last executing test programs:

1m13.767264608s ago: executing program 0 (id=726):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4008085}, 0x20040000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e063f4d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0)

1m4.164016133s ago: executing program 0 (id=726):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4008085}, 0x20040000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e063f4d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0)

53.607051832s ago: executing program 0 (id=726):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4008085}, 0x20040000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e063f4d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0)

48.268697199s ago: executing program 2 (id=1500):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0)
sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="040026bd7000fbdbdf250d00000008000600ffffffff2400028008000300030000000800060008000000080006002ceb000008000800070000006137ed189dad74f18271480b6930d304c0a615e7eb720c745cea06e27efcdc9629dde6238976cc7f927d8134dc36349f5852f8a87a2fa347987dd114ba1ea8bf18e4f82c11644d25ceaa6f6470453890e5e169d2184532bdc8dc8fdb567a293875570f43a6ec23a8490088d4b9efc326022770afe7610f4b9bb0c56d986c2fb0ce622617514a618498d1c04e8db4ccfb4e6eb9ce5a498208afa997ec23c6a65c55cddec1435d0257c98bca86be31e08e5bb86ab560b0f9093493a9d7bc2efdc640a4ac1bfe"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x40800)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_extract_tcp_res$synack(&(0x7f0000000180)={0x41424344, <r3=>0x41424344}, 0x1, 0x0)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
sendto$rxrpc(r4, 0x0, 0x0, 0x40080, 0x0, 0x0)
bind$rxrpc(r4, &(0x7f0000000100)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x2, @local}}, 0x24)
syz_extract_tcp_res(&(0x7f0000000380)={<r5=>0x41424344}, 0x800, 0x5)
syz_emit_ethernet(0x167, &(0x7f0000000600)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @remote, @void, {@ipv4={0x800, @tcp={{0x32, 0x4, 0x2, 0x7, 0x159, 0x64, 0x0, 0x9, 0x6, 0x0, @empty, @multicast2, {[@ssrr={0x89, 0x1f, 0xa8, [@initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010102, @multicast2, @private=0xa010102, @rand_addr=0x64010101, @remote, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x6d, 0x1, 0x5, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}, {@empty, 0x5}, {@loopback, 0xc4b}, {@rand_addr=0x64010101, 0x7fff}, {@dev={0xac, 0x14, 0x14, 0x16}, 0x8}, {@local, 0x78}, {@private=0xa010100, 0x4}, {@private=0xa010100, 0x1400000}, {@empty, 0xfffffffb}]}, @timestamp={0x44, 0x28, 0x19, 0x0, 0xc, [0x0, 0x8, 0x7, 0xda, 0x101, 0x1000, 0xffffffff, 0x6, 0x89f6]}, @generic={0xd0, 0x9, "d3723585d26783"}, @lsrr={0x83, 0xf, 0x5, [@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @local]}, @timestamp={0x44, 0x8, 0xf, 0x0, 0xb, [0x4e94]}]}}, {{0x4e24, 0x4e20, r3, r5, 0x0, 0x0, 0x6, 0x4, 0x400, 0x0, 0xff94, {[@sack_perm={0x4, 0x2}]}}, {"f28ad1516cf004e06cb3d08f5fee03f964bcf702c2731d928f35cf5ffa1b0c76a86d2a5b20a545fce9c7eeede5bead19fd84ab583a9ecb5a2ad7e59646ef8e84eb23df9318e5fb84f41d4231f2c043d545ab15cfca604d98143b166444e17e142be8bc5351053d8f47fb93ead1442a1878be56b99fe01c1f4b"}}}}}}, &(0x7f00000003c0)={0x0, 0x3, [0x731, 0x126, 0xfd5, 0xd0a]})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x9, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl(r6, 0x3dac, &(0x7f0000000280)="e3b09ad3c325e536e04838ba2bf04322734bcfe8fe057cd2dff7029e3bd6375cf9ebcef2ac4575f9c26e67e37cee10b362c8892d2177a857701713437215d78db60ecff23f037b76a8b3c446c09656ca504f3526f5636388e91c5bb2f53390d114011f4d876d35ba069cba1500309cccbd9503c700b241f3d14f42a90328")
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x29}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a80)={r7, 0x0, 0xc1, 0x44, &(0x7f00000008c0)="b0da5cd4c48e46552647b456a0cb15115467bcf502f805cf3008588b366c8638004d97d85168e51d06708a34b7a975c73e7104669705754ebe6e43d11c2c5f518c98cb0c9751ba8af117a525e28d228ad5f5e012cefa4e5307aec2c5ec2f721f364365c6c5222fe45c3ff3a46f07d5878b8e6928fd875b79a6339f7e1330074fb4e20eb34f5f7dff2234a364ba1e878c9022da50c4d61b4d00b2f359eb83830adef4a6d149594c4d31131fbff48be06470b8d0dedc8d59ee71120c7c377b23703f", &(0x7f00000009c0)=""/68, 0x0, 0x0, 0xe, 0x2e, &(0x7f0000000840)="99f584ad256ac421b5873f84f961", &(0x7f0000000a40)="eb454b5771036586e29eb6b6ea09b0a3cc72e4caf64cfd426db7da1716c83ec43c31d6938d7f4a2a2f43aacd6ee6", 0x2, 0x0, 0x7}, 0x50)
r8 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r8, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000b00)=ANY=[@ANYBLOB="e0000000110009050000000000000000113c2d9b38402aff6ec2f31166d97833f0f8ac30073eff5aaa90ef4e67d4d71828ded4e460d643d5fe600b15cafc4e6367740fd939728fe10c222557a0e48cc54ad5fdfc9d96eab83adb23e6ea0e30003b415709fe9e9350a9b902a2fb292a57b89faa24ff367c2ce45b80daa96489871ba8845ef4d57736723c2ec516cbbcde6afb99d265f81bc4e91847a803d02973685ab61f218a66b934b7160571e984e5f5d6ad7eff4305326d0affb35c79b457adbe3f0bf08fc949402f059090cf6bf0007718a6968a12e721a9f1fa7300000072451ab1e42e1a95266723cb94c551537a0f1a7fb0c07575b93ce42ba0b87a14649ad2d35aa0df79461a53e5388817fae9008da8bd7705cc5e8e179228ca8d8e48f26a25a6309f998bdc4469d57e0dc014cd47837cc524c40093e636d31c80b40b911b12fa0afa3af8d38c2d055db533a7f62dd51e03809c272d350b8a7890718f8e2153350950fa17b050ee45f7276007517183dca1a954675aa8bc8cea4fac86aa6da197cdca72189c8a1090278fb5c23c"], 0xe0}], 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x18)
getsockname(r0, &(0x7f0000000780)=@nl, &(0x7f0000000800)=0x80)

48.121055495s ago: executing program 2 (id=1503):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x1fffd}}}, 0x24}, 0x1, 0x0, 0x0, 0xc004}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_OCB(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r6, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1699}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48091}, 0x1)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0xa}})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r9, 0x11c, 0x3, &(0x7f0000000100)=""/218, &(0x7f0000000000)=0x616378a3)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000080)={'ip_vti0\x00', <r10=>r2, 0x20, 0x8000, 0x0, 0x7fffffff, {{0xc, 0x4, 0x1, 0x37, 0x30, 0x64, 0x0, 0x9, 0x4, 0x0, @remote, @multicast2, {[@lsrr={0x83, 0x7, 0x87, [@multicast1]}, @timestamp={0x44, 0x14, 0x8c, 0x0, 0xb, [0x8, 0x6, 0xc5, 0x6]}]}}}}})
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_getnexthop={0x40, 0x6a, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_OIF={0x8, 0x5, r10}, @NHA_MASTER={0x8}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004804}, 0x1810)
socket$kcm(0x29, 0x2, 0x0)

38.145367572s ago: executing program 0 (id=726):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4008085}, 0x20040000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e063f4d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0)

36.559024044s ago: executing program 2 (id=1503):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x1fffd}}}, 0x24}, 0x1, 0x0, 0x0, 0xc004}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_OCB(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r6, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1699}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48091}, 0x1)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0xa}})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r9, 0x11c, 0x3, &(0x7f0000000100)=""/218, &(0x7f0000000000)=0x616378a3)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000080)={'ip_vti0\x00', <r10=>r2, 0x20, 0x8000, 0x0, 0x7fffffff, {{0xc, 0x4, 0x1, 0x37, 0x30, 0x64, 0x0, 0x9, 0x4, 0x0, @remote, @multicast2, {[@lsrr={0x83, 0x7, 0x87, [@multicast1]}, @timestamp={0x44, 0x14, 0x8c, 0x0, 0xb, [0x8, 0x6, 0xc5, 0x6]}]}}}}})
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_getnexthop={0x40, 0x6a, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_OIF={0x8, 0x5, r10}, @NHA_MASTER={0x8}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004804}, 0x1810)
socket$kcm(0x29, 0x2, 0x0)

25.090612412s ago: executing program 2 (id=1503):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x1fffd}}}, 0x24}, 0x1, 0x0, 0x0, 0xc004}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_OCB(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r6, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1699}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48091}, 0x1)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0xa}})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r9, 0x11c, 0x3, &(0x7f0000000100)=""/218, &(0x7f0000000000)=0x616378a3)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000080)={'ip_vti0\x00', <r10=>r2, 0x20, 0x8000, 0x0, 0x7fffffff, {{0xc, 0x4, 0x1, 0x37, 0x30, 0x64, 0x0, 0x9, 0x4, 0x0, @remote, @multicast2, {[@lsrr={0x83, 0x7, 0x87, [@multicast1]}, @timestamp={0x44, 0x14, 0x8c, 0x0, 0xb, [0x8, 0x6, 0xc5, 0x6]}]}}}}})
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_getnexthop={0x40, 0x6a, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_OIF={0x8, 0x5, r10}, @NHA_MASTER={0x8}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004804}, 0x1810)
socket$kcm(0x29, 0x2, 0x0)

24.701235333s ago: executing program 0 (id=726):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4008085}, 0x20040000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e063f4d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0)

12.798809924s ago: executing program 2 (id=1503):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x1fffd}}}, 0x24}, 0x1, 0x0, 0x0, 0xc004}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_OCB(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r6, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1699}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48091}, 0x1)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0xa}})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r9, 0x11c, 0x3, &(0x7f0000000100)=""/218, &(0x7f0000000000)=0x616378a3)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000080)={'ip_vti0\x00', <r10=>r2, 0x20, 0x8000, 0x0, 0x7fffffff, {{0xc, 0x4, 0x1, 0x37, 0x30, 0x64, 0x0, 0x9, 0x4, 0x0, @remote, @multicast2, {[@lsrr={0x83, 0x7, 0x87, [@multicast1]}, @timestamp={0x44, 0x14, 0x8c, 0x0, 0xb, [0x8, 0x6, 0xc5, 0x6]}]}}}}})
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_getnexthop={0x40, 0x6a, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_OIF={0x8, 0x5, r10}, @NHA_MASTER={0x8}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004804}, 0x1810)
socket$kcm(0x29, 0x2, 0x0)

11.592919478s ago: executing program 0 (id=726):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4008085}, 0x20040000)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e063f4d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0)

2.234198848s ago: executing program 3 (id=1920):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_RULES={0x1c, 0x10d, 0x0, 0x1, [{0x4}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x8000}, @NL80211_ATTR_DFS_CAC_TIME={0x8}]}]}]}, 0x30}}, 0x0) (async)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x14, r4, 0x11, 0x0, 0x3}, 0x14}}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x14, &(0x7f00000001c0)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, [@snprintf={{}, {}, {}, {}, {}, {}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x8}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0x5, 0x4}, {0x85, 0x0, 0x0, 0x1c}}, @map_fd={0x18, 0x6, 0x1, 0x0, r2}, @cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffd}]}, &(0x7f0000000000)='syzkaller\x00', 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r5, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000600)={0x108, 0x1, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_USERDATA={0x94, 0x6, "267aa3e1cb6d7f61766666b18da82d4d06e31b423a69847ecff6d14fdfc9729ba7f497bc7c190c0e2c2640bc6210ced0b37385767046efde3bacd42b180d2d9292a13c7f63d8eea947ddd7f201dd102158bbefd2eb3179d793eb60101a8ff52288b74aed502824aeebbd020aed12114809af301a988ae6e28b21192de3944b9bb87c104a368f03d458782b7f3f90b2e3"}]}, 0x108}, 0x1, 0x0, 0x0, 0x40}, 0x4000001)

2.096185734s ago: executing program 1 (id=1922):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
r2 = socket$inet(0x2, 0x3, 0x8)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$rose(r3, 0x104, 0x1, &(0x7f00000000c0)=0xb, 0x4)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0)
write$tun(r0, &(0x7f0000000280)={@val={0x1c, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x9, 0x0, 0x0, 0x0, 0x1c, {[@window={0xe, 0x3}, @timestamp={0x5, 0xa}]}}}}}}, 0x46)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0xc76d, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
r4 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x8936, &(0x7f0000000000))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000811234000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz1\x00', 0x200002, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))
openat$cgroup_subtree(r5, &(0x7f0000000200), 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r7 = socket(0x1e, 0x4, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000080)={0x6, 0x4, 0x1}, 0xc)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r8, &(0x7f0000000180)={0x0, 0xffffffffffffffad, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r9, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmsg$kcm(r6, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20000000)

2.046805886s ago: executing program 3 (id=1923):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001bffffe10000000000010000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r4, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r3, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="6c000000190001002abd7000fcdbdf251d01010008000900", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x6c}}, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f00000000c0)={0x2, 0x9, 0x200, 0x3, 0x7, 0x5, 0x1, 0x5}, &(0x7f0000000100)=0x20)
sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x10, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x2, 0x3a}}}}, ["", "", "", "", ""]}, 0x28}}, 0xc890)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000300)=@generic={&(0x7f00000001c0)='./file0\x00', r0}, 0x18)

