442.185248][T19398] bond2: entered promiscuous mode
[  442.216319][T19398] "syz.1.3621" (19398) uses obsolete ecb(arc4) skcipher
[  442.241678][T19403] netlink: 'syz.0.3622': attribute type 12 has an invalid length.
[  442.260363][T19406] netlink: 'syz.0.3622': attribute type 12 has an invalid length.
[  442.340260][T19398] bridge0: port 2(bridge_slave_1) entered blocking state
[  442.347545][T19398] bridge0: port 2(bridge_slave_1) entered forwarding state
[  442.355186][T19398] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.362414][T19398] bridge0: port 1(bridge_slave_0) entered forwarding state
[  442.434916][T16122] net_ratelimit: 3 callbacks suppressed
[  442.434936][T16122] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  442.491786][T19415] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3624'.
[  442.602910][ T9744] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  442.760048][T19438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3628'.
[  442.795542][T19438] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3628'.
[  442.865246][T19444] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  443.163865][T19462] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3631'.
[  443.181002][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  443.192039][T19464] ip6gre0: Master is either lo or non-ether device
[  443.473120][T16122] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  443.493039][T19481] ieee802154 phy1 wpan1: encryption failed: -22
[  443.715023][T19492] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  443.735351][T19492] bond2: (slave lo): Enslaving as an active interface with an up link
[  443.746228][T19492] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  444.029704][T19506] netlink: 'syz.4.3647': attribute type 1 has an invalid length.
[  444.059934][T19506] bond3: entered promiscuous mode
[  444.065510][T19506] 8021q: adding VLAN 0 to HW filter on device bond3
[  444.086973][T19506] 8021q: adding VLAN 0 to HW filter on device bond3
[  444.094563][T19506] bond3: (slave vcan1): The slave device specified does not support setting the MAC address
[  444.105383][T19506] bond3: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  444.124929][T19506] bond3: (slave vcan1): making interface the new active one
[  444.134482][T19506] vcan1: entered promiscuous mode
[  444.142302][T19506] bond3: (slave vcan1): Enslaving as an active interface with an up link
[  444.190930][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  444.513401][T16121] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  445.169131][ T9744] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  445.551635][T16122] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  446.003958][T19451] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  446.223777][T19537] sctp: [Deprecated]: syz.4.3657 (pid 19537) Use of int in maxseg socket option.
[  446.223777][T19537] Use struct sctp_assoc_value instead
[  446.332412][T19537] netlink: 'syz.4.3657': attribute type 29 has an invalid length.
[  446.469819][T19543] netlink: 'syz.4.3657': attribute type 29 has an invalid length.
[  446.480054][T19557] __nla_validate_parse: 1 callbacks suppressed
[  446.480075][T19557] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3661'.
[  446.514279][T19537] netlink: 'syz.4.3657': attribute type 29 has an invalid length.
[  446.549925][T19537] netlink: 'syz.4.3657': attribute type 29 has an invalid length.
[  446.575327][T19537] netlink: 'syz.4.3657': attribute type 29 has an invalid length.
[  446.614132][T19537] netlink: 'syz.4.3657': attribute type 29 has an invalid length.
[  446.644839][T19537] netlink: 'syz.4.3657': attribute type 29 has an invalid length.
[  446.778808][T19571] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3664'.
[  446.842051][T19576] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3664'.
[  447.149748][T19591] ieee802154 phy1 wpan1: encryption failed: -22
[  447.176709][T19591] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3669'.
[  447.207761][T19591] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.215547][T19591] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.579061][T19605] net_ratelimit: 3 callbacks suppressed
[  447.579081][T19605] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.632692][T16120] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  447.757908][T19611] netlink: 'syz.3.3676': attribute type 1 has an invalid length.
[  447.785397][T19613] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  447.843400][T19611] 8021q: adding VLAN 0 to HW filter on device bond2
[  447.866469][T19619] netlink: 'syz.4.3678': attribute type 4 has an invalid length.
[  447.876712][T19619] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3678'.
[  447.889024][T19611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3676'.
[  447.899052][T19621] netlink: 14601 bytes leftover after parsing attributes in process `syz.4.3678'.
[  447.978655][T19616] vlan2: entered allmulticast mode
[  448.005107][T19616] bond2: entered allmulticast mode
[  448.025267][T19627] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3676'.
[  448.054109][T19627] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3676'.
