last executing test programs:

17.070525445s ago: executing program 1 (id=5599):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)={0x70, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x9}, @NL80211_ATTR_PREV_BSSID={0xa}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_SSID={0xa, 0x34, @random="3d804725d0f3"}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x400, 0x3, 0x7, 0x0, {0x1c32, 0x8, 0x0, 0xa, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x400, 0x4, 0x9}}, @NL80211_ATTR_MAC={0xa, 0x6, @random="62c66c0bcfb3"}]}, 0x70}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)={0x210, r1, 0x200, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @acl_policy=[@NL80211_ATTR_MAC_ADDRS={0x28, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa}, {0xa}]}], @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xeb08}, @NL80211_ATTR_TX_RATES={0x1b8, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xdf, 0x3, 0x9, 0x7, 0x7, 0x200, 0x1ff, 0x9]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x200, 0x7, 0x10, 0x4, 0x8, 0x1, 0x2]}}, @NL80211_TXRATE_HT={0x22, 0x2, [{0x3, 0x7}, {0x3, 0x5}, {0x3, 0x7}, {0x0, 0x5}, {0x3, 0x8}, {0x5, 0x2}, {0x5, 0x9}, {0x6, 0x6}, {0x3, 0x3}, {0x3, 0x8}, {0x1, 0x7}, {0x4, 0x3}, {0x6}, {0x7, 0x6}, {0x4, 0x7}, {0x4}, {0x7, 0x4}, {0x7, 0x6}, {0x5, 0x3}, {0x6, 0x1}, {0x4, 0x2}, {0x0, 0x9}, {0x7, 0xa}, {0x6, 0x7}, {0x4, 0x1}, {0x4, 0x4}, {0x5, 0x4}, {0x4, 0x1}, {0x6, 0xa}, {0x6}]}]}, @NL80211_BAND_6GHZ={0x5c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x200, 0x9, 0x0, 0xff9a, 0x7, 0x7, 0x40, 0x9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x8, 0x1c04, 0x9, 0x0, 0x7, 0x4, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x40, 0x8001, 0x5, 0x200, 0x3, 0xc000, 0x669b]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xffff, 0x2, 0x3, 0x5f2b, 0x5, 0x7f, 0x80, 0x4]}}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x44, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x6}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xec8f, 0xf, 0x4, 0x8, 0x7, 0x7ff, 0xb, 0x8000]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x200, 0x8, 0x6, 0x1, 0x79d, 0x4, 0x8, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x6, 0x3}]}]}, @NL80211_BAND_5GHZ={0x1c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}]}, @NL80211_BAND_2GHZ={0x40, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x101, 0x3, 0x1, 0x6, 0x4de5, 0x2, 0xd, 0x6]}}, @NL80211_TXRATE_HT={0x1f, 0x2, [{0x0, 0x4}, {0x5, 0x2}, {0x7, 0x1}, {0x6, 0x3}, {0x7}, {}, {0x0, 0x4}, {0x2, 0x4}, {0x3}, {0x3, 0x3}, {0x6, 0x7}, {0x1, 0x9}, {0x7, 0x1}, {0x7, 0x1}, {0x0, 0x2}, {0x7, 0x3}, {0x7, 0x5}, {0x4, 0x1}, {0x4, 0x4}, {0x0, 0x9}, {0x0, 0x1}, {0x0, 0xa}, {0x1, 0x2}, {0x3, 0x5}, {0x0, 0x6}, {0x1, 0x9}, {0x1, 0x3}]}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x2, 0x6c, 0x18, 0x6c]}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_60GHZ={0x1c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x2c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x878, 0x0, 0x8, 0x3, 0x9, 0x8, 0x7, 0x80]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x4, 0x1, 0x3, 0xba0, 0x7, 0x6da9, 0x40e]}}]}]}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}]}, 0x210}, 0x1, 0x0, 0x0, 0x8000}, 0x2400c080)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r6, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/4095, 0xfff}, {&(0x7f00000003c0)=""/242, 0xf2}, {&(0x7f0000001580)=""/141, 0x8d}], 0x3}}], 0x1, 0x2000, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYBLOB="01002d"], 0x14}, 0x1, 0x0, 0x0, 0x20000040}, 0x810)
sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002b40)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x4000084)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x58, r1, 0x1, 0x2070bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x68}, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x8000070}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}], @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008081}, 0x24044884)

16.910192766s ago: executing program 1 (id=5603):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, r1, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0xc}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x41001)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x18, 0x3c, 0x107, 0x0, 0x0, {0x3, 0x7c}, [@generic="a16d"]}, 0x18}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x44, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x70, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x7]}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x10001}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1d}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x26b}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1f3}]]}, 0x70}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

16.832182395s ago: executing program 1 (id=5607):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800800180009ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4000)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newsa={0x13c, 0x10, 0x713, 0x70bd2d, 0x0, {{@in=@broadcast, @in=@loopback, 0x0, 0x7, 0x0, 0x0, 0xa}, {@in=@local, 0x0, 0x3c}, @in6=@private1, {0x0, 0xfffffffffffffffe, 0x7, 0x100000}, {0x0, 0x0, 0xfffffffffffffff8}, {0x0, 0x0, 0x8}, 0x0, 0x0, 0xa}, [@algo_auth_trunc={0x4c, 0x14, {{'hmac(md5)\x00'}, 0x0, 0x40}}]}, 0x13c}}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
unshare(0x22020600)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="1400000016000b63d25a80648c2594f91124fc60", 0x14}], 0x1}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r8, 0x0, 0x61, &(0x7f00000001c0)={'filter\x00', 0x4}, 0x68)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, 0x0)
setsockopt$sock_attach_bpf(r5, 0x107, 0x17, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1e, &(0x7f0000000840)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x4000}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x20000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xa, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x8}, {}, {0x7, 0x0, 0xc}, {0x18, 0x6, 0x2, 0x0, r2}, {}, {0x46, 0x8, 0xfff0, 0x76}}, @map_fd={0x18, 0x5, 0x1, 0x0, r2}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)

16.531855752s ago: executing program 1 (id=5613):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) (async)
socketpair$unix(0x1, 0x5, 0x0, 0x0) (async)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000ab9ff0), 0x10) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) (async)
close(0x4) (async)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000) (async)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0xde5ef000)
r1 = socket(0x8, 0x3, 0x0)
ioctl$IMGETCOUNT(r1, 0x40106183, &(0x7f0000000000)) (async)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) (async)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x68, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x22}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}, @IPSET_ATTR_CIDR={0x5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}, 0x1, 0x0, 0x0, 0x840}, 0x48d4) (async)
socket(0xa, 0x3, 0x3a)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x20, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0xc, 0xc, 0x0, 0x0, @u64=0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000804)

16.401551105s ago: executing program 0 (id=5619):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
r2 = gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r2, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) (async)
write$cgroup_pid(r1, &(0x7f00000000c0)=r2, 0x12)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) (async)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r7, 0x0, 0x8000)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r6, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004", @ANYRES64=0x0], 0x3c}}, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0) (async)
r9 = socket(0x1, 0x803, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (async)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r11], 0x54}}, 0x0) (async, rerun: 32)
r12 = socket$igmp6(0xa, 0x3, 0x2) (rerun: 32)
setsockopt$IP6T_SO_SET_REPLACE(r12, 0x29, 0x40, 0x0, 0x0) (async)
r13 = socket$netlink(0x10, 0x3, 0x0) (async)
r14 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r14, &(0x7f0000000100)={0x11, 0x0, <r15=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r13, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r15, @ANYBLOB="0174dfdb0ddad488"], 0x20}}, 0x0) (async, rerun: 32)
r16 = socket(0x1, 0x803, 0x0) (rerun: 32)
getsockname$packet(r16, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@bridge_setlink={0x6c, 0x13, 0x20, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, r11, 0x400, 0x10403}, [@IFLA_MTU={0x8, 0x4, 0xfffffff9}, @IFLA_MAP={0x24, 0xe, {0x3, 0x40, 0x6, 0x4, 0x5, 0xdf}}, @IFLA_NET_NS_FD={0x8, 0x1c, r10}, @IFLA_PHYS_SWITCH_ID={0x15, 0x24, "c289c8b20b30134d86fb1af6b04be69670"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20044081}, 0x8000)
setsockopt$sock_attach_bpf(r16, 0x1, 0x32, &(0x7f0000000240)=r10, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfb, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x4)

16.331918146s ago: executing program 0 (id=5620):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c", 0x1e}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cd", 0x3f}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) (async)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) (async)
socket$unix(0x1, 0x5, 0x0) (async)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff0200000000000000000000000000013a"], 0xffe) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x1, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r8, 0x2000, 0x2618}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0xfffffff7}]}}}]}, 0x3c}}, 0x4000)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f0000000000)=[{0x50, 0x24, 0x0, 0x56}, {0x6, 0x2, 0x3}]}, 0x10) (async)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)

16.330070814s ago: executing program 2 (id=5621):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
bind$llc(r0, &(0x7f0000000000)={0x1a, 0x207, 0x0, 0x67, 0x1, 0x80, @multicast}, 0x10)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001340))
ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000140)={'wlan1\x00', @random="ffffff8d0100"})

16.271966651s ago: executing program 2 (id=5622):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0}, 0x94)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r3, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0xdb78be80b1915b35, {0x0, 0x0, 0x4}}, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'sit0\x00', <r8=>0x0})
setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r6, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r6, 0x11b, 0x5, &(0x7f0000000240)=0x4000, 0x4)
bind$xdp(r6, &(0x7f0000000140)={0x2c, 0x2, r8, 0x16}, 0x10)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000050000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r9}, 0xc)
r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_SET(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRESOCT=r10, @ANYRESHEX=r0, @ANYRESDEC=r11], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="80000000", @ANYRES16=r5, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="0600cd00000000005900330080200900080211000001080211000000"], 0x80}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r13=>0x0})
socket$pppoe(0x18, 0x1, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56d41, 0x2000, 0x80000000, {0x0, 0x0, 0x0, r13, {0x0, 0x4}, {0xfff2, 0xffff}, {0xffe9, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0xe0, 0x4}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x400c010)
socket$netlink(0x10, 0x3, 0x0)

16.191019652s ago: executing program 2 (id=5623):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vlan0\x00', <r1=>0x0})
r2 = gettid()
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r3 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
socket$l2tp(0x2, 0x2, 0x73)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f00000002c0)={@remote}, 0x14)
close(0x4)
socket$pppl2tp(0x18, 0x1, 0x1)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r1, 0x19c04, 0x55007}, [@IFLA_NET_NS_PID={0x8, 0x13, r2}, @IFLA_IFNAME={0x14, 0x3, 'veth0_virt_wifi\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
r6 = socket$phonet(0x23, 0x2, 0x1)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), r7)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000012c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_GET_STATION(r7, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002abd7000010000001100000008000300", @ANYRES32=r9, @ANYBLOB="0a00060008"], 0x28}, 0x1, 0x0, 0x0, 0x81}, 0x8880)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
sendmsg$nl_generic(r10, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0x178, 0x1f, 0x100, 0x70bd26, 0x25dfdbfd, {0x12}, [@generic="ddc05c415f23fd49fec3d9de870c608da71b205ba7600dea280167a5722d6f91a05d1c15cb70dfa790f81279965b061b270bb11b3e3441c6235aa9ec1fc13609a45ba5bd4038ab853922619eb42d4f7757e7c924b5a05b28c7abb20097dbdd14918f8485bbe446afb8c32379aa10ac3ccb4cbf81e194cebf8feb43b80bced43b0c6b92349ff9b4b386971b6bf307c6ef421c6108c03cd37b078bb2dd269d002bb64501c0b84cca1095e4c4a4e49488197f4eb1e184baa8bdf8750db890b8985efcdcab9720e116be32f675ea692b60b5266c743f5ad66bf46d1b34733b175e40", @generic="0a64603454e143bede37fc094411d1d7f8b565a6982ea7ba4b3d703487fda655ab0ab19509b5d329165b8e56e4a2293ee7f9d7550e3276afa96e549dca91b8ed0337c07e20c8e73e67c6a4f073ab2f42962508c1229772dfe5e04e6f6513ab03f4bf81179682286859445fb268ac9d207dca81fc18e87353e8afe31ece2360cc1420"]}, 0x178}, 0x1, 0x0, 0x0, 0x24001800}, 0x20040048)

16.081938178s ago: executing program 1 (id=5624):
socket$packet(0x11, 0x3, 0x300)
syz_80211_inject_frame(&(0x7f0000000180), 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f00000013c0))
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x1)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000540)='cpuacct.usage_percpu\x00', 0x0, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000700)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000004}, 0x880)
sendmsg$DEVLINK_CMD_RATE_SET(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x44, 0x0, 0x1, 0x0, 0x0, {0x2a}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0xb}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r7=>0x0})
sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0x48, 0x7, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x1}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x8}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040010)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

16.08045101s ago: executing program 0 (id=5625):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1ac}}, 0x0)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_TTL={0x5, 0x4, 0x2}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @local}]}}}]}, 0x50}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@ipv6_delrule={0x24, 0x21, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x4, 0xfe}, [@FIB_RULE_POLICY=@FRA_PRIORITY={0x8, 0x6, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x427f, 0x4) (async, rerun: 64)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042, 0x3}, 0x10) (rerun: 64)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000100)={0x0, <r5=>0x0}, &(0x7f0000000240)=0xc) (async)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
r6 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r6, 0x114, 0xa, &(0x7f0000000000)=0x80003, 0x4) (async)
r7 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) (async)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) (async)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r9, @ANYRES16=r5], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0)

15.981650108s ago: executing program 0 (id=5626):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f00000002c0)="230000000100", 0x6)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r0, &(0x7f00000002c0)={0x24, @none={0x0, 0x1}}, 0x14)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x11, &(0x7f0000000e40)=ANY=[@ANYBLOB="18000000090000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095001e0000000000181300005715c315f3f5e83f760a1a7b803691f90db5a47d01bb3e03dbb965424fd63ed8c06f814bb02111aa", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1}, 0x1c)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, 0x0, &(0x7f0000000900))
bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'fpu(pcbc(aes))\x00'}, 0x58)
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000000980))
gettid()
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000004c0)={{{@in6=@private0, @in6}}, {{@in=@dev}, 0x0, @in6=@local}}, 0x0)
r4 = socket$kcm(0x2, 0x5, 0x84)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000005700)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4008040}}], 0x2, 0x4000000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$nl_route(r5, 0x0, 0x2000000)
recvmmsg(r4, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)=""/68, 0x44}], 0x1}, 0x81}], 0x1, 0x2020, 0x0)
recvmmsg$unix(r3, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}, {{0x0, 0x0, 0x0, 0xffffffffffffff48}}], 0x40, 0x0, 0x0)
sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x4000000000001a8, 0x9200000000000000)
socket$nl_route(0x10, 0x3, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000200000000000000010000840000000000000000020000000000000700000000000000060200"], 0x0, 0x3e}, 0x28)
socket$netlink(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)

15.98034345s ago: executing program 2 (id=5627):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, 0x0, 0x20000000) (async, rerun: 64)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60241, 0x0) (rerun: 64)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async, rerun: 32)
r4 = socket$kcm(0x2, 0xa, 0x2) (rerun: 32)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) (async)
writev(r3, &(0x7f00000006c0)=[{&(0x7f0000000140)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9001c2f8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000100)="051a00000e80006558", 0x9}], 0x2) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r7, 0x4008af60, &(0x7f0000000180)={@hyper})
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'gretap0\x00', <r9=>0x0})
socket$rds(0x15, 0x5, 0x0) (async)
sendto$packet(r6, &(0x7f0000000080)="33031600d1fd140000007ef52f555f2a3b9fe67025c1d97bfbf719143baa4b1f0f858c6632f47042195e", 0xfdef, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r9, 0x1, 0x62}, 0x14) (async)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000ffdbdf253700000008000300", @ANYRES32=r5, @ANYBLOB="080026006c09000008002700f6000000080057000408", @ANYRESDEC=r2, @ANYRES64=r6, @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x8850}, 0x4000) (async, rerun: 32)
ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8936, &(0x7f0000000000)={@local, 0x1d, r9}) (rerun: 32)

15.64064378s ago: executing program 0 (id=5628):
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb0000080003"], 0x68}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="5400000010000100"/20, @ANYRES32=r2, @ANYBLOB="7240146c00000000340012800c0001006d6163766c616e0024"], 0x54}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11000000040000000400000022"], 0x48)
r4 = socket(0x2c, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r5, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r4}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r3, &(0x7f0000000140), &(0x7f0000000080)=@udp=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r3, &(0x7f0000000540)}, 0x20)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x4c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x35, 0x11, 0x0, 0x1, [@generic="9e15c00619065e963eba3ef94d765eb501e2e4bea6b8d14b16632741a5bb965fe09b7844e4b103706a1038bc955454ed2f"]}]}, 0x4c}], 0x1}, 0x300)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000005c40), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r7, &(0x7f0000005e40)={0x0, 0x0, &(0x7f0000005e00)={&(0x7f0000005d40)={0x20, r8, 0x21, 0x8d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x100}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x8004)
setsockopt$sock_int(r6, 0x1, 0x2b, &(0x7f0000000080)=0x6, 0x4)

15.63995898s ago: executing program 2 (id=5629):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x4, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) (async, rerun: 64)
socket$inet6_udplite(0xa, 0x2, 0x88) (async, rerun: 64)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}}, 0x0) (async, rerun: 32)
socket(0x1e, 0x2, 0xb5) (rerun: 32)
syz_emit_ethernet(0x82, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffff1704b45adbde080045000074000000000001000000000000001414aa05009078e00000e04600000000000000001100000000000000000004830300070300443c0003e0000089000000000000000000000000ac1414aa00000000ac1414bb000000000000000000000000ac141400"/130], 0x0)

15.598208595s ago: executing program 0 (id=5630):
r0 = socket(0x28, 0x0, 0x9)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000)={0x10}, 0x4)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000040)={0x1, [<r1=>0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x9, 0x8001, 0x8005, 0x7f, 0xd612, 0x9, 0x5, 0x2, r1}, 0x20)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100), 0x4)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x40, r3, 0x9, 0x70bd29, 0x25dfdbff, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0xffffffff}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x9}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
sendto$inet6(r0, &(0x7f0000000280)="ca117d1f12414bffe3ed95324b506579e4487981bab886a0423d6875e97a12f8403ddf4db1dc386f00711839afa3f90542789010eaa229475a1a51a82f9992e8d208ddd8cdabf2213923c3041d1f4bc83963c6682d3e79c41f763edcbf92bd9b5f59ca4565678d42d35f52c38d8b2fe27828a41c551c78a7", 0x78, 0x2000cc80, 0x0, 0x0)
read$alg(r0, &(0x7f0000000300)=""/57, 0x39)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000340)={0x16, @dev={0xac, 0x14, 0x14, 0x32}, 0x4e22, 0x0, 'wlc\x00', 0x2, 0x9, 0x20}, 0x2c)
r5 = accept4$unix(r0, 0x0, &(0x7f0000000380), 0x800)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r6, 0x84, 0x21, &(0x7f00000003c0), 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000440)={r1, @in6={{0xa, 0x4e21, 0xfff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xffffff58}}}, 0x84)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000500)={0x80})
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000005c0)={r1, 0x9, 0xf}, 0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600))
ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f0000000640)={0x1f, "6f5916a94dfb9d7f0763421281bd3bbc8c7d77f846057d209dc293c39dcac0ffdaa7c6802709347dc3930268effe7b132a70422db638d3c46f570cf90f41ff5ad32cacc51af0f5d748e51a65e86a5315a89e46b7f757026e6d37bbf9c89a69dbad9f5f0080df3c1e33fed0f4537257c5a573919d4c8968f04c4a018a45c548b7"})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x18000, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f0000000740)={'erspan0\x00', @broadcast})
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x300000a, 0x50, r7, 0xce1c1000)
r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000007c0), r2)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x78, r9, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:klogd_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010101}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000040}, 0x0)
connect$unix(r5, &(0x7f0000000900)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_genetlink_get_family_id$nfc(&(0x7f0000000980), r2)
ioctl$INCFS_IOC_FILL_BLOCKS(r10, 0x80106720, &(0x7f0000000f80)={0x8, &(0x7f0000000e80)=[{0x80, 0xbb, &(0x7f00000009c0)="1de69b00dae84dc9ba84fd341bf2a2bd0443b94b03dbe79a8d03f3e535dea625d050437341f72019e0ec2e699a1c00411f6fcfbe69359e37e8e20b6609540fe1b049869eee38559a1fc022bc69e6af59181cb6a5bd91e9ac4d656372465ef7c20dfd7d64f8fda0da07882d1bf7ebb0cdf3f566ef5b47d52b112cf4f12f44658042697af0944d3d4f461406a850cee46ab4a2cf5fd592bf5061e5c5a3a7b221a15cede41b0d532c71e24489a1b501b239de02207a2acab39ec2b53f", 0x1}, {0x3, 0xd7, &(0x7f0000000a80)="6df01e35c5c5bcd2f12799c691c3634d26a2a1d82448fd3fbdd17b8244978b615652899bf13c0f5f72ece8b458ae05f825d7127096be3956fef536e1c5b5777c58262e2b99c62855a194c9745129775ae4fdb4fb2ec1f00314ad9f7632ac3f00959132bf4796711b51ceb80740d7b118a5950eb5f4bfe7125df8fed66db3a4cefe6fe230d6af87bae84d05e2c3717a87de027a98fcddb8230504004e2a2fdd381a59a3a1ee11ef5844f46e3797e3f5c6149367b07498a41cfb4d91b0695af9439b1670b7b979a5a7a87a9e6aaedc580526ff44681228a1"}, {0x4, 0x84, &(0x7f0000000b80)="19bc978914303da103c4ff097ded18a19c199d7917d810ea547dd88f7af67f77bb924348d583c18d2a79f044422f80a94ce8d7584a8954df4e6ed6654b6dffaee3397acfb8f416b6725abd18e40b31793e11a0fa87f007b5d7ca8d45e7907b4f627397674c55841faa6f54886ed34aa9238d519d658dfef78998d4b3ed7e35d97b598f98", 0x0, 0x1}, {0x80000000, 0x28, &(0x7f0000000c40)="0d380c50c3102637f5a765a27760d36b9da64bc41305d2063aebf49623bbc23553ab7ef577bcf9f4", 0x1}, {0xfff, 0x4a, &(0x7f0000000c80)="c7bf6133cb86eb8e5078d02430aeb068f2930873db64832fe8523d05a9a46a80986ac22b4596b2f305ce9d7bc18fe6f3c22b4457fb8eaaee6b446fb8a0c8a0ad18448196209086b50b44", 0x1, 0x1}, {0x6, 0x83, &(0x7f0000000d00)="d89613d307a2302241132699354b1c48adea09dab5c413117e186c0e5b9cc7548822e466f9fbfbfc731a97440f7b5f8ccbc53b8fc96b17387060958d8d6b48c05b8edf31b5f6176072be3498077c15b5ea64f7516244b03a758c11c73319382b0b1bbbb9638516b85d95a1e76fb06f50dd7a80bb3e05769b2297cdb4e0bba16c96b430", 0x1, 0x1}, {0x5, 0x37, &(0x7f0000000dc0)="877c22d9da7570f422de4605351f0d7e129528b9c862501080e038dbb202848d2b66029076b93e64a427d9a5656cd93bf0e28d203b748c", 0x1, 0x1}, {0x3, 0x49, &(0x7f0000000e00)="5cfcdcd41d487c8a11446a8ebe089dc58b8ec71e99000b3dc547a869c65f28915199a82a47fd65b25fe0bf8d591c6989b0224245ef2b0cc83066aa264f3b8b1d344d6be1142ee44655", 0x0, 0x1}]})