1.855668631s ago: executing program 1 (id=1925):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b92"], 0x14}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000940)=ANY=[@ANYBLOB="440000001e3e3965edd7849172aa8b833b399e24fd5e765fb09ecb1b37adc7a9c4d0c16824962966eb509d591359dd3721f11d60b837b4b05e41d116db560b7f9c486699905ad8aaa49d1824bdd8f80c6c89ebdccd7c211406cc4e43a971050a49c5a9936f9db866c88e47882d1270b5cc7608fd99c5c363113b1506f7ba3effd5f5db3e42ea8ec4eaed8affe917f639053ee3bcf223507dc88ce7d93708a4b55a8f59141fb8215f9fb25780aaa00dc628badd13ac21a31572df6d310ba698a44bee3cdc2828a75a83290344667fbbe6111aae0f0e8954bb19e0a8bc46f3080b6dbbec3cea29fd", @ANYRES16=r2, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r4, @ANYBLOB="28005080110001004abee339084eeef16f162471f400000005000200000000000800030001ac0f"], 0x44}}, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f00000006c0)={0x268, r2, 0x2, 0x70bd2d, 0xff, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x24e, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x5}, @broadcast, @broadcast, @initial, {0xe, 0x5}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, @void, @void, @val={0x3, 0x1, 0xb0}, @val={0x2d, 0x1a, {0x10, 0x0, 0x1, 0x0, {0xb, 0x1292, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, 0x800, 0x9, 0xd}}, @void, [{0xdd, 0x3a, "a8779ee11f46b73a140419d96bc8de2971c04e3e1f35e546c07e0a8d319ee75e1a806cd0a00aa541d7969b97101cfe74f0a551c66444139787ea"}, {0xdd, 0xb2, "82fcc6b350719dc47488f8ef19ebcc09f00c8e1650324fa35c95dc4c462773657ca82eebdc27de1b99a2e37514f5a07300541f70fdecd44a90a038a4ce2de560b420f58d93d1f6a62a3f9a09bdf03eefd74c0158ace9614a323622e4b6f88731e6d9cd9e65337de1f73cd781785fb0326813b7c3445f8034049cb6c6edc73d81b6b544681b2ac714b621e67d65da601c8154a061c9f2edf09f23db6c2efff8a9d36f5d48552a5650193bb0174de8d5209385"}, {0xdd, 0xae, "85aa75718b41ba4a34af2ce9affbfe43d5c40901034b7fb8dc5d2ff3d38ee6d3ee9da0519799b37fc0d9ae96bcf1bc3f984f5a765adf2770720e3c017bb35aa7bafc20a414d3381057d362be85fa618943aff73c5196c1c70bb83ed93896866962ced545d4ecb510727e9636f1ed489e379f2381c67ba9fa1aaf92b4d182479b89e0016143460e5e97dc8d0244cf213df25b8f035cd59f4df51b1b5e0988866fa81463e3de633647fddc41b49320"}, {0xdd, 0x6d, "6814b7235791f362129f5a423649d6b1dc661923b0cdc39d3bc0e786bd512a8b653a059e1c60df8a38690a5b8424425f13a421e8665f3ed8b59ad8df5bbb53105d23f23b0228d76dcc7db20c3bd94847c3a13b2aa944654076597a4861392416ea9f25623be01d02724e00fe64"}]}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x268}, 0x1, 0x0, 0x0, 0x4}, 0x800)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff)
r5 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16], 0x4c}}, 0x4000804)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.852916356s ago: executing program 3 (id=1926):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00'})
ioctl$sock_bt_hci(r1, 0x400448de, &(0x7f00000000c0))
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003940)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0}}], 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d40)=@base={0x1, 0x4, 0x7, 0xa3, 0x10, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x4, 0x4000010, r2, 0xef47a000)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000040), 0x50)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_to_team\x00'})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000700), r3)
r5 = socket(0x200000000000011, 0x2, 0x4)
bind$packet(r5, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="933c547ecfa7"}, 0x14)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000080), &(0x7f0000000100)=0x4)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010029bd7000fbdbdfd1b267e36601c3e20000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x44040)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r6, 0x0, 0x0, 0x800)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="cf283ea18fcd41d791d8abc5ce2d2dc184d23806683bfcbe16831bf11ca4af5e356a7e5098c8188d4fd315d9f4fcc632f51d9d09ac", @ANYRES64=0x0, @ANYRES32, @ANYRES32=r6, @ANYRESOCT=0x0, @ANYRES8=r2, @ANYRES32=r6, @ANYRES8=r1], 0x14}, 0x1, 0x0, 0x0, 0x240480c0}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00'}) (async)
ioctl$sock_bt_hci(r1, 0x400448de, &(0x7f00000000c0)) (async)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003940)=[{{&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0}}], 0x1, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000001d40)=@base={0x1, 0x4, 0x7, 0xa3, 0x10, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x4, 0x4000010, r2, 0xef47a000) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000040), 0x50) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_to_team\x00'}) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000700), r3) (async)
socket(0x200000000000011, 0x2, 0x4) (async)
bind$packet(r5, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="933c547ecfa7"}, 0x14) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000080), &(0x7f0000000100)=0x4) (async)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010029bd7000fbdbdfd1b267e36601c3e20000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x44040) (async)
socket$alg(0x26, 0x5, 0x0) (async)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
accept4(r6, 0x0, 0x0, 0x800) (async)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="cf283ea18fcd41d791d8abc5ce2d2dc184d23806683bfcbe16831bf11ca4af5e356a7e5098c8188d4fd315d9f4fcc632f51d9d09ac", @ANYRES64=0x0, @ANYRES32, @ANYRES32=r6, @ANYRESOCT=0x0, @ANYRES8=r2, @ANYRES32=r6, @ANYRES8=r1], 0x14}, 0x1, 0x0, 0x0, 0x240480c0}, 0x0) (async)

1.523822973s ago: executing program 3 (id=1929):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0xffffff1f, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_TTL={0x5, 0x8, 0x5}]}}}]}, 0x3c}}, 0x0) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x450, 0x278, 0x168, 0x9, 0x0, 0xb, 0x380, 0x250, 0x250, 0x380, 0x250, 0x3, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00', [], [], 'veth0_to_bridge\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x230, 0x278, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x0, 0x7ff, 0x0, 0x0, 0x0, 0x49, 0x1000}}}, @common=@inet=@ipcomp={{0x30}, {[], 0xb}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'dvmrp0\x00'}}}, {{@uncond, 0x0, 0xd8, 0x108, 0x0, {}, [@common=@inet=@l2tp={{0x30}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b0)

1.523085008s ago: executing program 1 (id=1930):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b92"], 0x14}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000940)=ANY=[], 0x44}}, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f00000006c0)={0x264, r2, 0x2, 0x70bd2d, 0xff, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x24b, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x5}, @broadcast, @broadcast, @initial, {0xe, 0x5}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, @void, @void, @val={0x3, 0x1, 0xb0}, @val={0x2d, 0x1a, {0x10, 0x0, 0x1, 0x0, {0xb, 0x1292, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, 0x800, 0x9, 0xd}}, @void, [{0xdd, 0x41, "a8779ee11f46b73a140419d96bc8de2971c04e3e1f35e546c07e0a8d319ee75e1a806cd0a00aa541d7969b97101cfe74f0a551c66444139787ea41a9edd7953485"}, {0xdd, 0xa8, "82fcc6b350719dc47488f8ef19ebcc09f00c8e1650324fa35c95dc4c462773657ca82eebdc27de1b99a2e37514f5a07300541f70fdecd44a90a038a4ce2de560b420f58d93d1f6a62a3f9a09bdf03eefd74c0158ace9614a323622e4b6f88731e6d9cd9e65337de1f73cd781785fb0326813b7c3445f8034049cb6c6edc73d81b6b544681b2ac714b621e67d65da601c8154a061c9f2edf09f23db6c2efff8a9d36f5d48552a5650"}, {0xdd, 0xae, "85aa75718b41ba4a34af2ce9affbfe43d5c40901034b7fb8dc5d2ff3d38ee6d3ee9da0519799b37fc0d9ae96bcf1bc3f984f5a765adf2770720e3c017bb35aa7bafc20a414d3381057d362be85fa618943aff73c5196c1c70bb83ed93896866962ced545d4ecb510727e9636f1ed489e379f2381c67ba9fa1aaf92b4d182479b89e0016143460e5e97dc8d0244cf213df25b8f035cd59f4df51b1b5e0988866fa81463e3de633647fddc41b49320"}, {0xdd, 0x6d, "6814b7235791f362129f5a423649d6b1dc661923b0cdc39d3bc0e786bd512a8b653a059e1c60df8a38690a5b8424425f13a421e8665f3ed8b59ad8df5bbb53105d23f23b0228d76dcc7db20c3bd94847c3a13b2aa944654076597a4861392416ea9f25623be01d02724e00fe64"}]}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x264}, 0x1, 0x0, 0x0, 0x4}, 0x800)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff)
r3 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16], 0x4c}}, 0x4000804)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.365091531s ago: executing program 3 (id=1932):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r0, 0xfff)
r1 = accept4(r0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r3, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e20, @loopback}}, [0x7, 0x2, 0x925, 0xffffffff00000001, 0xc42, 0x200, 0x6e1, 0x2090c5d2, 0xffffffffffff77ae, 0x2, 0x4, 0x7, 0x100000001, 0x2, 0x9]}, &(0x7f00000000c0)=0x100)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[], 0x7c}}, 0x4084)

1.278767836s ago: executing program 1 (id=1933):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000280)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc22941330000000000000000000300000000000000000000000000100000000055"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000850600000000000000000000000060c3cc75295aeeb0154894038bdd91563d096d6db2c15817adddd7bfd5075b0e02963355c5b264dffb0dc5fae22e8e22bcd90ef79c480451557de853d517", @ANYRES32=r6, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x54, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}, @IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010101}, @IFLA_GRE_TOS={0x5, 0x9, 0xa}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x54}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r7, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007a000107000000000000000007"], 0x18}], 0x1}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880)
r8 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendmmsg$inet6(r8, &(0x7f00000002c0)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback, 0x8}, 0x1c, 0x0}}], 0x1, 0x40000)
ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000140)="fcfa4f55b2ff3eb3870110b2725f486bde2eb63cf81e542644cc09a5d06958608992ca456f00ee106113f213048587eb0ea144f9117375a86a79a453dadd4a8a45c8afd861310cdafd48120ab8bb44f88b2361801d5d4f50525535c60939b7db6a99f65e82fadffdc667e8a18af03cfc67b21e6a978a02e0a179bd7b70f2a9d75044aa7078817528bf191e5af5a1e0feec65787e1c373e118757bc6cc3524b1a31c2bb73119365cde02fa7ab58c75ec5ba53b744de4fa5e558195dff750b2ddb655e7eb0763f69cd87079bc58199d9d33862d90bae31ab7993f7353a30b1faaca44c72726ee6785255eac580d2dbd3e84a1127f355004529d033116d7980fa8d")
sendmsg$nl_route(r7, &(0x7f0000000740)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)=@getneigh={0x14, 0x1e, 0x0, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4040094}, 0x400c080)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r9, &(0x7f0000d84000)={0xa, 0x2, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c)
sendto$inet6(r9, 0x0, 0x0, 0x20000045, &(0x7f0000000100)={0xa, 0x2, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c)
r10 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdbf4, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0x0, 0x2}, {0xfff3, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20084084)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c00020a826b568bac98dd670c80080108008100000008000100aaaaaaaaaa000000"], 0x48}}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f0000000780)={0x6, 'dvmrp0\x00', {0x7}, 0x5})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000240)={'vxcan0\x00'})

1.063817811s ago: executing program 4 (id=1934):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r1)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r1)
sendmsg$NL802154_CMD_NEW_INTERFACE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001580)={0x28, r2, 0x87, 0x70bd2d, 0x0, {0x1e}, [@NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040025}, 0x4024044)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r3=>0x0})
sendto$packet(r0, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb1", 0x11, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14)

1.029925253s ago: executing program 4 (id=1935):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1454cacfd7b0c52f320cc9768e751fb0007d8500000100bc6d0c1a9f872800"], 0x14}], 0x1}, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1454cacfd7b0c52f320cc9768e751fb0007d8500000100bc6d0c1a9f872800"], 0x14}], 0x1}, 0x0) (async)

942.856369ms ago: executing program 4 (id=1936):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000400080000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000005400038008000140000000000800024000000000400003801400010076657468305f746f5f2872696467650014000100767863616e310000000000000000000014000100767863616e31"], 0xc8}}, 0x0)

839.826406ms ago: executing program 1 (id=1937):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe", 0xd3}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def1f", 0xe9}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365", 0xa4}], 0x3}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000e80)="5be3b011e12323e4ab88c0472f0700000000000000e71ba6231f303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf64", 0x71}], 0x1}}], 0x2, 0xc0)
recvfrom$inet(r0, &(0x7f0000000fc0)=""/4096, 0x1000, 0x20, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

839.356277ms ago: executing program 4 (id=1938):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5)
bind$inet6(r0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000040)='K', 0xffffffffffffffd8, 0x20000004, &(0x7f0000000700)={0xa, 0x2, 0x0, @rand_addr, 0x2}, 0x1c)

839.034201ms ago: executing program 2 (id=1503):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x1fffd}}}, 0x24}, 0x1, 0x0, 0x0, 0xc004}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_OCB(r3, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x3c, r6, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1699}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48091}, 0x1)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0xa}})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r9, 0x11c, 0x3, &(0x7f0000000100)=""/218, &(0x7f0000000000)=0x616378a3)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'gre0\x00', &(0x7f0000000080)={'ip_vti0\x00', <r10=>r2, 0x20, 0x8000, 0x0, 0x7fffffff, {{0xc, 0x4, 0x1, 0x37, 0x30, 0x64, 0x0, 0x9, 0x4, 0x0, @remote, @multicast2, {[@lsrr={0x83, 0x7, 0x87, [@multicast1]}, @timestamp={0x44, 0x14, 0x8c, 0x0, 0xb, [0x8, 0x6, 0xc5, 0x6]}]}}}}})
sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_getnexthop={0x40, 0x6a, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_FDB={0x4}, @NHA_GROUPS={0x4}, @NHA_OIF={0x8, 0x5, r10}, @NHA_MASTER={0x8}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004804}, 0x1810)
socket$kcm(0x29, 0x2, 0x0)

796.942712ms ago: executing program 4 (id=1939):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000000)={0x0, 0x2710}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r1, 0x6, 0xc, 0x0, &(0x7f0000000080))
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000280), 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[], 0x98}, 0x1, 0x0, 0x0, 0x20040800}, 0x8000)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0x50, 0x0, 0x1, 0x3, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe)
shutdown(r0, 0x1)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async)
setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000000)={0x0, 0x2710}, 0x10) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
getsockopt$inet6_tcp_int(r1, 0x6, 0xc, 0x0, &(0x7f0000000080)) (async)
socket$netlink(0x10, 0x3, 0xc) (async)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) (async)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000280), 0x4) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r4, 0x0, 0x0) (async)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[], 0x98}, 0x1, 0x0, 0x0, 0x20040800}, 0x8000) (async)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0x50, 0x0, 0x1, 0x3, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0) (async)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4}, 0xe) (async)
shutdown(r0, 0x1) (async)

1.126046ms ago: executing program 1 (id=1940):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
getsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x4)
ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000080)={'team0\x00', 0x4})
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket(0x1f, 0x800, 0x9)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000100)={<r2=>0x0, 0x7, 0xfff, 0x6, 0x0, 0x2}, &(0x7f0000000140)=0x14)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000180)=0x6, 0x4)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f00000001c0)={<r4=>r2, 0x5e, "35d5a90b1e185d4ba06110376d37c56f641ec7799a6dc10e93e7da610dbe13b31a1b0126dca188d149c957dfbe11bc8d06627a1c05194ba22be7b13e8d68f3caf9c6dbd94511541e293ccdc151642c2aabc84c03605b7bbe025223218bf7"}, &(0x7f0000000240)=0x66)
socket$kcm(0x29, 0x5, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r1)
sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x58, r5, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x58}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x98, 0x32, 0x300, 0x70bd29, 0x25dfdbfe, {0x10}, [@typed={0x4, 0x22}, @nested={0x7e, 0x140, 0x0, 0x1, [@nested={0x4, 0xf9}, @generic="5e04a9fbc7863e210285826f76ec5ea6404040", @typed={0x7, 0x14, 0x0, 0x0, @str='#]\x00'}, @generic="e74251d64da939ea71cb8deda34c6b72fda2ea2ee561d8ddd48439fef6b625593fecc35a1ecc49cc7828136e23664542827a81123abb705bf7ded9cad6249c9652f298b8f009470f5ba36effe9ae5f63c19dc0c8d1ca1a", @nested={0x4, 0x104}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000840)
r6 = accept$inet(r1, &(0x7f0000000580)={0x2, 0x0, @empty}, &(0x7f00000005c0)=0x10)
listen(r6, 0x8)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x20, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xe}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000044}, 0x40881)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000700)={r4, 0x5}, 0x8)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000740), &(0x7f0000000780)=0x4)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000800), r1)
sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x20, r7, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000040}, 0x80c0)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000940), r1)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000980)={'batadv_slave_1\x00', <r9=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, &(0x7f0000000a40)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000a00)={&(0x7f00000009c0)={0x3c, r8, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x3c}}, 0x20000000)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r10, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x5103ff9fe20d0854}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x68, 0x1, 0x7, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x8000000000000000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x7}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x101}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9b4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x294140a1}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x10}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x8}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x24008000}, 0x6)
connect$vsock_stream(r1, &(0x7f0000000bc0)={0x28, 0x0, 0x0, @hyper}, 0x10)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000c00)={0x7, [0x6, 0x9, 0x9acf, 0x5, 0x3, 0xff, 0xe0bb]}, &(0x7f0000000c40)=0x12)