[  448.276092][T19603] Bluetooth: hci0: Opcode 0x080f failed: -4
[  448.352194][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  448.611232][T19630] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  448.622694][T19637] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3682'.
[  448.671646][T16120] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  448.679834][T16120] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  448.713873][T19666] pim6reg1: entered promiscuous mode
[  448.719262][T19666] pim6reg1: entered allmulticast mode
[  449.129640][T19690] xfrm1: entered allmulticast mode
[  449.326931][T19698] validate_nla: 1 callbacks suppressed
[  449.326951][T19698] netlink: 'syz.3.3697': attribute type 12 has an invalid length.
[  449.341856][T19698] netlink: 'syz.3.3697': attribute type 29 has an invalid length.
[  449.493370][T19711] netlink: 'syz.1.3701': attribute type 10 has an invalid length.
[  449.512962][T19711] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.529738][T19711] bridge_slave_1: left allmulticast mode
[  449.535832][T19711] bridge_slave_1: left promiscuous mode
[  449.542601][T19711] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.551421][ T5843] Bluetooth: hci0: command 0x0c20 tx timeout
[  449.576322][T19711] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  449.593308][T19714] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  449.605938][T19715] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 2, id = 0
[  449.711813][T16120] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  449.836349][T19728] netlink: 'syz.2.3707': attribute type 39 has an invalid length.
[  449.957763][T19734] openvswitch: netlink: IPv4 tun info is not correct
[  449.981197][T19735] openvswitch: netlink: IPv4 tun info is not correct
[  450.231537][T19731] nbd2: detected capacity change from 0 to 63
[  450.260496][ T5843] block nbd2: Receive control failed (result -104)
[  450.270782][ T5143] block nbd2: Receive control failed (result -32)
[  450.452197][T19752] 
[  450.454566][T19752] ======================================================
[  450.461588][T19752] WARNING: possible circular locking dependency detected
[  450.468641][T19752] syzkaller #0 Not tainted
[  450.473072][T19752] ------------------------------------------------------
[  450.480113][T19752] syz.2.3715/19752 is trying to acquire lock:
[  450.486199][T19752] ffffffff8e883780 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x4a/0x690
[  450.496090][T19752] 
[  450.496090][T19752] but task is already holding lock:
[  450.503473][T19752] ffff88806b073760 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1d/0x110
[  450.512210][T19752] 
[  450.512210][T19752] which lock already depends on the new lock.
[  450.512210][T19752] 
[  450.522654][T19752] 
[  450.522654][T19752] the existing dependency chain (in reverse order) is:
[  450.531682][T19752] 
[  450.531682][T19752] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  450.539518][T19752]        lock_sock_nested+0x48/0x100
[  450.544832][T19752]        inet_shutdown+0x6a/0x390
[  450.549877][T19752]        nbd_mark_nsock_dead+0x2e9/0x560
[  450.555529][T19752]        recv_work+0x1c7f/0x1d90
[  450.560484][T19752]        process_scheduled_works+0xb6e/0x18c0
[  450.566582][T19752]        worker_thread+0xa53/0xfc0
[  450.571715][T19752]        kthread+0x388/0x470
[  450.576323][T19752]        ret_from_fork+0x51e/0xb90
[  450.581457][T19752]        ret_from_fork_asm+0x1a/0x30
[  450.586787][T19752] 
[  450.586787][T19752] -> #5 (&nsock->tx_lock){+.+.}-{4:4}:
[  450.594466][T19752]        __mutex_lock+0x19f/0x1300
[  450.599618][T19752]        nbd_queue_rq+0x37b/0x1100
[  450.604755][T19752]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  450.610842][T19752]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  450.617806][T19752]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  450.624329][T19752]        blk_mq_run_hw_queue+0x348/0x4f0
[  450.629990][T19752]        blk_mq_dispatch_list+0xd16/0xe10