15.541989835s ago: executing program 2 (id=5631):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, r0, 0x400, 0xfffffff1, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x72}}}}}, 0x28}}, 0x2004)

15.381839928s ago: executing program 1 (id=5632):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
bind$netlink(r2, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_delroute={0x3c, 0x19, 0x901, 0x0, 0x20, {0x2, 0x18, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @rand_addr=0x64010100}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @RPL_IPTUNNEL_SRH={0xc, 0x1, {0x3, 0x8, 0x1, 0x8, 0x2}}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000240)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x14)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000007037ef21cd08ba66e68fea804b2ac35647ce7ebd623eb83c78be424ad31b90ff35750a8c92dbcafe4aea1e500f8a908f3c767788e4f7c412f217", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r6, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000c40)={0x40, r8, 0x1, 0xffffffff, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7fff}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmmsg(r6, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r6, 0x0, 0x487, 0x0, 0x0)
recvfrom$llc(r6, &(0x7f0000000000)=""/248, 0xf8, 0x40010001, 0x0, 0x0)
listen(r6, 0xd)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r9}, 0x18)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000700)={0x0, @in={{0x2, 0x4e23, @multicast2}}, 0xbbab, 0x4, 0x8001, 0x10, 0x4, 0xfffffff9, 0x5}, 0x9c)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r10, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='wg2\x00', 0x4)
ioctl$SIOCPNGETOBJECT(0xffffffffffffffff, 0x89e0, &(0x7f0000000480))

52.507425ms ago: executing program 32 (id=5630):
r0 = socket(0x28, 0x0, 0x9)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000)={0x10}, 0x4)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000040)={0x1, [<r1=>0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x9, 0x8001, 0x8005, 0x7f, 0xd612, 0x9, 0x5, 0x2, r1}, 0x20)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100), 0x4)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x40, r3, 0x9, 0x70bd29, 0x25dfdbff, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0xffffffff}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x9}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
sendto$inet6(r0, &(0x7f0000000280)="ca117d1f12414bffe3ed95324b506579e4487981bab886a0423d6875e97a12f8403ddf4db1dc386f00711839afa3f90542789010eaa229475a1a51a82f9992e8d208ddd8cdabf2213923c3041d1f4bc83963c6682d3e79c41f763edcbf92bd9b5f59ca4565678d42d35f52c38d8b2fe27828a41c551c78a7", 0x78, 0x2000cc80, 0x0, 0x0)
read$alg(r0, &(0x7f0000000300)=""/57, 0x39)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000340)={0x16, @dev={0xac, 0x14, 0x14, 0x32}, 0x4e22, 0x0, 'wlc\x00', 0x2, 0x9, 0x20}, 0x2c)
r5 = accept4$unix(r0, 0x0, &(0x7f0000000380), 0x800)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r6, 0x84, 0x21, &(0x7f00000003c0), 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000440)={r1, @in6={{0xa, 0x4e21, 0xfff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xffffff58}}}, 0x84)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000500)={0x80})
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000005c0)={r1, 0x9, 0xf}, 0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600))
ioctl$SIOCX25SCALLUSERDATA(r0, 0x89e5, &(0x7f0000000640)={0x1f, "6f5916a94dfb9d7f0763421281bd3bbc8c7d77f846057d209dc293c39dcac0ffdaa7c6802709347dc3930268effe7b132a70422db638d3c46f570cf90f41ff5ad32cacc51af0f5d748e51a65e86a5315a89e46b7f757026e6d37bbf9c89a69dbad9f5f0080df3c1e33fed0f4537257c5a573919d4c8968f04c4a018a45c548b7"})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000700), 0x18000, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f0000000740)={'erspan0\x00', @broadcast})
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x300000a, 0x50, r7, 0xce1c1000)
r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000007c0), r2)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r2, &(0x7f00000008c0)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x78, r9, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:klogd_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010101}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x78}, 0x1, 0x0, 0x0, 0x24000040}, 0x0)
connect$unix(r5, &(0x7f0000000900)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_genetlink_get_family_id$nfc(&(0x7f0000000980), r2)
ioctl$INCFS_IOC_FILL_BLOCKS(r10, 0x80106720, &(0x7f0000000f80)={0x8, &(0x7f0000000e80)=[{0x80, 0xbb, &(0x7f00000009c0)="1de69b00dae84dc9ba84fd341bf2a2bd0443b94b03dbe79a8d03f3e535dea625d050437341f72019e0ec2e699a1c00411f6fcfbe69359e37e8e20b6609540fe1b049869eee38559a1fc022bc69e6af59181cb6a5bd91e9ac4d656372465ef7c20dfd7d64f8fda0da07882d1bf7ebb0cdf3f566ef5b47d52b112cf4f12f44658042697af0944d3d4f461406a850cee46ab4a2cf5fd592bf5061e5c5a3a7b221a15cede41b0d532c71e24489a1b501b239de02207a2acab39ec2b53f", 0x1}, {0x3, 0xd7, &(0x7f0000000a80)="6df01e35c5c5bcd2f12799c691c3634d26a2a1d82448fd3fbdd17b8244978b615652899bf13c0f5f72ece8b458ae05f825d7127096be3956fef536e1c5b5777c58262e2b99c62855a194c9745129775ae4fdb4fb2ec1f00314ad9f7632ac3f00959132bf4796711b51ceb80740d7b118a5950eb5f4bfe7125df8fed66db3a4cefe6fe230d6af87bae84d05e2c3717a87de027a98fcddb8230504004e2a2fdd381a59a3a1ee11ef5844f46e3797e3f5c6149367b07498a41cfb4d91b0695af9439b1670b7b979a5a7a87a9e6aaedc580526ff44681228a1"}, {0x4, 0x84, &(0x7f0000000b80)="19bc978914303da103c4ff097ded18a19c199d7917d810ea547dd88f7af67f77bb924348d583c18d2a79f044422f80a94ce8d7584a8954df4e6ed6654b6dffaee3397acfb8f416b6725abd18e40b31793e11a0fa87f007b5d7ca8d45e7907b4f627397674c55841faa6f54886ed34aa9238d519d658dfef78998d4b3ed7e35d97b598f98", 0x0, 0x1}, {0x80000000, 0x28, &(0x7f0000000c40)="0d380c50c3102637f5a765a27760d36b9da64bc41305d2063aebf49623bbc23553ab7ef577bcf9f4", 0x1}, {0xfff, 0x4a, &(0x7f0000000c80)="c7bf6133cb86eb8e5078d02430aeb068f2930873db64832fe8523d05a9a46a80986ac22b4596b2f305ce9d7bc18fe6f3c22b4457fb8eaaee6b446fb8a0c8a0ad18448196209086b50b44", 0x1, 0x1}, {0x6, 0x83, &(0x7f0000000d00)="d89613d307a2302241132699354b1c48adea09dab5c413117e186c0e5b9cc7548822e466f9fbfbfc731a97440f7b5f8ccbc53b8fc96b17387060958d8d6b48c05b8edf31b5f6176072be3498077c15b5ea64f7516244b03a758c11c73319382b0b1bbbb9638516b85d95a1e76fb06f50dd7a80bb3e05769b2297cdb4e0bba16c96b430", 0x1, 0x1}, {0x5, 0x37, &(0x7f0000000dc0)="877c22d9da7570f422de4605351f0d7e129528b9c862501080e038dbb202848d2b66029076b93e64a427d9a5656cd93bf0e28d203b748c", 0x1, 0x1}, {0x3, 0x49, &(0x7f0000000e00)="5cfcdcd41d487c8a11446a8ebe089dc58b8ec71e99000b3dc547a869c65f28915199a82a47fd65b25fe0bf8d591c6989b0224245ef2b0cc83066aa264f3b8b1d344d6be1142ee44655", 0x0, 0x1}]})

35.542µs ago: executing program 33 (id=5632):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
bind$netlink(r2, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_delroute={0x3c, 0x19, 0x901, 0x0, 0x20, {0x2, 0x18, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @rand_addr=0x64010100}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @RPL_IPTUNNEL_SRH={0xc, 0x1, {0x3, 0x8, 0x1, 0x8, 0x2}}}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000240)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x14)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000007037ef21cd08ba66e68fea804b2ac35647ce7ebd623eb83c78be424ad31b90ff35750a8c92dbcafe4aea1e500f8a908f3c767788e4f7c412f217", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r6, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000000c40)={0x40, r8, 0x1, 0xffffffff, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7fff}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
sendmmsg(r6, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r6, 0x0, 0x487, 0x0, 0x0)
recvfrom$llc(r6, &(0x7f0000000000)=""/248, 0xf8, 0x40010001, 0x0, 0x0)
listen(r6, 0xd)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r9}, 0x18)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000700)={0x0, @in={{0x2, 0x4e23, @multicast2}}, 0xbbab, 0x4, 0x8001, 0x10, 0x4, 0xfffffff9, 0x5}, 0x9c)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r10, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='wg2\x00', 0x4)
ioctl$SIOCPNGETOBJECT(0xffffffffffffffff, 0x89e0, &(0x7f0000000480))

0s ago: executing program 34 (id=5631):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, r0, 0x400, 0xfffffff1, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x9, 0x72}}}}}, 0x28}}, 0x2004)

kernel console output (not intermixed with test programs):

  428.628118][T21878]  do_syscall_64+0xfa/0x3b0
[  428.628135][T21878]  ? lockdep_hardirqs_on+0x9c/0x150
[  428.628151][T21878]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.628166][T21878]  ? exc_page_fault+0x9f/0xf0
[  428.628184][T21878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.628199][T21878] RIP: 0033:0x7f815b18ebe9
[  428.628212][T21878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  428.628226][T21878] RSP: 002b:00007f815bfad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  428.628244][T21878] RAX: ffffffffffffffda RBX: 00007f815b3b5fa0 RCX: 00007f815b18ebe9
[  428.628255][T21878] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000009
[  428.628265][T21878] RBP: 00007f815b211e19 R08: 0000000000000000 R09: 0000000000000000
[  428.628280][T21878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  428.628289][T21878] R13: 00007f815b3b6038 R14: 00007f815b3b5fa0 R15: 00007ffc6fda0138
[  428.628316][T21878]  </TASK>
[  428.858094][T21882] lo speed is unknown, defaulting to 1000
[  428.954800][T21891] netlink: 'syz.2.4154': attribute type 13 has an invalid length.
[  428.957329][T21891] netlink: 'syz.2.4154': attribute type 17 has an invalid length.
[  428.997770][T21891] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  429.048692][T21891] netlink: 204 bytes leftover after parsing attributes in process `syz.2.4154'.
[  429.075575][T21898] netlink: 'syz.1.4158': attribute type 1 has an invalid length.
[  429.079103][T21898] netlink: 'syz.1.4158': attribute type 2 has an invalid length.
[  429.292573][T21912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4163'.
[  429.553238][T21916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4164'.
[  429.800859][T21932] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4169'.
[  429.843376][T21933] netlink: 'syz.0.4167': attribute type 1 has an invalid length.
[  429.848053][T21933] netlink: 'syz.0.4167': attribute type 3 has an invalid length.
[  429.850512][T21933] netlink: 564 bytes leftover after parsing attributes in process `syz.0.4167'.
[  430.148236][T21945] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4173'.
[  430.242169][T21952] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4175'.
[  430.294215][T21953] netlink: 'syz.2.4174': attribute type 2 has an invalid length.
[  430.300859][T21953] netlink: 'syz.2.4174': attribute type 1 has an invalid length.
[  430.311666][T21953] netlink: 'syz.2.4174': attribute type 1 has an invalid length.
[  430.663276][T21964] lo speed is unknown, defaulting to 1000
[  430.769589][T21973] bond19: left promiscuous mode
[  430.773434][T21973] team0: Port device bond19 removed
[  430.783405][T21973] bond20: left promiscuous mode
[  430.787328][T21973] team0: Port device bond20 removed
[  430.794016][T21973] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  430.801202][T21973] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode
[  430.805006][T21973] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode
[  431.025393][T21964] syzkaller0 speed is unknown, defaulting to 1000
[  431.825485][T22011] syzkaller1: entered promiscuous mode
[  431.828432][T22011] syzkaller1: entered allmulticast mode
[  431.977949][T22014] openvswitch: netlink: Flow actions attr not present in new flow.
[  432.351976][T22040] tipc: Resetting bearer <eth:gre0>
[  432.439580][T22040] mac80211_hwsim hwsim192 wlan0: left promiscuous mode
[  432.446976][T22040] gretap3: left promiscuous mode
[  432.667813][T22064] NCSI netlink: No device for ifindex 0
[  432.750676][T22070] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[  432.813027][T22071] 8021q: adding VLAN 0 to HW filter on device team0
[  432.820222][T22071] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  433.187139][T22083] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  433.237106][T22085] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  434.209458][T22088] lo speed is unknown, defaulting to 1000
[  434.244863][T22096] IPv6: Can't replace route, no match found
[  434.448328][T22112] validate_nla: 3 callbacks suppressed
[  434.448340][T22112] netlink: 'syz.0.4221': attribute type 4 has an invalid length.
[  434.459997][T22113] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  434.461433][T22112] tipc: Resetting bearer <eth:gre0>
[  434.512787][T22088] syzkaller0 speed is unknown, defaulting to 1000
[  434.524172][T22113] __nla_validate_parse: 14 callbacks suppressed
[  434.524186][T22113] netlink: 156 bytes leftover after parsing attributes in process `syz.2.4218'.
[  434.564926][ T2206] lo speed is unknown, defaulting to 1000
[  434.566808][ T2206] syz0: Port: 1 Link DOWN
[  434.569287][ T2206] lo speed is unknown, defaulting to 1000
[  435.051952][T22128] netlink: 'syz.0.4227': attribute type 12 has an invalid length.
[  435.319998][T22141] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4232'.
[  435.322865][T22141] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4232'.
[  435.387673][T22143] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4231'.
[  435.540270][T22163] netlink: 'syz.0.4237': attribute type 11 has an invalid length.
[  435.599254][T22166] netlink: 'syz.0.4238': attribute type 10 has an invalid length.
[  435.694903][T22172] mac80211_hwsim hwsim273 wlan1: entered allmulticast mode
[  435.741882][T22181] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4243'.
[  435.832429][T22185] netlink: 'syz.1.4245': attribute type 1 has an invalid length.
[  435.852139][T22185] 8021q: adding VLAN 0 to HW filter on device bond15
[  435.903281][T22185] vlan3: entered allmulticast mode
[  435.905307][T22185] mac80211_hwsim hwsim192 wlan0: entered allmulticast mode
[  436.813771][T22210] RDS: rds_bind could not find a transport for ::ffff:100.1.1.0, load rds_tcp or rds_rdma?
[  437.179788][T22214] netlink: 'syz.0.4253': attribute type 4 has an invalid length.
[  437.182796][T22214] netlink: 14345 bytes leftover after parsing attributes in process `syz.0.4253'.
[  437.368628][T22221] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4254'.
[  437.806768][T22233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4258'.
[  438.267885][T22259] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4264'.
[  438.463193][T22282] netlink: 248 bytes leftover after parsing attributes in process `syz.2.4272'.
[  438.605789][T22289] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  438.730957][T22299] netlink: zone id is out of range
[  438.732624][T22299] netlink: zone id is out of range
[  438.742251][T22299] netlink: zone id is out of range
[  438.744293][T22299] netlink: zone id is out of range
[  438.746703][T22299] netlink: zone id is out of range
[  438.748846][T22299] netlink: zone id is out of range
[  438.750697][T22299] netlink: zone id is out of range
[  438.752512][T22299] netlink: zone id is out of range
[  438.754081][T22299] netlink: zone id is out of range
[  438.761418][T22299] netlink: zone id is out of range
[  438.929543][T22329] lo speed is unknown, defaulting to 1000
[  439.377286][T22329] syzkaller0 speed is unknown, defaulting to 1000
[  439.662250][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  439.664369][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  439.674846][T22368] __nla_validate_parse: 5 callbacks suppressed
[  439.674858][T22368] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4290'.
[  439.706309][T22368] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4290'.
[  440.000899][T22380] netlink: 'syz.2.4293': attribute type 1 has an invalid length.
[  440.006190][T22380] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4293'.
[  440.087357][T22386] netlink: 'syz.2.4294': attribute type 9 has an invalid length.
[  440.089914][T22386] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4294'.
[  440.162775][T22386] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4294'.
[  440.209814][T22394] netlink: 'syz.2.4297': attribute type 3 has an invalid length.
[  440.213077][T22394] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4297'.
[  440.222385][T22394] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  440.226902][T22394] mac80211_hwsim hwsim3 syzkaller0: entered promiscuous mode
[  440.230220][T22394] mac80211_hwsim hwsim3 syzkaller0: entered allmulticast mode
[  440.235741][T22394] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4297'.
[  440.378892][T22405] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.4299'.
[  440.433337][T22409] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4301'.
[  440.576080][T22409] netlink: 248 bytes leftover after parsing attributes in process `syz.2.4301'.
[  440.831607][T22431] netlink: 'syz.1.4306': attribute type 1 has an invalid length.
[  440.887464][T22431] bond16: (slave bridge9): making interface the new active one
[  440.891096][T22431] bond16: (slave bridge9): Enslaving as an active interface with an up link
[  440.979067][T22434] netlink: 'syz.0.4307': attribute type 10 has an invalid length.
[  440.982382][T22434] batadv0: entered promiscuous mode
[  440.984739][T22434] batadv0: entered allmulticast mode
[  440.987337][T22434] bridge0: port 1(batadv0) entered blocking state
[  440.990333][T22434] bridge0: port 1(batadv0) entered disabled state
[  441.063348][T22440] nbd: must specify a size in bytes for the device
[  441.066746][ T5909] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  441.069929][ T5909] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  441.660164][T22487] netlink: 'syz.0.4320': attribute type 13 has an invalid length.
[  441.662521][T22487] netlink: 'syz.0.4320': attribute type 17 has an invalid length.
[  441.708825][T22487] 8021q: adding VLAN 0 to HW filter on device team0
[  441.718886][T20093] lo speed is unknown, defaulting to 1000
[  441.723345][T20093] syz0: Port: 1 Link ACTIVE
[  441.732146][T20093] lo speed is unknown, defaulting to 1000
[  441.858911][T22502] syzkaller1: entered promiscuous mode
[  441.860745][T22502] syzkaller1: entered allmulticast mode
[  442.023746][T22513] netlink: 'syz.2.4326': attribute type 12 has an invalid length.
[  442.297355][T22533] netlink: 'syz.2.4333': attribute type 10 has an invalid length.
[  442.603442][T22565] tipc: Resetting bearer <eth:gre0>
[  442.978066][T22584] netlink: 'syz.1.4342': attribute type 10 has an invalid length.
[  443.619213][T22608] lo speed is unknown, defaulting to 1000
[  444.021646][T22608] syzkaller0 speed is unknown, defaulting to 1000
[  445.096506][T22697] __nla_validate_parse: 13 callbacks suppressed
[  445.096517][T22697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4371'.
[  445.114616][T22700] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4372'.
[  445.117862][T22700] net_ratelimit: 468 callbacks suppressed
[  445.117872][T22700] openvswitch: netlink: Flow actions attr not present in new flow.
[  445.380211][T22725] syzkaller1: entered promiscuous mode
[  445.382008][T22725] syzkaller1: entered allmulticast mode
[  445.422132][T22718] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.4377'.
[  445.541649][T22736] tipc: Resetting bearer <eth:gre0>
[  445.578160][T22736] mac80211_hwsim hwsim7 syzkaller0: left promiscuous mode
[  445.580880][T22736] mac80211_hwsim hwsim7 syzkaller0: left allmulticast mode
[  445.601744][ T2206] lo speed is unknown, defaulting to 1000
[  445.603716][ T2206] syz0: Port: 1 Link DOWN
[  445.605722][ T2206] lo speed is unknown, defaulting to 1000
[  445.697659][T22742] lo speed is unknown, defaulting to 1000
[  445.911210][T22754] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4386'.
[  446.211161][T22766] validate_nla: 6 callbacks suppressed
[  446.211177][T22766] netlink: 'syz.0.4390': attribute type 1 has an invalid length.
[  446.220276][T22742] syzkaller0 speed is unknown, defaulting to 1000
[  446.220954][T22766] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4390'.
[  446.330658][T22768] netlink: 'syz.0.4391': attribute type 28 has an invalid length.
[  446.439629][T22772] netlink: 5636 bytes leftover after parsing attributes in process `syz.2.4392'.
[  446.633815][T22777] netlink: 'syz.1.4395': attribute type 9 has an invalid length.
[  446.644683][T22777] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4395'.
[  446.843356][T22791] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4397'.
[  446.865562][T22791] wireguard0: entered promiscuous mode
[  446.867414][T22791] wireguard0: entered allmulticast mode
[  446.919462][T22796] lo speed is unknown, defaulting to 1000
[  446.964026][T22797] netlink: 'syz.1.4398': attribute type 4 has an invalid length.
[  446.966844][T22797] netlink: 17 bytes leftover after parsing attributes in process `syz.1.4398'.
[  447.057651][T22795] lo speed is unknown, defaulting to 1000
[  447.213092][T22804] netlink: 'syz.0.4401': attribute type 1 has an invalid length.
[  447.216345][T22804] netlink: 600 bytes leftover after parsing attributes in process `syz.0.4401'.
[  447.258595][T22796] syzkaller0 speed is unknown, defaulting to 1000
[  447.460610][T22795] syzkaller0 speed is unknown, defaulting to 1000
[  447.656064][T22836] netlink: 'syz.0.4408': attribute type 10 has an invalid length.
[  448.257814][T22860] netlink: 'syz.1.4411': attribute type 2 has an invalid length.
[  448.276166][T22860] : entered promiscuous mode
[  448.383641][T22864] lo speed is unknown, defaulting to 1000
[  448.411703][T22868] netlink: 'syz.0.4417': attribute type 9 has an invalid length.
[  448.588979][T22875] mac80211_hwsim hwsim325 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  448.833554][T22864] syzkaller0 speed is unknown, defaulting to 1000
[  449.484291][T22925] netlink: 'syz.0.4433': attribute type 13 has an invalid length.
[  449.489459][T22926] netlink: 'syz.0.4433': attribute type 13 has an invalid length.
[  449.575833][T22930] vlan1: entered promiscuous mode
[  449.577760][T22930] bridge0: entered promiscuous mode
[  449.608361][T22931] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  449.613267][T22931] CPU: 1 UID: 0 PID: 22931 Comm: syz.2.4435 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  449.613288][T22931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  449.613297][T22931] Call Trace:
[  449.613304][T22931]  <TASK>
[  449.613317][T22931]  dump_stack_lvl+0x189/0x250
[  449.613337][T22931]  ? __pfx_dump_stack_lvl+0x10/0x10
[  449.613347][T22931]  ? __pfx__printk+0x10/0x10
[  449.613361][T22931]  ? kernfs_path_from_node+0x2f/0x290
[  449.613370][T22931]  ? kernfs_path_from_node+0x250/0x290
[  449.613377][T22931]  ? kernfs_path_from_node+0x2f/0x290
[  449.613387][T22931]  sysfs_warn_dup+0x8e/0xa0
[  449.613396][T22931]  sysfs_do_create_link_sd+0xc0/0x110
[  449.613406][T22931]  device_add_class_symlinks+0x1cf/0x240
[  449.613420][T22931]  device_add+0x475/0xb50
[  449.613433][T22931]  wiphy_register+0x1ba6/0x28d0
[  449.613451][T22931]  ? __pfx_wiphy_register+0x10/0x10
[  449.613459][T22931]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  449.613475][T22931]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  449.613489][T22931]  ieee80211_register_hw+0x3425/0x4080
[  449.613509][T22931]  ? ieee80211_register_hw+0x1401/0x4080
[  449.613524][T22931]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  449.613537][T22931]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  449.613549][T22931]  ? __hrtimer_setup+0x187/0x210
[  449.613556][T22931]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  449.613568][T22931]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  449.613592][T22931]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  449.613599][T22931]  ? trace_kmalloc+0x1f/0xd0
[  449.613609][T22931]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  449.613619][T22931]  ? kstrndup+0xbf/0x160
[  449.613632][T22931]  hwsim_new_radio_nl+0xea4/0x1b10
[  449.613643][T22931]  ? __pfx___nla_validate_parse+0x10/0x10
[  449.613660][T22931]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  449.613675][T22931]  ? __nla_parse+0x40/0x60
[  449.613687][T22931]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  449.613699][T22931]  genl_family_rcv_msg_doit+0x215/0x300
[  449.613714][T22931]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  449.613758][T22931]  ? bpf_lsm_capable+0x9/0x20
[  449.613768][T22931]  ? security_capable+0x7e/0x2e0
[  449.613782][T22931]  genl_rcv_msg+0x60e/0x790
[  449.613797][T22931]  ? __pfx_genl_rcv_msg+0x10/0x10
[  449.613808][T22931]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  449.613823][T22931]  netlink_rcv_skb+0x208/0x470
[  449.613831][T22931]  ? __lock_acquire+0xab9/0xd20
[  449.613843][T22931]  ? __pfx_genl_rcv_msg+0x10/0x10
[  449.613855][T22931]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  449.613874][T22931]  ? down_read+0x1ad/0x2e0
[  449.613886][T22931]  genl_rcv+0x28/0x40
[  449.613896][T22931]  netlink_unicast+0x82f/0x9e0
[  449.613909][T22931]  ? __pfx_netlink_unicast+0x10/0x10
[  449.613918][T22931]  ? netlink_sendmsg+0x642/0xb30
[  449.613926][T22931]  ? skb_put+0x11b/0x210
[  449.613938][T22931]  netlink_sendmsg+0x805/0xb30
[  449.613952][T22931]  ? __pfx_netlink_sendmsg+0x10/0x10
[  449.613964][T22931]  ? aa_sock_msg_perm+0xf1/0x1d0
[  449.613976][T22931]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  449.613984][T22931]  ? __pfx_netlink_sendmsg+0x10/0x10
[  449.613994][T22931]  __sock_sendmsg+0x21c/0x270
[  449.614004][T22931]  ____sys_sendmsg+0x505/0x830
[  449.614018][T22931]  ? __pfx_____sys_sendmsg+0x10/0x10
[  449.614034][T22931]  ? import_iovec+0x74/0xa0
[  449.614043][T22931]  ___sys_sendmsg+0x21f/0x2a0
[  449.614055][T22931]  ? __pfx____sys_sendmsg+0x10/0x10
[  449.614086][T22931]  ? __fget_files+0x2a/0x420
[  449.614097][T22931]  ? __fget_files+0x3a0/0x420
[  449.614114][T22931]  __x64_sys_sendmsg+0x19b/0x260
[  449.614126][T22931]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  449.614142][T22931]  ? rcu_is_watching+0x15/0xb0
[  449.614153][T22931]  ? do_syscall_64+0xbe/0x3b0
[  449.614165][T22931]  do_syscall_64+0xfa/0x3b0
[  449.614173][T22931]  ? lockdep_hardirqs_on+0x9c/0x150
[  449.614182][T22931]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.614189][T22931]  ? exc_page_fault+0x9f/0xf0
[  449.614199][T22931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.614206][T22931] RIP: 0033:0x7f4a01b8ebe9
[  449.614215][T22931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.614223][T22931] RSP: 002b:00007f49ffdd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  449.614232][T22931] RAX: ffffffffffffffda RBX: 00007f4a01db6090 RCX: 00007f4a01b8ebe9
[  449.614237][T22931] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000008
[  449.614242][T22931] RBP: 00007f4a01c11e19 R08: 0000000000000000 R09: 0000000000000000
[  449.614247][T22931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  449.614252][T22931] R13: 00007f4a01db6128 R14: 00007f4a01db6090 R15: 00007fff2a5a3448
[  449.614266][T22931]  </TASK>
[  450.462155][T22966] 8021q: adding VLAN 0 to HW filter on device team0
[  450.466909][T22966] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  450.956173][T22996] __nla_validate_parse: 22 callbacks suppressed
[  450.956185][T22996] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.4449'.
[  451.088346][T23005] mac80211_hwsim hwsim325 wlan1: entered allmulticast mode
[  451.106527][T23008] batadv0: left allmulticast mode
[  451.108887][T23008] batadv0: left promiscuous mode
[  451.111301][T23008] bridge0: port 1(batadv0) entered disabled state
[  451.499535][T23023] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4456'.
[  451.610734][T23035] validate_nla: 5 callbacks suppressed
[  451.610745][T23035] netlink: 'syz.1.4457': attribute type 13 has an invalid length.
[  451.621135][T23035] tipc: Resetting bearer <eth:gre0>
[  451.737036][T23041] syz0: rxe_newlink: already configured on lo
[  451.827854][T23043] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4461'.
[  452.109322][T23055] netlink: 'syz.2.4464': attribute type 1 has an invalid length.
[  452.112304][T23055] netlink: 'syz.2.4464': attribute type 11 has an invalid length.
[  452.115302][T23055] netlink: 220 bytes leftover after parsing attributes in process `syz.2.4464'.
[  452.451333][T23068] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4469'.
[  452.639714][T23079] netlink: 156 bytes leftover after parsing attributes in process `syz.1.4472'.
[  452.963066][T23091] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4478'.
[  452.969169][T23091] bridge_slave_1: default FDB implementation only supports local addresses
[  453.077947][T23106] netlink: 80 bytes leftover after parsing attributes in process `syz.2.4482'.
[  453.222994][T23127] netlink: 'syz.1.4488': attribute type 12 has an invalid length.
[  453.235183][T23127] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.4488'.
[  453.325605][T23134] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4490'.
[  453.350229][T23134] netlink: 'syz.2.4490': attribute type 10 has an invalid length.
[  453.427649][T23140] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  453.435353][T23140] mac80211_hwsim hwsim192 syzkaller0: entered promiscuous mode
[  453.437731][T23140] mac80211_hwsim hwsim192 syzkaller0: entered allmulticast mode
[  453.465213][T23140] tipc: Resetting bearer <eth:syzkaller0>
[  453.468138][T23144] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:20003
[  453.548858][T23147] can: request_module (can-proto-5) failed.
[  453.621825][   T33] audit: type=1107 audit(1755027340.187:5): pid=23155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  453.630680][T23156] mac80211_hwsim hwsim337 wlan1: entered allmulticast mode
[  453.681444][T23158] netlink: 'syz.2.4501': attribute type 1 has an invalid length.
[  453.751051][T23158] 8021q: adding VLAN 0 to HW filter on device bond0
[  453.857698][T23170] netlink: 'syz.2.4506': attribute type 15 has an invalid length.
[  453.898993][T23170] netlink: 'syz.2.4506': attribute type 10 has an invalid length.
[  454.169587][T23204] ieee802154 phy0 wpan0: encryption failed: -22
[  454.226221][T23199] mac80211_hwsim hwsim3 syzkaller0: left promiscuous mode
[  454.228589][T23199] mac80211_hwsim hwsim3 syzkaller0: left allmulticast mode
[  454.240016][T23212] mac80211_hwsim hwsim337 wlan1: left allmulticast mode
[  454.278084][T23212] netlink: 'syz.1.4516': attribute type 10 has an invalid length.
[  454.283709][T23214] netlink: 'syz.2.4517': attribute type 10 has an invalid length.
[  454.411511][T23218] 8021q: adding VLAN 0 to HW filter on device team0
[  454.415857][T23218] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  454.439054][T23227] lo speed is unknown, defaulting to 1000
[  454.683035][T23240] netlink: zone id is out of range
[  454.692707][T23240] netlink: zone id is out of range
[  454.697938][T23240] netlink: zone id is out of range
[  454.700480][T23240] netlink: zone id is out of range
[  454.702926][T23240] netlink: zone id is out of range
[  454.710585][T23240] netlink: zone id is out of range
[  454.713014][T23240] netlink: zone id is out of range
[  454.716081][T23240] netlink: zone id is out of range
[  454.739808][T23241] pim6reg1: entered promiscuous mode
[  454.742523][T23241] pim6reg1: entered allmulticast mode
[  454.768799][T23227] syzkaller0 speed is unknown, defaulting to 1000
[  454.899931][   T33] audit: type=1107 audit(1755027341.467:6): pid=23250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='WfVq~Wlv\4}vkA4(P
[  454.899931][   T33] {A+:0[!E\8DR,\vQ	:j#65ɫiix6蕥PmAF@)ܤ'
[  455.576206][T23281] net_ratelimit: 30 callbacks suppressed
[  455.576219][T23281] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  455.580559][T23279] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  455.809002][T23293] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  455.909086][T23306] openvswitch: netlink: Key type 14352 is out of range max 32
[  455.980758][T23318] __nla_validate_parse: 15 callbacks suppressed
[  455.980769][T23318] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4548'.
[  456.008698][T23321] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4550'.
[  456.079068][T23323] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.4551'.
[  456.086041][T23321] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4550'.
[  456.249100][T23337] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4555'.
[  456.252708][T23337] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4555'.
[  456.257381][T23337] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4555'.
[  456.282074][T23340] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4556'.
[  456.447584][T23347] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.4558'.
[  456.490573][T23356] netlink: 248 bytes leftover after parsing attributes in process `syz.2.4560'.
[  456.618489][T23365] 8021q: adding VLAN 0 to HW filter on device bond5
[  456.640743][T23365] 8021q: adding VLAN 0 to HW filter on device macvlan0
[  456.647532][T23365] bond5: (slave macvlan0): Enslaving as a backup interface with a down link
[  456.770979][T23371] validate_nla: 7 callbacks suppressed
[  456.770994][T23371] netlink: 'syz.1.4566': attribute type 1 has an invalid length.
[  456.892513][T23377] bond16: (slave bridge9): Releasing active interface
[  456.936304][T23376] netlink: 'syz.1.4567': attribute type 10 has an invalid length.
[  457.468942][T23424] openvswitch: netlink: Flow actions attr not present in new flow.
[  457.545704][T23429] netlink: 'syz.2.4583': attribute type 10 has an invalid length.
[  457.928401][T23451] netlink: 'syz.2.4590': attribute type 13 has an invalid length.
[  458.076691][T23453] syz.2.4591: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  458.083026][T23453] CPU: 0 UID: 0 PID: 23453 Comm: syz.2.4591 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  458.083052][T23453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  458.083062][T23453] Call Trace:
[  458.083071][T23453]  <TASK>
[  458.083080][T23453]  dump_stack_lvl+0x189/0x250
[  458.083105][T23453]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.083124][T23453]  ? __pfx__printk+0x10/0x10
[  458.083144][T23453]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  458.083164][T23453]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  458.083183][T23453]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  458.083202][T23453]  warn_alloc+0x214/0x310
[  458.083226][T23453]  ? stack_depot_save_flags+0x40/0x860
[  458.083246][T23453]  ? __pfx_warn_alloc+0x10/0x10
[  458.083270][T23453]  ? kasan_save_track+0x4f/0x80
[  458.083289][T23453]  ? xskq_create+0x56/0x170
[  458.083304][T23453]  ? xsk_init_queue+0xb0/0x110
[  458.083319][T23453]  ? xsk_setsockopt+0x4dc/0x8d0
[  458.083332][T23453]  ? do_sock_setsockopt+0x17c/0x1b0
[  458.083353][T23453]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  458.083372][T23453]  ? do_syscall_64+0xfa/0x3b0
[  458.083390][T23453]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.083413][T23453]  __vmalloc_node_range_noprof+0x125/0x12f0
[  458.083459][T23453]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  458.083485][T23453]  ? __kasan_kmalloc+0x93/0xb0
[  458.083507][T23453]  vmalloc_user_noprof+0xad/0xf0
[  458.083529][T23453]  ? xskq_create+0xbf/0x170
[  458.083554][T23453]  xskq_create+0xbf/0x170
[  458.083575][T23453]  xsk_init_queue+0xb0/0x110
[  458.083594][T23453]  xsk_setsockopt+0x4dc/0x8d0
[  458.083613][T23453]  ? __pfx_xsk_setsockopt+0x10/0x10
[  458.083631][T23453]  ? __pfx_aa_sk_perm+0x10/0x10
[  458.083652][T23453]  ? aa_sock_opt_perm+0xff/0x1b0
[  458.083674][T23453]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  458.083690][T23453]  ? __pfx_xsk_setsockopt+0x10/0x10
[  458.083706][T23453]  do_sock_setsockopt+0x17c/0x1b0
[  458.083730][T23453]  __x64_sys_setsockopt+0x13f/0x1b0
[  458.083753][T23453]  do_syscall_64+0xfa/0x3b0
[  458.083769][T23453]  ? lockdep_hardirqs_on+0x9c/0x150
[  458.083785][T23453]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.083796][T23453]  ? exc_page_fault+0x9f/0xf0
[  458.083812][T23453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.083826][T23453] RIP: 0033:0x7f4a01b8ebe9
[  458.083841][T23453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.083856][T23453] RSP: 002b:00007f49ffdf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  458.083872][T23453] RAX: ffffffffffffffda RBX: 00007f4a01db5fa0 RCX: 00007f4a01b8ebe9
[  458.083883][T23453] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  458.083892][T23453] RBP: 00007f4a01c11e19 R08: 0000000000000004 R09: 0000000000000000
[  458.083901][T23453] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  458.083910][T23453] R13: 00007f4a01db6038 R14: 00007f4a01db5fa0 R15: 00007fff2a5a3448
[  458.083934][T23453]  </TASK>
[  458.083972][T23453] Mem-Info:
[  458.209916][T23453] active_anon:6292 inactive_anon:0 isolated_anon:0
[  458.209916][T23453]  active_file:1375 inactive_file:38022 isolated_file:0
[  458.209916][T23453]  unevictable:1768 dirty:57 writeback:0
[  458.209916][T23453]  slab_reclaimable:19876 slab_unreclaimable:180110
[  458.209916][T23453]  mapped:18523 shmem:2723 pagetables:1042
[  458.209916][T23453]  sec_pagetables:0 bounce:0
[  458.209916][T23453]  kernel_misc_reclaimable:0
[  458.209916][T23453]  free:156378 free_pcp:17503 free_cma:0
[  458.228123][T23453] Node 0 active_anon:14400kB inactive_anon:0kB active_file:3152kB inactive_file:128744kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:32276kB dirty:184kB writeback:0kB shmem:5780kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9448kB pagetables:2084kB sec_pagetables:0kB all_unreclaimable? yes Balloon:0kB
[  458.242965][T23453] Node 1 active_anon:10768kB inactive_anon:0kB active_file:2348kB inactive_file:23344kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:41816kB dirty:44kB writeback:0kB shmem:5112kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:3880kB pagetables:2152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  458.266361][T23453] Node 0 DMA free:8784kB boost:2048kB min:2688kB low:2848kB high:3008kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:652kB local_pcp:324kB free_cma:0kB
[  458.280215][T23453] lowmem_reserve[]: 0 811 811 811 811
[  458.282904][T23453] Node 0 DMA32 free:63804kB boost:6144kB min:39804kB low:48216kB high:56628kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14456kB inactive_anon:0kB active_file:3152kB inactive_file:128736kB unevictable:3536kB writepending:184kB present:1556484kB managed:831000kB mlocked:0kB bounce:0kB free_pcp:29304kB local_pcp:10588kB free_cma:0kB
[  458.298320][T23453] lowmem_reserve[]: 0 0 0 0 0
[  458.300621][T23453] Node 1 DMA32 free:409784kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:11968kB local_pcp:0kB free_cma:0kB
[  458.320890][T23453] lowmem_reserve[]: 0 0 854 854 854
[  458.323078][T23453] Node 1 Normal free:143140kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:10768kB inactive_anon:0kB active_file:2348kB inactive_file:23344kB unevictable:3536kB writepending:44kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:27144kB local_pcp:15836kB free_cma:0kB
[  458.335616][T23453] lowmem_reserve[]: 0 0 0 0 0
[  458.337536][T23453] Node 0 DMA: 119*4kB (UM) 69*8kB (UME) 49*16kB (UME) 40*32kB (UME) 29*64kB (UME) 10*128kB (UM) 2*256kB (M) 2*512kB (ME) 1*1024kB (U) 0*2048kB 0*4096kB = 8788kB
[  458.343980][T23453] Node 0 DMA32: 1429*4kB (UME) 747*8kB (UME) 241*16kB (UM) 382*32kB (UME) 295*64kB (UME) 70*128kB (UM) 18*256kB (UM) 3*512kB (M) 2*1024kB (ME) 0*2048kB 0*4096kB = 63804kB
[  458.354910][T23453] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 3*64kB (UM) 1*128kB (M) 3*256kB (UM) 4*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 97*4096kB (M) = 409784kB
[  458.361210][T23453] Node 1 Normal: 1601*4kB (UME) 874*8kB (UME) 461*16kB (UME) 880*32kB (UME) 469*64kB (UME) 127*128kB (UE) 77*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 6*2048kB (UME) 3*4096kB (U) = 143076kB
[  458.392202][T23453] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  458.398171][T23453] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  458.416946][T23453] 42120 total pagecache pages
[  458.418829][T23453] 0 pages in swap cache
[  458.424356][T23453] Free swap  = 124996kB
[  458.427676][T23453] Total swap = 124996kB
[  458.429351][T23453] 786301 pages RAM
[  458.430833][T23453] 0 pages HighMem/MovableOnly
[  458.432681][T23453] 241319 pages reserved
[  458.434287][T23453] 0 pages cma reserved
[  458.549060][T23481] mac80211_hwsim hwsim323 wlan1: entered allmulticast mode
[  460.153894][T23533] netlink: 'syz.0.4614': attribute type 10 has an invalid length.
[  460.272542][T23541] netlink: 'syz.2.4618': attribute type 2 has an invalid length.
[  460.549140][T23559] netlink: 'syz.2.4625': attribute type 1 has an invalid length.
[  460.550281][T23556] netlink: 'syz.0.4623': attribute type 10 has an invalid length.
[  460.612526][T23565] netlink: 'syz.0.4626': attribute type 23 has an invalid length.
[  461.298730][T23574] __nla_validate_parse: 26 callbacks suppressed
[  461.298742][T23574] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.4629'.
[  461.305694][T23575] lo speed is unknown, defaulting to 1000
[  461.342287][T23580] netlink: 'syz.2.4633': attribute type 2 has an invalid length.
[  461.345134][T23580] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4633'.
[  461.361010][T23580] mac80211_hwsim hwsim216 wlan0: entered promiscuous mode
[  461.368580][T23580] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  461.377872][T23584] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4633'.
[  461.386872][T23581] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4630'.
[  461.511508][T23588] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  461.570988][T23596] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4636'.
[  461.589899][T23596] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4636'.
[  461.648682][T23600] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.4638'.
[  461.713357][T23575] syzkaller0 speed is unknown, defaulting to 1000
[  461.812852][T23609] lo speed is unknown, defaulting to 1000
[  461.818266][T23612] validate_nla: 3 callbacks suppressed
[  461.818281][T23612] netlink: 'syz.2.4640': attribute type 1 has an invalid length.
[  461.848335][T23612] netlink: 5624 bytes leftover after parsing attributes in process `syz.2.4640'.
[  461.875321][T23616] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4642'.
[  462.276633][T23609] syzkaller0 speed is unknown, defaulting to 1000
[  462.570632][T23651] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.4653'.
[  462.736256][T23667] netlink: 'syz.2.4658': attribute type 1 has an invalid length.
[  462.738671][T23667] netlink: 'syz.2.4658': attribute type 3 has an invalid length.
[  462.741046][T23667] netlink: 'syz.2.4658': attribute type 1 has an invalid length.
[  462.743744][T23667] NCSI netlink: No device for ifindex 0
[  462.877522][T23669] syzkaller1: entered promiscuous mode
[  462.879325][T23669] syzkaller1: entered allmulticast mode
[  462.884753][T23671] netlink: 'syz.2.4660': attribute type 23 has an invalid length.
[  463.171310][T23686] bond5: (slave macvlan0): Releasing backup interface
[  463.314025][T23693] lo speed is unknown, defaulting to 1000
[  463.548039][T23693] syzkaller0 speed is unknown, defaulting to 1000
[  464.067283][T23733] Bluetooth: hci1: Opcode 0x0401 failed: -22
[  464.131032][T23738] netlink: 'syz.0.4679': attribute type 10 has an invalid length.
[  465.349121][T23804] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  465.396965][T23804] netlink: 'syz.0.4698': attribute type 10 has an invalid length.
[  465.413750][T23662] Set syz1 is full, maxelem 65536 reached
[  465.677850][T23830] netlink: 'syz.0.4705': attribute type 10 has an invalid length.
[  465.849091][T23848] netlink: 'syz.2.4710': attribute type 10 has an invalid length.
[  465.982153][T23865] netlink: 'syz.0.4715': attribute type 1 has an invalid length.
[  466.124724][ T5861] Bluetooth: hci1: command tx timeout
[  466.179580][T23859] bond0 (unregistering): Released all slaves
[  466.306222][T23880] __nla_validate_parse: 25 callbacks suppressed
[  466.306234][T23880] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4717'.
[  466.390215][T23890] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.4719'.
[  466.392986][T23889] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4718'.
[  466.548295][T23895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4722'.
[  466.589275][T23901] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  466.593103][T23901] CPU: 0 UID: 0 PID: 23901 Comm: syz.1.4724 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  466.593118][T23901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  466.593124][T23901] Call Trace:
[  466.593129][T23901]  <TASK>
[  466.593133][T23901]  dump_stack_lvl+0x189/0x250
[  466.593150][T23901]  ? __pfx_dump_stack_lvl+0x10/0x10
[  466.593185][T23901]  ? __pfx__printk+0x10/0x10
[  466.593200][T23901]  ? kernfs_path_from_node+0x2f/0x290
[  466.593210][T23901]  ? kernfs_path_from_node+0x250/0x290
[  466.593217][T23901]  ? kernfs_path_from_node+0x2f/0x290
[  466.593228][T23901]  sysfs_warn_dup+0x8e/0xa0
[  466.593237][T23901]  sysfs_do_create_link_sd+0xc0/0x110
[  466.593247][T23901]  device_add_class_symlinks+0x1cf/0x240
[  466.593261][T23901]  device_add+0x475/0xb50
[  466.593274][T23901]  wiphy_register+0x1ba6/0x28d0
[  466.593293][T23901]  ? __pfx_wiphy_register+0x10/0x10
[  466.593303][T23901]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  466.593319][T23901]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  466.593334][T23901]  ieee80211_register_hw+0x3425/0x4080
[  466.593355][T23901]  ? ieee80211_register_hw+0x1401/0x4080
[  466.593371][T23901]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  466.593385][T23901]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  466.593398][T23901]  ? __hrtimer_setup+0x187/0x210
[  466.593405][T23901]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  466.593418][T23901]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  466.593443][T23901]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  466.593452][T23901]  ? trace_kmalloc+0x1f/0xd0
[  466.593463][T23901]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  466.593474][T23901]  ? kstrndup+0xbf/0x160
[  466.593487][T23901]  hwsim_new_radio_nl+0xea4/0x1b10
[  466.593498][T23901]  ? __pfx___nla_validate_parse+0x10/0x10
[  466.593515][T23901]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  466.593530][T23901]  ? __nla_parse+0x40/0x60
[  466.593542][T23901]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  466.593563][T23901]  genl_family_rcv_msg_doit+0x215/0x300
[  466.593580][T23901]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  466.593600][T23901]  ? bpf_lsm_capable+0x9/0x20
[  466.593613][T23901]  ? security_capable+0x7e/0x2e0
[  466.593628][T23901]  genl_rcv_msg+0x60e/0x790
[  466.593643][T23901]  ? __pfx_genl_rcv_msg+0x10/0x10
[  466.593655][T23901]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  466.593670][T23901]  netlink_rcv_skb+0x208/0x470
[  466.593679][T23901]  ? __lock_acquire+0xab9/0xd20
[  466.593691][T23901]  ? __pfx_genl_rcv_msg+0x10/0x10
[  466.593703][T23901]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  466.593722][T23901]  ? down_read+0x1ad/0x2e0
[  466.593733][T23901]  genl_rcv+0x28/0x40
[  466.593744][T23901]  netlink_unicast+0x82f/0x9e0
[  466.593759][T23901]  ? __pfx_netlink_unicast+0x10/0x10
[  466.593770][T23901]  ? netlink_sendmsg+0x642/0xb30
[  466.593780][T23901]  ? skb_put+0x11b/0x210
[  466.593793][T23901]  netlink_sendmsg+0x805/0xb30
[  466.593808][T23901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  466.593819][T23901]  ? aa_sock_msg_perm+0xf1/0x1d0
[  466.593831][T23901]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  466.593839][T23901]  ? __pfx_netlink_sendmsg+0x10/0x10
[  466.593850][T23901]  __sock_sendmsg+0x21c/0x270
[  466.593860][T23901]  ____sys_sendmsg+0x505/0x830
[  466.593874][T23901]  ? __pfx_____sys_sendmsg+0x10/0x10
[  466.593890][T23901]  ? import_iovec+0x74/0xa0
[  466.593899][T23901]  ___sys_sendmsg+0x21f/0x2a0
[  466.593911][T23901]  ? __pfx____sys_sendmsg+0x10/0x10
[  466.593940][T23901]  ? __fget_files+0x2a/0x420
[  466.593952][T23901]  ? __fget_files+0x3a0/0x420
[  466.593969][T23901]  __x64_sys_sendmsg+0x19b/0x260
[  466.593981][T23901]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  466.593998][T23901]  ? rcu_is_watching+0x15/0xb0
[  466.594009][T23901]  ? do_syscall_64+0xbe/0x3b0
[  466.594021][T23901]  do_syscall_64+0xfa/0x3b0
[  466.594030][T23901]  ? lockdep_hardirqs_on+0x9c/0x150
[  466.594039][T23901]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.594048][T23901]  ? exc_page_fault+0x9f/0xf0
[  466.594077][T23901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.594088][T23901] RIP: 0033:0x7f815b18ebe9
[  466.594097][T23901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.594106][T23901] RSP: 002b:00007f815bfad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  466.594116][T23901] RAX: ffffffffffffffda RBX: 00007f815b3b5fa0 RCX: 00007f815b18ebe9
[  466.594123][T23901] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  466.594128][T23901] RBP: 00007f815b211e19 R08: 0000000000000000 R09: 0000000000000000
[  466.594135][T23901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  466.594140][T23901] R13: 00007f815b3b6038 R14: 00007f815b3b5fa0 R15: 00007ffc6fda0138
[  466.594178][T23901]  </TASK>
[  466.758569][T23899] delete_channel: no stack
[  466.852272][T23907] lo speed is unknown, defaulting to 1000
[  466.910959][T23910] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4725'.
[  467.049144][T23917] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4729'.
[  467.057937][T23917] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  467.061306][T23917] mac80211_hwsim hwsim3 syzkaller0: entered promiscuous mode
[  467.063894][T23917] mac80211_hwsim hwsim3 syzkaller0: entered allmulticast mode
[  467.111068][T23921] validate_nla: 2 callbacks suppressed
[  467.111080][T23921] netlink: 'syz.2.4730': attribute type 9 has an invalid length.
[  467.139686][T23921] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4730'.
[  467.199073][T23907] syzkaller0 speed is unknown, defaulting to 1000
[  467.293709][T23930] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.4733'.
[  467.332430][T23927] IPVS: Scheduler module ip_vs_sip not found
[  467.512354][T23948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4737'.
[  467.606442][T23955] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.4738'.
[  468.701564][T24007] netlink: 'syz.2.4751': attribute type 16 has an invalid length.
[  468.704343][T24007] netlink: 'syz.2.4751': attribute type 17 has an invalid length.
[  468.840029][T24020] netlink: 'syz.0.4755': attribute type 13 has an invalid length.
[  469.616645][T24073] geneve3: entered allmulticast mode
[  469.621967][   T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  469.625135][   T13] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  469.627748][   T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  469.630306][   T13] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  470.362056][T24089] sctp: [Deprecated]: syz.0.4775 (pid 24089) Use of int in maxseg socket option.
[  470.362056][T24089] Use struct sctp_assoc_value instead
[  470.435893][T24096] tipc: Resetting bearer <eth:gre0>
[  470.673984][ T5755] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 20000 - 0
[  470.677811][ T5755] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 20000 - 0
[  470.680419][ T5755] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 20000 - 0
[  470.682965][ T5755] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 20000 - 0
[  470.838910][T24115] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  470.844081][T24115] CPU: 1 UID: 0 PID: 24115 Comm: syz.0.4785 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  470.844102][T24115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  470.844113][T24115] Call Trace:
[  470.844119][T24115]  <TASK>
[  470.844126][T24115]  dump_stack_lvl+0x189/0x250
[  470.844152][T24115]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.844171][T24115]  ? __pfx__printk+0x10/0x10
[  470.844197][T24115]  ? kernfs_path_from_node+0x2f/0x290
[  470.844213][T24115]  ? kernfs_path_from_node+0x250/0x290
[  470.844228][T24115]  ? kernfs_path_from_node+0x2f/0x290
[  470.844247][T24115]  sysfs_warn_dup+0x8e/0xa0
[  470.844262][T24115]  sysfs_do_create_link_sd+0xc0/0x110
[  470.844279][T24115]  device_add_class_symlinks+0x1cf/0x240
[  470.844303][T24115]  device_add+0x475/0xb50
[  470.844326][T24115]  wiphy_register+0x1ba6/0x28d0
[  470.844358][T24115]  ? __pfx_wiphy_register+0x10/0x10
[  470.844373][T24115]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  470.844424][T24115]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  470.844449][T24115]  ieee80211_register_hw+0x3425/0x4080
[  470.844486][T24115]  ? ieee80211_register_hw+0x1401/0x4080
[  470.844514][T24115]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  470.844538][T24115]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  470.844559][T24115]  ? __hrtimer_setup+0x187/0x210
[  470.844571][T24115]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  470.844592][T24115]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  470.844631][T24115]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  470.844647][T24115]  ? trace_kmalloc+0x1f/0xd0
[  470.844664][T24115]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  470.844684][T24115]  ? kstrndup+0xbf/0x160
[  470.844705][T24115]  hwsim_new_radio_nl+0xea4/0x1b10
[  470.844723][T24115]  ? __pfx___nla_validate_parse+0x10/0x10
[  470.844752][T24115]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  470.844803][T24115]  ? __nla_parse+0x40/0x60
[  470.844826][T24115]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  470.844848][T24115]  genl_family_rcv_msg_doit+0x215/0x300
[  470.844876][T24115]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  470.844907][T24115]  ? bpf_lsm_capable+0x9/0x20
[  470.844926][T24115]  ? security_capable+0x7e/0x2e0
[  470.844949][T24115]  genl_rcv_msg+0x60e/0x790
[  470.844974][T24115]  ? __pfx_genl_rcv_msg+0x10/0x10
[  470.844993][T24115]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  470.845019][T24115]  netlink_rcv_skb+0x208/0x470
[  470.845033][T24115]  ? __lock_acquire+0xab9/0xd20
[  470.845052][T24115]  ? __pfx_genl_rcv_msg+0x10/0x10
[  470.845073][T24115]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  470.845104][T24115]  ? down_read+0x1ad/0x2e0
[  470.845124][T24115]  genl_rcv+0x28/0x40
[  470.845142][T24115]  netlink_unicast+0x82f/0x9e0
[  470.845163][T24115]  ? __pfx_netlink_unicast+0x10/0x10
[  470.845179][T24115]  ? netlink_sendmsg+0x642/0xb30
[  470.845194][T24115]  ? skb_put+0x11b/0x210
[  470.845214][T24115]  netlink_sendmsg+0x805/0xb30
[  470.845238][T24115]  ? __pfx_netlink_sendmsg+0x10/0x10
[  470.845257][T24115]  ? aa_sock_msg_perm+0xf1/0x1d0
[  470.845277][T24115]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  470.845290][T24115]  ? __pfx_netlink_sendmsg+0x10/0x10
[  470.845307][T24115]  __sock_sendmsg+0x21c/0x270
[  470.845324][T24115]  ____sys_sendmsg+0x505/0x830
[  470.845348][T24115]  ? __pfx_____sys_sendmsg+0x10/0x10
[  470.845374][T24115]  ? import_iovec+0x74/0xa0
[  470.845390][T24115]  ___sys_sendmsg+0x21f/0x2a0
[  470.845417][T24115]  ? __pfx____sys_sendmsg+0x10/0x10
[  470.845469][T24115]  ? __fget_files+0x2a/0x420
[  470.845490][T24115]  ? __fget_files+0x3a0/0x420
[  470.845520][T24115]  __x64_sys_sendmsg+0x19b/0x260
[  470.845544][T24115]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  470.845581][T24115]  ? do_syscall_64+0xbe/0x3b0
[  470.845602][T24115]  do_syscall_64+0xfa/0x3b0
[  470.845617][T24115]  ? lockdep_hardirqs_on+0x9c/0x150
[  470.845632][T24115]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.845645][T24115]  ? exc_page_fault+0x9f/0xf0
[  470.845662][T24115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.845675][T24115] RIP: 0033:0x7f0273f8ebe9
[  470.845689][T24115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.845703][T24115] RSP: 002b:00007f0274e46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  470.845719][T24115] RAX: ffffffffffffffda RBX: 00007f02741b5fa0 RCX: 00007f0273f8ebe9
[  470.845729][T24115] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  470.845739][T24115] RBP: 00007f0274011e19 R08: 0000000000000000 R09: 0000000000000000
[  470.845749][T24115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  470.845758][T24115] R13: 00007f02741b6038 R14: 00007f02741b5fa0 R15: 00007ffc6cb820e8
[  470.845809][T24115]  </TASK>
[  471.329296][T24150] __nla_validate_parse: 23 callbacks suppressed
[  471.329306][T24150] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4797'.
[  471.339972][T24150] netlink: 324 bytes leftover after parsing attributes in process `syz.0.4797'.
[  471.343482][T24150] netlink: 'syz.0.4797': attribute type 1 has an invalid length.
[  471.393841][T24157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'.
[  471.416822][T24157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'.
[  471.420206][T24157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'.
[  471.424877][T24157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'.
[  471.428086][T24157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'.
[  471.431006][T24157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'.
[  471.433952][T24157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'.
[  471.439374][T24157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'.
[  471.485673][T24162] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  471.489440][T24162] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  471.604024][T24173] netlink: 'syz.1.4804': attribute type 4 has an invalid length.
[  471.613006][T24173] netlink: 'syz.1.4804': attribute type 1 has an invalid length.
[  472.427785][T24219] A link change request failed with some changes committed already. Interface team_slave_1 may have been left with an inconsistent configuration, please check.
[  472.438669][T24220] A link change request failed with some changes committed already. Interface team_slave_1 may have been left with an inconsistent configuration, please check.
[  472.851507][T24241] netlink: 'syz.0.4823': attribute type 29 has an invalid length.
[  472.996163][T24253] netlink: 'syz.2.4826': attribute type 1 has an invalid length.
[  473.078460][T24253] 8021q: adding VLAN 0 to HW filter on device bond0
[  473.409642][T24275] netlink: 'syz.1.4833': attribute type 23 has an invalid length.
[  473.543102][T24280] IPVS: Scheduler module ip_vs_ not found
[  473.558870][T24285] syzkaller1: entered promiscuous mode
[  473.561108][T24285] syzkaller1: entered allmulticast mode
[  473.683315][T24288] lo speed is unknown, defaulting to 1000
[  473.993689][T24292] netlink: 'syz.2.4837': attribute type 13 has an invalid length.
[  474.002678][T24292] netlink: 'syz.2.4837': attribute type 17 has an invalid length.
[  474.034855][T24292] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  474.190897][T24288] syzkaller0 speed is unknown, defaulting to 1000
[  475.910495][T24405] netlink: 'syz.1.4869': attribute type 1 has an invalid length.
[  475.913809][T24405] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  476.218694][T24430] netlink: 'syz.1.4877': attribute type 1 has an invalid length.
[  476.240040][T24430] 8021q: adding VLAN 0 to HW filter on device bond17
[  476.305914][T24437] netlink: 'syz.0.4880': attribute type 1 has an invalid length.
[  476.340106][T24438] __nla_validate_parse: 54 callbacks suppressed
[  476.340121][T24438] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4877'.
[  476.352740][T24438] vlan3: entered allmulticast mode
[  476.359366][T24438] mac80211_hwsim hwsim336 wlan0: entered allmulticast mode
[  476.397639][T24445] bond21: (slave vxcan5): The slave device specified does not support setting the MAC address
[  476.406909][T24445] bond21: (slave vxcan5): Error -95 calling set_mac_address
[  476.480742][T24451] netlink: 'syz.2.4882': attribute type 13 has an invalid length.
[  476.566933][T24453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4883'.
[  476.571053][T24453] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  476.576502][T24453] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  476.706518][T24460] netlink: 'syz.2.4885': attribute type 11 has an invalid length.
[  476.709842][T24460] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4885'.
[  477.120830][T24487] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4893'.
[  477.215247][T24499] pim6reg1: entered promiscuous mode
[  477.217558][T24499] pim6reg1: entered allmulticast mode
[  477.341051][T24499] mac80211_hwsim hwsim192 syzkaller0: left promiscuous mode
[  477.344628][T24499] mac80211_hwsim hwsim192 syzkaller0: left allmulticast mode
[  477.359444][T24512] lo speed is unknown, defaulting to 1000
[  477.490749][T24522] netlink: 600 bytes leftover after parsing attributes in process `syz.1.4902'.
[  477.535452][T24511] lo speed is unknown, defaulting to 1000
[  477.557007][T24530] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.4904'.
[  477.652581][T24537] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4906'.
[  477.661269][T24537] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4906'.
[  477.665358][T24537] bond0 (unregistering): Released all slaves
[  477.739730][T24512] syzkaller0 speed is unknown, defaulting to 1000
[  477.933051][T24511] syzkaller0 speed is unknown, defaulting to 1000
[  478.249809][T24552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4909'.
[  478.254068][T24552] netlink: 140 bytes leftover after parsing attributes in process `syz.0.4909'.
[  478.582143][T24573] bridge8: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  478.648394][T24573] batadv_slave_0: entered promiscuous mode
[  478.730865][T24578] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  478.734335][T24578] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  479.253871][T24607] lo speed is unknown, defaulting to 1000
[  479.511943][T24607] syzkaller0 speed is unknown, defaulting to 1000
[  479.648653][T24633] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  479.749463][T24647] validate_nla: 1 callbacks suppressed
[  479.749474][T24647] netlink: 'syz.0.4937': attribute type 13 has an invalid length.
[  479.753733][T24647] netlink: 'syz.0.4937': attribute type 17 has an invalid length.
[  479.881950][T24647] 8021q: adding VLAN 0 to HW filter on device team0
[  479.892728][T24647] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  479.898340][ T2206] lo speed is unknown, defaulting to 1000
[  479.900293][ T2206] syz0: Port: 1 Link ACTIVE
[  479.901833][ T2206] lo speed is unknown, defaulting to 1000
[  479.938496][T24649] lo speed is unknown, defaulting to 1000
[  479.943371][T24654] mac80211_hwsim hwsim3 syzkaller0: left promiscuous mode
[  479.946342][T24654] mac80211_hwsim hwsim3 syzkaller0: left allmulticast mode
[  480.289702][T24649] syzkaller0 speed is unknown, defaulting to 1000
[  480.500320][T24667] netem: incorrect gi model size
[  480.502755][T24667] netem: change failed
[  480.828169][T24683] tipc: Resetting bearer <eth:gre0>
[  480.888546][T20093] lo speed is unknown, defaulting to 1000
[  480.891612][T20093] syz0: Port: 1 Link DOWN
[  480.895388][T20093] lo speed is unknown, defaulting to 1000
[  481.221520][T24706] netlink: 'syz.2.4953': attribute type 16 has an invalid length.
[  481.223952][T24706] netlink: 'syz.2.4953': attribute type 17 has an invalid length.
[  481.347196][T24716] __nla_validate_parse: 17 callbacks suppressed
[  481.347212][T24716] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4956'.
[  481.492948][T24720] lo speed is unknown, defaulting to 1000
[  481.537686][T24721] netlink: 'syz.2.4959': attribute type 1 has an invalid length.
[  481.540345][T24721] netlink: 5624 bytes leftover after parsing attributes in process `syz.2.4959'.
[  481.684889][T24723] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4960'.
[  481.695385][T24720] syzkaller0 speed is unknown, defaulting to 1000
[  481.855197][T24739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4964'.
[  482.050045][T24744] batadv_slave_0: left promiscuous mode
[  482.085843][T24744] mac80211_hwsim hwsim216 wlan0: left promiscuous mode
[  482.095250][T24744] mac80211_hwsim hwsim323 wlan1: left allmulticast mode
[  482.098973][T24744] geneve3: left allmulticast mode
[  482.294108][T24766] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.4971'.
[  482.324113][T24763] netlink: 'syz.0.4970': attribute type 10 has an invalid length.
[  482.331607][T24771] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4972'.
[  482.359538][T24773] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4974'.
[  482.492964][T24786] netlink: 'syz.2.4979': attribute type 1 has an invalid length.
[  482.501437][T24783] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4976'.
[  482.549003][T24786] bond22: (slave vxcan3): The slave device specified does not support setting the MAC address
[  482.553110][T24786] bond22: (slave vxcan3): Error -95 calling set_mac_address
[  482.593360][T24799] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.4981'.
[  482.641427][T24804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4983'.
[  482.758913][T24821] netlink: 'syz.1.4988': attribute type 23 has an invalid length.
[  482.836634][T24810] netlink: 'syz.0.4982': attribute type 83 has an invalid length.
[  483.626124][T24873] netlink: 'syz.0.5001': attribute type 10 has an invalid length.
[  484.104010][T24893] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address
[  484.108585][T24893] bond0: (slave vxcan3): Error -95 calling set_mac_address
[  484.261373][T24898] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  484.333387][T24902] sit0: entered allmulticast mode
[  484.343587][T24901] sit0: left allmulticast mode
[  484.397483][T24905] lo speed is unknown, defaulting to 1000
[  484.550068][T24915] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge0
[  484.624252][T24920] xfrm1: entered promiscuous mode
[  484.626228][T24920] xfrm1: entered allmulticast mode
[  484.699038][T24926] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  484.702729][T24926] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  484.722867][T24905] syzkaller0 speed is unknown, defaulting to 1000
[  485.550874][T24950] lo speed is unknown, defaulting to 1000
[  485.769160][T24977] validate_nla: 4 callbacks suppressed
[  485.769171][T24977] netlink: 'syz.0.5032': attribute type 13 has an invalid length.
[  485.773328][T24977] netlink: 'syz.0.5032': attribute type 17 has an invalid length.
[  485.837597][T24977] 8021q: adding VLAN 0 to HW filter on device team0
[  485.856141][T24977] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  485.864905][ T2206] lo speed is unknown, defaulting to 1000
[  485.866848][ T2206] syz0: Port: 1 Link ACTIVE
[  485.868285][ T2206] lo speed is unknown, defaulting to 1000
[  485.880719][T24950] syzkaller0 speed is unknown, defaulting to 1000
[  486.443557][T25014] openvswitch: netlink: Geneve option length err (len 256, max 255).
[  486.453249][T25012] sctp: [Deprecated]: syz.1.5036 (pid 25012) Use of struct sctp_assoc_value in delayed_ack socket option.
[  486.453249][T25012] Use struct sctp_sack_info instead
[  486.581595][T25021] __nla_validate_parse: 16 callbacks suppressed
[  486.581607][T25021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5039'.
[  486.587527][T25022] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5037'.
[  486.834763][T25041] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  486.839190][T25041] CPU: 1 UID: 0 PID: 25041 Comm: syz.0.5044 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  486.839205][T25041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  486.839211][T25041] Call Trace:
[  486.839216][T25041]  <TASK>
[  486.839221][T25041]  dump_stack_lvl+0x189/0x250
[  486.839239][T25041]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.839249][T25041]  ? __pfx__printk+0x10/0x10
[  486.839263][T25041]  ? kernfs_path_from_node+0x2f/0x290
[  486.839273][T25041]  ? kernfs_path_from_node+0x250/0x290
[  486.839304][T25041]  ? kernfs_path_from_node+0x2f/0x290
[  486.839317][T25041]  sysfs_warn_dup+0x8e/0xa0
[  486.839326][T25041]  sysfs_do_create_link_sd+0xc0/0x110
[  486.839336][T25041]  device_add_class_symlinks+0x1cf/0x240
[  486.839350][T25041]  device_add+0x475/0xb50
[  486.839370][T25041]  wiphy_register+0x1ba6/0x28d0
[  486.839389][T25041]  ? __pfx_wiphy_register+0x10/0x10
[  486.839398][T25041]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  486.839415][T25041]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  486.839430][T25041]  ieee80211_register_hw+0x3425/0x4080
[  486.839451][T25041]  ? ieee80211_register_hw+0x1401/0x4080
[  486.839466][T25041]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  486.839480][T25041]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  486.839503][T25041]  ? __hrtimer_setup+0x187/0x210
[  486.839512][T25041]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  486.839525][T25041]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  486.839548][T25041]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  486.839556][T25041]  ? trace_kmalloc+0x1f/0xd0
[  486.839567][T25041]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  486.839577][T25041]  ? kstrndup+0xbf/0x160
[  486.839591][T25041]  hwsim_new_radio_nl+0xea4/0x1b10
[  486.839601][T25041]  ? __pfx___nla_validate_parse+0x10/0x10
[  486.839620][T25041]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  486.839635][T25041]  ? __nla_parse+0x40/0x60
[  486.839646][T25041]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  486.839659][T25041]  genl_family_rcv_msg_doit+0x215/0x300
[  486.839675][T25041]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  486.839693][T25041]  ? bpf_lsm_capable+0x9/0x20
[  486.839704][T25041]  ? security_capable+0x7e/0x2e0
[  486.839719][T25041]  genl_rcv_msg+0x60e/0x790
[  486.839733][T25041]  ? __pfx_genl_rcv_msg+0x10/0x10
[  486.839750][T25041]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  486.839765][T25041]  netlink_rcv_skb+0x208/0x470
[  486.839773][T25041]  ? __lock_acquire+0xab9/0xd20
[  486.839786][T25041]  ? __pfx_genl_rcv_msg+0x10/0x10
[  486.839798][T25041]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  486.839817][T25041]  ? down_read+0x1ad/0x2e0
[  486.839830][T25041]  genl_rcv+0x28/0x40
[  486.839840][T25041]  netlink_unicast+0x82f/0x9e0
[  486.839854][T25041]  ? __pfx_netlink_unicast+0x10/0x10
[  486.839863][T25041]  ? netlink_sendmsg+0x642/0xb30
[  486.839871][T25041]  ? skb_put+0x11b/0x210
[  486.839884][T25041]  netlink_sendmsg+0x805/0xb30
[  486.839898][T25041]  ? __pfx_netlink_sendmsg+0x10/0x10
[  486.839926][T25041]  ? aa_sock_msg_perm+0xf1/0x1d0
[  486.839940][T25041]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  486.839948][T25041]  ? __pfx_netlink_sendmsg+0x10/0x10
[  486.839958][T25041]  __sock_sendmsg+0x21c/0x270
[  486.839969][T25041]  ____sys_sendmsg+0x505/0x830
[  486.839984][T25041]  ? __pfx_____sys_sendmsg+0x10/0x10
[  486.839999][T25041]  ? import_iovec+0x74/0xa0
[  486.840009][T25041]  ___sys_sendmsg+0x21f/0x2a0
[  486.840021][T25041]  ? __pfx____sys_sendmsg+0x10/0x10
[  486.840050][T25041]  ? __fget_files+0x2a/0x420
[  486.840063][T25041]  ? __fget_files+0x3a0/0x420
[  486.840079][T25041]  __x64_sys_sendmsg+0x19b/0x260
[  486.840091][T25041]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  486.840107][T25041]  ? rcu_is_watching+0x15/0xb0
[  486.840118][T25041]  ? do_syscall_64+0xbe/0x3b0
[  486.840132][T25041]  do_syscall_64+0xfa/0x3b0
[  486.840142][T25041]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.840150][T25041]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  486.840161][T25041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.840169][T25041] RIP: 0033:0x7f0273f8ebe9
[  486.840178][T25041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.840186][T25041] RSP: 002b:00007f0274e46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  486.840196][T25041] RAX: ffffffffffffffda RBX: 00007f02741b5fa0 RCX: 00007f0273f8ebe9
[  486.840203][T25041] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 000000000000000c
[  486.840208][T25041] RBP: 00007f0274011e19 R08: 0000000000000000 R09: 0000000000000000
[  486.840213][T25041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  486.840221][T25041] R13: 00007f02741b6038 R14: 00007f02741b5fa0 R15: 00007ffc6cb820e8
[  486.840235][T25041]  </TASK>
[  487.247937][T25060] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.5048'.
[  487.400540][T25070] netlink: 'syz.2.5051': attribute type 4 has an invalid length.
[  487.637291][T25092] netlink: 'syz.1.5057': attribute type 1 has an invalid length.
[  487.666126][T25092] bond18: (slave vxcan3): The slave device specified does not support setting the MAC address
[  487.671065][T25092] bond18: (slave vxcan3): Error -95 calling set_mac_address
[  487.727822][T25099] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.5060'.
[  487.916845][T25112] xfrm1: left promiscuous mode
[  487.918794][T25112] xfrm1: left allmulticast mode
[  488.156656][T25122] netlink: 'syz.2.5067': attribute type 1 has an invalid length.
[  488.389136][T25140] netlink: 'syz.2.5074': attribute type 1 has an invalid length.
[  488.481111][T25149] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5078'.
[  488.586920][T25166] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5083'.
[  488.588155][T25156] netlink: 'syz.2.5080': attribute type 23 has an invalid length.
[  488.589985][T25166] netlink: 'syz.1.5083': attribute type 10 has an invalid length.
[  488.602761][T25156] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5080'.
[  488.635086][T25172] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.5085'.
[  488.675479][T25174] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.5086'.
[  488.750796][T25182] netlink: 156 bytes leftover after parsing attributes in process `syz.0.5089'.
[  488.826407][T25186] lo speed is unknown, defaulting to 1000
[  488.953053][T25188] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  488.957907][T25188] CPU: 0 UID: 0 PID: 25188 Comm: syz.0.5092 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  488.957923][T25188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  488.957930][T25188] Call Trace:
[  488.957934][T25188]  <TASK>
[  488.957940][T25188]  dump_stack_lvl+0x189/0x250
[  488.957959][T25188]  ? __pfx_dump_stack_lvl+0x10/0x10
[  488.957971][T25188]  ? __pfx__printk+0x10/0x10
[  488.957988][T25188]  ? kernfs_path_from_node+0x2f/0x290
[  488.957999][T25188]  ? kernfs_path_from_node+0x250/0x290
[  488.958008][T25188]  ? kernfs_path_from_node+0x2f/0x290
[  488.958020][T25188]  sysfs_warn_dup+0x8e/0xa0
[  488.958032][T25188]  sysfs_do_create_link_sd+0xc0/0x110
[  488.958044][T25188]  device_add_class_symlinks+0x1cf/0x240
[  488.958059][T25188]  device_add+0x475/0xb50
[  488.958073][T25188]  wiphy_register+0x1ba6/0x28d0
[  488.958118][T25188]  ? __pfx_wiphy_register+0x10/0x10
[  488.958130][T25188]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  488.958150][T25188]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  488.958167][T25188]  ieee80211_register_hw+0x3425/0x4080
[  488.958192][T25188]  ? ieee80211_register_hw+0x1401/0x4080
[  488.958208][T25188]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  488.958222][T25188]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  488.958236][T25188]  ? __hrtimer_setup+0x187/0x210
[  488.958244][T25188]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  488.958259][T25188]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  488.958285][T25188]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  488.958295][T25188]  ? trace_kmalloc+0x1f/0xd0
[  488.958307][T25188]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  488.958319][T25188]  ? kstrndup+0xbf/0x160
[  488.958333][T25188]  hwsim_new_radio_nl+0xea4/0x1b10
[  488.958344][T25188]  ? __pfx___nla_validate_parse+0x10/0x10
[  488.958362][T25188]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  488.958378][T25188]  ? __nla_parse+0x40/0x60
[  488.958390][T25188]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  488.958404][T25188]  genl_family_rcv_msg_doit+0x215/0x300
[  488.958420][T25188]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  488.958439][T25188]  ? bpf_lsm_capable+0x9/0x20
[  488.958450][T25188]  ? security_capable+0x7e/0x2e0
[  488.958465][T25188]  genl_rcv_msg+0x60e/0x790
[  488.958480][T25188]  ? __pfx_genl_rcv_msg+0x10/0x10
[  488.958492][T25188]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  488.958508][T25188]  netlink_rcv_skb+0x208/0x470
[  488.958516][T25188]  ? __lock_acquire+0xab9/0xd20
[  488.958599][T25188]  ? __pfx_genl_rcv_msg+0x10/0x10
[  488.958618][T25188]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  488.958640][T25188]  ? down_read+0x1ad/0x2e0
[  488.958655][T25188]  genl_rcv+0x28/0x40
[  488.958669][T25188]  netlink_unicast+0x82f/0x9e0
[  488.958683][T25188]  ? __pfx_netlink_unicast+0x10/0x10
[  488.958693][T25188]  ? netlink_sendmsg+0x642/0xb30
[  488.958703][T25188]  ? skb_put+0x11b/0x210
[  488.958718][T25188]  netlink_sendmsg+0x805/0xb30
[  488.958732][T25188]  ? __pfx_netlink_sendmsg+0x10/0x10
[  488.958744][T25188]  ? aa_sock_msg_perm+0xf1/0x1d0
[  488.958758][T25188]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  488.958768][T25188]  ? __pfx_netlink_sendmsg+0x10/0x10
[  488.958780][T25188]  __sock_sendmsg+0x21c/0x270
[  488.958793][T25188]  ____sys_sendmsg+0x505/0x830
[  488.958811][T25188]  ? __pfx_____sys_sendmsg+0x10/0x10
[  488.958830][T25188]  ? import_iovec+0x74/0xa0
[  488.958841][T25188]  ___sys_sendmsg+0x21f/0x2a0
[  488.958855][T25188]  ? __pfx____sys_sendmsg+0x10/0x10
[  488.958893][T25188]  ? __fget_files+0x2a/0x420
[  488.958909][T25188]  ? __fget_files+0x3a0/0x420
[  488.958928][T25188]  __x64_sys_sendmsg+0x19b/0x260
[  488.958960][T25188]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  488.958981][T25188]  ? rcu_is_watching+0x15/0xb0
[  488.958995][T25188]  ? do_syscall_64+0xbe/0x3b0
[  488.959011][T25188]  do_syscall_64+0xfa/0x3b0
[  488.959021][T25188]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.959030][T25188]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.959039][T25188]  ? exc_page_fault+0x9f/0xf0
[  488.959050][T25188]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.959058][T25188] RIP: 0033:0x7f0273f8ebe9
[  488.959067][T25188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  488.959076][T25188] RSP: 002b:00007f0274e46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  488.959113][T25188] RAX: ffffffffffffffda RBX: 00007f02741b5fa0 RCX: 00007f0273f8ebe9
[  488.959121][T25188] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000008
[  488.959128][T25188] RBP: 00007f0274011e19 R08: 0000000000000000 R09: 0000000000000000
[  488.959134][T25188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  488.959140][T25188] R13: 00007f02741b6038 R14: 00007f02741b5fa0 R15: 00007ffc6cb820e8
[  488.959156][T25188]  </TASK>
[  489.242543][T25194] netlink: 'syz.0.5093': attribute type 16 has an invalid length.
[  489.248861][T25194] netlink: 'syz.0.5093': attribute type 17 has an invalid length.
[  489.262592][T25194] tipc: Resetting bearer <eth:gre0>
[  489.318578][   T24] lo speed is unknown, defaulting to 1000
[  489.319772][T25186] syzkaller0 speed is unknown, defaulting to 1000
[  489.320515][   T24] syz0: Port: 1 Link DOWN
[  489.322204][T20093] lo speed is unknown, defaulting to 1000
[  489.644374][T25223] pim6reg1: entered promiscuous mode
[  489.650514][T25223] pim6reg1: entered allmulticast mode
[  491.635493][T25311] __nla_validate_parse: 12 callbacks suppressed
[  491.635508][T25311] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.5127'.
[  491.690795][T25315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5129'.
[  491.696626][T25315] netlink: 240 bytes leftover after parsing attributes in process `syz.1.5129'.
[  491.865802][T25337] validate_nla: 3 callbacks suppressed
[  491.865815][T25337] netlink: 'syz.1.5135': attribute type 1 has an invalid length.
[  491.922048][T25339] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5136'.
[  491.924966][T25339] netlink: 'syz.2.5136': attribute type 7 has an invalid length.
[  491.927550][T25339] netlink: 'syz.2.5136': attribute type 8 has an invalid length.
[  491.929964][T25339] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5136'.
[  491.931867][T25344] openvswitch: netlink: Tunnel attr 4 has unexpected len 4 expected 1
[  492.001293][T25354] netlink: 'syz.0.5138': attribute type 1 has an invalid length.
[  492.006772][T25354] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  492.037303][T25352] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  492.043003][T25352] mac80211_hwsim hwsim192 syzkaller0: entered promiscuous mode
[  492.046692][T25352] mac80211_hwsim hwsim192 syzkaller0: entered allmulticast mode
[  492.093309][T25360] netlink: 'syz.1.5142': attribute type 10 has an invalid length.
[  492.142846][T25365] netlink: 'syz.0.5143': attribute type 1 has an invalid length.
[  492.147170][T25366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5144'.
[  492.148535][T25356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5140'.
[  492.209580][T25374] mac80211_hwsim hwsim192 syzkaller0: left promiscuous mode
[  492.211899][T25374] mac80211_hwsim hwsim192 syzkaller0: left allmulticast mode
[  492.243775][T25378] tipc: Enabling of bearer <ib:geneve1> rejected, max 3 bearers permitted
[  492.382267][T25389] netlink: 'syz.1.5150': attribute type 13 has an invalid length.
[  492.388985][T25389] netlink: 'syz.1.5150': attribute type 17 has an invalid length.
[  492.409279][T25389] 8021q: adding VLAN 0 to HW filter on device team0
[  492.412505][T25389] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  492.424180][T25392] sctp: [Deprecated]: syz.0.5151 (pid 25392) Use of int in max_burst socket option.
[  492.424180][T25392] Use struct sctp_assoc_value instead
[  492.470305][T25388] lo speed is unknown, defaulting to 1000
[  492.491292][T25394] netlink: 'syz.0.5152': attribute type 1 has an invalid length.
[  492.628955][T25399] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5154'.
[  492.690607][T25388] syzkaller0 speed is unknown, defaulting to 1000
[  493.007303][T25411] lo speed is unknown, defaulting to 1000
[  493.066673][T25412] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5158'.
[  493.239996][T25411] syzkaller0 speed is unknown, defaulting to 1000
[  493.426172][T25420] syzkaller1: entered allmulticast mode
[  493.474174][T25425] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.5163'.
[  493.513837][T25429] netlink: 'syz.2.5164': attribute type 3 has an invalid length.
[  493.521761][T25429] syz_tun: entered allmulticast mode
[  493.586173][T25429] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  493.600064][T25428] syz_tun: left allmulticast mode
[  494.771306][T25499] openvswitch: netlink: Flow actions attr not present in new flow.
[  496.206470][T25569] mac80211_hwsim hwsim365 wlan1: entered allmulticast mode
[  496.208261][T25564] IPVS: Scheduler module ip_vs_sip not found
[  496.491473][T25590] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  496.497033][T25590] mac80211_hwsim hwsim192 syzkaller0: entered promiscuous mode
[  496.500919][T25590] mac80211_hwsim hwsim192 syzkaller0: entered allmulticast mode
[  496.857915][T25611] __nla_validate_parse: 16 callbacks suppressed
[  496.857933][T25611] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.5219'.
[  496.938380][T25613] validate_nla: 5 callbacks suppressed
[  496.938402][T25613] netlink: 'syz.0.5220': attribute type 1 has an invalid length.
[  496.967955][T25619] netlink: 'syz.2.5222': attribute type 13 has an invalid length.
[  497.008662][T25613] bond22: (slave vxcan5): The slave device specified does not support setting the MAC address
[  497.014126][T25613] bond22: (slave vxcan5): Error -95 calling set_mac_address
[  497.033217][T25616] bond22: (slave vxcan5): The slave device specified does not support setting the MAC address
[  497.039238][T25616] bond22: (slave vxcan5): Error -95 calling set_mac_address
[  497.374352][T25642] netlink: 248 bytes leftover after parsing attributes in process `syz.2.5227'.
[  497.521085][T25653] netlink: 'syz.2.5230': attribute type 1 has an invalid length.
[  497.621402][T25661] mac80211_hwsim hwsim336 wlan0: entered promiscuous mode
[  497.730836][T25663] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  497.739373][T25663] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5234'.
[  498.043366][T25673] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5236'.
[  498.932292][T25695] netlink: 'syz.0.5242': attribute type 1 has an invalid length.
[  499.099907][T25702] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  499.107904][T25703] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  499.170595][T25707] lo speed is unknown, defaulting to 1000
[  499.221226][T25708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5245'.
[  499.466622][T25711] netlink: 132 bytes leftover after parsing attributes in process `syz.1.5246'.
[  499.476302][T25707] syzkaller0 speed is unknown, defaulting to 1000
[  499.516508][T25713] netlink: 1712 bytes leftover after parsing attributes in process `syz.2.5247'.
[  499.747368][T25726] netlink: 'syz.0.5250': attribute type 1 has an invalid length.
[  499.749956][T25726] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5250'.
[  499.754816][T25726] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5250'.
[  499.793400][T25730] mac80211_hwsim hwsim365 wlan1: left allmulticast mode
[  500.151913][T25756] netlink: 'syz.2.5260': attribute type 1 has an invalid length.
[  500.162319][T25759] netlink: 'syz.0.5261': attribute type 10 has an invalid length.
[  500.172319][T25756] 8021q: adding VLAN 0 to HW filter on device bond23
[  500.277697][T25770] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.5264'.
[  500.623340][T25777] syz_tun: entered allmulticast mode
[  500.656364][T25779] syz_tun: left allmulticast mode
[  500.811522][T25793] mac80211_hwsim hwsim323 wlan1: entered allmulticast mode
[  500.887314][T25802] veth1_to_bond: entered promiscuous mode
[  500.890912][T25802] veth1_to_bond: entered allmulticast mode
[  501.091983][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  501.093950][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  501.127826][T25820] lo speed is unknown, defaulting to 1000
[  501.370241][T25847] lo speed is unknown, defaulting to 1000
[  501.580335][T25820] syzkaller0 speed is unknown, defaulting to 1000
[  501.733794][T25847] syzkaller0 speed is unknown, defaulting to 1000
[  502.021225][T25877] __nla_validate_parse: 40 callbacks suppressed
[  502.021242][T25877] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.5295'.
[  502.113954][T25879] syzkaller1: entered promiscuous mode
[  502.116978][T25879] syzkaller1: entered allmulticast mode
[  502.182199][T25881] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5297'.
[  502.327785][T25893] mac80211_hwsim hwsim323 wlan1: left allmulticast mode
[  502.410226][T25899] netlink: 'syz.0.5303': attribute type 11 has an invalid length.
[  502.425711][T25900] netlink: 'syz.2.5301': attribute type 10 has an invalid length.
[  502.607482][T25908] lo speed is unknown, defaulting to 1000
[  502.630479][T25911] netlink: 248 bytes leftover after parsing attributes in process `syz.1.5307'.
[  502.819296][T25913] netlink: 248 bytes leftover after parsing attributes in process `syz.1.5307'.
[  502.947585][T25912] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5305'.
[  503.124645][T25908] syzkaller0 speed is unknown, defaulting to 1000
[  503.171731][T25921] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5310'.
[  503.180803][T25921] netlink: 248 bytes leftover after parsing attributes in process `syz.1.5310'.
[  503.396202][T25935] netlink: 'syz.2.5316': attribute type 1 has an invalid length.
[  503.472512][T25935] 8021q: adding VLAN 0 to HW filter on device bond24
[  503.480176][T25943] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5317'.
[  503.653575][T25954] netlink: 'syz.1.5320': attribute type 4 has an invalid length.
[  503.773605][T25962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5322'.
[  503.933796][T25970] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5325'.
[  504.022839][T25977] syzkaller1: entered promiscuous mode
[  504.025072][T25977] syzkaller1: entered allmulticast mode
[  504.092022][T25984] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode
[  504.099634][T25984] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode
[  504.146201][T25986] netlink: 'syz.1.5332': attribute type 13 has an invalid length.
[  504.148814][T25986] netlink: 'syz.1.5332': attribute type 17 has an invalid length.
[  504.158041][T25986] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  504.211641][T25986] lo speed is unknown, defaulting to 1000
[  504.350563][T25992] lo speed is unknown, defaulting to 1000
[  504.477902][T25986] syzkaller0 speed is unknown, defaulting to 1000
[  504.630737][T25992] syzkaller0 speed is unknown, defaulting to 1000
[  505.404487][T26052] netlink: 'syz.2.5349': attribute type 1 has an invalid length.
[  505.493801][T26052] 8021q: adding VLAN 0 to HW filter on device bond25
[  505.529911][T26066] netlink: 'syz.0.5353': attribute type 1 has an invalid length.
[  505.532294][T26066] netlink: 'syz.0.5353': attribute type 2 has an invalid length.
[  505.538639][T26066] netlink: 'syz.0.5353': attribute type 1 has an invalid length.
[  505.590413][T26069] netlink: 'syz.1.5355': attribute type 12 has an invalid length.
[  505.813989][T26087] sctp: [Deprecated]: syz.1.5359 (pid 26087) Use of int in maxseg socket option.
[  505.813989][T26087] Use struct sctp_assoc_value instead
[  506.027728][T26108] tipc: Resetting bearer <eth:gre0>
[  506.188352][T26115] pim6reg1: entered promiscuous mode
[  506.190472][T26115] pim6reg1: entered allmulticast mode
[  506.245729][T26131] lo speed is unknown, defaulting to 1000
[  506.633108][T26131] syzkaller0 speed is unknown, defaulting to 1000
[  506.769869][T26166] mac80211_hwsim hwsim7 syzkaller0: left promiscuous mode
[  506.772313][T26166] mac80211_hwsim hwsim7 syzkaller0: left allmulticast mode
[  507.635271][T26217] batman_adv: batadv0: Adding interface: macvlan3
[  507.638988][T26217] batman_adv: batadv0: The MTU of interface macvlan3 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  507.649038][T26217] batman_adv: batadv0: Interface activated: macvlan3
[  507.657348][T26217] __nla_validate_parse: 16 callbacks suppressed
[  507.657391][T26217] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5400'.
[  507.796472][T26242] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5402'.
[  508.033051][T26262] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5411'.
[  508.087679][T26266] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5413'.
[  508.132997][T26268] validate_nla: 1 callbacks suppressed
[  508.133008][T26268] netlink: 'syz.2.5414': attribute type 5 has an invalid length.
[  508.330976][T26284] pim6reg1: entered promiscuous mode
[  508.332851][T26284] pim6reg1: entered allmulticast mode
[  508.450090][T26284] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5418'.
[  508.483256][T26284] bond26 (unregistering): Released all slaves
[  508.629967][T26301] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5423'.
[  508.678631][T26306] IPVS: Scheduler module ip_vs_sip not found
[  508.688847][T26308] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5425'.
[  508.692784][T26308] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5425'.
[  508.695967][T26308] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5425'.
[  508.698958][T26308] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5425'.
[  509.008648][T26333] sctp: [Deprecated]: syz.0.5432 (pid 26333) Use of int in max_burst socket option deprecated.
[  509.008648][T26333] Use struct sctp_assoc_value instead
[  509.160859][T26353] lo speed is unknown, defaulting to 1000
[  509.381432][T26363] unknown channel width for channel at 909000KHz?
[  509.384365][T26363] unknown channel width for channel at 909000KHz?
[  509.388756][T26363] unknown channel width for channel at 909000KHz?
[  509.440407][T26356] netlink: 'syz.0.5437': attribute type 1 has an invalid length.
[  509.666968][T26353] syzkaller0 speed is unknown, defaulting to 1000
[  510.202062][T26409] bridge: RTM_NEWNEIGH with invalid ether address
[  510.749877][T26459] netlink: 'syz.1.5468': attribute type 1 has an invalid length.
[  510.832364][T26465] bond0 (unregistering): Released all slaves
[  510.979985][T26480] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  511.171091][T26490] netlink: 'syz.2.5474': attribute type 1 has an invalid length.
[  511.175998][T26490] netlink: 'syz.2.5474': attribute type 1 has an invalid length.
[  511.449601][T26515] mac80211_hwsim hwsim394 wlan1: entered allmulticast mode
[  511.990997][T26569] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  512.272659][T26601] netlink: 'syz.2.5509': attribute type 5 has an invalid length.
[  512.836972][T26631] netlink: 'syz.0.5517': attribute type 13 has an invalid length.
[  512.881377][T26631] batman_adv: batadv0: Interface deactivated: macvlan3
[  512.939029][T26635] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  512.943432][T26635] mac80211_hwsim hwsim192 syzkaller0: left promiscuous mode
[  512.947455][T26635] mac80211_hwsim hwsim192 syzkaller0: left allmulticast mode
[  513.008968][T26643] 8021q: adding VLAN 0 to HW filter on device bond1
[  513.071766][T26649] __nla_validate_parse: 27 callbacks suppressed
[  513.071777][T26649] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5521'.
[  513.078983][T26648] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5521'.
[  513.107041][T26651] netlink: 'syz.1.5522': attribute type 10 has an invalid length.
[  513.111277][T26649] lo speed is unknown, defaulting to 1000
[  513.137197][T26653] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5523'.
[  513.210401][T26660] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.5525'.
[  513.213432][T26660] netlink: zone id is out of range
[  513.222805][T26660] netlink: zone id is out of range
[  513.237453][T26660] netlink: zone id is out of range
[  513.240320][T26660] netlink: get zone limit has 8 unknown bytes
[  513.262641][T26662] mac80211_hwsim hwsim394 wlan1: left allmulticast mode
[  513.273812][T26662] netlink: 4768 bytes leftover after parsing attributes in process `syz.1.5526'.
[  513.290995][T26664] netlink: 'syz.2.5527': attribute type 1 has an invalid length.
[  513.294891][T26662] netlink: 'syz.1.5526': attribute type 10 has an invalid length.
[  513.387074][T26668] netlink: 'syz.2.5528': attribute type 10 has an invalid length.
[  513.415765][T26649] syzkaller0 speed is unknown, defaulting to 1000
[  513.430450][T26674] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5532'.
[  513.494641][T26678] netlink: 248 bytes leftover after parsing attributes in process `syz.2.5531'.
[  513.597490][T26692] netlink: 'syz.1.5536': attribute type 1 has an invalid length.
[  513.599959][T26692] netlink: 184 bytes leftover after parsing attributes in process `syz.1.5536'.
[  513.602696][T26692] netlink: 'syz.1.5536': attribute type 1 has an invalid length.
[  513.611771][T26690] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5536'.
[  513.615370][T26690] nbd: illegal input index 65508
[  513.662793][T26695] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.5537'.
[  514.003134][T26716] IPVS: Scheduler module ip_vs_sip not found
[  514.030389][T26716] lo speed is unknown, defaulting to 1000
[  514.168238][T26726] tap0: tun_chr_ioctl cmd 1074025677
[  514.170367][T26726] tap0: linktype set to 780
[  514.378335][T26716] syzkaller0 speed is unknown, defaulting to 1000
[  514.581277][T26751] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  514.587096][T26752] nbd: must specify at least one socket
[  515.460374][T26792] netlink: 'syz.2.5569': attribute type 16 has an invalid length.
[  516.343207][T26842] netlink: 'syz.0.5584': attribute type 4 has an invalid length.
[  516.620423][T26859] pim6reg1: entered promiscuous mode
[  516.622658][T26859] pim6reg1: entered allmulticast mode
[  516.694146][T26858] 8021q: adding VLAN 0 to HW filter on device bond0
[  516.698982][T26858] bond0: entered promiscuous mode
[  516.700920][T26858] team0: Port device bond0 added
[  516.898259][T26878] netlink: 'syz.0.5596': attribute type 12 has an invalid length.
[  516.975352][T26881] veth1_to_bond: left promiscuous mode
[  516.977319][T26881] veth1_to_bond: left allmulticast mode
[  516.987211][T26881] mac80211_hwsim hwsim336 wlan0: left promiscuous mode
[  516.989792][T26881] vlan3: left allmulticast mode
[  516.991539][T26881] mac80211_hwsim hwsim336 wlan0: left allmulticast mode
[  517.243565][T26907] netlink: 'syz.0.5606': attribute type 1 has an invalid length.
[  517.259290][T26907] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  517.456317][T26925] netlink: 'syz.0.5610': attribute type 10 has an invalid length.
[  517.597314][T26933] lo speed is unknown, defaulting to 1000
[  517.870921][T26958] bond0: option miimon: invalid value (18446744073709551607)
[  517.873620][T26958] bond0: option miimon: allowed values 0 - 2147483647
[  517.903720][T26933] syzkaller0 speed is unknown, defaulting to 1000
[  517.967160][T26969] veth0_virt_wifi: renamed from vlan0
[  518.042009][T26973] 8021q: adding VLAN 0 to HW filter on device bond20
[  518.053549][T26969] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  518.120807][T26983] Unsupported ieee802154 address type: 0
[  518.181553][T26989] __nla_validate_parse: 32 callbacks suppressed
[  518.181565][T26989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5627'.
[  518.318582][T26993] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  518.322492][T26993] CPU: 0 UID: 0 PID: 26993 Comm: syz.0.5628 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  518.322507][T26993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  518.322513][T26993] Call Trace:
[  518.322519][T26993]  <TASK>
[  518.322523][T26993]  dump_stack_lvl+0x189/0x250
[  518.322543][T26993]  ? __pfx_dump_stack_lvl+0x10/0x10
[  518.322555][T26993]  ? __pfx__printk+0x10/0x10
[  518.322571][T26993]  ? kernfs_path_from_node+0x2f/0x290
[  518.322582][T26993]  ? kernfs_path_from_node+0x250/0x290
[  518.322592][T26993]  ? kernfs_path_from_node+0x2f/0x290
[  518.322603][T26993]  sysfs_warn_dup+0x8e/0xa0
[  518.322612][T26993]  sysfs_do_create_link_sd+0xc0/0x110
[  518.322623][T26993]  device_add_class_symlinks+0x1cf/0x240
[  518.322637][T26993]  device_add+0x475/0xb50
[  518.322651][T26993]  wiphy_register+0x1ba6/0x28d0
[  518.322671][T26993]  ? __pfx_wiphy_register+0x10/0x10
[  518.322680][T26993]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  518.322696][T26993]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  518.322710][T26993]  ieee80211_register_hw+0x3425/0x4080
[  518.322731][T26993]  ? ieee80211_register_hw+0x1401/0x4080
[  518.322746][T26993]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  518.322760][T26993]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  518.322774][T26993]  ? __hrtimer_setup+0x187/0x210
[  518.322782][T26993]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  518.322796][T26993]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  518.322823][T26993]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  518.322833][T26993]  ? trace_kmalloc+0x1f/0xd0
[  518.322844][T26993]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  518.322857][T26993]  ? kstrndup+0xbf/0x160
[  518.322870][T26993]  hwsim_new_radio_nl+0xea4/0x1b10
[  518.322881][T26993]  ? __pfx___nla_validate_parse+0x10/0x10
[  518.322898][T26993]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  518.322913][T26993]  ? __nla_parse+0x40/0x60
[  518.322926][T26993]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  518.322939][T26993]  genl_family_rcv_msg_doit+0x215/0x300
[  518.322955][T26993]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  518.322974][T26993]  ? bpf_lsm_capable+0x9/0x20
[  518.322985][T26993]  ? security_capable+0x7e/0x2e0
[  518.323000][T26993]  genl_rcv_msg+0x60e/0x790
[  518.323015][T26993]  ? __pfx_genl_rcv_msg+0x10/0x10
[  518.323027][T26993]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  518.323043][T26993]  netlink_rcv_skb+0x208/0x470
[  518.323058][T26993]  ? __lock_acquire+0xab9/0xd20
[  518.323072][T26993]  ? __pfx_genl_rcv_msg+0x10/0x10
[  518.323086][T26993]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  518.323107][T26993]  ? down_read+0x1ad/0x2e0
[  518.323122][T26993]  genl_rcv+0x28/0x40
[  518.323135][T26993]  netlink_unicast+0x82f/0x9e0
[  518.323150][T26993]  ? __pfx_netlink_unicast+0x10/0x10
[  518.323161][T26993]  ? netlink_sendmsg+0x642/0xb30
[  518.323171][T26993]  ? skb_put+0x11b/0x210
[  518.323184][T26993]  netlink_sendmsg+0x805/0xb30
[  518.323199][T26993]  ? __pfx_netlink_sendmsg+0x10/0x10
[  518.323210][T26993]  ? aa_sock_msg_perm+0xf1/0x1d0
[  518.323223][T26993]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  518.323232][T26993]  ? __pfx_netlink_sendmsg+0x10/0x10
[  518.323242][T26993]  __sock_sendmsg+0x21c/0x270
[  518.323253][T26993]  ____sys_sendmsg+0x505/0x830
[  518.323267][T26993]  ? __pfx_____sys_sendmsg+0x10/0x10
[  518.323283][T26993]  ? import_iovec+0x74/0xa0
[  518.323293][T26993]  ___sys_sendmsg+0x21f/0x2a0
[  518.323305][T26993]  ? __pfx____sys_sendmsg+0x10/0x10
[  518.323335][T26993]  ? __fget_files+0x2a/0x420
[  518.323346][T26993]  ? __fget_files+0x3a0/0x420
[  518.323363][T26993]  __x64_sys_sendmsg+0x19b/0x260
[  518.323402][T26993]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  518.323426][T26993]  ? do_syscall_64+0xbe/0x3b0
[  518.323441][T26993]  do_syscall_64+0xfa/0x3b0
[  518.323451][T26993]  ? lockdep_hardirqs_on+0x9c/0x150
[  518.323461][T26993]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.323470][T26993]  ? exc_page_fault+0x9f/0xf0
[  518.323480][T26993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.323488][T26993] RIP: 0033:0x7f0273f8ebe9
[  518.323498][T26993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  518.323506][T26993] RSP: 002b:00007f0274e46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  518.323517][T26993] RAX: ffffffffffffffda RBX: 00007f02741b5fa0 RCX: 00007f0273f8ebe9
[  518.323524][T26993] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007
[  518.323531][T26993] RBP: 00007f0274011e19 R08: 0000000000000000 R09: 0000000000000000
[  518.323537][T26993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  518.323544][T26993] R13: 00007f02741b6038 R14: 00007f02741b5fa0 R15: 00007ffc6cb820e8
[  518.323559][T26993]  </TASK>
[  518.472663][T26996] validate_nla: 4 callbacks suppressed
[  518.472678][T26996] netlink: 'syz.2.5629': attribute type 13 has an invalid length.
[  518.581707][T27004] IPVS: set_ctl: invalid protocol: 22 172.20.20.50:20002
[  518.690894][T27008] 8021q: adding VLAN 0 to HW filter on device bond3
[  523.692462][ T5296] udevd[5296]: worker [16393] /devices/virtual/block/nbd0 timeout; kill it
[  523.695745][ T5296] udevd[5296]: seq 20182 '/devices/virtual/block/nbd0' killed
[  534.264682][ T5237] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  534.268639][ T5237] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  534.272234][ T5237] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  534.277603][ T5237] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  534.280320][ T5237] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  534.387124][ T5861] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  534.392179][ T5861] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  534.401096][ T5861] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  534.407513][ T5861] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  534.412070][ T5861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  534.450329][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  534.460224][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  534.463183][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  534.467498][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  534.470789][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  534.476576][T27016] lo speed is unknown, defaulting to 1000
[  534.529774][ T5237] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  534.538794][ T5237] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  534.542979][ T5237] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  534.546988][ T5237] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  534.549861][ T5237] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  534.887743][T27024] lo speed is unknown, defaulting to 1000
[  535.017045][T27016] syzkaller0 speed is unknown, defaulting to 1000
[  535.052392][T27027] lo speed is unknown, defaulting to 1000
[  535.149099][T27016] chnl_net:caif_netlink_parms(): no params data found
[  535.267242][T27016] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.269578][T27016] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.271930][T27016] bridge_slave_0: entered allmulticast mode
[  535.276473][T27016] bridge_slave_0: entered promiscuous mode
[  535.279431][T27024] syzkaller0 speed is unknown, defaulting to 1000
[  535.280012][T27016] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.284039][T27016] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.286521][T27016] bridge_slave_1: entered allmulticast mode
[  535.289432][T27016] bridge_slave_1: entered promiscuous mode
[  535.365338][T27016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.375168][T27016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.413091][T27016] team0: Port device team_slave_0 added
[  535.421685][T27016] team0: Port device team_slave_1 added
[  535.457349][T27016] batman_adv: batadv0: Adding interface: batadv_slave_0
[  535.459542][T27016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  535.467750][T27016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  535.475026][T27016] batman_adv: batadv0: Adding interface: batadv_slave_1
[  535.477429][T27016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  535.493849][T27016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  535.587075][T27027] syzkaller0 speed is unknown, defaulting to 1000
[  535.599848][T27016] hsr_slave_0: entered promiscuous mode
[  535.602265][T27016] hsr_slave_1: entered promiscuous mode
[  535.604897][T27016] debugfs: 'hsr0' already exists in 'hsr'
[  535.606832][T27016] Cannot create hsr debugfs directory
[  535.659325][T27024] chnl_net:caif_netlink_parms(): no params data found
[  535.822462][T27024] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.825044][T27024] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.827368][T27024] bridge_slave_0: entered allmulticast mode
[  535.830559][T27024] bridge_slave_0: entered promiscuous mode
[  535.837503][T27024] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.839867][T27024] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.842596][T27024] bridge_slave_1: entered allmulticast mode
[  535.845498][T27024] bridge_slave_1: entered promiscuous mode
[  535.889169][T27024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.911998][T27024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.969596][T27024] team0: Port device team_slave_0 added
[  535.978121][T27024] team0: Port device team_slave_1 added
[  536.020850][T27024] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.023440][T27024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.033242][T27024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.043041][T27024] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.047347][T27024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.055570][T27024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.067234][T27027] chnl_net:caif_netlink_parms(): no params data found
[  536.155651][T27024] hsr_slave_0: entered promiscuous mode
[  536.158105][T27024] hsr_slave_1: entered promiscuous mode
[  536.160315][T27024] debugfs: 'hsr0' already exists in 'hsr'
[  536.162113][T27024] Cannot create hsr debugfs directory
[  536.249009][T27027] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.252080][T27027] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.256227][T27027] bridge_slave_0: entered allmulticast mode
[  536.259247][T27027] bridge_slave_0: entered promiscuous mode
[  536.269491][T27027] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.272533][T27027] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.275747][T27027] bridge_slave_1: entered allmulticast mode
[  536.278696][T27027] bridge_slave_1: entered promiscuous mode
[  536.320947][T27027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  536.333453][T27027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.385477][T27027] team0: Port device team_slave_0 added
[  536.394283][T27027] team0: Port device team_slave_1 added
[  536.432372][T27027] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.435475][T27027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.443384][T27027] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.455589][ T5237] Bluetooth: hci3: command tx timeout
[  536.463812][T27027] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.467812][T27027] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.476350][T27027] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.524964][ T5237] Bluetooth: hci4: command tx timeout
[  536.545230][T27027] hsr_slave_0: entered promiscuous mode
[  536.547857][T27027] hsr_slave_1: entered promiscuous mode
[  536.550059][T27027] debugfs: 'hsr0' already exists in 'hsr'
[  536.551855][T27027] Cannot create hsr debugfs directory
[  536.604592][ T5237] Bluetooth: hci5: command tx timeout
[  538.524812][ T5237] Bluetooth: hci3: command tx timeout
[  538.604823][ T5237] Bluetooth: hci4: command tx timeout
[  538.684642][ T5237] Bluetooth: hci5: command tx timeout
[  540.604850][ T5237] Bluetooth: hci3: command tx timeout
[  540.684693][ T5237] Bluetooth: hci4: command tx timeout
[  540.764592][ T5237] Bluetooth: hci5: command tx timeout
[  542.694733][ T5237] Bluetooth: hci3: command tx timeout
[  542.764701][ T5237] Bluetooth: hci4: command tx timeout
[  542.845237][ T5237] Bluetooth: hci5: command tx timeout
[  562.535005][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  562.537637][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  594.260781][ T5861] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  594.264318][ T5861] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  594.269194][ T5861] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  594.272629][ T5861] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  594.275264][ T5861] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  594.298632][T27049] lo speed is unknown, defaulting to 1000
[  594.497961][T27049] syzkaller0 speed is unknown, defaulting to 1000
[  594.606529][T27049] chnl_net:caif_netlink_parms(): no params data found
[  594.669137][T27049] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.672085][T27049] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.675741][T27049] bridge_slave_0: entered allmulticast mode
[  594.678932][T27049] bridge_slave_0: entered promiscuous mode
[  594.683029][T27049] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.686471][T27049] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.689348][T27049] bridge_slave_1: entered allmulticast mode
[  594.692656][T27049] bridge_slave_1: entered promiscuous mode
[  594.716068][T27049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  594.720997][T27049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  594.746787][T27049] team0: Port device team_slave_0 added
[  594.750306][T27049] team0: Port device team_slave_1 added
[  594.771651][T27049] batman_adv: batadv0: Adding interface: batadv_slave_0
[  594.773794][T27049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  594.781649][T27049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  594.787254][T27049] batman_adv: batadv0: Adding interface: batadv_slave_1
[  594.789623][T27049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  594.799345][T27049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  594.842807][T27049] hsr_slave_0: entered promiscuous mode
[  594.846302][T27049] hsr_slave_1: entered promiscuous mode
[  594.849084][T27049] debugfs: 'hsr0' already exists in 'hsr'
[  594.851371][T27049] Cannot create hsr debugfs directory
[  595.332068][ T5237] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  595.339112][ T5237] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  595.341960][ T5237] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  595.345139][ T5237] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  595.347606][ T5237] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  595.365425][T27018] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  595.372690][T27018] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  595.376625][T27018] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  595.379752][T27018] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  595.379760][T27059] lo speed is unknown, defaulting to 1000
[  595.385727][T27018] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  595.486555][T27061] lo speed is unknown, defaulting to 1000
[  595.591641][T27059] syzkaller0 speed is unknown, defaulting to 1000
[  595.712255][T27059] chnl_net:caif_netlink_parms(): no params data found
[  595.751900][T27061] syzkaller0 speed is unknown, defaulting to 1000
[  595.805868][T27059] bridge0: port 1(bridge_slave_0) entered blocking state
[  595.808301][T27059] bridge0: port 1(bridge_slave_0) entered disabled state
[  595.810726][T27059] bridge_slave_0: entered allmulticast mode
[  595.813777][T27059] bridge_slave_0: entered promiscuous mode
[  595.826687][T27059] bridge0: port 2(bridge_slave_1) entered blocking state
[  595.829007][T27059] bridge0: port 2(bridge_slave_1) entered disabled state
[  595.831335][T27059] bridge_slave_1: entered allmulticast mode
[  595.834210][T27059] bridge_slave_1: entered promiscuous mode
[  595.877340][T27059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  595.882409][T27059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  595.917441][T27059] team0: Port device team_slave_0 added
[  595.933451][T27059] team0: Port device team_slave_1 added
[  596.008149][T27059] batman_adv: batadv0: Adding interface: batadv_slave_0
[  596.010505][T27059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.019091][T27059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  596.023671][T27059] batman_adv: batadv0: Adding interface: batadv_slave_1
[  596.028823][T27059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.036766][T27059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  596.053069][T27061] chnl_net:caif_netlink_parms(): no params data found
[  596.108946][T27059] hsr_slave_0: entered promiscuous mode
[  596.111908][T27059] hsr_slave_1: entered promiscuous mode
[  596.114185][T27059] debugfs: 'hsr0' already exists in 'hsr'
[  596.116580][T27059] Cannot create hsr debugfs directory
[  596.178724][T27061] bridge0: port 1(bridge_slave_0) entered blocking state
[  596.180961][T27061] bridge0: port 1(bridge_slave_0) entered disabled state
[  596.183279][T27061] bridge_slave_0: entered allmulticast mode
[  596.189060][T27061] bridge_slave_0: entered promiscuous mode
[  596.197045][T27061] bridge0: port 2(bridge_slave_1) entered blocking state
[  596.199451][T27061] bridge0: port 2(bridge_slave_1) entered disabled state
[  596.201833][T27061] bridge_slave_1: entered allmulticast mode
[  596.207755][T27061] bridge_slave_1: entered promiscuous mode
[  596.242640][T27061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  596.252378][T27061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  596.284279][T27061] team0: Port device team_slave_0 added
[  596.294924][ T5861] Bluetooth: hci6: command tx timeout
[  596.300419][T27061] team0: Port device team_slave_1 added
[  596.345796][T27061] batman_adv: batadv0: Adding interface: batadv_slave_0
[  596.348634][T27061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.359436][T27061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  596.371112][T27061] batman_adv: batadv0: Adding interface: batadv_slave_1
[  596.373843][T27061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  596.382681][T27061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  596.440602][T27061] hsr_slave_0: entered promiscuous mode
[  596.443773][T27061] hsr_slave_1: entered promiscuous mode
[  596.447095][T27061] debugfs: 'hsr0' already exists in 'hsr'
[  596.449324][T27061] Cannot create hsr debugfs directory
[  597.405124][ T5861] Bluetooth: hci8: command tx timeout
[  597.407146][T27018] Bluetooth: hci7: command tx timeout
[  598.364813][T27018] Bluetooth: hci6: command tx timeout
[  599.484794][T27018] Bluetooth: hci8: command tx timeout
[  599.494805][T27018] Bluetooth: hci7: command tx timeout
[  600.445093][T27018] Bluetooth: hci6: command tx timeout
[  601.564817][T27018] Bluetooth: hci7: command tx timeout
[  601.565158][ T5861] Bluetooth: hci8: command tx timeout
[  602.525138][T27018] Bluetooth: hci6: command tx timeout
[  603.644861][T27018] Bluetooth: hci7: command tx timeout
[  603.645365][ T5861] Bluetooth: hci8: command tx timeout
[  623.971418][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  623.973812][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  655.240953][T27076] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  655.247593][T27076] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  655.250592][T27076] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  655.254083][T27076] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  655.257288][T27076] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  655.278371][T27079] lo speed is unknown, defaulting to 1000
[  655.475378][T27079] syzkaller0 speed is unknown, defaulting to 1000
[  655.577156][T27079] chnl_net:caif_netlink_parms(): no params data found
[  655.655479][T27079] bridge0: port 1(bridge_slave_0) entered blocking state
[  655.657682][T27079] bridge0: port 1(bridge_slave_0) entered disabled state
[  655.659886][T27079] bridge_slave_0: entered allmulticast mode
[  655.662765][T27079] bridge_slave_0: entered promiscuous mode
[  655.666647][T27079] bridge0: port 2(bridge_slave_1) entered blocking state
[  655.668943][T27079] bridge0: port 2(bridge_slave_1) entered disabled state
[  655.671325][T27079] bridge_slave_1: entered allmulticast mode
[  655.674135][T27079] bridge_slave_1: entered promiscuous mode
[  655.696664][T27079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  655.701673][T27079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  655.723506][T27079] team0: Port device team_slave_0 added
[  655.727616][T27079] team0: Port device team_slave_1 added
[  655.747069][T27079] batman_adv: batadv0: Adding interface: batadv_slave_0
[  655.749223][T27079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  655.757768][T27079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  655.762203][T27079] batman_adv: batadv0: Adding interface: batadv_slave_1
[  655.764324][T27079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  655.772134][T27079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  655.801900][T27079] hsr_slave_0: entered promiscuous mode
[  655.804326][T27079] hsr_slave_1: entered promiscuous mode
[  655.807351][T27079] debugfs: 'hsr0' already exists in 'hsr'
[  655.809131][T27079] Cannot create hsr debugfs directory
[  656.777835][T27076] Bluetooth: hci4: command 0x0406 tx timeout
[  656.779835][T27076] Bluetooth: hci5: command 0x0406 tx timeout
[  656.781714][T27076] Bluetooth: hci3: command 0x0406 tx timeout
[  656.948966][T27018] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  656.953051][T27018] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  656.956858][T27018] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  656.960165][T27018] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  656.962634][T27018] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  656.989032][T27089] lo speed is unknown, defaulting to 1000
[  657.145217][T27063] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  657.158416][T27063] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  657.177951][T27063] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  657.180888][T27063] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  657.186395][T27063] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  657.235422][T27091] lo speed is unknown, defaulting to 1000
[  657.247841][T27089] syzkaller0 speed is unknown, defaulting to 1000
[  657.324947][T27018] Bluetooth: hci9: command tx timeout
[  657.451128][T27091] syzkaller0 speed is unknown, defaulting to 1000
[  657.701575][T27089] chnl_net:caif_netlink_parms(): no params data found
[  657.720321][T27091] chnl_net:caif_netlink_parms(): no params data found
[  657.857396][T27091] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.859713][T27091] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.861999][T27091] bridge_slave_0: entered allmulticast mode
[  657.869578][T27091] bridge_slave_0: entered promiscuous mode
[  657.872555][T27089] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.875167][T27089] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.877326][T27089] bridge_slave_0: entered allmulticast mode
[  657.880728][T27089] bridge_slave_0: entered promiscuous mode
[  657.890770][T27091] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.892981][T27091] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.896050][T27091] bridge_slave_1: entered allmulticast mode
[  657.898936][T27091] bridge_slave_1: entered promiscuous mode
[  657.901396][T27089] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.903658][T27089] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.910257][T27089] bridge_slave_1: entered allmulticast mode
[  657.913173][T27089] bridge_slave_1: entered promiscuous mode
[  657.963884][T27091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.976762][T27089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  657.982458][T27089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  657.991565][T27091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  658.041838][T27089] team0: Port device team_slave_0 added
[  658.045821][T27091] team0: Port device team_slave_0 added
[  658.049435][T27091] team0: Port device team_slave_1 added
[  658.066502][T27089] team0: Port device team_slave_1 added
[  658.108727][T27089] batman_adv: batadv0: Adding interface: batadv_slave_0
[  658.110895][T27089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.120780][T27089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  658.124973][T27091] batman_adv: batadv0: Adding interface: batadv_slave_0
[  658.127101][T27091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.135906][T27091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  658.139968][T27089] batman_adv: batadv0: Adding interface: batadv_slave_1
[  658.142143][T27089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.151090][T27089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  658.155145][T27091] batman_adv: batadv0: Adding interface: batadv_slave_1
[  658.157340][T27091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.165870][T27091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  658.226550][T27089] hsr_slave_0: entered promiscuous mode
[  658.229123][T27089] hsr_slave_1: entered promiscuous mode
[  658.231875][T27089] debugfs: 'hsr0' already exists in 'hsr'
[  658.233658][T27089] Cannot create hsr debugfs directory
[  658.239257][T27091] hsr_slave_0: entered promiscuous mode
[  658.241697][T27091] hsr_slave_1: entered promiscuous mode
[  658.243752][T27091] debugfs: 'hsr0' already exists in 'hsr'
[  658.245949][T27091] Cannot create hsr debugfs directory
[  659.004852][T27018] Bluetooth: hci10: command tx timeout
[  659.245535][T27018] Bluetooth: hci11: command tx timeout
[  659.404911][T27018] Bluetooth: hci9: command tx timeout
[  661.084957][T27018] Bluetooth: hci10: command tx timeout
[  661.324711][T27018] Bluetooth: hci11: command tx timeout
[  661.484914][T27018] Bluetooth: hci9: command tx timeout
[  663.164818][T27018] Bluetooth: hci10: command tx timeout
[  663.414905][T27018] Bluetooth: hci11: command tx timeout
[  663.564664][T27018] Bluetooth: hci9: command tx timeout
[  665.244574][T27018] Bluetooth: hci10: command tx timeout
[  665.484886][T27018] Bluetooth: hci11: command tx timeout
[  670.054823][   T34] INFO: task udevd:16393 blocked for more than 143 seconds.
[  670.057145][   T34]       Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0
[  670.061520][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  670.066162][   T34] task:udevd           state:D stack:21160 pid:16393 tgid:16393 ppid:5296   task_flags:0x400140 flags:0x00004006
[  670.071098][   T34] Call Trace:
[  670.072586][   T34]  <TASK>
[  670.073795][   T34]  __schedule+0x1798/0x4cc0
[  670.076780][   T34]  ? __pfx___schedule+0x10/0x10
[  670.078784][   T34]  ? schedule+0x91/0x360
[  670.080492][   T34]  schedule+0x165/0x360
[  670.082273][   T34]  io_schedule+0x80/0xd0
[  670.084065][   T34]  folio_wait_bit_common+0x6b0/0xb90
[  670.086908][   T34]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  670.089241][   T34]  ? __pfx_wake_page_function+0x10/0x10
[  670.091460][   T34]  ? __filemap_get_folio+0x700/0xaf0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  670.093582][   T34]  ? do_read_cache_folio+0x4e9/0x590
[  670.096543][   T34]  do_read_cache_folio+0x1aa/0x590
[  670.098660][   T34]  ? __pfx_blkdev_read_folio+0x10/0x10
[  670.100882][   T34]  read_part_sector+0xb6/0x2b0
[  670.103110][   T34]  adfspart_check_POWERTEC+0x8c/0xf30
[  670.106381][   T34]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  670.108626][   T34]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[  670.111025][   T34]  bdev_disk_changed+0x75f/0x14b0
[  670.113076][   T34]  ? __pfx_bdev_disk_changed+0x10/0x10
[  670.115748][   T34]  ? wait_on_inode+0xc0/0x230
[  670.117600][   T34]  blkdev_get_whole+0x380/0x510
[  670.124957][   T34]  bdev_open+0x31e/0xd30
[  670.126715][   T34]  blkdev_open+0x3a8/0x510
[  670.128543][   T34]  ? __pfx_blkdev_open+0x10/0x10
[  670.130513][   T34]  do_dentry_open+0x953/0x13f0
[  670.146405][   T34]  vfs_open+0x3b/0x340
[  670.148695][   T34]  ? path_openat+0x2ecd/0x3830
[  670.154918][   T34]  path_openat+0x2ee5/0x3830
[  670.156826][   T34]  ? arch_stack_walk+0xfc/0x150
[  670.158828][   T34]  ? stack_depot_save_flags+0x40/0x860
[  670.173846][   T34]  ? __pfx_path_openat+0x10/0x10
[  670.178806][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.183771][   T34]  do_filp_open+0x1fa/0x410
[  670.187130][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.189147][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  670.191187][   T34]  ? _raw_spin_unlock+0x28/0x50
[  670.193145][   T34]  ? alloc_fd+0x64c/0x6c0
[  670.195829][   T34]  do_sys_openat2+0x121/0x1c0
[  670.197782][   T34]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  670.199970][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  670.202098][   T34]  ? rcu_is_watching+0x15/0xb0
[  670.204034][   T34]  __x64_sys_openat+0x138/0x170
[  670.206816][   T34]  do_syscall_64+0xfa/0x3b0
[  670.208693][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.211119][   T34]  ? asm_common_interrupt+0x26/0x40
[  670.213224][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.216120][   T34] RIP: 0033:0x7fb94e5169a4
[  670.217911][   T34] RSP: 002b:00007ffd0efb7170 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  670.221241][   T34] RAX: ffffffffffffffda RBX: 0000564620725f40 RCX: 00007fb94e5169a4
[  670.225493][   T34] RDX: 00000000000a0800 RSI: 000056462072aa30 RDI: 00000000ffffff9c
[  670.228677][   T34] RBP: 000056462072aa30 R08: 0000000000000001 R09: 7fffffffffffffff
[  670.231836][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800
[  670.235557][   T34] R13: 0000564620711d50 R14: 0000000000000001 R15: 0000564620706910
[  670.238743][   T34]  </TASK>
[  670.240084][   T34] INFO: task syz.0.5630:27001 blocked for more than 143 seconds.
[  670.243151][   T34]       Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0
[  670.247080][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  670.250563][   T34] task:syz.0.5630      state:D stack:25792 pid:27001 tgid:27000 ppid:5862   task_flags:0x480140 flags:0x00004004
[  670.255842][   T34] Call Trace:
[  670.256938][   T34]  <TASK>
[  670.257876][   T34]  __schedule+0x1798/0x4cc0
[  670.259300][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.260903][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.262424][   T34]  ? __pfx___schedule+0x10/0x10
[  670.263972][   T34]  ? schedule+0x91/0x360
[  670.265690][   T34]  schedule+0x165/0x360
[  670.267097][   T34]  blk_mq_freeze_queue_wait+0xf4/0x170
[  670.268880][   T34]  ? __pfx_blk_mq_freeze_queue_wait+0x10/0x10
[  670.270873][   T34]  ? __pfx_autoremove_wake_function+0x10/0x10
[  670.272862][   T34]  ? percpu_ref_kill_and_confirm+0xa3/0x130
[  670.275206][   T34]  queue_limits_commit_update_frozen+0x5e/0x360
[  670.277793][   T34]  ? nbd_set_size+0x2ab/0x6a0
[  670.279717][   T34]  nbd_set_size+0x47e/0x6a0
[  670.281593][   T34]  ? __pfx_nbd_set_size+0x10/0x10
[  670.283641][   T34]  ? nla_memcpy+0x5b/0xc0
[  670.285902][   T34]  nbd_genl_size_set+0x2eb/0x3c0
[  670.287451][   T34]  ? __pfx_nbd_genl_size_set+0x10/0x10
[  670.289137][   T34]  ? __pfx_nbd_get_config_unlocked+0x10/0x10
[  670.291173][   T34]  ? bpf_lsm_capable+0x9/0x20
[  670.292873][   T34]  ? security_capable+0x7e/0x2e0
[  670.294765][   T34]  ? radix_tree_lookup+0x240/0x290
[  670.296788][   T34]  nbd_genl_reconfigure+0x409/0x1870
[  670.298426][   T34]  ? __pfx_nbd_genl_reconfigure+0x10/0x10
[  670.300148][   T34]  ? __nla_parse+0x40/0x60
[  670.301767][   T34]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  670.303785][   T34]  genl_family_rcv_msg_doit+0x215/0x300
[  670.305896][   T34]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  670.307820][   T34]  ? stack_trace_save+0x9c/0xe0
[  670.309379][   T34]  genl_rcv_msg+0x60e/0x790
[  670.310993][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.312580][   T34]  ? __pfx_nbd_genl_reconfigure+0x10/0x10
[  670.314669][   T34]  netlink_rcv_skb+0x208/0x470
[  670.316189][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.317766][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.319363][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  670.321048][   T34]  ? down_read+0x1ad/0x2e0
[  670.322464][   T34]  genl_rcv+0x28/0x40
[  670.323721][   T34]  netlink_unicast+0x82f/0x9e0
[  670.325629][   T34]  ? __pfx_netlink_unicast+0x10/0x10
[  670.327828][   T34]  ? netlink_sendmsg+0x642/0xb30
[  670.329422][   T34]  netlink_sendmsg+0x805/0xb30
[  670.330881][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.332647][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.334987][   T34]  ? aa_sock_msg_perm+0xf1/0x1d0
[  670.336729][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  670.338887][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.341053][   T34]  __sock_sendmsg+0x21c/0x270
[  670.342971][   T34]  ____sys_sendmsg+0x505/0x830
[  670.345004][   T34]  ? __pfx_____sys_sendmsg+0x10/0x10
[  670.346608][   T34]  ? import_iovec+0x74/0xa0
[  670.348061][   T34]  ___sys_sendmsg+0x21f/0x2a0
[  670.349707][   T34]  ? __pfx____sys_sendmsg+0x10/0x10
[  670.351397][   T34]  ? __fget_files+0x2a/0x420
[  670.352864][   T34]  ? __fget_files+0x3a0/0x420
[  670.354933][   T34]  __x64_sys_sendmsg+0x19b/0x260
[  670.356751][   T34]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  670.358620][   T34]  ? do_syscall_64+0xbe/0x3b0
[  670.360156][   T34]  do_syscall_64+0xfa/0x3b0
[  670.361770][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  670.363462][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.366616][   T34]  ? exc_page_fault+0x9f/0xf0
[  670.368312][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.370747][   T34] RIP: 0033:0x7f0273f8ebe9
[  670.372517][   T34] RSP: 002b:00007f0274e46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  670.375528][   T34] RAX: ffffffffffffffda RBX: 00007f02741b5fa0 RCX: 00007f0273f8ebe9
[  670.377997][   T34] RDX: 0000000000004000 RSI: 0000200000000240 RDI: 0000000000000004
[  670.380432][   T34] RBP: 00007f0274011e19 R08: 0000000000000000 R09: 0000000000000000
[  670.382992][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  670.385866][   T34] R13: 00007f02741b6038 R14: 00007f02741b5fa0 R15: 00007ffc6cb820e8
[  670.388378][   T34]  </TASK>
[  670.389391][   T34] INFO: task syz.0.5630:27004 blocked for more than 143 seconds.
[  670.391789][   T34]       Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0
[  670.394321][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  670.397389][   T34] task:syz.0.5630      state:D stack:26920 pid:27004 tgid:27000 ppid:5862   task_flags:0x400140 flags:0x00004004
[  670.401145][   T34] Call Trace:
[  670.402533][   T34]  <TASK>
[  670.403705][   T34]  __schedule+0x1798/0x4cc0
[  670.405641][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.407183][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.408718][   T34]  ? __pfx___schedule+0x10/0x10
[  670.410248][   T34]  ? schedule+0x91/0x360
[  670.411598][   T34]  schedule+0x165/0x360
[  670.412898][   T34]  schedule_preempt_disabled+0x13/0x30
[  670.415052][   T34]  __mutex_lock+0x7e6/0x1360
[  670.416545][   T34]  ? __mutex_lock+0x5b6/0x1360
[  670.418057][   T34]  ? genl_rcv_msg+0x10d/0x790
[  670.419648][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  670.421693][   T34]  ? stack_trace_save+0x9c/0xe0
[  670.423581][   T34]  ? __pfx_stack_trace_save+0x10/0x10
[  670.426381][   T34]  ? radix_tree_lookup+0x240/0x290
[  670.428469][   T34]  genl_rcv_msg+0x10d/0x790
[  670.430364][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.432311][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.434316][   T34]  netlink_rcv_skb+0x208/0x470
[  670.437003][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.438962][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.440983][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  670.443142][   T34]  ? down_read+0x1ad/0x2e0
[  670.445485][   T34]  genl_rcv+0x28/0x40
[  670.447139][   T34]  netlink_unicast+0x82f/0x9e0
[  670.449086][   T34]  ? __pfx_netlink_unicast+0x10/0x10
[  670.451184][   T34]  ? netlink_sendmsg+0x642/0xb30
[  670.453186][   T34]  ? skb_put+0x11b/0x210
[  670.455471][   T34]  netlink_sendmsg+0x805/0xb30
[  670.457475][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.459545][   T34]  ? aa_sock_msg_perm+0xf1/0x1d0
[  670.461582][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  670.463713][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.466583][   T34]  __sock_sendmsg+0x21c/0x270
[  670.468526][   T34]  __sys_sendto+0x3bd/0x520
[  670.470027][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  670.472072][   T34]  ? count_memcg_event_mm+0x21/0x260
[  670.474201][   T34]  ? exc_page_fault+0x76/0xf0
[  670.476936][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  670.479113][   T34]  __x64_sys_sendto+0xde/0x100
[  670.481073][   T34]  do_syscall_64+0xfa/0x3b0
[  670.482863][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  670.485501][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.487973][   T34]  ? exc_page_fault+0x9f/0xf0
[  670.489886][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.492166][   T34] RIP: 0033:0x7f0273f90a7c
[  670.493920][   T34] RSP: 002b:00007f0274e23ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  670.498056][   T34] RAX: ffffffffffffffda RBX: 00007f0274e23fc0 RCX: 00007f0273f90a7c
[  670.501287][   T34] RDX: 0000000000000024 RSI: 00007f0274e24010 RDI: 0000000000000004
[  670.505089][   T34] RBP: 0000000000000000 R08: 00007f0274e23f14 R09: 000000000000000c
[  670.507979][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  670.510991][   T34] R13: 00007f0274e23f68 R14: 00007f0274e24010 R15: 0000000000000000
[  670.514031][   T34]  </TASK>
[  670.515925][   T34] INFO: task syz.0.5630:27006 blocked for more than 143 seconds.
[  670.519038][   T34]       Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0
[  670.522165][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  670.528765][   T34] task:syz.0.5630      state:D stack:28352 pid:27006 tgid:27000 ppid:5862   task_flags:0x400140 flags:0x00004004
[  670.533491][   T34] Call Trace:
[  670.535580][   T34]  <TASK>
[  670.536838][   T34]  __schedule+0x1798/0x4cc0
[  670.538722][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.540718][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.542706][   T34]  ? __pfx___schedule+0x10/0x10
[  670.545257][   T34]  ? schedule+0x91/0x360
[  670.547027][   T34]  schedule+0x165/0x360
[  670.548744][   T34]  schedule_preempt_disabled+0x13/0x30
[  670.550953][   T34]  __mutex_lock+0x7e6/0x1360
[  670.552832][   T34]  ? __mutex_lock+0x5b6/0x1360
[  670.555501][   T34]  ? genl_rcv_msg+0x10d/0x790
[  670.557444][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  670.559514][   T34]  ? stack_trace_save+0x9c/0xe0
[  670.561477][   T34]  ? __pfx_stack_trace_save+0x10/0x10
[  670.563549][   T34]  ? radix_tree_lookup+0x240/0x290
[  670.566136][   T34]  genl_rcv_msg+0x10d/0x790
[  670.568035][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.570007][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.572054][   T34]  netlink_rcv_skb+0x208/0x470
[  670.574012][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.576422][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.578022][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  670.579689][   T34]  ? down_read+0x1ad/0x2e0
[  670.581501][   T34]  genl_rcv+0x28/0x40
[  670.583127][   T34]  netlink_unicast+0x82f/0x9e0
[  670.585618][   T34]  ? __pfx_netlink_unicast+0x10/0x10
[  670.587782][   T34]  ? netlink_sendmsg+0x642/0xb30
[  670.589779][   T34]  ? skb_put+0x11b/0x210
[  670.591434][   T34]  netlink_sendmsg+0x805/0xb30
[  670.593278][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.595616][   T34]  ? aa_sock_msg_perm+0xf1/0x1d0
[  670.597692][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  670.599874][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.602071][   T34]  __sock_sendmsg+0x21c/0x270
[  670.603984][   T34]  __sys_sendto+0x3bd/0x520
[  670.606028][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  670.608085][   T34]  ? count_memcg_event_mm+0x21/0x260
[  670.610235][   T34]  ? exc_page_fault+0x76/0xf0
[  670.612300][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  670.615298][   T34]  __x64_sys_sendto+0xde/0x100
[  670.617413][   T34]  do_syscall_64+0xfa/0x3b0
[  670.618839][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  670.620474][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.622352][   T34]  ? exc_page_fault+0x9f/0xf0
[  670.623818][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.626111][   T34] RIP: 0033:0x7f0273f90a7c
[  670.627604][   T34] RSP: 002b:00007f0274e02ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  670.630487][   T34] RAX: ffffffffffffffda RBX: 00007f0274e02fc0 RCX: 00007f0273f90a7c
[  670.632908][   T34] RDX: 000000000000001c RSI: 00007f0274e03010 RDI: 0000000000000004
[  670.635754][   T34] RBP: 0000000000000000 R08: 00007f0274e02f14 R09: 000000000000000c
[  670.638266][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  670.640731][   T34] R13: 00007f0274e02f68 R14: 00007f0274e03010 R15: 0000000000000000
[  670.643202][   T34]  </TASK>
[  670.644194][   T34] INFO: task syz.2.5631:27003 blocked for more than 143 seconds.
[  670.647063][   T34]       Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0
[  670.649486][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  670.652221][   T34] task:syz.2.5631      state:D stack:28816 pid:27003 tgid:27002 ppid:5866   task_flags:0x400040 flags:0x00004004
[  670.656207][   T34] Call Trace:
[  670.657270][   T34]  <TASK>
[  670.658219][   T34]  __schedule+0x1798/0x4cc0
[  670.659633][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.661125][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.662599][   T34]  ? __pfx___schedule+0x10/0x10
[  670.664137][   T34]  ? schedule+0x91/0x360
[  670.665806][   T34]  schedule+0x165/0x360
[  670.667100][   T34]  schedule_preempt_disabled+0x13/0x30
[  670.668810][   T34]  __mutex_lock+0x7e6/0x1360
[  670.670274][   T34]  ? __mutex_lock+0x5b6/0x1360
[  670.671797][   T34]  ? genl_rcv_msg+0x10d/0x790
[  670.673357][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  670.675393][   T34]  ? stack_trace_save+0x9c/0xe0
[  670.676933][   T34]  ? __pfx_stack_trace_save+0x10/0x10
[  670.678793][   T34]  ? radix_tree_lookup+0x240/0x290
[  670.680538][   T34]  genl_rcv_msg+0x10d/0x790
[  670.681921][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.683389][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.685673][   T34]  netlink_rcv_skb+0x208/0x470
[  670.687137][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.688654][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.690254][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  670.691940][   T34]  ? down_read+0x1ad/0x2e0
[  670.693320][   T34]  genl_rcv+0x28/0x40
[  670.694898][   T34]  netlink_unicast+0x82f/0x9e0
[  670.696431][   T34]  ? __pfx_netlink_unicast+0x10/0x10
[  670.698067][   T34]  ? netlink_sendmsg+0x642/0xb30
[  670.699600][   T34]  ? skb_put+0x11b/0x210
[  670.700947][   T34]  netlink_sendmsg+0x805/0xb30
[  670.702437][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.704070][   T34]  ? aa_sock_msg_perm+0xf1/0x1d0
[  670.706090][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  670.707723][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.709322][   T34]  __sock_sendmsg+0x21c/0x270
[  670.710766][   T34]  __sys_sendto+0x3bd/0x520
[  670.712145][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  670.713718][   T34]  ? count_memcg_event_mm+0x21/0x260
[  670.715704][   T34]  ? exc_page_fault+0x76/0xf0
[  670.717191][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  670.718830][   T34]  __x64_sys_sendto+0xde/0x100
[  670.720322][   T34]  do_syscall_64+0xfa/0x3b0
[  670.721769][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  670.723427][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.725655][   T34]  ? exc_page_fault+0x9f/0xf0
[  670.727136][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.729120][   T34] RIP: 0033:0x7f4a01b90a7c
[  670.730607][   T34] RSP: 002b:00007f49ffdf4ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  670.733435][   T34] RAX: ffffffffffffffda RBX: 00007f49ffdf4fc0 RCX: 00007f4a01b90a7c
[  670.737004][   T34] RDX: 0000000000000020 RSI: 00007f49ffdf5010 RDI: 0000000000000003
[  670.739893][   T34] RBP: 0000000000000000 R08: 00007f49ffdf4f14 R09: 000000000000000c
[  670.742725][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  670.745531][   T34] R13: 00007f49ffdf4f68 R14: 00007f49ffdf5010 R15: 0000000000000000
[  670.747991][   T34]  </TASK>
[  670.748993][   T34] INFO: task syz.1.5632:27010 blocked for more than 144 seconds.
[  670.751359][   T34]       Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0
[  670.753741][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  670.756933][   T34] task:syz.1.5632      state:D stack:28616 pid:27010 tgid:27007 ppid:5858   task_flags:0x400040 flags:0x00004004
[  670.760630][   T34] Call Trace:
[  670.761683][   T34]  <TASK>
[  670.762617][   T34]  __schedule+0x1798/0x4cc0
[  670.764056][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.766273][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.767900][   T34]  ? __pfx___schedule+0x10/0x10
[  670.769460][   T34]  ? schedule+0x91/0x360
[  670.770806][   T34]  schedule+0x165/0x360
[  670.772103][   T34]  schedule_preempt_disabled+0x13/0x30
[  670.774221][   T34]  __mutex_lock+0x7e6/0x1360
[  670.775932][   T34]  ? __mutex_lock+0x5b6/0x1360
[  670.777309][   T34]  ? genl_rcv_msg+0x10d/0x790
[  670.778734][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  670.780280][   T34]  ? stack_trace_save+0x9c/0xe0
[  670.781830][   T34]  ? __pfx_stack_trace_save+0x10/0x10
[  670.783667][   T34]  ? radix_tree_lookup+0x240/0x290
[  670.785651][   T34]  genl_rcv_msg+0x10d/0x790
[  670.787094][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.788706][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.790271][   T34]  netlink_rcv_skb+0x208/0x470
[  670.791780][   T34]  ? __lock_acquire+0xab9/0xd20
[  670.793259][   T34]  ? __pfx_genl_rcv_msg+0x10/0x10
[  670.795360][   T34]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  670.797030][   T34]  ? down_read+0x1ad/0x2e0
[  670.798495][   T34]  genl_rcv+0x28/0x40
[  670.799733][   T34]  netlink_unicast+0x82f/0x9e0
[  670.801231][   T34]  ? __pfx_netlink_unicast+0x10/0x10
[  670.802994][   T34]  ? netlink_sendmsg+0x642/0xb30
[  670.805014][   T34]  ? skb_put+0x11b/0x210
[  670.806454][   T34]  netlink_sendmsg+0x805/0xb30
[  670.808099][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.809832][   T34]  ? aa_sock_msg_perm+0xf1/0x1d0
[  670.811447][   T34]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  670.813167][   T34]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.815198][   T34]  __sock_sendmsg+0x21c/0x270
[  670.816896][   T34]  __sys_sendto+0x3bd/0x520
[  670.818526][   T34]  ? __pfx___sys_sendto+0x10/0x10
[  670.820125][   T34]  ? count_memcg_event_mm+0x21/0x260
[  670.821773][   T34]  ? exc_page_fault+0x76/0xf0
[  670.823320][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  670.825557][   T34]  __x64_sys_sendto+0xde/0x100
[  670.827156][   T34]  do_syscall_64+0xfa/0x3b0
[  670.828677][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  670.830313][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.832206][   T34]  ? exc_page_fault+0x9f/0xf0
[  670.833778][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.836085][   T34] RIP: 0033:0x7f815b190a7c
[  670.837603][   T34] RSP: 002b:00007f815bf8aec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  670.840409][   T34] RAX: ffffffffffffffda RBX: 00007f815bf8afc0 RCX: 00007f815b190a7c
[  670.842928][   T34] RDX: 0000000000000020 RSI: 00007f815bf8b010 RDI: 000000000000000b
[  670.845935][   T34] RBP: 0000000000000000 R08: 00007f815bf8af14 R09: 000000000000000c
[  670.848592][   T34] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000b
[  670.851160][   T34] R13: 00007f815bf8af68 R14: 00007f815bf8b010 R15: 0000000000000000
[  670.853736][   T34]  </TASK>
[  670.855225][   T34] 
[  670.855225][   T34] Showing all locks held in the system:
[  670.857748][   T34] 1 lock held by khungtaskd/34:
[  670.859391][   T34]  #0: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  670.862626][   T34] 2 locks held by getty/5680:
[  670.864191][   T34]  #0: ffff88810eb850a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  670.867722][   T34]  #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  670.871041][   T34] 1 lock held by udevd/16393:
[  670.872575][   T34]  #0: ffff8880225a4358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  670.875712][   T34] 6 locks held by syz.0.5630/27001:
[  670.877406][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.880106][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.883014][   T34]  #2: ffff888022527a30 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_reconfigure+0x36f/0x1870
[  670.886539][   T34]  #3: ffff888022465f58 (&q->limits_lock){+.+.}-{4:4}, at: nbd_set_size+0x292/0x6a0
[  670.889634][   T34]  #4: ffff8880224658f8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: queue_limits_commit_update_frozen+0x5e/0x360
[  670.893515][   T34]  #5: ffff888022465930 (&q->q_usage_counter(queue)){+.+.}-{0:0}, at: queue_limits_commit_update_frozen+0x5e/0x360
[  670.897493][   T34] 2 locks held by syz.0.5630/27004:
[  670.899297][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.901996][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.905134][   T34] 2 locks held by syz.0.5630/27006:
[  670.906778][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.909466][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.912154][   T34] 2 locks held by syz.2.5631/27003:
[  670.913780][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.917550][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.920302][   T34] 2 locks held by syz.1.5632/27010:
[  670.921991][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.925354][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.928405][   T34] 2 locks held by syz-executor/27016:
[  670.930071][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.932521][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.936108][   T34] 2 locks held by syz-executor/27024:
[  670.938326][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.941492][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.944260][   T34] 2 locks held by syz-executor/27027:
[  670.946743][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.949298][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.952067][   T34] 2 locks held by syz-executor/27049:
[  670.953676][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.956961][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.959814][   T34] 2 locks held by syz-executor/27059:
[  670.961504][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.964034][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.967949][   T34] 2 locks held by syz-executor/27061:
[  670.970091][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.973197][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.976454][   T34] 2 locks held by syz-executor/27079:
[  670.978125][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.980676][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.983405][   T34] 2 locks held by syz-executor/27089:
[  670.985804][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.988624][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.991394][   T34] 2 locks held by syz-executor/27091:
[  670.993049][   T34]  #0: ffffffff8f599b30 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  670.996414][   T34]  #1: ffffffff8f599948 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[  670.999661][   T34] 
[  671.000449][   T34] =============================================
[  671.000449][   T34] 
[  671.003026][   T34] NMI backtrace for cpu 0
[  671.003037][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  671.003048][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  671.003054][   T34] Call Trace:
[  671.003060][   T34]  <TASK>
[  671.003065][   T34]  dump_stack_lvl+0x189/0x250
[  671.003079][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  671.003089][   T34]  ? __pfx__printk+0x10/0x10
[  671.003105][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  671.003116][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  671.003125][   T34]  ? __pfx__printk+0x10/0x10
[  671.003137][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  671.003153][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  671.003162][   T34]  watchdog+0xf93/0xfe0
[  671.003176][   T34]  ? watchdog+0x1de/0xfe0
[  671.003189][   T34]  kthread+0x711/0x8a0
[  671.003202][   T34]  ? __pfx_watchdog+0x10/0x10
[  671.003212][   T34]  ? __pfx_kthread+0x10/0x10
[  671.003221][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  671.003230][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  671.003239][   T34]  ? __pfx_kthread+0x10/0x10
[  671.003249][   T34]  ret_from_fork+0x3fc/0x770
[  671.003259][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  671.003288][   T34]  ? __switch_to_asm+0x39/0x70
[  671.003298][   T34]  ? __switch_to_asm+0x33/0x70
[  671.003307][   T34]  ? __pfx_kthread+0x10/0x10
[  671.003317][   T34]  ret_from_fork_asm+0x1a/0x30
[  671.003334][   T34]  </TASK>
[  671.003337][   T34] Sending NMI from CPU 0 to CPUs 1:
[  671.055018][    C1] NMI backtrace for cpu 1
[  671.055036][    C1] CPU: 1 UID: 0 PID: 5909 Comm: kworker/u8:4 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  671.055053][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  671.055063][    C1] Workqueue: bat_events batadv_nc_worker
[  671.055084][    C1] RIP: 0010:batadv_nc_worker+0x187/0x610
[  671.055099][    C1] Code: 4b 03 00 00 48 c7 c2 00 1c b7 8c e8 93 57 57 f6 48 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 ef e8 cd e7 dc f6 48 8b 6d 00 <48> 85 ed 0f 94 c0 48 81 c5 38 fe ff ff 0f 94 c1 08 c1 74 07 e8 10
[  671.055112][    C1] RSP: 0018:ffffc900036cfa20 EFLAGS: 00000246
[  671.055123][    C1] RAX: 1ffff1100f331378 RBX: 0000000000000001 RCX: ffff88802292d640
[  671.055133][    C1] RDX: 0000000000000000 RSI: ffffffff8be325e0 RDI: ffffffff8be325a0
[  671.055142][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8b462dd2
[  671.055151][    C1] R10: dffffc0000000000 R11: ffffffff8b462d00 R12: dffffc0000000000
[  671.055162][    C1] R13: ffffffff8b462dd2 R14: ffff888079980d80 R15: 0000000000000378
[  671.055172][    C1] FS:  0000000000000000(0000) GS:ffff8881a3c23000(0000) knlGS:0000000000000000
[  671.055183][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  671.055193][    C1] CR2: 0000557567f19043 CR3: 000000000df36000 CR4: 00000000000006f0
[  671.055230][    C1] Call Trace:
[  671.055239][    C1]  <TASK>
[  671.055248][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  671.055469][    C1]  process_scheduled_works+0xae1/0x17b0
[  671.055496][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  671.055526][    C1]  worker_thread+0x8a0/0xda0
[  671.055540][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  671.055559][    C1]  ? __kthread_parkme+0x7b/0x200
[  671.055576][    C1]  kthread+0x711/0x8a0
[  671.055593][    C1]  ? __pfx_worker_thread+0x10/0x10
[  671.055606][    C1]  ? __pfx_kthread+0x10/0x10
[  671.055622][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  671.055635][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  671.055650][    C1]  ? __pfx_kthread+0x10/0x10
[  671.055665][    C1]  ret_from_fork+0x3fc/0x770
[  671.055689][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  671.055705][    C1]  ? __switch_to_asm+0x39/0x70
[  671.055721][    C1]  ? __switch_to_asm+0x33/0x70
[  671.055737][    C1]  ? __pfx_kthread+0x10/0x10
[  671.055753][    C1]  ret_from_fork_asm+0x1a/0x30
[  671.055776][    C1]  </TASK>
[  671.056025][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  671.133461][   T34] CPU: 0 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  671.137129][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  671.140426][   T34] Call Trace:
[  671.141506][   T34]  <TASK>
[  671.142456][   T34]  dump_stack_lvl+0x99/0x250
[  671.143895][   T34]  ? __asan_memcpy+0x40/0x70
[  671.145318][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  671.146931][   T34]  ? __pfx__printk+0x10/0x10
[  671.148442][   T34]  vpanic+0x281/0x750
[  671.149653][   T34]  ? __pfx_vpanic+0x10/0x10
[  671.151031][   T34]  ? preempt_schedule+0xae/0xc0
[  671.152557][   T34]  ? preempt_schedule_common+0x83/0xd0
[  671.154245][   T34]  panic+0xb9/0xc0
[  671.155472][   T34]  ? __pfx_panic+0x10/0x10
[  671.156857][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  671.158617][   T34]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  671.160542][   T34]  watchdog+0xfd2/0xfe0
[  671.161845][   T34]  ? watchdog+0x1de/0xfe0
[  671.163194][   T34]  kthread+0x711/0x8a0
[  671.164473][   T34]  ? __pfx_watchdog+0x10/0x10
[  671.165926][   T34]  ? __pfx_kthread+0x10/0x10
[  671.167379][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  671.169041][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  671.170634][   T34]  ? __pfx_kthread+0x10/0x10
[  671.172084][   T34]  ret_from_fork+0x3fc/0x770
[  671.173549][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  671.175136][   T34]  ? __switch_to_asm+0x39/0x70
[  671.176627][   T34]  ? __switch_to_asm+0x33/0x70
[  671.178245][   T34]  ? __pfx_kthread+0x10/0x10
[  671.179708][   T34]  ret_from_fork_asm+0x1a/0x30
[  671.181214][   T34]  </TASK>
[  671.182832][   T34] Kernel Offset: disabled
[  671.184212][   T34] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:39:16  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff8167983b RBX=0000000000000000 RCX=ffff88802292d640 RDX=0000000000000000
RSI=ffff88804b039f98 RDI=ffff88802292e130 RBP=ffff88802292d640 RSP=ffffc900036cf9b8
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=fffff520006d9f2c
R12=0000000000000000 R13=0000000000000046 R14=ffff88804b039f98 R15=ffff88802292e130
RIP=ffffffff8b7882a0 RFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8623000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb508805440 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00ff00000000ff00 000000000000ff00 XMM01=0000000000000000 0000000000000000
XMM02=00000000ff000000 0000000000000000 XMM03=00000000000000ff 0000000000000000
XMM04=0000000000ff0000 00000000000000ff XMM05=0000000000000000 00007f86be012e53
XMM06=0000000000000000 00007f86be012e4d XMM07=0000000000000000 00007f86be012e61
XMM08=0000000000000000 00007f86be012ee7 XMM09=0000000000000000 00007f86be012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffff110044b4c10 RBX=ffff88810ae20600 RCX=ffff888021111cc0 RDX=0000000000000000
RSI=0000000000000000 RDI=ffff88810ae20600 RBP=ffff88810ae20610 RSP=ffffc9000305f498
R8 =ffff888021111cc0 R9 =0000000000000003 R10=0000000000000004 R11=0000000000000000
R12=ffff88801de05080 R13=dffffc0000000000 R14=ffff88801de03980 R15=dffffc0000000000
RIP=ffffffff84a6068f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f70202d3800 ffffffff 00c00000
GS =0000 ffff8881a3c23000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000056019c57dd3e CR3=0000000027aa2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