556.327µs ago: executing program 3 (id=1941):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b92"], 0x14}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000940)=ANY=[@ANYBLOB="440000001e3e3965edd7849172aa8b833b399e24fd5e765fb09ecb1b37adc7a9c4d0c16824962966eb509d591359dd3721f11d60b837b4b05e41d116db560b7f9c486699905ad8aaa49d1824bdd8f80c6c89ebdccd7c211406cc4e43a971050a49c5a9936f9db866c88e47882d1270b5cc7608fd99c5c363113b1506f7ba3effd5f5db3e42ea8ec4eaed8affe917f639053ee3bcf223507dc88ce7d93708a4b55a8f59141fb8215f9fb25780aaa00dc628badd13ac21a31572df6d310ba698a44bee3cdc2828a75a83290344667fbbe6111aae0f0e8954bb19e0a8bc46f3080b6dbbec3cea29fd", @ANYRES16=r2, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r4, @ANYBLOB="28005080110001004abee339084eeef16f162471f400000005000200000000000800030001ac0f"], 0x44}}, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f00000006c0)={0x268, r2, 0x2, 0x70bd2d, 0xff, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x24e, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x5}, @broadcast, @broadcast, @initial, {0xe, 0x5}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, @void, @void, @val={0x3, 0x1, 0xb0}, @val={0x2d, 0x1a, {0x10, 0x0, 0x1, 0x0, {0xb, 0x1292, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, 0x800, 0x9, 0xd}}, @void, [{0xdd, 0x3a, "a8779ee11f46b73a140419d96bc8de2971c04e3e1f35e546c07e0a8d319ee75e1a806cd0a00aa541d7969b97101cfe74f0a551c66444139787ea"}, {0xdd, 0xb2, "82fcc6b350719dc47488f8ef19ebcc09f00c8e1650324fa35c95dc4c462773657ca82eebdc27de1b99a2e37514f5a07300541f70fdecd44a90a038a4ce2de560b420f58d93d1f6a62a3f9a09bdf03eefd74c0158ace9614a323622e4b6f88731e6d9cd9e65337de1f73cd781785fb0326813b7c3445f8034049cb6c6edc73d81b6b544681b2ac714b621e67d65da601c8154a061c9f2edf09f23db6c2efff8a9d36f5d48552a5650193bb0174de8d5209385"}, {0xdd, 0xae, "85aa75718b41ba4a34af2ce9affbfe43d5c40901034b7fb8dc5d2ff3d38ee6d3ee9da0519799b37fc0d9ae96bcf1bc3f984f5a765adf2770720e3c017bb35aa7bafc20a414d3381057d362be85fa618943aff73c5196c1c70bb83ed93896866962ced545d4ecb510727e9636f1ed489e379f2381c67ba9fa1aaf92b4d182479b89e0016143460e5e97dc8d0244cf213df25b8f035cd59f4df51b1b5e0988866fa81463e3de633647fddc41b49320"}, {0xdd, 0x6d, "6814b7235791f362129f5a423649d6b1dc661923b0cdc39d3bc0e786bd512a8b653a059e1c60df8a38690a5b8424425f13a421e8665f3ed8b59ad8df5bbb53105d23f23b0228d76dcc7db20c3bd94847c3a13b2aa944654076597a4861392416ea9f25623be01d02724e00fe64"}]}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x268}, 0x1, 0x0, 0x0, 0x4}, 0x800)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff)
r5 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16], 0x4c}}, 0x4000804)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB, @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

0s ago: executing program 4 (id=1942):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
r2 = socket$inet(0x2, 0x3, 0x8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0)
syz_emit_ethernet(0x37, &(0x7f00000002c0)={@local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "7fa727", 0x1, 0x2c, 0x0, @private2={0xfc, 0x2, '\x00', 0x4}, @local, {[], '3'}}}}}, 0x0)
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="1c0008000100000000003d0000004500003800000000008490783fffffffac1414aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="940000009078001c0e0300050a0000000000000000004866"], 0x46)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x20)
r6 = bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x14, 0x4, 0x4, 0x7, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r5, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xf, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000340)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r7, &(0x7f0000000200), 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r8 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r9 = socket(0x1e, 0x4, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r10, &(0x7f0000000180)={0x0, 0xffffffffffffffad, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r11, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmsg$kcm(r8, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20000000)

kernel console output (not intermixed with test programs):

 189.617172][ T9797] netlink: 'syz.1.1161': attribute type 29 has an invalid length.
[  189.627022][ T9798] netlink: 'syz.1.1161': attribute type 29 has an invalid length.
[  189.659177][ T9797] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1161'.
[  189.754944][ T9523] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.828911][ T9523] 8021q: adding VLAN 0 to HW filter on device team0
[  189.899208][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.906453][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  189.934107][ T9813] openvswitch: netlink: VXLAN extension message has 11 unknown bytes.
[  189.972093][ T9818] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1170'.
[  190.013593][ T9815] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1169'.
[  190.044186][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.051425][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.132001][ T9815] IPv6: sit1: Disabled Multicast RS
[  190.140605][ T9815] sit1: entered allmulticast mode
[  190.237641][ T9828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  190.314277][ T9823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  190.414570][ T9823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  190.675819][   T51] Bluetooth: hci0: command tx timeout
[  190.783204][ T9523] 8021q: adding VLAN 0 to HW filter on device batadv0
[  190.905962][ T9523] veth0_vlan: entered promiscuous mode
[  190.938765][ T2994] veth0_to_bond: left promiscuous mode
[  190.961415][ T9860] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1185'.
[  190.964689][ T9523] veth1_vlan: entered promiscuous mode
[  191.064083][ T9523] veth0_macvtap: entered promiscuous mode
[  191.093413][ T9523] veth1_macvtap: entered promiscuous mode
[  191.183077][ T9523] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.221322][ T9523] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.259597][ T9523] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.293560][ T9523] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.305512][ T9523] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.314596][ T9523] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.473930][ T9890] netlink: 'syz.4.1192': attribute type 83 has an invalid length.
[  191.521036][ T9890] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  191.534692][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.548594][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.609910][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.618852][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.668927][ T9901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1195'.
[  191.906612][ T9914] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1199'.
[  191.934847][ T9919] openvswitch: netlink: Message has 4 unknown bytes.
[  192.113443][ T9930] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1206'.
[  192.304330][ T9948] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1211'.
[  192.500078][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.070755][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.299692][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.418242][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.704764][ T9973] netlink: 'syz.4.1218': attribute type 4 has an invalid length.
[  193.754501][   T36] bridge_slave_1: left allmulticast mode
[  193.765785][   T36] bridge_slave_1: left promiscuous mode
[  193.778975][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.825315][ T9981] netlink: 'syz.4.1218': attribute type 4 has an invalid length.
[  193.951644][ T9985] openvswitch: netlink: Flow key attr not present in new flow.
[  193.973534][   T36] bridge_slave_0: left allmulticast mode
[  193.981440][   T36] bridge_slave_0: left promiscuous mode
[  193.993327][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.013199][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  194.023485][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  194.031840][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  194.041596][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  194.051535][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  194.204173][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  194.405181][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  194.416786][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  194.428240][   T36] bond0 (unregistering): Released all slaves
[  194.487098][ T9990] netlink: 'syz.1.1223': attribute type 10 has an invalid length.
[  194.576573][ T9990] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.584919][ T9990] bridge0: port 1(bridge_slave_0) entered disabled state
[  194.655034][ T9993] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1224'.
[  195.030722][T10024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1230'.
[  195.053261][T10024] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1230'.
[  195.245525][T10035] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1234'.
[  195.264240][   T36] hsr_slave_0: left promiscuous mode
[  195.264664][T10035] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1234'.
[  195.281634][T10028] xt_CT: No such helper "syz0"
[  195.291027][   T36] hsr_slave_1: left promiscuous mode
[  195.302299][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  195.310764][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  195.324933][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  195.332585][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  195.354876][T10043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1236'.
[  195.372597][   T36] veth1_macvtap: left promiscuous mode
[  195.378211][   T36] veth0_macvtap: left promiscuous mode
[  195.383775][   T36] veth1_vlan: left promiscuous mode
[  195.389183][   T36] veth0_vlan: left promiscuous mode
[  195.785935][   T36] team0 (unregistering): Port device team_slave_1 removed
[  195.828703][   T36] team0 (unregistering): Port device team_slave_0 removed
[  196.118856][ T5157] Bluetooth: hci0: command tx timeout
[  196.221875][T10035] geneve4: entered promiscuous mode
[  196.235942][T10035] geneve4: entered allmulticast mode
[  196.288021][ T5157] Bluetooth: hci3: command 0x0406 tx timeout
[  196.294126][ T5157] Bluetooth: hci1: command 0x0406 tx timeout
[  196.294447][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  196.300274][ T5157] Bluetooth: hci4: command 0x0405 tx timeout
[  196.391158][ T9986] chnl_net:caif_netlink_parms(): no params data found
[  196.645980][ T9986] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.660559][ T9986] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.669106][ T9986] bridge_slave_0: entered allmulticast mode
[  196.681020][T10062] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1243'.
[  196.681167][ T9986] bridge_slave_0: entered promiscuous mode
[  196.705886][ T9986] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.716022][ T9986] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.725939][ T9986] bridge_slave_1: entered allmulticast mode
[  196.735562][ T9986] bridge_slave_1: entered promiscuous mode
[  196.787725][T10067] netlink: 288 bytes leftover after parsing attributes in process `syz.3.1244'.
[  196.818201][ T9986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.834251][ T9986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  196.915119][ T9986] team0: Port device team_slave_0 added
[  196.929742][ T9986] team0: Port device team_slave_1 added
[  196.992401][ T9986] batman_adv: batadv0: Adding interface: batadv_slave_0
[  197.009988][ T9986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  197.050287][T10077] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1248'.
[  197.085739][ T9986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  197.114207][ T9986] batman_adv: batadv0: Adding interface: batadv_slave_1
[  197.133214][ T9986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  197.171454][ T9986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  197.234302][ T9986] hsr_slave_0: entered promiscuous mode
[  197.241953][ T9986] hsr_slave_1: entered promiscuous mode
[  197.500110][T10089] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  197.501195][ T3522] bond0: (slave bond_slave_0): interface is now down
[  197.535287][T10084] xt_CT: No such helper "syz0"
[  197.542529][ T3522] bond0: (slave bond_slave_1): interface is now down
[  197.578281][ T3522] bond0: (slave bond1): interface is now down
[  197.606846][   T59] bond0: (slave bond_slave_0): interface is now down
[  197.613580][   T59] bond0: (slave bond_slave_1): interface is now down
[  197.623750][   T59] bond0: (slave bond1): interface is now down
[  197.677035][   T12] bond0: (slave bond_slave_0): interface is now down
[  197.696049][   T12] bond0: (slave bond_slave_1): interface is now down
[  197.712744][   T12] bond0: (slave bond1): interface is now down
[  197.750722][   T12] bond0: (slave bond_slave_0): interface is now down
[  197.770039][   T12] bond0: (slave bond_slave_1): interface is now down
[  197.795309][   T12] bond0: (slave bond1): interface is now down
[  197.816794][   T12] bond0: now running without any active interface!
[  197.903563][T10104] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1257'.
[  197.928072][T10107] netlink: 'syz.3.1260': attribute type 23 has an invalid length.
[  198.067162][T10115] netlink: 'syz.4.1261': attribute type 1 has an invalid length.
[  198.163278][T10115] 8021q: adding VLAN 0 to HW filter on device bond6
[  198.210614][ T5851] Bluetooth: hci0: command tx timeout
[  198.275479][T10123] bond5: (slave veth0_to_bond): Releasing active interface
[  198.304860][T10123] bond6: (slave veth0_to_bond): making interface the new active one
[  198.330363][T10123] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  198.373486][T10121] bond6: (slave veth11): Enslaving as an active interface with a down link
[  198.718969][T10140] xt_CT: No such helper "syz0"
[  198.749743][ T3522] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  198.754859][ T9986] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  198.764984][ T3522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  198.788160][ T9986] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  198.811004][ T9986] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  198.815781][T10147] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  198.851468][ T9986] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  199.173595][ T9986] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.237147][ T9986] 8021q: adding VLAN 0 to HW filter on device team0
[  199.271168][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.278378][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  199.298489][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.305825][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  199.670029][T10190] bridge0: entered allmulticast mode
[  199.913298][T10206] netlink: 'syz.3.1289': attribute type 1 has an invalid length.
[  199.938055][T10206] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.978506][ T9986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  200.081368][ T9986] veth0_vlan: entered promiscuous mode
[  200.103050][ T9986] veth1_vlan: entered promiscuous mode
[  200.201866][ T9986] veth0_macvtap: entered promiscuous mode
[  200.240805][ T9986] veth1_macvtap: entered promiscuous mode
[  200.280091][ T5851] Bluetooth: hci0: command tx timeout
[  200.294388][ T9986] batman_adv: batadv0: Interface activated: batadv_slave_0
[  200.330170][ T9986] batman_adv: batadv0: Interface activated: batadv_slave_1
[  200.348266][ T9986] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.368190][ T9986] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  200.386778][ T9986] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  200.405790][ T9986] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  200.420473][T10232] __nla_validate_parse: 4 callbacks suppressed
[  200.420489][T10232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1296'.
[  200.504589][T10235] net veth1_virt_wifi .: renamed from virt_wifi0
[  200.601822][T10241] netlink: 'syz.2.1299': attribute type 33 has an invalid length.
[  200.652621][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.662632][T10241] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1299'.
[  200.693294][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.797165][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.805276][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  201.512450][T10296] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  201.852773][T10311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1327'.
[  201.918130][T10313] netlink: 'syz.1.1328': attribute type 39 has an invalid length.
[  202.052358][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.030955][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.080485][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.152968][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  203.413572][T10334] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1334'.
[  203.552200][   T36] bridge_slave_1: left allmulticast mode
[  203.573093][   T36] bridge_slave_1: left promiscuous mode
[  203.597297][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.642729][   T36] bridge_slave_0: left allmulticast mode
[  203.661416][   T36] bridge_slave_0: left promiscuous mode
[  203.679617][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.714526][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  203.726055][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  203.735121][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  203.743998][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  203.760556][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  203.963294][T10359] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1342'.
[  204.276174][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  204.290878][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  204.302011][   T36] bond0 (unregistering): Released all slaves
[  204.326860][T10363] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  204.343320][T10368] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1343'.
[  205.363712][   T36] hsr_slave_0: left promiscuous mode
[  205.383291][   T36] hsr_slave_1: left promiscuous mode
[  205.390228][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  205.401814][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  205.414029][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  205.425236][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  205.458251][   T36] veth1_macvtap: left promiscuous mode
[  205.463993][   T36] veth0_macvtap: left promiscuous mode
[  205.471297][   T36] veth1_vlan: left promiscuous mode
[  205.477222][   T36] veth0_vlan: left promiscuous mode
[  205.796359][ T5836] Bluetooth: hci0: command tx timeout
[  205.940814][   T36] team0 (unregistering): Port device team_slave_1 removed
[  205.982537][   T36] team0 (unregistering): Port device team_slave_0 removed
[  206.357078][T10400] netlink: 'syz.2.1355': attribute type 7 has an invalid length.
[  206.674596][T10342] chnl_net:caif_netlink_parms(): no params data found
[  206.721980][T10424] netlink: 'syz.2.1366': attribute type 3 has an invalid length.
[  206.899532][T10437] netlink: 'syz.4.1369': attribute type 3 has an invalid length.
[  206.922759][T10437] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  206.960960][T10442] netlink: 'syz.1.1371': attribute type 10 has an invalid length.
[  206.981002][T10442] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1371'.
[  207.027821][T10445] netlink: 'syz.3.1372': attribute type 1 has an invalid length.
[  207.049318][T10431] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.106268][T10442] team0: Failed to send port change of device geneve0 via netlink (err -105)
[  207.116069][T10442] team0: Failed to send options change via netlink (err -105)
[  207.123771][T10442] team0: Port device geneve0 added
[  207.173775][T10342] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.181704][T10342] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.189320][T10342] bridge_slave_0: entered allmulticast mode
[  207.197602][T10342] bridge_slave_0: entered promiscuous mode
[  207.226688][T10448] bond4: (slave bridge1): making interface the new active one
[  207.234883][T10448] bond4: (slave bridge1): Enslaving as an active interface with an up link
[  207.301475][T10431] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.326916][T10342] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.334164][T10342] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.341962][T10342] bridge_slave_1: entered allmulticast mode
[  207.352026][T10342] bridge_slave_1: entered promiscuous mode
[  207.446183][T10431] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.473534][T10342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  207.568537][T10431] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.592464][T10342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  207.630372][T10464] netlink: 'syz.4.1378': attribute type 39 has an invalid length.
[  207.707536][T10342] team0: Port device team_slave_0 added
[  207.731270][T10342] team0: Port device team_slave_1 added
[  207.818090][T10342] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.845240][T10342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.877245][ T5836] Bluetooth: hci0: command tx timeout
[  207.892706][T10472] xt_l2tp: invalid flags combination: c
[  207.903054][T10342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  207.947935][T10431] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  207.963422][T10342] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.970562][T10342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.000682][T10342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.022977][T10431] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  208.063211][T10431] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  208.141953][T10431] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  208.203149][T10342] hsr_slave_0: entered promiscuous mode
[  208.233554][T10342] hsr_slave_1: entered promiscuous mode
[  208.508457][T10502] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1394'.
[  208.583032][T10504] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (18446744073709551615)
[  208.600022][T10504] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535
[  208.612700][T10508] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1395'.
[  208.619809][T10502] IPVS: set_ctl: invalid protocol: 108 224.0.0.1:20000
[  208.844006][T10510] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1397'.
[  209.261719][T10550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1409'.
[  209.358522][T10560] ipt_rpfilter: unknown options
[  209.371927][T10342] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  209.422035][T10342] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  209.457027][T10342] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  209.504597][T10342] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  209.798512][T10342] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.862583][T10342] 8021q: adding VLAN 0 to HW filter on device team0
[  209.900730][ T3522] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.907923][ T3522] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.932755][T10593] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1420'.
[  209.958152][ T5836] Bluetooth: hci0: command tx timeout
[  209.976490][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.980382][T10593] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  209.983687][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.248663][T10612] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1425'.
[  210.257191][T10615] netlink: 'syz.4.1426': attribute type 1 has an invalid length.
[  210.288490][T10612] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1425'.
[  210.318137][T10615] 8021q: adding VLAN 0 to HW filter on device bond8
[  210.359914][T10615] bond8: (slave veth13): Enslaving as an active interface with a down link
[  210.404635][T10615] bond6: (slave veth0_to_bond): Releasing active interface
[  210.417437][T10615] bond6: (slave veth0_to_bond): the permanent HWaddr of slave - aa:aa:aa:aa:aa:1d - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  210.445607][T10615] bond8: (slave veth0_to_bond): making interface the new active one
[  210.469987][T10615] veth0_to_bond: entered promiscuous mode
[  210.492488][T10615] bond8: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  210.510724][T10631] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1430'.
[  210.622202][T10342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.749990][T10342] veth0_vlan: entered promiscuous mode
[  210.789193][T10342] veth1_vlan: entered promiscuous mode
[  210.878969][T10342] veth0_macvtap: entered promiscuous mode
[  210.903237][T10342] veth1_macvtap: entered promiscuous mode
[  210.994801][T10342] batman_adv: batadv0: Interface activated: batadv_slave_0
[  211.040026][T10342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  211.073176][T10342] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.093030][T10342] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.109901][T10342] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  211.130126][T10342] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.155529][T10655] openvswitch: netlink: Actions may not be safe on all matching packets
[  211.389421][ T2960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.408804][ T2960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.469727][ T3522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.489561][ T3522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.596812][T10677] netlink: 'syz.2.1444': attribute type 1 has an invalid length.
[  211.730135][T10677] 8021q: adding VLAN 0 to HW filter on device bond13
[  211.822834][T10681] bond13: (slave veth19): Enslaving as an active interface with a down link
[  211.864589][T10684] bond9: (slave veth0_to_bond): Releasing active interface
[  211.883728][T10684] bond13: (slave veth0_to_bond): making interface the new active one
[  211.901556][T10684] veth0_to_bond: entered promiscuous mode
[  211.908205][T10684] bond13: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  212.212871][T10705] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[  212.401160][ T3522] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.425597][T10724] netlink: 'syz.1.1459': attribute type 23 has an invalid length.
[  212.450445][T10725] netlink: 'syz.4.1460': attribute type 1 has an invalid length.
[  212.605262][T10725] 8021q: adding VLAN 0 to HW filter on device bond9
[  212.681158][T10731] bond9: (slave veth15): Enslaving as an active interface with a down link
[  212.720218][T10733] bond8: (slave veth0_to_bond): Releasing active interface
[  212.727657][T10733] veth0_to_bond: left promiscuous mode
[  212.737779][T10733] bond9: (slave veth0_to_bond): making interface the new active one
[  212.750949][T10733] veth0_to_bond: entered promiscuous mode
[  212.757779][T10733] bond9: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  212.783209][T10732] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  212.815585][T10732] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  212.912118][ T3522] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.150426][ T3522] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.313261][ T3522] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.394969][ T3522] bridge_slave_1: left allmulticast mode
[  213.401816][ T3522] bridge_slave_1: left promiscuous mode
[  213.407728][ T3522] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.418735][ T3522] bridge_slave_0: left allmulticast mode
[  213.424397][ T3522] bridge_slave_0: left promiscuous mode
[  213.430742][ T3522] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.701423][T10741] FAULT_INJECTION: forcing a failure.
[  213.701423][T10741] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  213.731643][T10741] CPU: 0 UID: 0 PID: 10741 Comm: syz.3.1463 Not tainted 6.16.0-rc2-syzkaller-00163-gb993ea46b3b6 #0 PREEMPT(full) 
[  213.731672][T10741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  213.731682][T10741] Call Trace:
[  213.731690][T10741]  <TASK>
[  213.731698][T10741]  dump_stack_lvl+0x189/0x250
[  213.731726][T10741]  ? __pfx____ratelimit+0x10/0x10
[  213.731747][T10741]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.731768][T10741]  ? __pfx__printk+0x10/0x10
[  213.731785][T10741]  ? __might_fault+0xb0/0x130
[  213.731808][T10741]  should_fail_ex+0x414/0x560
[  213.731831][T10741]  _copy_from_iter+0x1db/0x16f0
[  213.731857][T10741]  ? rcu_is_watching+0x15/0xb0
[  213.731880][T10741]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  213.731909][T10741]  ? __pfx__copy_from_iter+0x10/0x10
[  213.731931][T10741]  ? __build_skb_around+0x257/0x3e0
[  213.731953][T10741]  ? netlink_sendmsg+0x642/0xb30
[  213.731968][T10741]  ? skb_put+0x11b/0x210
[  213.731989][T10741]  netlink_sendmsg+0x6b2/0xb30
[  213.732015][T10741]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.732036][T10741]  ? aa_sock_msg_perm+0x94/0x160
[  213.732058][T10741]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  213.732077][T10741]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.732096][T10741]  __sock_sendmsg+0x219/0x270
[  213.732119][T10741]  ____sys_sendmsg+0x505/0x830
[  213.732144][T10741]  ? __pfx_____sys_sendmsg+0x10/0x10
[  213.732171][T10741]  ? import_iovec+0x74/0xa0
[  213.732191][T10741]  ___sys_sendmsg+0x21f/0x2a0
[  213.732212][T10741]  ? __pfx____sys_sendmsg+0x10/0x10
[  213.732262][T10741]  ? __fget_files+0x2a/0x420
[  213.732278][T10741]  ? __fget_files+0x3a0/0x420
[  213.732303][T10741]  __x64_sys_sendmsg+0x19b/0x260
[  213.732326][T10741]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  213.732353][T10741]  ? __pfx_ksys_write+0x10/0x10
[  213.732366][T10741]  ? rcu_is_watching+0x15/0xb0
[  213.732391][T10741]  ? do_syscall_64+0xbe/0x3b0
[  213.732408][T10741]  do_syscall_64+0xfa/0x3b0
[  213.732422][T10741]  ? lockdep_hardirqs_on+0x9c/0x150
[  213.732443][T10741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.732460][T10741]  ? clear_bhb_loop+0x60/0xb0
[  213.732480][T10741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.732496][T10741] RIP: 0033:0x7f867cb8e929
[  213.732512][T10741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.732527][T10741] RSP: 002b:00007f867d9c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.732545][T10741] RAX: ffffffffffffffda RBX: 00007f867cdb5fa0 RCX: 00007f867cb8e929
[  213.732558][T10741] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[  213.732569][T10741] RBP: 00007f867d9c1090 R08: 0000000000000000 R09: 0000000000000000
[  213.732580][T10741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.732590][T10741] R13: 0000000000000000 R14: 00007f867cdb5fa0 R15: 00007ffc1ba03cf8
[  213.732619][T10741]  </TASK>
[  214.272385][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  214.290868][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  214.300060][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  214.309432][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  214.317238][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  214.443784][ T3522] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.455562][ T3522] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  214.466995][ T3522] bond0 (unregistering): Released all slaves
[  214.900634][T10786] netlink: 'syz.4.1473': attribute type 2 has an invalid length.
[  214.999312][T10795] FAULT_INJECTION: forcing a failure.
[  214.999312][T10795] name failslab, interval 1, probability 0, space 0, times 0
[  215.032663][T10795] CPU: 0 UID: 0 PID: 10795 Comm: syz.1.1475 Not tainted 6.16.0-rc2-syzkaller-00163-gb993ea46b3b6 #0 PREEMPT(full) 
[  215.032689][T10795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  215.032699][T10795] Call Trace:
[  215.032705][T10795]  <TASK>
[  215.032712][T10795]  dump_stack_lvl+0x189/0x250
[  215.032742][T10795]  ? __pfx____ratelimit+0x10/0x10
[  215.032768][T10795]  ? __pfx_dump_stack_lvl+0x10/0x10
[  215.032789][T10795]  ? __pfx__printk+0x10/0x10
[  215.032811][T10795]  ? ref_tracker_alloc+0x318/0x460
[  215.032835][T10795]  should_fail_ex+0x414/0x560
[  215.032860][T10795]  should_failslab+0xa8/0x100
[  215.032879][T10795]  kmem_cache_alloc_noprof+0x73/0x3c0
[  215.032903][T10795]  ? skb_clone+0x212/0x3a0
[  215.032928][T10795]  skb_clone+0x212/0x3a0
[  215.032950][T10795]  __netlink_deliver_tap+0x404/0x850
[  215.032983][T10795]  ? netlink_deliver_tap+0x2e/0x1b0
[  215.033003][T10795]  netlink_deliver_tap+0x19c/0x1b0
[  215.033024][T10795]  netlink_unicast+0x72f/0x8d0
[  215.033054][T10795]  netlink_sendmsg+0x805/0xb30
[  215.033084][T10795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  215.033106][T10795]  ? aa_sock_msg_perm+0x94/0x160
[  215.033130][T10795]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  215.033151][T10795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  215.033172][T10795]  __sock_sendmsg+0x219/0x270
[  215.033198][T10795]  ____sys_sendmsg+0x505/0x830
[  215.033224][T10795]  ? __pfx_____sys_sendmsg+0x10/0x10
[  215.033253][T10795]  ? import_iovec+0x74/0xa0
[  215.033273][T10795]  ___sys_sendmsg+0x21f/0x2a0
[  215.033294][T10795]  ? __pfx____sys_sendmsg+0x10/0x10
[  215.033350][T10795]  ? __fget_files+0x2a/0x420
[  215.033366][T10795]  ? __fget_files+0x3a0/0x420
[  215.033392][T10795]  __x64_sys_sendmsg+0x19b/0x260
[  215.033413][T10795]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  215.033442][T10795]  ? __pfx_ksys_write+0x10/0x10
[  215.033463][T10795]  ? do_syscall_64+0xbe/0x3b0
[  215.033485][T10795]  do_syscall_64+0xfa/0x3b0
[  215.033499][T10795]  ? lockdep_hardirqs_on+0x9c/0x150
[  215.033520][T10795]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.033536][T10795]  ? clear_bhb_loop+0x60/0xb0
[  215.033565][T10795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.033581][T10795] RIP: 0033:0x7ff82418e929
[  215.033596][T10795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  215.033610][T10795] RSP: 002b:00007ff8250a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  215.033629][T10795] RAX: ffffffffffffffda RBX: 00007ff8243b6080 RCX: 00007ff82418e929
[  215.033641][T10795] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[  215.033652][T10795] RBP: 00007ff8250a1090 R08: 0000000000000000 R09: 0000000000000000
[  215.033663][T10795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  215.033672][T10795] R13: 0000000000000001 R14: 00007ff8243b6080 R15: 00007ffc83c14698
[  215.033702][T10795]  </TASK>
[  215.510644][T10771] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.518850][T10771] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.712313][ T3522] hsr_slave_0: left promiscuous mode
[  215.723126][ T3522] hsr_slave_1: left promiscuous mode
[  215.742761][ T3522] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  215.751239][ T3522] batman_adv: batadv0: Removing interface: batadv_slave_0
[  215.765057][ T3522] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  215.773102][ T3522] batman_adv: batadv0: Removing interface: batadv_slave_1
[  215.797285][ T3522] veth1_macvtap: left promiscuous mode
[  215.802870][ T3522] veth0_macvtap: left promiscuous mode
[  215.808529][ T3522] veth1_vlan: left promiscuous mode
[  215.813790][ T3522] veth0_vlan: left promiscuous mode
[  215.835928][T10812] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1480'.
[  216.203032][ T3522] team0 (unregistering): Port device team_slave_1 removed
[  216.245348][ T3522] team0 (unregistering): Port device team_slave_0 removed
[  216.356169][ T5851] Bluetooth: hci0: command tx timeout
[  216.610040][T10812] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4)
[  216.884007][T10827] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1486'.
[  216.893045][T10827] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1486'.
[  216.908307][T10827] netlink: 'syz.4.1486': attribute type 14 has an invalid length.
[  216.972786][T10835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1485'.
[  216.994482][T10822] syz.3.1482 (10822) used greatest stack depth: 19800 bytes left
[  217.023919][T10836] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1487'.
[  217.041722][T10751] chnl_net:caif_netlink_parms(): no params data found
[  217.122383][T10841] netlink: 'syz.3.1489': attribute type 1 has an invalid length.
[  217.256359][T10841] 8021q: adding VLAN 0 to HW filter on device bond5
[  217.313234][T10846] bond5: (slave veth5): Enslaving as an active interface with a down link
[  217.352183][T10849] bond5: (slave veth0_to_bond): making interface the new active one
[  217.384216][T10849] veth0_to_bond: entered promiscuous mode
[  217.390897][T10849] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  217.478929][T10751] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.501652][T10751] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.520043][T10751] bridge_slave_0: entered allmulticast mode
[  217.540445][T10751] bridge_slave_0: entered promiscuous mode
[  217.569192][T10751] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.599366][T10751] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.619068][T10751] bridge_slave_1: entered allmulticast mode
[  217.631372][T10751] bridge_slave_1: entered promiscuous mode
[  217.703007][T10751] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  217.720330][T10751] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  217.814705][T10861] syzkaller0: entered promiscuous mode
[  217.821887][T10861] syzkaller0: entered allmulticast mode
[  217.916880][T10751] team0: Port device team_slave_0 added
[  217.952850][T10751] team0: Port device team_slave_1 added
[  218.063536][T10751] batman_adv: batadv0: Adding interface: batadv_slave_0
[  218.084752][T10751] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.117392][T10751] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  218.148157][T10751] batman_adv: batadv0: Adding interface: batadv_slave_1
[  218.165325][T10751] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.187231][T10886] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1502'.
[  218.199425][T10751] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.220045][ T3522] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.318128][T10751] hsr_slave_0: entered promiscuous mode
[  218.324785][T10751] hsr_slave_1: entered promiscuous mode
[  218.368219][ T3522] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.436414][ T5851] Bluetooth: hci0: command tx timeout
[  218.526266][T10891] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1504'.
[  218.573974][ T3522] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.649252][T10897] openvswitch: netlink: Missing key (keys=40, expected=100)
[  218.789022][ T3522] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  218.815077][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  218.847242][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  218.859228][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  218.868838][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  218.878057][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  219.042565][T10918] Bluetooth: MGMT ver 1.23
[  219.184896][T10925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1515'.
[  219.365562][T10932] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1518'.
[  219.455028][T10935] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  219.534581][ T3522] bridge_slave_1: left allmulticast mode
[  219.543984][ T3522] bridge_slave_1: left promiscuous mode
[  219.553594][ T3522] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.567329][ T3522] bridge_slave_0: left allmulticast mode
[  219.575359][ T3522] bridge_slave_0: left promiscuous mode
[  219.584695][ T3522] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.640678][T10946] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  219.961780][ T3522] team0: Port device geneve0 removed
[  220.133105][ T3522] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  220.143531][ T3522] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  220.152842][ T3522] bond0 (unregistering): Released all slaves
[  220.249580][ T3522] bond1 (unregistering): (slave veth3): Releasing active interface
[  220.258944][ T3522] bond1 (unregistering): Released all slaves
[  220.350214][ T3522] bond2 (unregistering): (slave veth5): Releasing active interface
[  220.360162][ T3522] bond2 (unregistering): Released all slaves
[  220.454378][ T3522] bond3 (unregistering): (slave veth7): Releasing active interface
[  220.463777][ T3522] bond3 (unregistering): Released all slaves
[  220.517404][ T5836] Bluetooth: hci0: command tx timeout
[  220.568714][ T3522] bond4 (unregistering): (slave veth9): Releasing active interface
[  220.578083][ T3522] bond4 (unregistering): Released all slaves
[  220.672671][ T3522] bond5 (unregistering): (slave veth11): Releasing active interface
[  220.683054][ T3522] bond5 (unregistering): Released all slaves
[  220.776424][ T3522] bond6 (unregistering): (slave veth13): Releasing active interface
[  220.785816][ T3522] bond6 (unregistering): Released all slaves
[  220.873185][ T3522] bond7 (unregistering): (slave veth15): Releasing active interface
[  220.882591][ T3522] bond7 (unregistering): Released all slaves
[  220.917896][ T5836] Bluetooth: hci3: command tx timeout
[  220.976813][ T3522] bond8 (unregistering): (slave wireguard0): Releasing backup interface
[  220.985180][ T3522] wireguard0: left promiscuous mode
[  220.991966][ T3522] bond8 (unregistering): Released all slaves
[  221.086030][ T3522] bond9 (unregistering): (slave veth17): Releasing active interface
[  221.095456][ T3522] bond9 (unregistering): Released all slaves
[  221.183506][ T3522] bond10 (unregistering): Released all slaves
[  221.275448][ T3522] bond11 (unregistering): Released all slaves
[  221.289763][ T3522] bond12 (unregistering): Released all slaves
[  221.382227][ T3522] bond13 (unregistering): (slave veth19): Releasing active interface
[  221.392306][ T3522] bond13 (unregistering): (slave veth0_to_bond): Releasing active interface
[  221.402643][ T3522] bond13 (unregistering): Released all slaves
[  221.416099][T10946] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1522'.
[  221.819002][T10751] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  221.872711][T10751] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  221.899028][T10905] chnl_net:caif_netlink_parms(): no params data found
[  221.921492][T10975] netlink: 'syz.3.1530': attribute type 1 has an invalid length.
[  221.933892][T10751] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  221.962783][T10980] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1532'.
[  221.973973][T10980] netlink: 'syz.1.1532': attribute type 5 has an invalid length.
[  221.988520][T10980] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1532'.
[  221.988542][T10975] 8021q: adding VLAN 0 to HW filter on device bond6
[  222.006725][T10751] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  222.023912][T10977] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1531'.
[  222.065902][T10982] bond6: (slave veth7): Enslaving as an active interface with a down link
[  222.088715][T10980] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 256 - 0
[  222.098009][T10980] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 256 - 0
[  222.106299][T10980] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 256 - 0
[  222.114485][T10980] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 256 - 0
[  222.123641][T10980] geneve3: entered promiscuous mode
[  222.129246][T10980] geneve3: entered allmulticast mode
[  222.184896][T10975] bond5: (slave veth0_to_bond): Releasing active interface
[  222.196009][T10975] veth0_to_bond: left promiscuous mode
[  222.205176][T10975] bond6: (slave veth0_to_bond): making interface the new active one
[  222.214948][T10975] veth0_to_bond: entered promiscuous mode
[  222.221389][T10975] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  222.313016][T11001] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1536'.
[  222.342567][T11001] vlan1: entered allmulticast mode
[  222.348659][T11001] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode
[  222.512628][T11011] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[  222.517088][T11013] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1539'.
[  222.544273][T10905] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.566142][T10905] bridge0: port 1(bridge_slave_0) entered disabled state
[  222.583610][T10905] bridge_slave_0: entered allmulticast mode
[  222.605729][ T5836] Bluetooth: hci0: command tx timeout
[  222.615591][T10905] bridge_slave_0: entered promiscuous mode
[  222.647452][T10905] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.654618][T10905] bridge0: port 2(bridge_slave_1) entered disabled state
[  222.672761][T10905] bridge_slave_1: entered allmulticast mode
[  222.681102][T10905] bridge_slave_1: entered promiscuous mode
[  222.742489][T10905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  222.784862][T11024] netlink: 'syz.1.1542': attribute type 1 has an invalid length.
[  222.786890][T10905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  222.809917][T11025] netlink: zone id is out of range
[  222.826034][T11025] netlink: del zone limit has 4 unknown bytes
[  222.883829][T11024] 8021q: adding VLAN 0 to HW filter on device bond5
[  222.943058][T11026] bond5: (slave gretap1): making interface the new active one
[  222.952352][T11026] bond5: (slave gretap1): Enslaving as an active interface with an up link
[  222.971582][T10905] team0: Port device team_slave_0 added
[  222.985939][T11026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1542'.
[  222.995781][ T5836] Bluetooth: hci3: command tx timeout
[  223.012496][T10905] team0: Port device team_slave_1 added
[  223.091315][ T3522] tipc: Left network mode
[  223.175172][T10751] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.211319][T10905] batman_adv: batadv0: Adding interface: batadv_slave_0
[  223.218556][T10905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.245087][T10905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  223.275571][T10905] batman_adv: batadv0: Adding interface: batadv_slave_1
[  223.282901][T10905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.309984][T10905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  223.576431][T10905] hsr_slave_0: entered promiscuous mode
[  223.583283][T10905] hsr_slave_1: entered promiscuous mode
[  223.590464][T10905] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  223.598642][T10905] Cannot create hsr debugfs directory
[  223.664617][T10751] 8021q: adding VLAN 0 to HW filter on device team0
[  223.706866][ T3522] hsr_slave_0: left promiscuous mode
[  223.728514][ T3522] hsr_slave_1: left promiscuous mode
[  223.734585][ T3522] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.747400][ T3522] batman_adv: batadv0: Removing interface: batadv_slave_0
[  223.759044][ T3522] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  223.770903][ T3522] batman_adv: batadv0: Removing interface: batadv_slave_1
[  223.804586][ T3522] veth1_vlan: left promiscuous mode
[  223.818298][ T3522] veth0_vlan: left promiscuous mode
[  223.931934][T11063] IPVS: set_ctl: invalid protocol: 47 0.0.0.0:20004
[  224.653903][ T3522] team0 (unregistering): Port device team_slave_1 removed
[  224.694777][ T3522] team0 (unregistering): Port device team_slave_0 removed
[  225.075283][T11061] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1556'.
[  225.075845][ T5836] Bluetooth: hci3: command tx timeout
[  225.157422][   T12] veth0_to_bond: left promiscuous mode
[  225.191129][T11067] netlink: 'syz.3.1558': attribute type 1 has an invalid length.
[  225.212782][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  225.220172][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  225.293417][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.300670][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.318153][T11072] veth0: entered promiscuous mode
[  225.412413][T11074] netlink: 'syz.4.1562': attribute type 1 has an invalid length.
[  225.477060][T11074] 8021q: adding VLAN 0 to HW filter on device bond10
[  225.492874][T10751] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  225.555187][T11078] bond10: (slave veth17): Enslaving as an active interface with a down link
[  225.593124][T11074] bond9: (slave veth0_to_bond): Releasing active interface
[  225.604624][T11074] bond10: (slave veth0_to_bond): making interface the new active one
[  225.620796][T11074] veth0_to_bond: entered promiscuous mode
[  225.628217][T11074] bond10: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  226.045196][T11066] veth0: left promiscuous mode
[  226.118101][T11096] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1569'.
[  226.164843][T10751] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.341339][T10905] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  226.372894][T10905] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  226.408758][T10905] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  226.443775][T10751] veth0_vlan: entered promiscuous mode
[  226.451783][T10905] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  226.504530][T10751] veth1_vlan: entered promiscuous mode
[  226.512273][T11112] netlink: 'syz.1.1576': attribute type 1 has an invalid length.
[  226.531378][T11118] netlink: 'syz.3.1577': attribute type 6 has an invalid length.
[  226.575393][T11112] 8021q: adding VLAN 0 to HW filter on device bond6
[  226.641827][T11124] bond6: (slave veth7): Enslaving as an active interface with a down link
[  226.674992][T11112] bond3: (slave veth0_to_bond): Releasing active interface
[  226.697525][T11112] bond6: (slave veth0_to_bond): making interface the new active one
[  226.707096][T11112] veth0_to_bond: entered promiscuous mode
[  226.713430][T11112] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  226.788547][T10751] veth0_macvtap: entered promiscuous mode
[  226.858613][T10751] veth1_macvtap: entered promiscuous mode
[  226.927806][T10751] batman_adv: batadv0: Interface activated: batadv_slave_0
[  226.952116][T11135] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1582'.
[  226.982673][T10751] batman_adv: batadv0: Interface activated: batadv_slave_1
[  227.004806][T10751] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  227.014280][T10751] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  227.024809][T10751] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  227.034436][T10751] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.145417][T10905] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.156304][ T5836] Bluetooth: hci3: command tx timeout
[  227.218299][T10905] 8021q: adding VLAN 0 to HW filter on device team0
[  227.268396][T11149] bond7: entered promiscuous mode
[  227.273546][T11149] bond7: entered allmulticast mode
[  227.279317][T11149] 8021q: adding VLAN 0 to HW filter on device bond7
[  227.299786][T11153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1588'.
[  227.316259][ T2994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.331282][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.338450][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.353962][ T2994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.370627][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.377831][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.469358][T10905] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  227.551486][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.571693][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.641339][T11163] netlink: 'syz.1.1593': attribute type 1 has an invalid length.
[  227.689052][T11163] 8021q: adding VLAN 0 to HW filter on device bond7
[  227.770230][T11166] bond7: (slave veth9): Enslaving as an active interface with a down link
[  227.800199][T11163] bond6: (slave veth0_to_bond): Releasing active interface
[  227.814599][T11163] veth0_to_bond: left promiscuous mode
[  227.832577][T11163] bond7: (slave veth0_to_bond): making interface the new active one
[  227.848922][T11163] veth0_to_bond: entered promiscuous mode
[  227.861626][T11163] bond7: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  227.899264][T11172] netlink: 'syz.4.1595': attribute type 1 has an invalid length.
[  227.981719][T11174] netlink: 'syz.3.1597': attribute type 10 has an invalid length.
[  228.144907][ T2994] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.232759][T10905] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.281836][ T2994] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.329019][T10905] veth0_vlan: entered promiscuous mode
[  228.341252][T10905] veth1_vlan: entered promiscuous mode
[  228.383082][ T2994] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.401764][T10905] veth0_macvtap: entered promiscuous mode
[  228.410812][T10905] veth1_macvtap: entered promiscuous mode
[  228.428598][T10905] batman_adv: batadv0: Interface activated: batadv_slave_0
[  228.441240][T10905] batman_adv: batadv0: Interface activated: batadv_slave_1
[  228.451912][T10905] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.460975][T10905] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.470452][T10905] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.479618][T10905] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.517785][ T2994] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.593474][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.601598][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.633815][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.642827][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.699389][ T2994] bridge_slave_1: left allmulticast mode
[  228.705049][ T2994] bridge_slave_1: left promiscuous mode
[  228.711400][ T2994] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.723614][ T2994] bridge_slave_0: left allmulticast mode
[  228.734538][ T2994] bridge_slave_0: left promiscuous mode
[  228.740850][ T2994] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.044625][ T2994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  229.055813][ T2994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  229.065547][ T2994] bond0 (unregistering): Released all slaves
[  229.257962][ T2994] hsr_slave_0: left promiscuous mode
[  229.263776][ T2994] hsr_slave_1: left promiscuous mode
[  229.269681][ T2994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  229.277182][ T2994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  229.285005][ T2994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  229.293000][ T2994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  229.315231][ T2994] veth1_macvtap: left promiscuous mode
[  229.321167][ T2994] veth0_macvtap: left promiscuous mode
[  229.327328][ T2994] veth1_vlan: left promiscuous mode
[  229.332634][ T2994] veth0_vlan: left promiscuous mode
[  229.891929][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  229.908077][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  229.916252][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  229.926375][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  229.935159][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  230.258534][T11202] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1605'.
[  230.310633][T11203] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1605'.
[  230.371760][ T2994] team0 (unregistering): Port device team_slave_1 removed
[  230.421629][ T2994] team0 (unregistering): Port device team_slave_0 removed
[  230.455136][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  230.468129][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  230.482358][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  230.499894][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  230.521705][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  230.805077][T11185] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR
[  230.941151][T11213] netlink: 'syz.1.1607': attribute type 1 has an invalid length.
[  231.069648][T11213] 8021q: adding VLAN 0 to HW filter on device bond8
[  231.148388][T11217] bond8: (slave veth11): Enslaving as an active interface with a down link
[  231.212324][T11213] bond7: (slave veth0_to_bond): Releasing active interface
[  231.220075][T11213] veth0_to_bond: left promiscuous mode
[  231.235302][T11213] bond8: (slave veth0_to_bond): making interface the new active one
[  231.245183][T11213] veth0_to_bond: entered promiscuous mode
[  231.252264][T11213] bond8: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  231.499406][T11233] xt_hashlimit: max too large, truncated to 1048576
[  231.793777][ T2994] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.823755][T11193] chnl_net:caif_netlink_parms(): no params data found
[  231.910321][T11253] xt_policy: too many policy elements
[  231.928838][ T2994] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.949115][T11206] chnl_net:caif_netlink_parms(): no params data found
[  232.036157][ T5851] Bluetooth: hci0: command tx timeout
[  232.129164][ T2994] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.212226][T11270] netlink: 'syz.3.1622': attribute type 1 has an invalid length.
[  232.342749][T11270] 8021q: adding VLAN 0 to HW filter on device bond8
[  232.351066][T11193] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.359068][T11193] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.367611][T11193] bridge_slave_0: entered allmulticast mode
[  232.375331][T11193] bridge_slave_0: entered promiscuous mode
[  232.403918][T11274] bond8: (slave veth9): Enslaving as an active interface with a down link
[  232.430092][T11279] bond6: (slave veth0_to_bond): Releasing active interface
[  232.438411][T11279] veth0_to_bond: left promiscuous mode
[  232.449359][T11279] bond8: (slave veth0_to_bond): making interface the new active one
[  232.458351][T11279] veth0_to_bond: entered promiscuous mode
[  232.465009][T11279] bond8: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  232.474949][T11193] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.482841][T11193] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.490305][T11193] bridge_slave_1: entered allmulticast mode
[  232.500642][T11193] bridge_slave_1: entered promiscuous mode
[  232.568380][ T2994] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  232.595868][ T5851] Bluetooth: hci3: command tx timeout
[  232.669495][T11206] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.677030][T11206] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.684275][T11206] bridge_slave_0: entered allmulticast mode
[  232.693859][T11206] bridge_slave_0: entered promiscuous mode
[  232.708758][T11193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  232.726526][T11193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  232.736827][T11206] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.743983][T11206] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.765904][T11206] bridge_slave_1: entered allmulticast mode
[  232.774488][T11206] bridge_slave_1: entered promiscuous mode
[  232.840883][T11296] netlink: 'syz.3.1629': attribute type 1 has an invalid length.
[  232.855881][T11296] netlink: 'syz.3.1629': attribute type 4 has an invalid length.
[  232.863653][T11296] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1629'.
[  232.874096][T11296] netlink: 'syz.3.1629': attribute type 1 has an invalid length.
[  232.881959][T11296] netlink: 'syz.3.1629': attribute type 4 has an invalid length.
[  232.889857][T11296] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1629'.
[  232.978590][T11206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  232.993943][T11206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  233.027624][T11300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1631'.
[  233.034766][T11193] team0: Port device team_slave_0 added
[  233.048489][T11193] team0: Port device team_slave_1 added
[  233.130304][T11206] team0: Port device team_slave_0 added
[  233.153705][T11206] team0: Port device team_slave_1 added
[  233.190647][T11306] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  233.206739][T11305] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  233.303461][T11193] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.312834][T11193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.340811][T11193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  233.360544][T11206] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.370711][T11206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.371151][T11317] netlink: 'syz.4.1637': attribute type 1 has an invalid length.
[  233.410295][T11206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  233.423877][T11206] batman_adv: batadv0: Adding interface: batadv_slave_1
[  233.430991][T11206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.473061][T11206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  233.492987][T11193] batman_adv: batadv0: Adding interface: batadv_slave_1
[  233.504417][T11193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.531477][T11193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  233.600675][T11317] 8021q: adding VLAN 0 to HW filter on device bond11
[  233.625509][T11318] bond11: (slave veth19): Enslaving as an active interface with a down link
[  233.648440][T11323] bond10: (slave veth0_to_bond): Releasing active interface
[  233.659194][T11323] veth0_to_bond: left promiscuous mode
[  233.673457][T11323] bond11: (slave veth0_to_bond): making interface the new active one
[  233.683128][T11323] veth0_to_bond: entered promiscuous mode
[  233.692447][T11323] bond11: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  233.705616][ T2994] bridge_slave_1: left allmulticast mode
[  233.724393][ T2994] bridge_slave_1: left promiscuous mode
[  233.732400][ T2994] bridge0: port 2(bridge_slave_1) entered disabled state
[  233.742651][T11329] netlink: 'syz.1.1641': attribute type 1 has an invalid length.
[  233.751113][T11329] netlink: 'syz.1.1641': attribute type 1 has an invalid length.
[  233.760180][ T2994] bridge_slave_0: left allmulticast mode
[  233.775939][ T2994] bridge_slave_0: left promiscuous mode
[  233.785114][ T2994] bridge0: port 1(bridge_slave_0) entered disabled state
[  233.868347][T11333] netlink: 'syz.4.1644': attribute type 1 has an invalid length.
[  233.899238][T11336] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1643'.
[  234.116187][ T5851] Bluetooth: hci0: command tx timeout
[  234.230289][ T2994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  234.241184][ T2994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  234.252080][ T2994] bond0 (unregistering): Released all slaves
[  234.482641][T11193] hsr_slave_0: entered promiscuous mode
[  234.490859][T11193] hsr_slave_1: entered promiscuous mode
[  234.498739][T11347] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1647'.
[  234.514464][T11206] hsr_slave_0: entered promiscuous mode
[  234.524523][T11206] hsr_slave_1: entered promiscuous mode
[  234.534107][T11206] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  234.543576][T11206] Cannot create hsr debugfs directory
[  234.686016][ T5851] Bluetooth: hci3: command tx timeout
[  234.725259][T11358] netlink: 'syz.4.1652': attribute type 1 has an invalid length.
[  234.790733][ T2994] hsr_slave_0: left promiscuous mode
[  234.801157][ T2994] hsr_slave_1: left promiscuous mode
[  234.807798][ T2994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  234.815328][ T2994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  234.826832][ T2994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  234.834643][ T2994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  234.866945][ T2994] veth1_macvtap: left promiscuous mode
[  234.872513][ T2994] veth0_macvtap: left promiscuous mode
[  234.878263][ T2994] veth1_vlan: left promiscuous mode
[  234.883588][ T2994] veth0_vlan: left promiscuous mode
[  235.362253][ T2994] team0 (unregistering): Port device team_slave_1 removed
[  235.402525][ T2994] team0 (unregistering): Port device team_slave_0 removed
[  235.754438][T11358] workqueue: Failed to create a rescuer kthread for wq "bond12": -EINTR
[  235.816310][T11365] bond11: (slave veth0_to_bond): Releasing active interface
[  235.848320][T11365] veth0_to_bond: left promiscuous mode
[  236.012193][T11383] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1660'.
[  236.015558][T11381] netlink: 'syz.1.1659': attribute type 23 has an invalid length.
[  236.196140][ T5851] Bluetooth: hci0: command tx timeout
[  236.474621][T11406] netlink: 'syz.3.1666': attribute type 11 has an invalid length.
[  236.553136][T11412] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1666'.
[  236.730055][T11422] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1671'.
[  236.730214][T11421] SET target dimension over the limit!
[  236.755940][ T5851] Bluetooth: hci3: command tx timeout
[  236.825125][T11415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1669'.
[  236.966700][T11432] veth0_vlan: entered allmulticast mode
[  237.003129][T11432] veth0_vlan: left promiscuous mode
[  237.039539][T11432] veth0_vlan: entered promiscuous mode
[  237.050348][T11432] team0: Device veth0_vlan failed to register rx_handler
[  237.250901][T11206] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  237.283320][T11206] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  237.306877][T11206] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  237.326439][T11206] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  237.522301][T11193] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  237.549609][T11193] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  237.556823][T11460] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  237.577285][T11193] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  237.606985][T11193] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  237.800185][T11206] 8021q: adding VLAN 0 to HW filter on device bond0
[  237.921327][T11206] 8021q: adding VLAN 0 to HW filter on device team0
[  237.982373][ T2960] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.989583][ T2960] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.072848][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.080079][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.216261][T11498] validate_nla: 4 callbacks suppressed
[  238.216278][T11498] netlink: 'syz.1.1692': attribute type 3 has an invalid length.
[  238.275931][ T5851] Bluetooth: hci0: command tx timeout
[  238.280130][T11193] 8021q: adding VLAN 0 to HW filter on device bond0
[  238.333422][T11193] 8021q: adding VLAN 0 to HW filter on device team0
[  238.363317][T11494] syz.4.1691 (11494) used greatest stack depth: 18888 bytes left
[  238.519849][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.527085][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  238.610081][ T2960] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.617296][ T2960] bridge0: port 2(bridge_slave_1) entered forwarding state
[  238.748991][T11509] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1695'.
[  238.837136][ T5851] Bluetooth: hci3: command tx timeout
[  238.844837][T11206] 8021q: adding VLAN 0 to HW filter on device batadv0
[  238.871504][T11518] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[  238.902019][T11520] FAULT_INJECTION: forcing a failure.
[  238.902019][T11520] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  238.925473][T11206] veth0_vlan: entered promiscuous mode
[  238.932731][T11520] CPU: 0 UID: 0 PID: 11520 Comm: syz.4.1700 Not tainted 6.16.0-rc2-syzkaller-00163-gb993ea46b3b6 #0 PREEMPT(full) 
[  238.932758][T11520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  238.932768][T11520] Call Trace:
[  238.932775][T11520]  <TASK>
[  238.932782][T11520]  dump_stack_lvl+0x189/0x250
[  238.932812][T11520]  ? __pfx____ratelimit+0x10/0x10
[  238.932836][T11520]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.932860][T11520]  ? __pfx__printk+0x10/0x10
[  238.932877][T11520]  ? __might_fault+0xb0/0x130
[  238.932914][T11520]  should_fail_ex+0x414/0x560
[  238.932941][T11520]  _copy_from_user+0x2d/0xb0
[  238.932959][T11520]  __sys_connect+0x123/0x440
[  238.932978][T11520]  ? __fget_files+0x3a0/0x420
[  238.932997][T11520]  ? __pfx___sys_connect+0x10/0x10
[  238.933028][T11520]  ? __pfx_ksys_write+0x10/0x10
[  238.933042][T11520]  ? rcu_is_watching+0x15/0xb0
[  238.933073][T11520]  __x64_sys_connect+0x7a/0x90
[  238.933091][T11520]  do_syscall_64+0xfa/0x3b0
[  238.933106][T11520]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.933128][T11520]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.933145][T11520]  ? clear_bhb_loop+0x60/0xb0
[  238.933164][T11520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  238.933180][T11520] RIP: 0033:0x7f288e98e929
[  238.933195][T11520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  238.933209][T11520] RSP: 002b:00007f288f7bd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  238.933227][T11520] RAX: ffffffffffffffda RBX: 00007f288ebb5fa0 RCX: 00007f288e98e929
[  238.933240][T11520] RDX: 0000000000000018 RSI: 0000200000000140 RDI: 0000000000000003
[  238.933250][T11520] RBP: 00007f288f7bd090 R08: 0000000000000000 R09: 0000000000000000
[  238.933260][T11520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  238.933270][T11520] R13: 0000000000000000 R14: 00007f288ebb5fa0 R15: 00007ffc65ebc1e8
[  238.933299][T11520]  </TASK>
[  239.197765][T11206] veth1_vlan: entered promiscuous mode
[  239.231870][T11206] veth0_macvtap: entered promiscuous mode
[  239.249531][T11525] netlink: 'syz.4.1703': attribute type 1 has an invalid length.
[  239.252377][T11206] veth1_macvtap: entered promiscuous mode
[  239.344574][T11531] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1702'.
[  239.358345][T11525] 8021q: adding VLAN 0 to HW filter on device bond12
[  239.365220][T11531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1702'.
[  239.452102][T11531] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1702'.
[  239.475495][T11532] bond12: (slave veth21): Enslaving as an active interface with a down link
[  239.491735][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1706'.
[  239.527811][T11525] bond12: (slave veth0_to_bond): making interface the new active one
[  239.548231][T11525] veth0_to_bond: entered promiscuous mode
[  239.554412][T11525] bond12: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  239.636854][T11206] batman_adv: batadv0: Interface activated: batadv_slave_0
[  239.666986][T11193] 8021q: adding VLAN 0 to HW filter on device batadv0
[  239.695391][T11206] batman_adv: batadv0: Interface activated: batadv_slave_1
[  239.738891][T11206] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  239.765722][T11206] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  239.774464][T11206] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  239.794191][T11206] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  239.943865][T11551] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[  240.009933][T11193] veth0_vlan: entered promiscuous mode
[  240.044161][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.049290][T11193] veth1_vlan: entered promiscuous mode
[  240.069500][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.128528][ T1085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.159542][ T1085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.182394][T11193] veth0_macvtap: entered promiscuous mode
[  240.209685][T11193] veth1_macvtap: entered promiscuous mode
[  240.269456][T11193] batman_adv: batadv0: Interface activated: batadv_slave_0
[  240.328844][T11193] batman_adv: batadv0: Interface activated: batadv_slave_1
[  240.352637][T11564] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[  240.369121][T11564] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[  240.402928][T11193] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  240.412087][T11193] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  240.423699][T11193] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  240.432748][T11193] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  240.577782][T11575] netlink: 'syz.3.1718': attribute type 1 has an invalid length.
[  240.591955][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.600005][T11575] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1718'.
[  240.609363][T11575] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1718'.
[  240.613286][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.691116][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.706974][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  240.860540][T11585] openvswitch: netlink: IP tunnel dst address not specified
[  241.094593][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.152348][T11592] batadv_slave_0: entered allmulticast mode
[  241.180774][T11591] batadv_slave_0: left allmulticast mode
[  241.553793][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.699153][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.814214][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.872366][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  241.882441][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  241.894502][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  241.903404][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  241.911328][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  242.006009][   T13] bridge_slave_1: left allmulticast mode
[  242.011711][   T13] bridge_slave_1: left promiscuous mode
[  242.018003][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.028176][   T13] bridge_slave_0: left allmulticast mode
[  242.033844][   T13] bridge_slave_0: left promiscuous mode
[  242.040084][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.342909][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  242.354380][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  242.368180][   T13] bond0 (unregistering): Released all slaves
[  242.507553][ T2994] veth0_to_bond: left promiscuous mode
[  242.534864][T11607] chnl_net:caif_netlink_parms(): no params data found
[  242.653641][T11607] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.661023][T11607] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.668955][T11607] bridge_slave_0: entered allmulticast mode
[  242.677136][T11607] bridge_slave_0: entered promiscuous mode
[  242.685581][T11607] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.693283][T11607] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.700919][T11607] bridge_slave_1: entered allmulticast mode
[  242.708988][T11607] bridge_slave_1: entered promiscuous mode
[  242.720542][   T13] hsr_slave_0: left promiscuous mode
[  242.728227][   T13] hsr_slave_1: left promiscuous mode
[  242.733965][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  242.741695][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  242.749888][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  242.757492][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  242.777590][   T13] veth1_macvtap: left promiscuous mode
[  242.783108][   T13] veth0_macvtap: left promiscuous mode
[  242.788985][   T13] veth1_vlan: left promiscuous mode
[  242.794311][   T13] veth0_vlan: left promiscuous mode
[  243.202431][T11629] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1731'.
[  243.212072][T11629] netlink: 'syz.1.1731': attribute type 2 has an invalid length.
[  243.226179][T11629] netlink: 'syz.1.1731': attribute type 1 has an invalid length.
[  243.234043][T11629] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1731'.
[  243.295358][ T5848] IPVS: starting estimator thread 0...
[  243.418000][T11632] IPVS: using max 33 ests per chain, 79200 per kthread
[  243.448978][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  243.457709][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  243.466398][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  243.485514][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  243.494381][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  243.552400][   T13] team0 (unregistering): Port device team_slave_1 removed
[  243.592342][   T13] team0 (unregistering): Port device team_slave_0 removed
[  243.956169][ T5836] Bluetooth: hci0: command tx timeout
[  244.053589][T11607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  244.067671][   T12] veth0_to_bond: left promiscuous mode
[  244.101102][T11607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  244.235113][T11607] team0: Port device team_slave_0 added
[  244.247842][T11647] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1735'.
[  244.273697][T11607] team0: Port device team_slave_1 added
[  244.501385][T11607] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.514304][T11663] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1739'.
[  244.524016][T11607] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.524084][T11607] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  244.532587][T11607] batman_adv: batadv0: Adding interface: batadv_slave_1
[  244.570517][T11662] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1739'.
[  244.584553][T11607] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.613316][T11607] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  244.836693][T11607] hsr_slave_0: entered promiscuous mode
[  244.848282][T11607] hsr_slave_1: entered promiscuous mode
[  244.854985][T11607] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  244.876210][T11607] Cannot create hsr debugfs directory
[  244.886852][T11673] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1743'.
[  244.928421][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.085588][T11660] warn_alloc: 1 callbacks suppressed
[  245.085606][T11660] syz.1.1739: vmalloc error: size 67112960, failed to allocated page array size 131080, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  245.110093][T11660] CPU: 0 UID: 0 PID: 11660 Comm: syz.1.1739 Not tainted 6.16.0-rc2-syzkaller-00163-gb993ea46b3b6 #0 PREEMPT(full) 
[  245.110117][T11660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  245.110140][T11660] Call Trace:
[  245.110151][T11660]  <TASK>
[  245.110158][T11660]  dump_stack_lvl+0x189/0x250
[  245.110190][T11660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  245.110213][T11660]  ? __pfx__printk+0x10/0x10
[  245.110230][T11660]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  245.110248][T11660]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  245.110266][T11660]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  245.110285][T11660]  warn_alloc+0x214/0x310
[  245.110310][T11660]  ? __pfx_warn_alloc+0x10/0x10
[  245.110335][T11660]  ? __get_vm_area_node+0x28f/0x300
[  245.110354][T11660]  ? nf_tables_newset+0x132b/0x2530
[  245.110380][T11660]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  245.110427][T11660]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  245.110459][T11660]  ? rcu_is_watching+0x15/0xb0
[  245.110484][T11660]  ? nf_tables_newset+0x132b/0x2530
[  245.110504][T11660]  ? nf_tables_newset+0x132b/0x2530
[  245.110522][T11660]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  245.110539][T11660]  ? nf_tables_newset+0x132b/0x2530
[  245.110560][T11660]  ? nft_table_lookup+0x211/0x230
[  245.110579][T11660]  ? nft_set_lookup+0x128/0x150
[  245.110601][T11660]  ? nft_hash_privsize+0xbf/0xf0
[  245.110622][T11660]  nf_tables_newset+0x132b/0x2530
[  245.110656][T11660]  ? __pfx_nf_tables_newset+0x10/0x10
[  245.110700][T11660]  ? __nla_parse+0x40/0x60
[  245.110728][T11660]  nfnetlink_rcv+0x1132/0x2520
[  245.110778][T11660]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  245.110818][T11660]  ? ref_tracker_free+0x63a/0x7d0
[  245.110870][T11660]  ? __netlink_deliver_tap+0x807/0x850
[  245.110900][T11660]  ? netlink_deliver_tap+0x2e/0x1b0
[  245.110918][T11660]  ? netlink_deliver_tap+0x2e/0x1b0
[  245.110942][T11660]  netlink_unicast+0x758/0x8d0
[  245.110972][T11660]  netlink_sendmsg+0x805/0xb30
[  245.111002][T11660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  245.111025][T11660]  ? aa_sock_msg_perm+0x94/0x160
[  245.111048][T11660]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  245.111068][T11660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  245.111088][T11660]  __sock_sendmsg+0x219/0x270
[  245.111117][T11660]  ____sys_sendmsg+0x505/0x830
[  245.111143][T11660]  ? __pfx_____sys_sendmsg+0x10/0x10
[  245.111174][T11660]  ? import_iovec+0x74/0xa0
[  245.111194][T11660]  ___sys_sendmsg+0x21f/0x2a0
[  245.111217][T11660]  ? __pfx____sys_sendmsg+0x10/0x10
[  245.111276][T11660]  ? __fget_files+0x2a/0x420
[  245.111294][T11660]  ? __fget_files+0x3a0/0x420
[  245.111322][T11660]  __x64_sys_sendmsg+0x19b/0x260
[  245.111346][T11660]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  245.111378][T11660]  ? rcu_is_watching+0x15/0xb0
[  245.111405][T11660]  ? do_syscall_64+0xbe/0x3b0
[  245.111424][T11660]  do_syscall_64+0xfa/0x3b0
[  245.111438][T11660]  ? lockdep_hardirqs_on+0x9c/0x150
[  245.111464][T11660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.111479][T11660]  ? clear_bhb_loop+0x60/0xb0
[  245.111499][T11660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.111515][T11660] RIP: 0033:0x7ff82418e929
[  245.111529][T11660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.111543][T11660] RSP: 002b:00007ff8250c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  245.111561][T11660] RAX: ffffffffffffffda RBX: 00007ff8243b5fa0 RCX: 00007ff82418e929
[  245.111571][T11660] RDX: 0000000000000080 RSI: 00002000000000c0 RDI: 0000000000000004
[  245.111582][T11660] RBP: 00007ff824210b39 R08: 0000000000000000 R09: 0000000000000000
[  245.111592][T11660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  245.111601][T11660] R13: 0000000000000000 R14: 00007ff8243b5fa0 R15: 00007ffc83c14698
[  245.111628][T11660]  </TASK>
[  245.111635][T11660] Mem-Info:
[  245.292151][T11683] IPVS: set_ctl: invalid protocol: 43 224.0.0.2:20004
[  245.292771][T11660] active_anon:4327 inactive_anon:0 isolated_anon:0
[  245.292771][T11660]  active_file:1488 inactive_file:39920 isolated_file:0
[  245.292771][T11660]  unevictable:768 dirty:119 writeback:0
[  245.292771][T11660]  slab_reclaimable:11284 slab_unreclaimable:100411
[  245.292771][T11660]  mapped:29027 shmem:1370 pagetables:894
[  245.292771][T11660]  sec_pagetables:0 bounce:0
[  245.292771][T11660]  kernel_misc_reclaimable:0
[  245.292771][T11660]  free:1322359 free_pcp:19275 free_cma:0
[  245.552918][T11660] Node 0 active_anon:17308kB inactive_anon:0kB active_file:5952kB inactive_file:159480kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116108kB dirty:472kB writeback:0kB shmem:3944kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12000kB pagetables:3448kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  245.587295][T11660] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  245.618982][ T5836] Bluetooth: hci3: command tx timeout
[  245.625083][T11660] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  245.654042][T11660] lowmem_reserve[]: 0 2500 2502 2502 2502
[  245.660132][T11660] Node 0 DMA32 free:1372160kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17260kB inactive_anon:0kB active_file:5952kB inactive_file:157652kB unevictable:1536kB writepending:472kB present:3129332kB managed:2561020kB mlocked:0kB bounce:0kB free_pcp:59792kB local_pcp:40016kB free_cma:0kB
[  245.693041][T11660] lowmem_reserve[]: 0 0 1 1 1
[  245.697890][T11660] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  245.727006][T11660] lowmem_reserve[]: 0 0 0 0 0
[  245.729856][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.731733][T11660] Node 1 Normal free:3901900kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17024kB local_pcp:9760kB free_cma:0kB
[  245.774414][T11660] lowmem_reserve[]: 0 0 0 0 0
[  245.779335][T11660] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  245.792331][T11660] Node 0 DMA32: 943*4kB (UME) 456*8kB (UME) 290*16kB (UME) 194*32kB (UME) 65*64kB (UME) 39*128kB (UME) 21*256kB (UM) 14*512kB (UM) 25*1024kB (UM) 6*2048kB (UME) 316*4096kB (M) = 1372188kB
[  245.812079][T11660] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB
[  245.824806][T11660] Node 1 Normal: 169*4kB (UM) 33*8kB (UME) 32*16kB (UME) 143*32kB (UME) 39*64kB (UME) 7*128kB (UME) 5*256kB (UME) 4*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 948*4096kB (M) = 3901900kB
[  245.863441][T11660] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  245.944384][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.945708][T11660] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  245.985594][T11635] chnl_net:caif_netlink_parms(): no params data found
[  245.985771][T11660] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  246.036501][ T5836] Bluetooth: hci0: command tx timeout
[  246.058395][T11660] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  246.082354][T11660] 42775 total pagecache pages
[  246.088716][T11660] 0 pages in swap cache
[  246.092888][T11660] Free swap  = 124996kB
[  246.097202][T11660] Total swap = 124996kB
[  246.101004][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  246.101901][T11660] 2097051 pages RAM
[  246.120350][T11660] 0 pages HighMem/MovableOnly
[  246.125088][T11660] 424690 pages reserved
[  246.129331][T11660] 0 pages cma reserved
[  246.148324][T11693] netlink: 'syz.4.1750': attribute type 39 has an invalid length.
[  246.237497][T11693] bridge0: port 3(syz_tun) entered disabled state
[  246.274385][T11693] syz_tun (unregistering): left allmulticast mode
[  246.281296][T11693] syz_tun (unregistering): left promiscuous mode
[  246.302526][T11693] bridge0: port 3(syz_tun) entered disabled state
[  246.620549][T11635] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.644782][T11635] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.666498][T11635] bridge_slave_0: entered allmulticast mode
[  246.694757][T11635] bridge_slave_0: entered promiscuous mode
[  246.760132][T11635] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.777254][T11635] bridge0: port 2(bridge_slave_1) entered disabled state
[  246.795306][T11635] bridge_slave_1: entered allmulticast mode
[  246.804340][T11635] bridge_slave_1: entered promiscuous mode
[  246.919556][T11635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  246.938388][T11635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.034450][T11735] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[  247.042049][   T13] bridge_slave_1: left allmulticast mode
[  247.058479][   T13] bridge_slave_1: left promiscuous mode
[  247.077974][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.115488][   T13] bridge_slave_0: left allmulticast mode
[  247.137348][   T13] bridge_slave_0: left promiscuous mode
[  247.143159][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.509156][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  247.520887][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  247.530943][   T13] bond0 (unregistering): Released all slaves
[  247.595778][T11635] team0: Port device team_slave_0 added
[  247.610989][T11635] team0: Port device team_slave_1 added
[  247.635964][ T5836] Bluetooth: hci3: command tx timeout
[  247.823152][T11635] batman_adv: batadv0: Adding interface: batadv_slave_0
[  247.842670][T11635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.873512][T11769] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[  247.882048][T11635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  247.918526][T11635] batman_adv: batadv0: Adding interface: batadv_slave_1
[  247.933359][T11635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.964903][T11635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.028540][T11776] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1778'.
[  248.126767][ T5836] Bluetooth: hci0: command tx timeout
[  248.227735][T11635] hsr_slave_0: entered promiscuous mode
[  248.234923][T11635] hsr_slave_1: entered promiscuous mode
[  248.248215][T11635] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  248.251673][T11786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1780'.
[  248.260949][T11635] Cannot create hsr debugfs directory
[  248.306914][   T13] hsr_slave_0: left promiscuous mode
[  248.313499][   T13] hsr_slave_1: left promiscuous mode
[  248.320964][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  248.334522][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  248.344580][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  248.360981][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  248.363563][T11791] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1780'.
[  248.429442][   T13] veth1_macvtap: left promiscuous mode
[  248.459590][   T13] veth0_macvtap: left promiscuous mode
[  248.465481][   T13] veth1_vlan: left promiscuous mode
[  248.474382][   T13] veth0_vlan: left promiscuous mode
[  248.930356][   T13] team0 (unregistering): Port device team_slave_1 removed
[  248.969179][   T13] team0 (unregistering): Port device team_slave_0 removed
[  249.553158][T11607] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  249.574979][T11817] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1786'.
[  249.586989][T11607] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  249.629737][T11607] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  249.676454][T11607] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  249.724791][ T5836] Bluetooth: hci3: command tx timeout
[  249.814505][ T5903] IPVS: starting estimator thread 0...
[  249.913612][T11834] IPVS: using max 33 ests per chain, 79200 per kthread
[  250.057793][T11846] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1796'.
[  250.162577][T11851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1797'.
[  250.178123][T11851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1797'.
[  250.197321][ T5836] Bluetooth: hci0: command tx timeout
[  250.216961][T11607] 8021q: adding VLAN 0 to HW filter on device bond0
[  250.248910][T11607] 8021q: adding VLAN 0 to HW filter on device team0
[  250.283641][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.290859][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state
[  250.308931][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.316139][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state
[  250.406978][T11861] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1801'.
[  250.422174][T11861] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1801'.
[  250.557599][T11635] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  250.615158][T11635] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  250.643969][T11866] netlink: 'syz.3.1802': attribute type 1 has an invalid length.
[  250.660144][T11635] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  250.683117][T11635] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  250.763757][T11866] 8021q: adding VLAN 0 to HW filter on device bond9
[  250.841180][T11870] bond9: (slave veth13): Enslaving as an active interface with a down link
[  250.903237][T11874] bond8: (slave veth0_to_bond): Releasing active interface
[  250.941065][T11874] bond9: (slave veth0_to_bond): making interface the new active one
[  250.976909][T11874] veth0_to_bond: entered promiscuous mode
[  250.983099][T11874] bond9: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  251.068842][   T36] veth0_to_bond: left promiscuous mode
[  251.131561][T11607] 8021q: adding VLAN 0 to HW filter on device batadv0
[  251.331317][T11607] veth0_vlan: entered promiscuous mode
[  251.371792][T11607] veth1_vlan: entered promiscuous mode
[  251.400241][T11635] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.457983][T11902] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1811'.
[  251.463431][T11635] 8021q: adding VLAN 0 to HW filter on device team0
[  251.534361][ T2994] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.541599][ T2994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.553562][T11908] xt_CT: You must specify a L4 protocol and not use inversions on it
[  251.562657][T11906] netlink: 'syz.3.1812': attribute type 1 has an invalid length.
[  251.565594][T11607] veth0_macvtap: entered promiscuous mode
[  251.596533][T11906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1812'.
[  251.606455][ T2994] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.613617][ T2994] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.643332][T11607] veth1_macvtap: entered promiscuous mode
[  251.683015][T11913] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  251.802248][ T5836] Bluetooth: hci3: command tx timeout
[  251.829707][T11921] netlink: 'syz.3.1816': attribute type 1 has an invalid length.
[  251.853726][T11607] batman_adv: batadv0: Interface activated: batadv_slave_0
[  251.955038][T11921] 8021q: adding VLAN 0 to HW filter on device bond10
[  252.001414][T11607] batman_adv: batadv0: Interface activated: batadv_slave_1
[  252.055742][T11924] bond10: (slave veth15): Enslaving as an active interface with a down link
[  252.085374][T11929] bond9: (slave veth0_to_bond): Releasing active interface
[  252.105960][T11929] veth0_to_bond: left promiscuous mode
[  252.120899][T11936] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  252.135011][T11929] bond10: (slave veth0_to_bond): making interface the new active one
[  252.154497][T11929] veth0_to_bond: entered promiscuous mode
[  252.162696][T11929] bond10: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  252.198938][T11607] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  252.214947][T11940] netlink: 'syz.1.1821': attribute type 10 has an invalid length.
[  252.218186][T11607] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  252.238579][T11607] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  252.249514][T11941] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1823'.
[  252.261298][T11607] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  252.272431][T11936] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1821'.
[  252.328130][T11941] RDS: rds_bind could not find a transport for ::ffff:10.1.1.0, load rds_tcp or rds_rdma?
[  252.542070][ T2960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.563946][ T2960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.618584][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.636296][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.970965][T11635] 8021q: adding VLAN 0 to HW filter on device batadv0
[  253.077564][T11635] veth0_vlan: entered promiscuous mode
[  253.119209][T11635] veth1_vlan: entered promiscuous mode
[  253.195507][T11976] netlink: 'syz.3.1834': attribute type 1 has an invalid length.
[  253.203878][T11635] veth0_macvtap: entered promiscuous mode
[  253.281547][T11976] 8021q: adding VLAN 0 to HW filter on device bond11
[  253.332486][T11635] veth1_macvtap: entered promiscuous mode
[  253.469428][T11981] bond11: (slave veth17): Enslaving as an active interface with a down link
[  253.494773][T11976] bond10: (slave veth0_to_bond): Releasing active interface
[  253.502610][T11976] veth0_to_bond: left promiscuous mode
[  253.520145][T11976] bond11: (slave veth0_to_bond): making interface the new active one
[  253.533992][T11976] veth0_to_bond: entered promiscuous mode
[  253.541541][T11976] bond11: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  253.593050][ T1144] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.662351][T11635] batman_adv: batadv0: Interface activated: batadv_slave_0
[  253.692208][ T1144] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.712446][T11635] batman_adv: batadv0: Interface activated: batadv_slave_1
[  253.732524][T11635] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.742413][T11635] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.752231][T11635] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.761810][T11635] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  253.829608][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.841758][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.880622][ T1144] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.903187][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.911283][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  254.052199][ T1144] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.092480][T11995] hsr_slave_0: left promiscuous mode
[  254.099262][T11995] hsr_slave_1: left promiscuous mode
[  254.397126][ T1144] bridge_slave_1: left allmulticast mode
[  254.409806][ T1144] bridge_slave_1: left promiscuous mode
[  254.427813][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state
[  254.451471][ T1144] bridge_slave_0: left allmulticast mode
[  254.457349][ T1144] bridge_slave_0: left promiscuous mode
[  254.463454][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state
[  254.463934][T12004] x_tables: duplicate underflow at hook 3
[  254.522444][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  254.531453][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  254.541270][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  254.553740][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  254.563208][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  254.840321][T12019] __nla_validate_parse: 5 callbacks suppressed
[  254.840338][T12019] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1845'.
[  254.979905][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  254.992413][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  255.002972][ T1144] bond0 (unregistering): Released all slaves
[  255.311198][ T1144] hsr_slave_0: left promiscuous mode
[  255.320112][ T1144] hsr_slave_1: left promiscuous mode
[  255.326760][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  255.334182][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  255.342517][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  255.350047][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  255.370934][ T1144] veth1_macvtap: left promiscuous mode
[  255.376914][ T1144] veth0_macvtap: left promiscuous mode
[  255.382487][ T1144] veth1_vlan: left promiscuous mode
[  255.387907][ T1144] veth0_vlan: left promiscuous mode
[  255.754034][ T1144] team0 (unregistering): Port device team_slave_1 removed
[  255.793475][ T1144] team0 (unregistering): Port device team_slave_0 removed
[  256.185248][T12011] chnl_net:caif_netlink_parms(): no params data found
[  256.356300][T12030] netlink: 'syz.1.1846': attribute type 3 has an invalid length.
[  256.381547][T12030] netlink: 'syz.1.1846': attribute type 3 has an invalid length.
[  256.433834][T12031] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1847'.
[  256.464523][T12011] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.505837][T12011] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.513118][T12011] bridge_slave_0: entered allmulticast mode
[  256.520105][T12035] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1849'.
[  256.541801][T12011] bridge_slave_0: entered promiscuous mode
[  256.558655][T12035] sit0: Master is either lo or non-ether device
[  256.567718][T12011] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.574964][T12011] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.596489][ T5851] Bluetooth: hci0: command tx timeout
[  256.639859][T12011] bridge_slave_1: entered allmulticast mode
[  256.674175][T12011] bridge_slave_1: entered promiscuous mode
[  256.715408][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  256.731330][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  256.740194][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  256.748494][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  256.757877][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  256.823823][T12011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  256.853986][T12046] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  256.897933][T12011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  256.899919][T12046] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  256.984013][T12011] team0: Port device team_slave_0 added
[  256.994157][T12011] team0: Port device team_slave_1 added
[  257.141116][T12011] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.148293][T12011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.180068][T12011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  257.194764][T12069] batman_adv: batadv0: Removing interface: team0
[  257.205699][T12069] bridge_slave_0: left allmulticast mode
[  257.211376][T12069] bridge_slave_0: left promiscuous mode
[  257.219008][T12069] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.229899][T12070] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1858'.
[  257.242335][T12069] bridge_slave_1: left allmulticast mode
[  257.248112][T12069] bridge_slave_1: left promiscuous mode
[  257.254482][T12069] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.278400][T12069] bond12: (slave veth0_to_bond): Releasing active interface
[  257.304904][T12069] bond0: (slave bond_slave_0): Releasing backup interface
[  257.329038][T12069] bond0: (slave bond_slave_1): Releasing backup interface
[  257.361527][T12069] team0: Port device team_slave_0 removed
[  257.379979][T12069] team0: Port device team_slave_1 removed
[  257.388756][T12069] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  257.396854][T12069] batman_adv: batadv0: Removing interface: batadv_slave_0
[  257.405196][T12069] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  257.412690][T12069] batman_adv: batadv0: Removing interface: batadv_slave_1
[  257.428410][T12069] batadv1: left allmulticast mode
[  257.433598][T12069] batadv1: left promiscuous mode
[  257.439016][T12069] bridge0: port 4(batadv1) entered disabled state
[  257.455329][T12069] bond0: (slave bond1): Releasing backup interface
[  257.471581][T12069] bond2: (slave veth3): Releasing active interface
[  257.485518][T12069] bond3: (slave veth5): Releasing active interface
[  257.501762][T12069] bond4: (slave veth7): Releasing active interface
[  257.514489][T12069] bond5: (slave veth9): Releasing active interface
[  257.531079][T12069] bond6: (slave veth11): Releasing active interface
[  257.543929][T12069] bond8: (slave veth13): Releasing active interface
[  257.559803][T12069] bond9: (slave veth15): Releasing active interface
[  257.575208][T12069] bond10: (slave veth17): Releasing active interface
[  257.590273][T12069] bond11: (slave veth19): Releasing active interface
[  257.603307][T12069] bond12: (slave veth21): Releasing active interface
[  257.635407][T12011] batman_adv: batadv0: Adding interface: batadv_slave_1
[  257.643217][T12011] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.670456][T12011] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  257.689405][T12070] netlink: 'syz.4.1858': attribute type 1 has an invalid length.
[  257.818735][ T1144] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.908117][T12090] batadv_slave_1: entered promiscuous mode
[  258.011659][ T1144] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.050986][T12088] batadv_slave_1: left promiscuous mode
[  258.069276][T12094] netlink: 'syz.1.1865': attribute type 10 has an invalid length.
[  258.076571][T12011] hsr_slave_0: entered promiscuous mode
[  258.077616][T12094] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1865'.
[  258.084170][T12011] hsr_slave_1: entered promiscuous mode
[  258.170959][ T1144] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.309740][T12105] netlink: 'syz.3.1868': attribute type 1 has an invalid length.
[  258.324885][ T1144] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.391727][T12105] 8021q: adding VLAN 0 to HW filter on device bond12
[  258.463995][T12110] bond12: (slave veth19): Enslaving as an active interface with a down link
[  258.497506][T12105] bond11: (slave veth0_to_bond): Releasing active interface
[  258.506160][T12105] veth0_to_bond: left promiscuous mode
[  258.529463][T12105] bond12: (slave veth0_to_bond): making interface the new active one
[  258.541601][T12105] veth0_to_bond: entered promiscuous mode
[  258.547900][T12105] bond12: (slave veth0_to_bond): Enslaving as an active interface with an up link
[  258.547907][T12118] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1871'.
[  258.654744][T12042] chnl_net:caif_netlink_parms(): no params data found
[  258.680818][ T5851] Bluetooth: hci0: command tx timeout
[  258.836059][ T5851] Bluetooth: hci3: command tx timeout
[  258.968057][T12131] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1875'.
[  259.033336][ T1144] bridge_slave_1: left allmulticast mode
[  259.039426][ T1144] bridge_slave_1: left promiscuous mode
[  259.045207][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.064309][ T1144] bridge_slave_0: left allmulticast mode
[  259.073588][ T1144] bridge_slave_0: left promiscuous mode
[  259.091015][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.204868][T12143] openvswitch: netlink: Geneve opt len 63 is not a multiple of 4.
[  259.351884][T12148] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1880'.
[  259.522375][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  259.537397][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  259.549565][ T1144] bond0 (unregistering): Released all slaves
[  259.561828][T12042] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.575860][T12042] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.583052][T12042] bridge_slave_0: entered allmulticast mode
[  259.598599][T12042] bridge_slave_0: entered promiscuous mode
[  259.684594][T12042] bridge0: port 2(bridge_slave_1) entered blocking state
[  259.707273][T12042] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.723639][T12042] bridge_slave_1: entered allmulticast mode
[  259.744466][T12042] bridge_slave_1: entered promiscuous mode
[  259.852472][T12160] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input5
[  259.962638][T12042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  260.049337][T12172] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.1885'.
[  260.079173][T12042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  260.092931][T12171] FAULT_INJECTION: forcing a failure.
[  260.092931][T12171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.113258][T12171] CPU: 1 UID: 0 PID: 12171 Comm: syz.3.1887 Not tainted 6.16.0-rc2-syzkaller-00163-gb993ea46b3b6 #0 PREEMPT(full) 
[  260.113282][T12171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  260.113291][T12171] Call Trace:
[  260.113299][T12171]  <TASK>
[  260.113305][T12171]  dump_stack_lvl+0x189/0x250
[  260.113334][T12171]  ? __pfx____ratelimit+0x10/0x10
[  260.113358][T12171]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.113380][T12171]  ? __pfx__printk+0x10/0x10
[  260.113398][T12171]  ? __might_fault+0xb0/0x130
[  260.113434][T12171]  should_fail_ex+0x414/0x560
[  260.113460][T12171]  _copy_from_user+0x2d/0xb0
[  260.113478][T12171]  ___sys_sendmsg+0x158/0x2a0
[  260.113500][T12171]  ? __pfx____sys_sendmsg+0x10/0x10
[  260.113557][T12171]  ? __fget_files+0x2a/0x420
[  260.113573][T12171]  ? __fget_files+0x3a0/0x420
[  260.113601][T12171]  __x64_sys_sendmsg+0x19b/0x260
[  260.113623][T12171]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  260.113653][T12171]  ? __pfx_ksys_write+0x10/0x10
[  260.113666][T12171]  ? rcu_is_watching+0x15/0xb0
[  260.113695][T12171]  ? do_syscall_64+0xbe/0x3b0
[  260.113715][T12171]  do_syscall_64+0xfa/0x3b0
[  260.113729][T12171]  ? lockdep_hardirqs_on+0x9c/0x150
[  260.113750][T12171]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.113767][T12171]  ? clear_bhb_loop+0x60/0xb0
[  260.113787][T12171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.113803][T12171] RIP: 0033:0x7f867cb8e929
[  260.113818][T12171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.113832][T12171] RSP: 002b:00007f867d9c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  260.113851][T12171] RAX: ffffffffffffffda RBX: 00007f867cdb5fa0 RCX: 00007f867cb8e929
[  260.113863][T12171] RDX: 0000000020000000 RSI: 0000200000000340 RDI: 000000000000000a
[  260.113873][T12171] RBP: 00007f867d9c1090 R08: 0000000000000000 R09: 0000000000000000
[  260.113884][T12171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.113893][T12171] R13: 0000000000000000 R14: 00007f867cdb5fa0 R15: 00007ffc1ba03cf8
[  260.113921][T12171]  </TASK>
[  260.385559][T12042] team0: Port device team_slave_0 added
[  260.419877][T12042] team0: Port device team_slave_1 added
[  260.494813][ T1144] hsr_slave_0: left promiscuous mode
[  260.514046][ T1144] hsr_slave_1: left promiscuous mode
[  260.528869][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  260.537668][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  260.546609][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  260.554053][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  260.601913][ T1144] veth1_macvtap: left promiscuous mode
[  260.618152][ T1144] veth0_macvtap: left promiscuous mode
[  260.624199][ T1144] veth1_vlan: left promiscuous mode
[  260.633491][ T1144] veth0_vlan: left promiscuous mode
[  260.699631][T12192] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1889'.
[  260.755916][ T5851] Bluetooth: hci0: command tx timeout
[  260.770901][T12193] vcan0: tx drop: invalid da for name 0x0000000000000002
[  260.916221][ T5851] Bluetooth: hci3: command tx timeout
[  261.083917][ T1144] team0 (unregistering): Port device team_slave_1 removed
[  261.122859][ T1144] team0 (unregistering): Port device team_slave_0 removed
[  261.618683][T12042] batman_adv: batadv0: Adding interface: batadv_slave_0
[  261.631013][T12042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.663171][T12042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  261.752088][T12042] batman_adv: batadv0: Adding interface: batadv_slave_1
[  261.781703][T12042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.819866][T12042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  261.931643][T12011] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  261.975062][T12011] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  262.013597][T12011] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  262.060730][T12212] veth25: entered promiscuous mode
[  262.098289][T12011] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  262.163168][T12042] hsr_slave_0: entered promiscuous mode
[  262.180157][T12042] hsr_slave_1: entered promiscuous mode
[  262.202078][T12042] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  262.231504][T12042] Cannot create hsr debugfs directory
[  262.333189][T12226] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.1901'.
[  262.539779][T12240] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[  262.705503][T12247] tipc: Enabled bearer <udp:syz0>, priority 10
[  262.770567][T12011] 8021q: adding VLAN 0 to HW filter on device bond0
[  262.801320][T12011] 8021q: adding VLAN 0 to HW filter on device team0
[  262.837607][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  262.844808][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  262.852564][ T5851] Bluetooth: hci0: command tx timeout
[  262.871881][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  262.879118][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  262.996851][ T5851] Bluetooth: hci3: command tx timeout
[  263.009550][T12011] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  263.097177][T12042] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  263.136723][T12042] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  263.150208][T12042] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  263.184601][T12042] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  263.381171][T12011] 8021q: adding VLAN 0 to HW filter on device batadv0
[  263.400478][T12042] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.445469][T12042] 8021q: adding VLAN 0 to HW filter on device team0
[  263.485417][ T2994] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.492685][ T2994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.546945][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.554153][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state
[  263.572588][T12277] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1915'.
[  263.590553][T12011] veth0_vlan: entered promiscuous mode
[  263.625301][T12011] veth1_vlan: entered promiscuous mode
[  263.780089][T12011] veth0_macvtap: entered promiscuous mode
[  263.811008][T12011] veth1_macvtap: entered promiscuous mode
[  263.874001][T12011] batman_adv: batadv0: Interface activated: batadv_slave_0
[  263.922631][T12011] batman_adv: batadv0: Interface activated: batadv_slave_1
[  263.948628][T12011] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  263.964761][T12011] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  263.983274][T12011] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  264.011115][T12011] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  264.136955][T12302] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1923'.
[  264.308332][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  264.320654][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  264.378605][T12042] 8021q: adding VLAN 0 to HW filter on device batadv0
[  264.396030][   T30] audit: type=1800 audit(1750667968.384:4): pid=12317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1926" name="bpf-map" dev="anon_inodefs" ino=1070 res=0 errno=0
[  264.398460][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  264.438934][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  264.451455][T12314] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  264.458503][T12319] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  264.517857][T12042] veth0_vlan: entered promiscuous mode
[  264.529977][T12042] veth1_vlan: entered promiscuous mode
[  264.561191][T12042] veth0_macvtap: entered promiscuous mode
[  264.572685][T12042] veth1_macvtap: entered promiscuous mode
[  264.626269][T12323] xt_ipcomp: unknown flags B
[  264.640782][T12042] batman_adv: batadv0: Interface activated: batadv_slave_0
[  264.758620][T12042] batman_adv: batadv0: Interface activated: batadv_slave_1
[  264.794432][T12042] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  264.813260][T12042] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  264.836161][T12042] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  264.844908][T12042] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  264.925077][T12337] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1933'.
[  265.030841][T12341] netlink: 'syz.4.1934': attribute type 4 has an invalid length.
[  265.064963][ T2994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.075864][ T5851] Bluetooth: hci3: command tx timeout
[  265.076532][ T2994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.092185][T12334] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1933'.
[  265.153986][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  265.184206][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  265.413905][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.430079][T12352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1939'.
[  265.456163][T12352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1939'.
[  265.738223][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.128237][ T5848] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN PTI
[  266.140172][ T5848] KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007]
[  266.149817][ T5848] CPU: 1 UID: 0 PID: 5848 Comm: kworker/1:3 Not tainted 6.16.0-rc2-syzkaller-00163-gb993ea46b3b6 #0 PREEMPT(full) 
[  266.161882][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  266.171960][ T5848] Workqueue: mld mld_ifc_work
[  266.176639][ T5848] RIP: 0010:add_grec+0x764/0x1670
[  266.181660][ T5848] Code: 41 01 41 89 c7 31 ff 89 c6 e8 98 02 9b f7 45 85 ff 0f 84 b0 00 00 00 e8 4a fe 9a f7 eb 05 e8 43 fe 9a f7 49 89 ee 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 ef e8 4d 7c fe f7 48 8b 45 00 48 89 84
[  266.201272][ T5848] RSP: 0018:ffffc900040af8f8 EFLAGS: 00010206
[  266.207354][ T5848] RAX: ffffffff8a255e06 RBX: 0000000000000000 RCX: ffff888033430000
[  266.215429][ T5848] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  266.223417][ T5848] RBP: 00000000ffff0000 R08: ffff888033430000 R09: 0000000000000002
[  266.231390][ T5848] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000
[  266.239354][ T5848] R13: 0000000000000005 R14: 000000001fffe000 R15: 0000000000000001
[  266.247326][ T5848] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  266.256252][ T5848] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  266.262829][ T5848] CR2: 00007f7076eb9b93 CR3: 00000000765aa000 CR4: 00000000003526f0
[  266.270815][ T5848] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  266.278783][ T5848] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  266.286745][ T5848] Call Trace:
[  266.290014][ T5848]  <TASK>
[  266.292950][ T5848]  mld_ifc_work+0x671/0xde0
[  266.297457][ T5848]  ? _raw_spin_unlock_irq+0x23/0x50
[  266.302646][ T5848]  ? process_scheduled_works+0x9ef/0x17b0
[  266.308356][ T5848]  process_scheduled_works+0xae1/0x17b0
[  266.313900][ T5848]  ? __pfx_process_scheduled_works+0x10/0x10
[  266.319890][ T5848]  worker_thread+0x8a0/0xda0
[  266.324508][ T5848]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  266.330861][ T5848]  ? __kthread_parkme+0x7b/0x200
[  266.335800][ T5848]  kthread+0x70e/0x8a0
[  266.339864][ T5848]  ? __pfx_worker_thread+0x10/0x10
[  266.344969][ T5848]  ? __pfx_kthread+0x10/0x10
[  266.349548][ T5848]  ? _raw_spin_unlock_irq+0x23/0x50
[  266.354741][ T5848]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.359942][ T5848]  ? __pfx_kthread+0x10/0x10
[  266.364525][ T5848]  ret_from_fork+0x3f9/0x770
[  266.369117][ T5848]  ? __pfx_ret_from_fork+0x10/0x10
[  266.374219][ T5848]  ? __switch_to_asm+0x39/0x70
[  266.378985][ T5848]  ? __switch_to_asm+0x33/0x70
[  266.383734][ T5848]  ? __pfx_kthread+0x10/0x10
[  266.388312][ T5848]  ret_from_fork_asm+0x1a/0x30
[  266.393089][ T5848]  </TASK>
[  266.396111][ T5848] Modules linked in:
[  266.401371][ T5848] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  266.617907][ T5848] RIP: 0010:add_grec+0x764/0x1670
[  266.623035][ T5848] Code: 41 01 41 89 c7 31 ff 89 c6 e8 98 02 9b f7 45 85 ff 0f 84 b0 00 00 00 e8 4a fe 9a f7 eb 05 e8 43 fe 9a f7 49 89 ee 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 ef e8 4d 7c fe f7 48 8b 45 00 48 89 84
[  266.642943][ T5848] RSP: 0018:ffffc900040af8f8 EFLAGS: 00010206
[  266.650698][ T5848] RAX: ffffffff8a255e06 RBX: 0000000000000000 RCX: ffff888033430000
[  266.658871][ T5848] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  266.664016][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.667324][ T5848] RBP: 00000000ffff0000 R08: ffff888033430000 R09: 0000000000000002
[  266.667341][ T5848] R10: 0000000000000004 R11: 0000000000000000 R12: dffffc0000000000
[  266.667353][ T5848] R13: 0000000000000005 R14: 000000001fffe000 R15: 0000000000000001
[  266.667364][ T5848] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  266.667377][ T5848] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  266.667388][ T5848] CR2: 00007ffd15919eac CR3: 000000000df38000 CR4: 00000000003526f0
[  266.667404][ T5848] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  266.667414][ T5848] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  266.667428][ T5848] Kernel panic - not syncing: Fatal exception
[  266.667682][ T5848] Kernel Offset: disabled