[  450.635731][T19752]        blk_mq_flush_plug_list+0x48d/0x570
[  450.641643][T19752]        __blk_flush_plug+0x3ed/0x4d0
[  450.647031][T19752]        __submit_bio+0x28d/0x580
[  450.652075][T19752]        submit_bio_noacct_nocheck+0x2f4/0xa70
[  450.658254][T19752]        block_read_full_folio+0x599/0x830
[  450.664081][T19752]        filemap_read_folio+0x137/0x3b0
[  450.669650][T19752]        do_read_cache_folio+0x358/0x590
[  450.675302][T19752]        read_part_sector+0xb6/0x2b0
[  450.680610][T19752]        adfspart_check_ICS+0xa5/0xa40
[  450.686085][T19752]        bdev_disk_changed+0x7ba/0x1550
[  450.691666][T19752]        blkdev_get_whole+0x380/0x510
[  450.697070][T19752]        bdev_open+0x31e/0xd30
[  450.701852][T19752]        blkdev_open+0x470/0x610
[  450.706811][T19752]        do_dentry_open+0x785/0x14e0
[  450.712127][T19752]        vfs_open+0x3b/0x340
[  450.716745][T19752]        path_openat+0x2e08/0x3860
[  450.721873][T19752]        do_file_open+0x23e/0x4a0
[  450.726915][T19752]        do_sys_openat2+0x113/0x200
[  450.732141][T19752]        __x64_sys_openat+0x138/0x170
[  450.737542][T19752]        do_syscall_64+0x14d/0xf80
[  450.742671][T19752]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.749103][T19752] 
[  450.749103][T19752] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  450.756337][T19752]        __mutex_lock+0x19f/0x1300
[  450.761469][T19752]        nbd_queue_rq+0xc6/0x1100
[  450.766511][T19752]        blk_mq_dispatch_rq_list+0xa70/0x1910
[  450.772615][T19752]        __blk_mq_sched_dispatch_requests+0xdcc/0x1600
[  450.779490][T19752]        blk_mq_sched_dispatch_requests+0xd7/0x190
[  450.786022][T19752]        blk_mq_run_hw_queue+0x348/0x4f0
[  450.791679][T19752]        blk_mq_dispatch_list+0xd16/0xe10
[  450.797422][T19752]        blk_mq_flush_plug_list+0x48d/0x570
[  450.803337][T19752]        __blk_flush_plug+0x3ed/0x4d0
[  450.808727][T19752]        __submit_bio+0x28d/0x580
[  450.813784][T19752]        submit_bio_noacct_nocheck+0x2f4/0xa70
[  450.819952][T19752]        block_read_full_folio+0x599/0x830
[  450.825796][T19752]        filemap_read_folio+0x137/0x3b0
[  450.831370][T19752]        do_read_cache_folio+0x358/0x590
[  450.837021][T19752]        read_part_sector+0xb6/0x2b0
[  450.842418][T19752]        adfspart_check_ICS+0xa5/0xa40
[  450.847915][T19752]        bdev_disk_changed+0x7ba/0x1550
[  450.853490][T19752]        blkdev_get_whole+0x380/0x510
[  450.858884][T19752]        bdev_open+0x31e/0xd30
[  450.863671][T19752]        blkdev_open+0x470/0x610
[  450.868629][T19752]        do_dentry_open+0x785/0x14e0
[  450.873938][T19752]        vfs_open+0x3b/0x340
[  450.878559][T19752]        path_openat+0x2e08/0x3860
[  450.883692][T19752]        do_file_open+0x23e/0x4a0
[  450.888732][T19752]        do_sys_openat2+0x113/0x200
[  450.893959][T19752]        __x64_sys_openat+0x138/0x170
[  450.899356][T19752]        do_syscall_64+0x14d/0xf80
[  450.904486][T19752]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.910937][T19752] 
[  450.910937][T19752] -> #3 (set->srcu){.+.+}-{0:0}:
[  450.918106][T19752]        __synchronize_srcu+0xca/0x300
[  450.923640][T19752]        elevator_switch+0x1e8/0x7a0
[  450.928969][T19752]        elevator_change+0x2cc/0x450
[  450.934282][T19752]        elevator_set_default+0x36c/0x430
[  450.940030][T19752]        blk_register_queue+0x366/0x430
[  450.945627][T19752]        __add_disk+0x677/0xd50
[  450.950532][T19752]        add_disk_fwnode+0xfb/0x480
[  450.955765][T19752]        nbd_dev_add+0x72c/0xb50
[  450.960726][T19752]        nbd_init+0x168/0x1f0
[  450.965447][T19752]        do_one_initcall+0x250/0x8d0
[  450.970759][T19752]        do_initcall_level+0x104/0x190
[  450.976418][T19752]        do_initcalls+0x59/0xa0
[  450.981299][T19752]        kernel_init_freeable+0x2a6/0x3e0
[  450.987044][T19752]        kernel_init+0x1d/0x1d0
[  450.991922][T19752]        ret_from_fork+0x51e/0xb90
[  450.997084][T19752]        ret_from_fork_asm+0x1a/0x30
[  451.002396][T19752] 
[  451.002396][T19752] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  451.010241][T19752]        __mutex_lock+0x19f/0x1300
[  451.015394][T19752]        elevator_change+0x1b3/0x450
[  451.020696][T19752]        elevator_set_none+0xb5/0x140
[  451.026173][T19752]        blk_mq_update_nr_hw_queues+0x5e7/0x1a60
[  451.032546][T19752]        nbd_start_device+0x17f/0xb10
[  451.037938][T19752]        nbd_genl_connect+0x165b/0x1cf0
[  451.043506][T19752]        genl_family_rcv_msg_doit+0x22a/0x330
[  451.049605][T19752]        genl_rcv_msg+0x61c/0x7a0
[  451.054657][T19752]        netlink_rcv_skb+0x232/0x4b0
[  451.059994][T19752]        genl_rcv+0x28/0x40
[  451.064606][T19752]        netlink_unicast+0x80f/0x9b0
[  451.069914][T19752]        netlink_sendmsg+0x813/0xb40
[  451.075213][T19752]        ____sys_sendmsg+0x972/0x9f0
[  451.080524][T19752]        ___sys_sendmsg+0x2a5/0x360
[  451.085763][T19752]        __x64_sys_sendmsg+0x1bd/0x2a0
[  451.091241][T19752]        do_syscall_64+0x14d/0xf80
[  451.096383][T19752]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.102818][T19752] 
[  451.102818][T19752] -> #1 (&q->q_usage_counter(io)#51){++++}-{0:0}:
[  451.111456][T19752]        blk_alloc_queue+0x546/0x680
[  451.116762][T19752]        __blk_mq_alloc_disk+0x197/0x390
[  451.122415][T19752]        nbd_dev_add+0x499/0xb50
[  451.127382][T19752]        nbd_init+0x168/0x1f0
[  451.132085][T19752]        do_one_initcall+0x250/0x8d0
[  451.137403][T19752]        do_initcall_level+0x104/0x190
[  451.142890][T19752]        do_initcalls+0x59/0xa0
[  451.147762][T19752]        kernel_init_freeable+0x2a6/0x3e0
[  451.153501][T19752]        kernel_init+0x1d/0x1d0
[  451.158381][T19752]        ret_from_fork+0x51e/0xb90
[  451.163513][T19752]        ret_from_fork_asm+0x1a/0x30
[  451.168829][T19752] 
[  451.168829][T19752] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  451.176066][T19752]        __lock_acquire+0x15a5/0x2cf0
[  451.181456][T19752]        lock_acquire+0xf0/0x2e0
[  451.186418][T19752]        fs_reclaim_acquire+0x71/0x100
[  451.191904][T19752]        kmem_cache_alloc_node_noprof+0x4a/0x690
[  451.198248][T19752]        __alloc_skb+0x27d/0x7d0
[  451.203205][T19752]        tcp_send_active_reset+0x8a/0x5d0
[  451.208985][T19752]        __tcp_close+0x4c5/0xfe0
[  451.213971][T19752]        tcp_close+0x28/0x110
[  451.218704][T19752]        inet_release+0x143/0x190
[  451.223747][T19752]        sock_close+0xc3/0x240
[  451.228540][T19752]        __fput+0x44f/0xa70
[  451.233074][T19752]        task_work_run+0x1d9/0x270
[  451.238288][T19752]        exit_to_user_mode_loop+0xed/0x480
[  451.244124][T19752]        do_syscall_64+0x32d/0xf80
[  451.249258][T19752]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.255703][T19752] 
[  451.255703][T19752] other info that might help us debug this:
[  451.255703][T19752] 
[  451.265947][T19752] Chain exists of:
[  451.265947][T19752]   fs_reclaim --> &nsock->tx_lock --> sk_lock-AF_INET6
[  451.265947][T19752] 
[  451.278661][T19752]  Possible unsafe locking scenario:
[  451.278661][T19752] 
[  451.286125][T19752]        CPU0                    CPU1
[  451.291500][T19752]        ----                    ----
[  451.296969][T19752]   lock(sk_lock-AF_INET6);
[  451.301497][T19752]                                lock(&nsock->tx_lock);
[  451.308469][T19752]                                lock(sk_lock-AF_INET6);
[  451.315511][T19752]   lock(fs_reclaim);
[  451.319514][T19752] 
[  451.319514][T19752]  *** DEADLOCK ***
[  451.319514][T19752] 
[  451.327758][T19752] 2 locks held by syz.2.3715/19752:
[  451.332987][T19752]  #0: ffff8880591f8d88 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  451.343393][T19752]  #1: ffff88806b073760 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1d/0x110
[  451.352600][T19752] 
[  451.352600][T19752] stack backtrace:
[  451.358541][T19752] CPU: 0 UID: 0 PID: 19752 Comm: syz.2.3715 Not tainted syzkaller #0 PREEMPT(full) 
[  451.358566][T19752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  451.358581][T19752] Call Trace:
[  451.358591][T19752]  <TASK>
[  451.358600][T19752]  dump_stack_lvl+0xe8/0x150
[  451.358630][T19752]  print_circular_bug+0x2e1/0x300
[  451.358659][T19752]  check_noncircular+0x12e/0x150
[  451.358688][T19752]  __lock_acquire+0x15a5/0x2cf0
[  451.358721][T19752]  lock_acquire+0xf0/0x2e0
[  451.358742][T19752]  ? kmem_cache_alloc_node_noprof+0x4a/0x690
[  451.358766][T19752]  fs_reclaim_acquire+0x71/0x100
[  451.358787][T19752]  ? kmem_cache_alloc_node_noprof+0x4a/0x690
[  451.358806][T19752]  kmem_cache_alloc_node_noprof+0x4a/0x690
[  451.358824][T19752]  ? __alloc_skb+0x27d/0x7d0
[  451.358849][T19752]  ? __alloc_skb+0x186/0x7d0
[  451.358866][T19752]  __alloc_skb+0x27d/0x7d0
[  451.358883][T19752]  ? __pfx_skb_attempt_defer_free+0x10/0x10
[  451.358905][T19752]  tcp_send_active_reset+0x8a/0x5d0
[  451.358927][T19752]  __tcp_close+0x4c5/0xfe0
[  451.358956][T19752]  tcp_close+0x28/0x110
[  451.358983][T19752]  inet_release+0x143/0x190
[  451.359005][T19752]  sock_close+0xc3/0x240
[  451.359028][T19752]  ? __pfx_sock_close+0x10/0x10
[  451.359051][T19752]  __fput+0x44f/0xa70
[  451.359081][T19752]  task_work_run+0x1d9/0x270
[  451.359102][T19752]  ? __pfx_task_work_run+0x10/0x10
[  451.359124][T19752]  exit_to_user_mode_loop+0xed/0x480
[  451.359144][T19752]  ? rcu_is_watching+0x15/0xb0
[  451.359170][T19752]  do_syscall_64+0x32d/0xf80
[  451.359191][T19752]  ? trace_irq_disable+0x3b/0x150
[  451.359206][T19752]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.359223][T19752]  ? clear_bhb_loop+0x40/0x90
[  451.359243][T19752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.359263][T19752] RIP: 0033:0x7f409899c819
[  451.359281][T19752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  451.359296][T19752] RSP: 002b:00007ffc2f369308 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  451.359316][T19752] RAX: 0000000000000000 RBX: 00007ffc2f3693f0 RCX: 00007f409899c819
[  451.359328][T19752] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  451.359338][T19752] RBP: 000000000006df36 R08: 0000000000000001 R09: 0000000000000000
[  451.359349][T19752] R10: 0000001b33e20000 R11: 0000000000000246 R12: 00007ffc2f369430
[  451.359361][T19752] R13: 00007f4098c15fac R14: 000000000006df9c R15: 00007f4098c15fa0
[  451.359381][T19752]  </TASK>
[  451.389521][T19759] netlink: 'syz.1.3714': attribute type 1 has an invalid length.
[  451.694452][T19764] bond3: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  451.704961][T19764] bond3: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  451.717560][T19764] bond3: (slave ip6gre1): making interface the new active one
[  451.726124][T19764] bond3: (slave ip6gre1): Enslaving as an active interface with an up link
[  452.674494][T16121] net_ratelimit: 7 callbacks suppressed
[  452.674513][T16121] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.472285][ T9744] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  453.711511][T16122] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.752145][ T9808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.760486][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  454.768652][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.790984][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  455.804537][T16122] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  456.830981][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  456.839247][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  457.871197][    C0] net_ratelimit: 1 callbacks suppressed
[  457.871220][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  457.884960][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  458.911265][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  458.920372][T16120] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.950959][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  459.959123][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  460.361397][ T9808] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog