last executing test programs:

25.061310917s ago: executing program 2 (id=2451):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0782010000000000280012800a000100767863616e000000180002801400010000000000", @ANYRES32, @ANYBLOB="080000000000000015000a00", @ANYRES32, @ANYBLOB="e522"], 0x50}}, 0x0)

25.006449557s ago: executing program 2 (id=2452):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000014007910480000000000790020000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x21)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000b00)=ANY=[@ANYBLOB="1c0000005a000d0300800000000000000400008008000380cff80291"], 0x1c}], 0x1}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$tun(r1, &(0x7f0000000000)=ANY=[], 0x38)
syz_emit_ethernet(0x1aa, &(0x7f0000000cc0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa008100000086dd602e5cea01703c0020010000000000000000000000000002ff0200000000000000000000000000012b0a0101"], 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x2010, r1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xeb, 0x0)

25.004521812s ago: executing program 2 (id=2454):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}]}}}]}, 0x3c}}, 0x0)

24.885469577s ago: executing program 2 (id=2458):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xa, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x800000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x32}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xe8, 0xa, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_SET_DESC={0xac, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0xa8, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xb99}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8001}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x800}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffbff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xb62}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x10001}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x101}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffffb}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfff}]}]}]}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @counter={{0xc}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xba}]}}}]}, 0xe8}, 0x1, 0x0, 0x0, 0x20000090}, 0x8004) (async)
sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xe8, 0xa, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_SET_DESC={0xac, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0xa8, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xb99}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8001}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x800}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffbff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xb62}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x10001}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}]}, {0x3c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x101}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffffb}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfff}]}]}]}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @counter={{0xc}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xba}]}}}]}, 0xe8}, 0x1, 0x0, 0x0, 0x20000090}, 0x8004)
accept(r3, 0x0, &(0x7f0000000980)) (async)
accept(r3, 0x0, &(0x7f0000000980))
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_tracing={0x1a, 0x21, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, [@jmp={0x5, 0x1, 0x5, 0xb, 0x5, 0xffffffffffffffc0, 0xfffffffffffffffc}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000001}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfff}}, @exit, @jmp={0x5, 0x0, 0x7, 0x2, 0x7, 0xfffffffffffffff8, 0xfffffffffffffff0}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}}]}, &(0x7f0000000640)='GPL\x00', 0x2, 0xf5, &(0x7f0000000680)=""/245, 0x41000, 0x14, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000780)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000007c0)={0x3, 0x0, 0x2451, 0x9}, 0x10, 0x26a4, r2, 0x2, &(0x7f0000000800)=[r0, r0, r0, r0, r0], &(0x7f0000000840)=[{0x0, 0x3, 0xe, 0x4}, {0x4, 0x2, 0xe, 0xb}], 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000940)={0x0, r4}, 0x10)

24.820580753s ago: executing program 2 (id=2462):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000300000000000004000000080002000500"], 0x24}}, 0x0) (async)
sendmsg$NLBL_MGMT_C_REMOVEDEF(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="080025bd7000fedbdf25d80d0000060001002c000100ffffffffffff00003c3f18a7913079fb714b0c273265f4858ec4cd2a2dc8d86b5140cad35e01c5b0f9dd74fbcf10e67bb8b0b6de06fc7209bcaa786c766d79a0a202a2bb25948beb5802"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x20004000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), r0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r5, &(0x7f0000000380)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00', 0x10001}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f0000000540)='O', 0x1}], 0x1}}, {{&(0x7f0000000880)={0xa, 0x4e24, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80000000}, 0x1c, &(0x7f0000001000)=[{&(0x7f00000004c0)="06", 0x1}], 0x1, &(0x7f00000018c0)=ANY=[@ANYBLOB="1400000000000000290000003e000000390d000000000000480000000000000029000000390000003a0601010000000020010000000000000000000000000000fe8000000000000000000000000000aafc0200000000000000000000000000018010"], 0x10e0}}], 0x2, 0x880) (async)
shutdown(r5, 0x1) (async)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x73, &(0x7f00000000c0)={0x0, 0x1, 0x10, 0x9, 0x6}, &(0x7f0000000100)=0x18) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000400)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd7000fbdbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="1c002d800500040001000000060002"], 0x38}, 0x1, 0x0, 0x0, 0x480c4}, 0x10)

24.746442763s ago: executing program 2 (id=2464):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x5}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r5}, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r6=>0x0)
sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000002e00)={0x24, r2, 0xba960a2220112c19, 0x70bd2f, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x8, 0x14, 'nfc\x10'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x840)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r1)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

18.225540039s ago: executing program 1 (id=2578):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x1108, 0x9, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0xb, r0}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
read(r0, &(0x7f0000000080)=""/103, 0x67)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$int_in(r2, 0x5452, &(0x7f0000000280)=0x3a0af83a)
r3 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x4a, &(0x7f0000000040), 0x4)

18.166310461s ago: executing program 1 (id=2579):
syz_80211_inject_frame(0x0, 0x0, 0xb5)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000009000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10)

17.626044457s ago: executing program 1 (id=2580):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000700"/32], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_buf(r1, 0x6, 0x8, &(0x7f0000001740)="192cc445", 0x3e)
getsockopt$inet_tcp_int(r1, 0x6, 0x8, 0x0, &(0x7f0000001b80))
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYRES8=r1, @ANYRES32=0x0, @ANYBLOB="0003000000000000140012800c0001006d6163766c616e00", @ANYRES32, @ANYBLOB="050001"], 0x44}}, 0x0)

17.625534008s ago: executing program 1 (id=2581):
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000b40)={0xf8, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x807fff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_SOCK={0x80, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x13}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x64}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x566}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x400}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xf65f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}]}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4008810}, 0x4000)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x2e, 0x0, &(0x7f00000001c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, 0x0, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)=ANY=[@ANYBLOB="380000003e000100fcff070004000000010000000400000014000180100004"], 0x38}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)

17.566658845s ago: executing program 1 (id=2582):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000240)={<r2=>r0, 0x800, 0x3, 0x2})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f0000002580)={0x1c, r4, 0x1, 0xffffffff, 0x25dfdbfe, {}, [@ETHTOOL_A_FEATURES_HEADER={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x4}]}, 0x1c}}, 0x8840)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="85000000a0002000760000000000000027007fffffff00009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x8, 0x8c, &(0x7f0000000180)=""/140, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x94)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
r6 = socket$caif_stream(0x25, 0x1, 0x3)
setsockopt(r6, 0x0, 0x7f, &(0x7f0000001240)="d28fd8eb", 0x4)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r5], 0x50}, 0x1, 0xba01, 0x0, 0x1}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010027bd7000fcdbdf25020000000800010000000020"], 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
sendmsg$netlink(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="34000000110001000000000000000000100003400c"], 0x34}], 0x1, 0x0, 0x0, 0x20000000}, 0x0)

17.475337417s ago: executing program 1 (id=2583):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="070c010502"], 0x5)
socket$kcm(0x23, 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) (async)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) (async)
write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="070c010502"], 0x5) (async)
socket$kcm(0x23, 0x2, 0x0) (async)

16.074589419s ago: executing program 0 (id=2591):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x11, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}, @NFT_MSG_NEWSETELEM={0x2c, 0x1e, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)

16.07095338s ago: executing program 0 (id=2592):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x1108, 0x9, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0xb, r0}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
read(r0, &(0x7f0000000080)=""/103, 0x67)
r2 = socket$kcm(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x4a, &(0x7f0000000040), 0x4)

16.020887776s ago: executing program 0 (id=2593):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0782010000000000280012800a000100767863616e000000180002801400010000000000", @ANYRES32, @ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32, @ANYBLOB="e522"], 0x50}}, 0x0)

16.020656858s ago: executing program 0 (id=2594):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d3, &(0x7f0000000000))

15.955847559s ago: executing program 0 (id=2595):
unshare(0x800)
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000480)="72e5b066af7de3c2fbe0f340076be384c07cbbb5302e3a04fe7c0c58aa8facc8aa214995bfc0edc041579a214cdddf91e8ef39a677faac3507642068da24c5a915c8f48573e7547685a0c6834e1545a63ce4effd50054ef99d80747828cc8e9524c978e169e6bce6011af113c1e33238b463415927215c3378ada469627e0e89db9db2e0a971b9bd3593632fa636abfbfbad05d7ba5c71b51527aee69ee4b370cf431cd45cd5272113d6b4c8121e168d02149147cc583e37fc20a8d24ce3cd2ed974751e", 0xc4}, {&(0x7f0000000040)="b0edccf40d1402fd8ea0e9", 0xb}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x3, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x8, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a320000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274ab8400001100010000000000000000000100000a"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x11, 0x0, 0x3}}}}}}}, 0x0)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000006c0)=ANY=[@ANYBLOB="780200002400010026bd7000fedbdf25670200800c00010002"], 0x278}], 0x1}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$packet(0x11, 0x2, 0x300)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r9=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="01002abd7000ffdbdf25080000000c00018008000100", @ANYRES32=r9, @ANYBLOB="0c00028004000480"], 0x2c}, 0x1, 0x0, 0x0, 0x802}, 0x4008090)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x13, r10, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000280)={'batadv_slave_1\x00', &(0x7f0000002fc0)=@ethtool_stats={0x4b, 0xf}})
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20008400000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000210c0009800800014000000005600000000c0a010300000000000000000700fffe0900020073797a31000000000900010073797a300000000034000380300000802c000180250001002130404c6bfef3a31e2587ebd76200eb3ea056f39e3ab8a93c358099bf8cf3007d00000014000000110001"], 0xf0}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@ipv4_newroute={0x2bc, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x5}, @RTA_ENCAP={0x298, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x1ab, 0x1, {{}, [@loopback, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @loopback}, @private2, @loopback, @private1, @dev={0xfe, 0x80, '\x00', 0x3d}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, @private2, @remote, @loopback, @empty, @ipv4={'\x00', '\xff\xff', @loopback}, @private2, @empty, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @ipv4={'\x00', '\xff\xff', @multicast1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, @ipv4={'\x00', '\xff\xff', @remote}, @remote, @mcast1, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, @remote, @empty, @loopback, @loopback, @loopback, @mcast2, @private0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2]}}}]}, 0x2bc}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000980)=ANY=[@ANYBLOB="30000000120005ff00000400040000000000004a", @ANYBLOB="0400000010020200080004000400000008000a00", @ANYRES32], 0x30}, 0x1, 0x0, 0x0, 0x38000000}, 0x40050)

15.955355734s ago: executing program 0 (id=2596):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0) (async)
vmsplice(r0, &(0x7f00000007c0)=[{&(0x7f00000022c0)="1519761fd931f0959f0063b385980bd2dc6592be5a3b24e0de0fabaf33cabb09d46643fa4a93ae77a55c977231f0fd1a2299ad91f01b783a46fef79896b8a35e8bfc78b6bbadf1b82fa2215d1df8ffcf0a0853f6af70d9bdd3208bde870022e08b7209c4a55459062d23c57f9fcc5db944c481c453be5825e7eea65874ef8391cd178d0f2a114ca78eacd51dce22ba6ff28ef33443c88fda828ba9c55b25e65e924d82475c59248a10ba65b9ecb67eddd9e4630c3fdc15a884f6aa250c0b4ce001c7d656e985cbaaec2d58b95d0762e6ea920563adecc7543fb5df67b02d3ae6eb7abac1547e0b6b4b73db44c0e904e265e79e1dd8a1452a126d4e12038456c2ccb52b83ad8de4a8781ca0bc7aa48d773b0b36d357c890b0bf93d2bb0b7c27ba7996ac417402c8958d69ea6e3985e1ee82b34271f71a1fad4e12eb018789e8be76c437770f98d503598ddc93c31de897192eb8b7d5dcf6a19af8106c14bf627caf87c59fbe5d68bb30c03cdeaca3cb9b46f34a3dbf0097cce2eb2526d81f8dce8ffba00617177f1ca92e88fdecafa7f688c49115e0a145e6994d033ada2a8614d324054524a0d982106d650638b441f0b6de1e8884707a7e2c705ff4fe909753ccd09a355eac465cb0c15c7cf191dc27f33d67e1e7ba50f7cf6a20f2fae92919662d5aaee879685e5d0cab43bb6b31d0aa3bfae4ef59c0193156eee98b92727c92bfc7dada90e8254abd6c89af373046c86e8b281dfcd4e13d660fc2e4e07b0d462acc10e009b3b1df9c88f1ba81acb6073590c5cf6e255ad7a4d979bae579fa40a16fc6899d1f177784a1650498a90f6a0942cba078a7f9c7b401ff2de988feb08f4d92e9c67196a1fdab960420913fe242461fdbe23d47cbdc6f6fa867ac9f0289ed94d06e783d29795e5617d53aaf673c8c91228f52c51ba1c71eb68f0d32f3007a4dc3d2597588baaa2132d9f9901c271ab4b6fe5dada39c4cec075b94cd63c0a3c4ddde76a8a1f2effec15b49db174e95eef3b6d22d4b5719d16c7523a93e804d92f33462dfa3a488ef15b4591ba75a619d777854ebea06d20768a2cac31e2c83563d13e4d1d39610da9f0a704c61f5cc07b7ef396d1cf4e27995fc18320d9ec474aee9a7c10e961f6dc946c7659f4c8e7afca85ef267be04391ef4679731c1f6e543dada71ceb3e99962bec8dfe2dfbf4768cfc73284c696a5e95a5a76c5958df0598521201568717ca4ba61c309e763a55a7977302a74b9b7132cdb0ad58f84ba21a478cbb1b54aa8f58a562e5344fae5afef1cc74f147ae5e0ff94b1749eb49c29f793ab52f7358b3c9e272660acb85029ba73f36d9927bfe09556a918e2c7d9111fba8d6ddf7af88fd2f7dbc0adfd63c575ab5893c718c71d4e29d8d7b854ac0673d37b5cd4550681146cab6ed0962e33381afb2ca7df63199cc92c3faca0863e51fb65594f0c0bbba99280a23db508c6b8911041328a0e6a365d3c1cfb2a2ab3fd4ce92e7971d40a71230b6f757fac2ffee1762c2f881957f3602e93fafb76f36507bbff1301bfa54fc512d32ca5e63e04f30bc8bc9c742cd53b5a9eaab999d851f511eff14f46dc1aa022e451bdaaec2d665e86252a555d20c7a8eed6f843af0e2b56cdb2657339bfe3e2406554532947ff4f6f8a2f048d6e8496d0c20b8482cf06934bf17a7e7e890fffbab7695515d0f05b5f54f76275c49cd8b6ae3ea1179a5015f1192f2bdf71d438ec5e01a3bb4f66856add4e235f3b71f964ae41cdd13db2d4d2f11d2f9c58fe91156449763c5838ee1c23f20b968e465fabe91d5a008cada3b6d7c8113d132ce6545a6057849bfe9e01a53b13675076f540460192e73d60330330314b6ab312758ab1ea1ee1852b9740484bde492d1b628bbd0772e091dd841bb41e9eceb00e0789f49772ef4850f1c2d21a6a626f13e33e5782e3f923d6c7a1d8963c7e9c219c4f6ab1718911be1106d26ae543f44caec1a8c56b9493ef75f4a692f49c248666f57c50f5eb0d019215d1ec8468a05714a3374b982d03b8cd02582492c3564e67758f09735449018b5ae29763d8d800d59447a7c3db36f006c3d1d19c1cd688a6c01953991b8ecb7a8aaad04357bb7caac870182347331a173bb48543adb56ac53d5f93f0bded0502e94cd7fe2f31097330ca01726dcf038be651ae2eaabeb5a70c63394714747f1b3ddd96a8a793bc45c81b3472763f296c7d7c9ecbe65e2b37a33ea9c7089296f3fa1bf84f9a948cea2ddf5ef091b401876b954fccf2b5d8893322eb3babfb8d0a2cfa18383a98dc4eb4297ad6c3eaada941cfddd613f5f0b621f360499b8b3417fa2ce60072dcd93e987a95656ed6faec8b77a6755666ffbc234054f56a750a1ca57dc0e9e7fc531961f0f3435af3c901a5179192d32db32b41491d8a9d210f80899fcd5067feb0ed112f29e1c4495bf07caa28737e79fbe42652f293f04195772bed272ebce37f777cb85d02a846e4982df01e09033a9dbd0f1cc3416a46838aa26ab913b2324c3a8749e415c0c38150f363cb55883f30c42a9a1f16435e2a63dfdeb323f347976c554b0551e2658a70346c08761a7bcca8a3c9bef0c2dcc49349cc9ffe06585790e5e40b7b04ba6668e5184b95a79825a24e76569a48c9a31dab5ea1e55b38158472507cebc8599f43e1f40b554b677e30a91481ff71c288ae4f7de344268aea31fc23864786fbbe37482b7851b4855164f0829976eb9a6d3b35d655efa272c98b7a2bb3358648fa25d1c31c8e99f604dc0df963e28baae58bd3c081f301e711f183c42c17ad73e8b1591fdb4ced899b0057c3a0b3f3825b61c2e68f6c68cb27bc8decbe8627e0b7891dbde1c353434a74f4ccad4910a9d8fa6a1a7486aa5a4f41f45ab5f145231386e2c6fc7d690199c2ca91bc385fc14edc338ac7a42e8814c50bd15dfa4d3364ed34b07bd0fa7ced5785a8e420dfade0141b05b0603197259518bcec0623dcf40048cf104db3711d95f078d5c8680abc50b4bd167ac6b10c566c4fe9c4694c548a6f598d4ba410e021e8ac9890604774dc21779db3e908ac464cdd87f73e9b2e062bed48c9a252c28d6fa5ea8fd91cefb953407b12e5406f7f444e732a2aec21d9d084a348a57bfbfcad65675f311452261fe9fc56267644b80688cf27cd3954265ab09695e8f29d33e5e30dc8a2e18be2dd40204e28c7c7337aed290f89ee6fe6d8695be6d368884bfde1e129fc32fc5c07dda7c8c0a65cab65e710083cd9ab7e11fbac48b45d86908a12e4521354a49d26b017647b1aeeabf2f3738182bab2cb865cfe461d296c3b18fe654e3ce2aa8fdb5bdf38b47af36a10e2ab8d66c4460e04390fb39ace5435b1dcfe574ca766966a02e3c27f00aba4ded48e958cea5bb0b480139eb9f77536f08c662c2294af3469237d81923b7d356dedfd7af5eab8a94929eeb82eb6b050100acd49d4032e78d2cbeb4f21fae2a8727b20ef494085d5d29ed622ab0be2bef69ae8bcf4ce0acc387269fe81baff6d4d29512fb8d057331b2b3e47bea5a7eecd878740e956e8a3a43df4bd20d32399566c2a94c46119d30e5691d4d37a2cb7b6136314a9f629a4bd2e58fe589cf30277b0176871f658ce20236c41bec4826aa5c9ca9cb321657e3e92efae2fc64f0954b72a92c5fb05fdbc01fd04ed161a466f92a66604de1c75b215c8661145e5f928d6858d2ff46cc84dbd1f327bffeee737be2bbc373fbeb02879bfba0ee910499067ce437b602e495c677f4dc419c275369b0ded57dbc68e3a7b244126cebc81074e87b3608782e4e5e4f478fd809202de520ddc27d6fed3aff98a1f4f544bc90cfd10f125c8037748e2189fc13e90d320484489f906913a92e8199cd4b7614f0edf5e510849597a26c5bd0d0f61dce819e6bab1772dac79abb9de284f6aecf3cc547ec6dc185c1390ed07970fe261933f40fb04b1b41b6c148969771443f97005293e8e01cbd0fa286077fd7a5399a168de0f487cc31d78b71c7a92b7037c88f274f097d50748bf2ed528d8a1ccf935ed627fcd7351dee33ddc4f25ccb44a953398a22f5473c4f5de0efc9bce9991e2db0a0081bf2c5173a5f485dfd9d8aa54cf47c66896e2bdd0acd5c17418947a9a5c75b9e19820fd54fa73cbfa67b2c5b569a91c90a809a64dea39c1426a930ad47f6c9cc4950b165d3fc51da8f2f1eaa3e58adf74a16de4030dbeac24eea48afca60a555d998c5f6e792ba598a06de36fa7afddd07454b645baa687d39349ee52db740c81e5b87dc29ea44650498c9649d51760af9c2fd6f5a399710dde00bbfcfe9a9d52c90b902fde7c3d2891f28ad40e603045453689ed0beaac1582f701f00bede6325c0c98086c925ef8b879c1e7caba0dc818d4f639a4f66338375ff2490f7ab5d9eebdaaecfd239348acc46650a118f6432e8d25ec3acfb123a0f86b00a996ad4c267e188223360c5438c29b0993f272717817fa7197113544a45b424f1d9ae47989fb60fc629b84f13a679ece5286077fdc9e1eba56f778b91182f834480f10216ec47e5962b2a0d388508d32ab04f9cbb802d3641a5ff798a7e1d92161114616b4601e0d7dcd79bb0effed1b64744ed1bec8d6bcd6f97969b263e31a0ab59d34ac3be2f1c1dee7aea250caf5a062286c08689c63a7921d44d0db8f749be3f487859b0385ee2db9c16229cac7fa0e8bc31bcd82d912f71bfe6722c5ab1c52ea294bd6711cd6248780cde4460fcf6a3fee7cb686bfce2aa06e599462dbcd846b85f5c54da2f2821eb3a32352be9e8e4091f14bd13bd905baa32b0d57a6919d1da8f74af93976a346c5669a69712ae824ae17f77841e39a3486a8d26303e7a33bef34968fb18e11a4ed4821e435c40d32ba80d1bb8fd28b7425bd349d8c31d1537bd1bb825c97a61d456d5b182bccea3f659533b95c675e4d6e6c1933683cab86b9f709757959a03fd1715235a8692879dcf97230cae23e419150889949901e55e6f1bc1cd030a2f4e11c77184cc32745463e5388cc2a83215242ac254a623c26bd771fc5dc28c53a0f35ba7f74ff7b5895f56a9e10449b51a865ed2670d24f6c25507a3cfc05b890bc6b4b916d5bfa235f7e021b2bc25df81bcabb362184dceb25a6fa782464157ae9faefde37f22d3408b4cbbaf03c6490fcb35e2050583ce00a9c827aafb7162d4c95b5e26607c1e262de8137052422b9c9bd688a745f101a81baafffe4d34293ec0069b92dbdf56b54c42bcf34a7f24adc4c3a6bf4af79e720772bbeb9b265d320ea24843fa427158208f6a7bc2b48c9bd3dd95cc1c1793665e3adb5dd9374b386310822c65baf1dfed1f17b0c8b8fe5e32db3a253434da103d8596e9366672f7cf9ee57eccf989e32840f7672c8a95b056414ac605cd449b30abcaceb7fca56a9a3cfded14f5c08dfc04b83e03b205de1f10edce08645920cf514771cddbd565fa753088ae420202aed263712f57e22421f4e659c22f82fd09a60f3dc0aaa0b9a6b95b1d784ac48f38d435d20b781594ac589647a1be6b5baa3b851a91df626f3257d261a5fe4fffcd71f5b8da7d314956e5b61ffb8f1eb2e384f9e0d2aaca386ad03785ade9eff9737416fce0f74b0ec81624487b2297a601912cec2b6c5a5ee009ff80982f00ad96b496697be6d08fe2e42cb15dcc1cf0dcc02301e60720d3058a74b87a9e6284d5c5bef9878c7fa5b58940c0a6a979e519461a3091e307c2e0511e96661750722d493e8401eda8dedb0967b88bd23146fed066c0d18e5eec8617c3f78", 0x1000}, {&(0x7f0000000200)}, {&(0x7f00000006c0)="18134acd39c3c2d6381b7dd51500e835c4dd817af1cf3427b74508ff228b7e25de5a5a1f4ea6e8419d99a83a0612e60af767b4ea603eba379a28c4683e6d23232d1e5f2bfc4e4690df1313aa6ac013531f86e5f1918e0544fe63f5737cab2442c996456f9f8be04beef86acc095076131b6146378f80e000c8bcf9dc506930547b616a22c76d41e325fc36cac4a691b066d3e3895eaadb5f9a37b5e7322f2cd3030a2647c2594c21f0514563faa65be5f91eaeebb99db410a8d2d7be24ae8f0308544019", 0xc4}, {&(0x7f00000004c0)="e21caa97c468e3fd5c40c3da0bb4fbc411c2caffd5eb637d64954afb680cc968700698df48957f4e924c9ba6f1fa771235d51fb0d3a51d6595c39755e2a32ba2be3e01f280001c8c9ca2ac87fd536acbe59d94ca9ad3e7f16442506c665e1e82d67afa93aa02fae5edb844c18a9b4895402d6d31466d8b225d7dbf100fefc4536697f7fc0d1b4929d00fade9b6d49f1d25612e6f1c892a0b97", 0x99}, {&(0x7f00000005c0)="43d3829de22584a9887f72bf9c5ea7539ccf47dfe9d5d3188bf7f777ae2511e0687aaece459debb528acebca2431850b76bd3202f2baa9a87ebe51e9efd11d543cd4243440d9b51e6ba2d5e77d7d20004c3be7d7733c4f35455fd1c6b773a0f2c38028f9160f60c3c2ed5dfe2d113201e49fe8ce113dfa49975ca0256c2a4f378bf7365e099975f47a3504754b264c10a1560d6861798988ea2100c9b52a0a08aef028b9dd4b", 0xa6}], 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async, rerun: 32)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01ac08000000feffffff18511fbb8418a504f8ca358f1e00000018000180140002006e65f464657673696d30000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x90) (async, rerun: 32)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) (rerun: 32)
close(r7) (async, rerun: 32)
r8 = socket$unix(0x1, 0x1, 0x0) (async, rerun: 32)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000280)=0x4)
ioctl$PPPIOCSMAXCID(r9, 0x40047451, &(0x7f0000000200)=0x3)
ioctl$PPPIOCSFLAGS1(r9, 0x40047459, &(0x7f0000000100)=0x2000004) (async, rerun: 32)
pwritev(r9, &(0x7f0000000180)=[{&(0x7f00000007c0)="00214717a70700", 0x7}], 0x1, 0x803, 0x0) (async, rerun: 32)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0x1, 0x6}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xffffff0c, 0x3, 0x80000001, 0xfffffff6}}]}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r12, &(0x7f0000000200)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r12, 0x0)

9.006818161s ago: executing program 32 (id=2464):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x5}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r5}, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=<r6=>0x0)
sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f0000002ec0)={0x0, 0x0, &(0x7f0000002e80)={&(0x7f0000002e00)={0x24, r2, 0xba960a2220112c19, 0x70bd2f, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x8, 0x14, 'nfc\x10'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x840)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r1)
write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)

1.986186145s ago: executing program 33 (id=2583):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="070c010502"], 0x5)
socket$kcm(0x23, 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) (async)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) (async)
write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="070c010502"], 0x5) (async)
socket$kcm(0x23, 0x2, 0x0) (async)

0s ago: executing program 34 (id=2596):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0) (async)
vmsplice(r0, &(0x7f00000007c0)=[{&(0x7f00000022c0)="1519761fd931f0959f0063b385980bd2dc6592be5a3b24e0de0fabaf33cabb09d46643fa4a93ae77a55c977231f0fd1a2299ad91f01b783a46fef79896b8a35e8bfc78b6bbadf1b82fa2215d1df8ffcf0a0853f6af70d9bdd3208bde870022e08b7209c4a55459062d23c57f9fcc5db944c481c453be5825e7eea65874ef8391cd178d0f2a114ca78eacd51dce22ba6ff28ef33443c88fda828ba9c55b25e65e924d82475c59248a10ba65b9ecb67eddd9e4630c3fdc15a884f6aa250c0b4ce001c7d656e985cbaaec2d58b95d0762e6ea920563adecc7543fb5df67b02d3ae6eb7abac1547e0b6b4b73db44c0e904e265e79e1dd8a1452a126d4e12038456c2ccb52b83ad8de4a8781ca0bc7aa48d773b0b36d357c890b0bf93d2bb0b7c27ba7996ac417402c8958d69ea6e3985e1ee82b34271f71a1fad4e12eb018789e8be76c437770f98d503598ddc93c31de897192eb8b7d5dcf6a19af8106c14bf627caf87c59fbe5d68bb30c03cdeaca3cb9b46f34a3dbf0097cce2eb2526d81f8dce8ffba00617177f1ca92e88fdecafa7f688c49115e0a145e6994d033ada2a8614d324054524a0d982106d650638b441f0b6de1e8884707a7e2c705ff4fe909753ccd09a355eac465cb0c15c7cf191dc27f33d67e1e7ba50f7cf6a20f2fae92919662d5aaee879685e5d0cab43bb6b31d0aa3bfae4ef59c0193156eee98b92727c92bfc7dada90e8254abd6c89af373046c86e8b281dfcd4e13d660fc2e4e07b0d462acc10e009b3b1df9c88f1ba81acb6073590c5cf6e255ad7a4d979bae579fa40a16fc6899d1f177784a1650498a90f6a0942cba078a7f9c7b401ff2de988feb08f4d92e9c67196a1fdab960420913fe242461fdbe23d47cbdc6f6fa867ac9f0289ed94d06e783d29795e5617d53aaf673c8c91228f52c51ba1c71eb68f0d32f3007a4dc3d2597588baaa2132d9f9901c271ab4b6fe5dada39c4cec075b94cd63c0a3c4ddde76a8a1f2effec15b49db174e95eef3b6d22d4b5719d16c7523a93e804d92f33462dfa3a488ef15b4591ba75a619d777854ebea06d20768a2cac31e2c83563d13e4d1d39610da9f0a704c61f5cc07b7ef396d1cf4e27995fc18320d9ec474aee9a7c10e961f6dc946c7659f4c8e7afca85ef267be04391ef4679731c1f6e543dada71ceb3e99962bec8dfe2dfbf4768cfc73284c696a5e95a5a76c5958df0598521201568717ca4ba61c309e763a55a7977302a74b9b7132cdb0ad58f84ba21a478cbb1b54aa8f58a562e5344fae5afef1cc74f147ae5e0ff94b1749eb49c29f793ab52f7358b3c9e272660acb85029ba73f36d9927bfe09556a918e2c7d9111fba8d6ddf7af88fd2f7dbc0adfd63c575ab5893c718c71d4e29d8d7b854ac0673d37b5cd4550681146cab6ed0962e33381afb2ca7df63199cc92c3faca0863e51fb65594f0c0bbba99280a23db508c6b8911041328a0e6a365d3c1cfb2a2ab3fd4ce92e7971d40a71230b6f757fac2ffee1762c2f881957f3602e93fafb76f36507bbff1301bfa54fc512d32ca5e63e04f30bc8bc9c742cd53b5a9eaab999d851f511eff14f46dc1aa022e451bdaaec2d665e86252a555d20c7a8eed6f843af0e2b56cdb2657339bfe3e2406554532947ff4f6f8a2f048d6e8496d0c20b8482cf06934bf17a7e7e890fffbab7695515d0f05b5f54f76275c49cd8b6ae3ea1179a5015f1192f2bdf71d438ec5e01a3bb4f66856add4e235f3b71f964ae41cdd13db2d4d2f11d2f9c58fe91156449763c5838ee1c23f20b968e465fabe91d5a008cada3b6d7c8113d132ce6545a6057849bfe9e01a53b13675076f540460192e73d60330330314b6ab312758ab1ea1ee1852b9740484bde492d1b628bbd0772e091dd841bb41e9eceb00e0789f49772ef4850f1c2d21a6a626f13e33e5782e3f923d6c7a1d8963c7e9c219c4f6ab1718911be1106d26ae543f44caec1a8c56b9493ef75f4a692f49c248666f57c50f5eb0d019215d1ec8468a05714a3374b982d03b8cd02582492c3564e67758f09735449018b5ae29763d8d800d59447a7c3db36f006c3d1d19c1cd688a6c01953991b8ecb7a8aaad04357bb7caac870182347331a173bb48543adb56ac53d5f93f0bded0502e94cd7fe2f31097330ca01726dcf038be651ae2eaabeb5a70c63394714747f1b3ddd96a8a793bc45c81b3472763f296c7d7c9ecbe65e2b37a33ea9c7089296f3fa1bf84f9a948cea2ddf5ef091b401876b954fccf2b5d8893322eb3babfb8d0a2cfa18383a98dc4eb4297ad6c3eaada941cfddd613f5f0b621f360499b8b3417fa2ce60072dcd93e987a95656ed6faec8b77a6755666ffbc234054f56a750a1ca57dc0e9e7fc531961f0f3435af3c901a5179192d32db32b41491d8a9d210f80899fcd5067feb0ed112f29e1c4495bf07caa28737e79fbe42652f293f04195772bed272ebce37f777cb85d02a846e4982df01e09033a9dbd0f1cc3416a46838aa26ab913b2324c3a8749e415c0c38150f363cb55883f30c42a9a1f16435e2a63dfdeb323f347976c554b0551e2658a70346c08761a7bcca8a3c9bef0c2dcc49349cc9ffe06585790e5e40b7b04ba6668e5184b95a79825a24e76569a48c9a31dab5ea1e55b38158472507cebc8599f43e1f40b554b677e30a91481ff71c288ae4f7de344268aea31fc23864786fbbe37482b7851b4855164f0829976eb9a6d3b35d655efa272c98b7a2bb3358648fa25d1c31c8e99f604dc0df963e28baae58bd3c081f301e711f183c42c17ad73e8b1591fdb4ced899b0057c3a0b3f3825b61c2e68f6c68cb27bc8decbe8627e0b7891dbde1c353434a74f4ccad4910a9d8fa6a1a7486aa5a4f41f45ab5f145231386e2c6fc7d690199c2ca91bc385fc14edc338ac7a42e8814c50bd15dfa4d3364ed34b07bd0fa7ced5785a8e420dfade0141b05b0603197259518bcec0623dcf40048cf104db3711d95f078d5c8680abc50b4bd167ac6b10c566c4fe9c4694c548a6f598d4ba410e021e8ac9890604774dc21779db3e908ac464cdd87f73e9b2e062bed48c9a252c28d6fa5ea8fd91cefb953407b12e5406f7f444e732a2aec21d9d084a348a57bfbfcad65675f311452261fe9fc56267644b80688cf27cd3954265ab09695e8f29d33e5e30dc8a2e18be2dd40204e28c7c7337aed290f89ee6fe6d8695be6d368884bfde1e129fc32fc5c07dda7c8c0a65cab65e710083cd9ab7e11fbac48b45d86908a12e4521354a49d26b017647b1aeeabf2f3738182bab2cb865cfe461d296c3b18fe654e3ce2aa8fdb5bdf38b47af36a10e2ab8d66c4460e04390fb39ace5435b1dcfe574ca766966a02e3c27f00aba4ded48e958cea5bb0b480139eb9f77536f08c662c2294af3469237d81923b7d356dedfd7af5eab8a94929eeb82eb6b050100acd49d4032e78d2cbeb4f21fae2a8727b20ef494085d5d29ed622ab0be2bef69ae8bcf4ce0acc387269fe81baff6d4d29512fb8d057331b2b3e47bea5a7eecd878740e956e8a3a43df4bd20d32399566c2a94c46119d30e5691d4d37a2cb7b6136314a9f629a4bd2e58fe589cf30277b0176871f658ce20236c41bec4826aa5c9ca9cb321657e3e92efae2fc64f0954b72a92c5fb05fdbc01fd04ed161a466f92a66604de1c75b215c8661145e5f928d6858d2ff46cc84dbd1f327bffeee737be2bbc373fbeb02879bfba0ee910499067ce437b602e495c677f4dc419c275369b0ded57dbc68e3a7b244126cebc81074e87b3608782e4e5e4f478fd809202de520ddc27d6fed3aff98a1f4f544bc90cfd10f125c8037748e2189fc13e90d320484489f906913a92e8199cd4b7614f0edf5e510849597a26c5bd0d0f61dce819e6bab1772dac79abb9de284f6aecf3cc547ec6dc185c1390ed07970fe261933f40fb04b1b41b6c148969771443f97005293e8e01cbd0fa286077fd7a5399a168de0f487cc31d78b71c7a92b7037c88f274f097d50748bf2ed528d8a1ccf935ed627fcd7351dee33ddc4f25ccb44a953398a22f5473c4f5de0efc9bce9991e2db0a0081bf2c5173a5f485dfd9d8aa54cf47c66896e2bdd0acd5c17418947a9a5c75b9e19820fd54fa73cbfa67b2c5b569a91c90a809a64dea39c1426a930ad47f6c9cc4950b165d3fc51da8f2f1eaa3e58adf74a16de4030dbeac24eea48afca60a555d998c5f6e792ba598a06de36fa7afddd07454b645baa687d39349ee52db740c81e5b87dc29ea44650498c9649d51760af9c2fd6f5a399710dde00bbfcfe9a9d52c90b902fde7c3d2891f28ad40e603045453689ed0beaac1582f701f00bede6325c0c98086c925ef8b879c1e7caba0dc818d4f639a4f66338375ff2490f7ab5d9eebdaaecfd239348acc46650a118f6432e8d25ec3acfb123a0f86b00a996ad4c267e188223360c5438c29b0993f272717817fa7197113544a45b424f1d9ae47989fb60fc629b84f13a679ece5286077fdc9e1eba56f778b91182f834480f10216ec47e5962b2a0d388508d32ab04f9cbb802d3641a5ff798a7e1d92161114616b4601e0d7dcd79bb0effed1b64744ed1bec8d6bcd6f97969b263e31a0ab59d34ac3be2f1c1dee7aea250caf5a062286c08689c63a7921d44d0db8f749be3f487859b0385ee2db9c16229cac7fa0e8bc31bcd82d912f71bfe6722c5ab1c52ea294bd6711cd6248780cde4460fcf6a3fee7cb686bfce2aa06e599462dbcd846b85f5c54da2f2821eb3a32352be9e8e4091f14bd13bd905baa32b0d57a6919d1da8f74af93976a346c5669a69712ae824ae17f77841e39a3486a8d26303e7a33bef34968fb18e11a4ed4821e435c40d32ba80d1bb8fd28b7425bd349d8c31d1537bd1bb825c97a61d456d5b182bccea3f659533b95c675e4d6e6c1933683cab86b9f709757959a03fd1715235a8692879dcf97230cae23e419150889949901e55e6f1bc1cd030a2f4e11c77184cc32745463e5388cc2a83215242ac254a623c26bd771fc5dc28c53a0f35ba7f74ff7b5895f56a9e10449b51a865ed2670d24f6c25507a3cfc05b890bc6b4b916d5bfa235f7e021b2bc25df81bcabb362184dceb25a6fa782464157ae9faefde37f22d3408b4cbbaf03c6490fcb35e2050583ce00a9c827aafb7162d4c95b5e26607c1e262de8137052422b9c9bd688a745f101a81baafffe4d34293ec0069b92dbdf56b54c42bcf34a7f24adc4c3a6bf4af79e720772bbeb9b265d320ea24843fa427158208f6a7bc2b48c9bd3dd95cc1c1793665e3adb5dd9374b386310822c65baf1dfed1f17b0c8b8fe5e32db3a253434da103d8596e9366672f7cf9ee57eccf989e32840f7672c8a95b056414ac605cd449b30abcaceb7fca56a9a3cfded14f5c08dfc04b83e03b205de1f10edce08645920cf514771cddbd565fa753088ae420202aed263712f57e22421f4e659c22f82fd09a60f3dc0aaa0b9a6b95b1d784ac48f38d435d20b781594ac589647a1be6b5baa3b851a91df626f3257d261a5fe4fffcd71f5b8da7d314956e5b61ffb8f1eb2e384f9e0d2aaca386ad03785ade9eff9737416fce0f74b0ec81624487b2297a601912cec2b6c5a5ee009ff80982f00ad96b496697be6d08fe2e42cb15dcc1cf0dcc02301e60720d3058a74b87a9e6284d5c5bef9878c7fa5b58940c0a6a979e519461a3091e307c2e0511e96661750722d493e8401eda8dedb0967b88bd23146fed066c0d18e5eec8617c3f78", 0x1000}, {&(0x7f0000000200)}, {&(0x7f00000006c0)="18134acd39c3c2d6381b7dd51500e835c4dd817af1cf3427b74508ff228b7e25de5a5a1f4ea6e8419d99a83a0612e60af767b4ea603eba379a28c4683e6d23232d1e5f2bfc4e4690df1313aa6ac013531f86e5f1918e0544fe63f5737cab2442c996456f9f8be04beef86acc095076131b6146378f80e000c8bcf9dc506930547b616a22c76d41e325fc36cac4a691b066d3e3895eaadb5f9a37b5e7322f2cd3030a2647c2594c21f0514563faa65be5f91eaeebb99db410a8d2d7be24ae8f0308544019", 0xc4}, {&(0x7f00000004c0)="e21caa97c468e3fd5c40c3da0bb4fbc411c2caffd5eb637d64954afb680cc968700698df48957f4e924c9ba6f1fa771235d51fb0d3a51d6595c39755e2a32ba2be3e01f280001c8c9ca2ac87fd536acbe59d94ca9ad3e7f16442506c665e1e82d67afa93aa02fae5edb844c18a9b4895402d6d31466d8b225d7dbf100fefc4536697f7fc0d1b4929d00fade9b6d49f1d25612e6f1c892a0b97", 0x99}, {&(0x7f00000005c0)="43d3829de22584a9887f72bf9c5ea7539ccf47dfe9d5d3188bf7f777ae2511e0687aaece459debb528acebca2431850b76bd3202f2baa9a87ebe51e9efd11d543cd4243440d9b51e6ba2d5e77d7d20004c3be7d7733c4f35455fd1c6b773a0f2c38028f9160f60c3c2ed5dfe2d113201e49fe8ce113dfa49975ca0256c2a4f378bf7365e099975f47a3504754b264c10a1560d6861798988ea2100c9b52a0a08aef028b9dd4b", 0xa6}], 0x5, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async, rerun: 32)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01ac08000000feffffff18511fbb8418a504f8ca358f1e00000018000180140002006e65f464657673696d30000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x90) (async, rerun: 32)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) (rerun: 32)
close(r7) (async, rerun: 32)
r8 = socket$unix(0x1, 0x1, 0x0) (async, rerun: 32)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000280)=0x4)
ioctl$PPPIOCSMAXCID(r9, 0x40047451, &(0x7f0000000200)=0x3)
ioctl$PPPIOCSFLAGS1(r9, 0x40047459, &(0x7f0000000100)=0x2000004) (async, rerun: 32)
pwritev(r9, &(0x7f0000000180)=[{&(0x7f00000007c0)="00214717a70700", 0x7}], 0x1, 0x803, 0x0) (async, rerun: 32)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0x1, 0x6}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0xffffff0c, 0x3, 0x80000001, 0xfffffff6}}]}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r12, &(0x7f0000000200)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r12, 0x0)

kernel console output (not intermixed with test programs):

ol
[   67.555146][   T36] wlan1: Trigger new scan to find an IBSS to join
[   67.753201][ T6335] netlink: 'syz.0.150': attribute type 13 has an invalid length.
[   67.760629][ T6335] netlink: 'syz.0.150': attribute type 1 has an invalid length.
[   68.061713][ T6355] team0: entered promiscuous mode
[   68.063617][ T6355] team_slave_0: entered promiscuous mode
[   68.066199][ T6355] team_slave_1: entered promiscuous mode
[   68.132344][ T6355] team0 (unregistering): left promiscuous mode
[   68.134881][ T6355] team_slave_0: left promiscuous mode
[   68.136948][ T6355] team_slave_1: left promiscuous mode
[   68.143551][ T6355] team0 (unregistering): Port device team_slave_0 removed
[   68.151362][ T6355] team0 (unregistering): Port device team_slave_1 removed
[   68.157268][ T6359] netlink: 'syz.0.160': attribute type 27 has an invalid length.
[   68.542254][ T6388] netlink: 'syz.0.169': attribute type 13 has an invalid length.
[   68.792539][ T6401] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[   68.793209][   T24] IPVS: starting estimator thread 0...
[   68.799250][ T6402] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551612)
[   68.802807][ T6402] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647
[   68.893979][ T6403] IPVS: using max 79 ests per chain, 189600 per kthread
[   69.113469][ T6425] bond1: entered promiscuous mode
[   69.116329][ T6425] 8021q: adding VLAN 0 to HW filter on device bond1
[   69.297262][ T6446] pimreg3: entered allmulticast mode
[   69.619174][ T6482] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   70.002051][ T6485] __nla_validate_parse: 66 callbacks suppressed
[   70.002064][ T6485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.196'.
[   70.015563][ T6485] netlink: 36 bytes leftover after parsing attributes in process `syz.0.196'.
[   70.018872][ T6486] netlink: 36 bytes leftover after parsing attributes in process `syz.0.196'.
[   70.106780][ T6491] sctp: [Deprecated]: syz.0.198 (pid 6491) Use of int in maxseg socket option.
[   70.106780][ T6491] Use struct sctp_assoc_value instead
[   70.534195][ T1368] wlan1: Creating new IBSS network, BSSID 16:16:89:cd:f6:17
[   70.551929][ T6507] netlink: 60 bytes leftover after parsing attributes in process `syz.2.202'.
[   70.586390][ T6515] netlink: 9 bytes leftover after parsing attributes in process `syz.0.205'.
[   70.606591][ T6515] ?70: renamed from hsr0 (while UP)
[   70.619271][ T6515] ?70: entered allmulticast mode
[   70.621455][ T6515] hsr_slave_0: entered allmulticast mode
[   70.634038][ T6515] hsr_slave_1: entered allmulticast mode
[   70.638139][ T6515] A link change request failed with some changes committed already. Interface ?70 may have been left with an inconsistent configuration, please check.
[   71.070097][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.074484][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.378649][ T6540] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   71.566382][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811250b400: rx timeout, send abort
[   71.571347][    C1] vcan0: j1939_tp_rxtimer: 0xffff888112508800: rx timeout, send abort
[   71.575384][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811250b400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   71.581553][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888112508800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   71.725733][ T6555] netlink: 9 bytes leftover after parsing attributes in process `syz.1.221'.
[   71.729340][ T6555] @70: renamed from hsr0 (while UP)
[   71.732750][ T6555] @70: entered allmulticast mode
[   71.735744][ T6555] hsr_slave_0: entered allmulticast mode
[   71.737711][ T6555] hsr_slave_1: entered allmulticast mode
[   71.739866][ T6555] A link change request failed with some changes committed already. Interface @70 may have been left with an inconsistent configuration, please check.
[   71.793145][ T6560] validate_nla: 5 callbacks suppressed
[   71.793160][ T6560] netlink: 'syz.1.223': attribute type 13 has an invalid length.
[   71.817752][ T6560] netlink: 'syz.1.223': attribute type 1 has an invalid length.
[   71.820886][ T6560] netlink: 600 bytes leftover after parsing attributes in process `syz.1.223'.
[   71.828942][ T6560] netlink: 232 bytes leftover after parsing attributes in process `syz.1.223'.
[   71.832556][ T6560] netlink: 4 bytes leftover after parsing attributes in process `syz.1.223'.
[   71.848027][ T6562] netlink: 12 bytes leftover after parsing attributes in process `syz.2.224'.
[   71.871554][ T6562] lo speed is unknown, defaulting to 1000
[   72.060844][ T6579] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[   72.266947][ T6596] IPVS: set_ctl: invalid protocol: 4 224.0.0.1:20000
[   72.395061][ T6607] netlink: 'syz.0.239': attribute type 10 has an invalid length.
[   72.423768][ T6607] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.437761][ T6607] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   72.461292][ T6606] netlink: 'syz.0.239': attribute type 10 has an invalid length.
[   72.476987][ T6606] batadv0: entered promiscuous mode
[   72.484194][ T6606] batadv0: entered allmulticast mode
[   72.498049][ T6606] bond0: (slave batadv0): Releasing backup interface
[   72.540125][ T6606] bridge0: port 3(batadv0) entered blocking state
[   72.542861][ T6606] bridge0: port 3(batadv0) entered disabled state
[   72.669309][ T6622] vxcan3: entered allmulticast mode
[   73.004383][   T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   73.007676][   T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   73.094272][ T6662] syzkaller1: entered promiscuous mode
[   73.098181][ T6662] syzkaller1: entered allmulticast mode
[   73.375444][ T6685] vxcan3: entered allmulticast mode
[   73.573441][ T6689] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   73.578110][ T6689] syzkaller0: entered promiscuous mode
[   73.580561][ T6689] syzkaller0: entered allmulticast mode
[   73.589947][ T6689] tipc: Resetting bearer <eth:syzkaller0>
[   73.593684][ T6688] tipc: Resetting bearer <eth:syzkaller0>
[   73.625282][ T6688] tipc: Disabling bearer <eth:syzkaller0>
[   74.011921][ T6705] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[   74.012172][ T6704] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[   74.037654][   T24] IPVS: starting estimator thread 0...
[   74.124322][ T6708] IPVS: using max 79 ests per chain, 189600 per kthread
[   74.130125][ T6714] netlink: 'syz.0.272': attribute type 13 has an invalid length.
[   74.149823][ T6714] netlink: 'syz.0.272': attribute type 1 has an invalid length.
[   74.626197][ T6759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.782136][ T6770] geneve2: entered promiscuous mode
[   75.197218][ T6779] netlink: 'syz.0.295': attribute type 4 has an invalid length.
[   75.210576][   T10] lo speed is unknown, defaulting to 1000
[   75.213003][ T6779] netlink: 'syz.0.295': attribute type 4 has an invalid length.
[   75.215588][   T10] syz0: Port: 1 Link DOWN
[   75.217649][   T10] lo speed is unknown, defaulting to 1000
[   75.221573][   T10] lo speed is unknown, defaulting to 1000
[   75.227773][    T9] lo speed is unknown, defaulting to 1000
[   75.229770][    T9] lo speed is unknown, defaulting to 1000
[   75.276165][ T6783] netlink: 'syz.0.297': attribute type 13 has an invalid length.
[   75.281971][ T6783] netlink: 'syz.0.297': attribute type 1 has an invalid length.
[   75.286716][ T6783] __nla_validate_parse: 13 callbacks suppressed
[   75.286725][ T6783] netlink: 600 bytes leftover after parsing attributes in process `syz.0.297'.
[   75.295501][ T6783] netlink: 232 bytes leftover after parsing attributes in process `syz.0.297'.
[   75.301980][ T6783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.297'.
[   75.412970][ T6789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.300'.
[   75.417735][ T6789] netlink: 24 bytes leftover after parsing attributes in process `syz.0.300'.
[   75.495659][ T6795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.302'.
[   75.501565][ T6796] netlink: 9 bytes leftover after parsing attributes in process `syz.2.301'.
[   75.506560][ T6795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.302'.
[   75.517159][ T6795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.302'.
[   75.522739][ T6795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.302'.
[   75.562944][ T6795] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.566460][ T6795] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.666484][ T6795] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.676405][ T6795] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.697932][ T6795] ?70: left allmulticast mode
[   75.699936][ T6795] hsr_slave_0: left allmulticast mode
[   75.702414][ T6795] hsr_slave_1: left allmulticast mode
[   75.721140][ T6795] tipc: Resetting bearer <eth:vlan0>
[   75.788566][ T6796] v70: renamed from hsr0
[   75.792572][ T6796] v70: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   75.798991][ T6796] v70: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   75.803530][ T6796] v70: entered allmulticast mode
[   75.807326][ T6796] hsr_slave_0: entered allmulticast mode
[   75.809240][ T6796] hsr_slave_1: entered allmulticast mode
[   75.812000][ T6796] A link change request failed with some changes committed already. Interface v70 may have been left with an inconsistent configuration, please check.
[   75.817928][ T5712] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.824551][ T5712] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.845896][ T6798] vxcan3: entered allmulticast mode
[   75.869899][ T5712] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.873342][ T5712] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   75.898714][ T6800] bond1: entered promiscuous mode
[   75.901372][ T6800] 8021q: adding VLAN 0 to HW filter on device bond1
[   75.929043][ T6801] 8021q: adding VLAN 0 to HW filter on device bond1
[   75.932061][ T6801] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[   75.936951][ T6801] bond1: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[   75.954138][ T6801] bond1: (slave wireguard0): making interface the new active one
[   75.956730][ T6801] wireguard0: entered promiscuous mode
[   75.962892][ T6801] bond1: (slave wireguard0): Enslaving as an active interface with an up link
[   75.976538][ T6800] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[   76.137965][ T6826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   76.685294][ T6854] x70: renamed from @70 (while UP)
[   76.689398][ T6854] A link change request failed with some changes committed already. Interface x70 may have been left with an inconsistent configuration, please check.
[   76.771438][ T6859] batadv_slave_0: entered promiscuous mode
[   76.779068][ T6858] batadv_slave_0: left promiscuous mode
[   77.001625][ T6877] 70: renamed from x70 (while UP)
[   77.006193][ T6877] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[   77.037131][ T6883] Unsupported ieee802154 address type: 0
[   77.071087][ T6885] tipc: Started in network mode
[   77.072861][ T6885] tipc: Node identity f2bed9df5abc, cluster identity 4711
[   77.075894][ T6885] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   77.078976][ T6885] syzkaller0: entered promiscuous mode
[   77.081119][ T6885] syzkaller0: entered allmulticast mode
[   77.095869][ T6885] tipc: Resetting bearer <eth:syzkaller0>
[   77.100826][ T6884] tipc: Resetting bearer <eth:syzkaller0>
[   77.111312][ T6884] tipc: Disabling bearer <eth:syzkaller0>
[   77.510585][ T6915] 70: renamed from v70 (while UP)
[   77.516158][ T6915] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[   77.599522][ T6932] ksmbd: Unknown IPC event: 3, ignore.
[   77.602760][ T6931] syzkaller1: entered promiscuous mode
[   77.604877][ T6931] syzkaller1: entered allmulticast mode
[   77.645698][ T6936] validate_nla: 2 callbacks suppressed
[   77.645794][ T6936] netlink: 'syz.2.350': attribute type 13 has an invalid length.
[   77.653780][ T6936] netlink: 'syz.2.350': attribute type 1 has an invalid length.
[   77.702269][ T6938] netlink: 'syz.1.351': attribute type 10 has an invalid length.
[   77.719463][ T6938] netlink: 'syz.1.351': attribute type 3 has an invalid length.
[   77.722707][ T6938] netlink: 'syz.1.351': attribute type 3 has an invalid length.
[   78.069909][ T6974] netlink: 'syz.2.362': attribute type 1 has an invalid length.
[   78.077028][ T6976] netlink: 'syz.2.362': attribute type 1 has an invalid length.
[   78.322268][ T7007] netlink: 'syz.2.374': attribute type 13 has an invalid length.
[   78.331277][ T7007] netlink: 'syz.2.374': attribute type 1 has an invalid length.
[   78.550269][ T7026] vxcan3: entered allmulticast mode
[   78.794039][ T7043] netlink: 'syz.1.387': attribute type 13 has an invalid length.
[   78.992841][ T7074] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   79.158659][ T7090] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.161794][ T7090] 8021q: adding VLAN 0 to HW filter on device team0
[   79.173326][ T7090] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   79.211860][ T7090] lo speed is unknown, defaulting to 1000
[   79.259365][ T7096] vlan3: entered allmulticast mode
[   79.274048][ T7096] bond0: entered allmulticast mode
[   79.276163][ T7096] bond_slave_0: entered allmulticast mode
[   79.278077][ T7096] bond_slave_1: entered allmulticast mode
[   79.317118][ T7093] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   79.374112][ T7103] ip6_tunnel: non-ECT from fe88:a43d:e1a4:0000:0000:0000:0000:7d01 with DS=0xe
[   79.549360][ T7116] nbd: must specify a size in bytes for the device
[   79.810973][ T7123] sctp: [Deprecated]: syz.1.415 (pid 7123) Use of struct sctp_assoc_value in delayed_ack socket option.
[   79.810973][ T7123] Use struct sctp_sack_info instead
[   80.190244][ T7148] macsec0: entered allmulticast mode
[   80.198613][ T7149] veth1_macvtap: entered allmulticast mode
[   80.201220][ T7149] macsec0: left allmulticast mode
[   80.203164][ T7149] veth1_macvtap: left allmulticast mode
[   80.366537][ T7167] __nla_validate_parse: 105 callbacks suppressed
[   80.366549][ T7167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.430'.
[   80.377215][ T7167] netlink: 32 bytes leftover after parsing attributes in process `syz.0.430'.
[   80.388307][ T7170] batadv1: entered promiscuous mode
[   80.528143][ T7178] netlink: 32 bytes leftover after parsing attributes in process `syz.2.433'.
[   80.531543][ T7178] netlink: 32 bytes leftover after parsing attributes in process `syz.2.433'.
[   80.658787][ T7190] netlink: 16 bytes leftover after parsing attributes in process `syz.1.438'.
[   80.661874][ T7190] netlink: 16 bytes leftover after parsing attributes in process `syz.1.438'.
[   80.759129][ T7201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   80.802606][ T7204] netlink: 600 bytes leftover after parsing attributes in process `syz.2.444'.
[   80.828380][ T7201] netlink: 224 bytes leftover after parsing attributes in process `syz.0.443'.
[   80.885816][ T7204] netlink: 232 bytes leftover after parsing attributes in process `syz.2.444'.
[   80.889798][ T7204] netlink: 4 bytes leftover after parsing attributes in process `syz.2.444'.
[   80.969640][ T7220] A70: renamed from ?70
[   80.977079][ T7220] A70: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   80.980625][ T7220] A70: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   80.995088][ T7220] A70: entered allmulticast mode
[   80.997343][ T7220] hsr_slave_0: entered allmulticast mode
[   81.001621][ T7220] hsr_slave_1: entered allmulticast mode
[   81.012293][ T7220] A link change request failed with some changes committed already. Interface A70 may have been left with an inconsistent configuration, please check.
[   81.288807][ T7255] e70: renamed from A70 (while UP)
[   81.292525][ T7255] A link change request failed with some changes committed already. Interface e70 may have been left with an inconsistent configuration, please check.
[   81.308174][   T51] cfg80211: failed to load regulatory.db
[   81.543322][ T7279] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[   81.586901][ T7287] h70: renamed from 70 (while UP)
[   81.591732][ T7287] A link change request failed with some changes committed already. Interface h70 may have been left with an inconsistent configuration, please check.
[   81.940945][ T7314] i70: renamed from e70 (while UP)
[   81.945210][ T7314] A link change request failed with some changes committed already. Interface i70 may have been left with an inconsistent configuration, please check.
[   82.046088][ T5847] cgroup: fork rejected by pids controller in /syz0
[   82.057665][ T7330] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   82.154727][ T5712] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x4
[   82.185852][ T7339] syzkaller0: entered promiscuous mode
[   82.187729][ T7339] syzkaller0: entered allmulticast mode
[   82.193811][ T7339] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   82.546609][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   82.552020][ T5856] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   82.558383][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   82.562716][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   82.567779][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   82.608645][ T7343] lo speed is unknown, defaulting to 1000
[   82.818021][ T7343] chnl_net:caif_netlink_parms(): no params data found
[   82.866297][ T7343] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.868960][ T7343] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.871546][ T7343] bridge_slave_0: entered allmulticast mode
[   82.874913][ T7343] bridge_slave_0: entered promiscuous mode
[   82.878835][ T7343] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.881831][ T7343] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.885575][ T7343] bridge_slave_1: entered allmulticast mode
[   82.889542][ T7343] bridge_slave_1: entered promiscuous mode
[   82.914022][ T7343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.919770][ T7343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.981427][ T7343] team0: Port device team_slave_0 added
[   82.982411][ T7352] validate_nla: 16 callbacks suppressed
[   82.982424][ T7352] netlink: 'syz.2.494': attribute type 1 has an invalid length.
[   82.988827][ T7343] team0: Port device team_slave_1 added
[   83.012220][ T7352] 8021q: adding VLAN 0 to HW filter on device bond2
[   83.043118][ T7352] vlan2: entered promiscuous mode
[   83.045631][ T7352] bond2: entered promiscuous mode
[   83.047915][ T7352] vlan2: entered allmulticast mode
[   83.050069][ T7352] bond2: entered allmulticast mode
[   83.093404][ T7352] gtp0: entered allmulticast mode
[   83.097767][ T7343] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.101443][ T7343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.116454][ T7343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.145191][ T7343] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.147788][ T7343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.178242][ T7343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.251722][ T7343] hsr_slave_0: entered promiscuous mode
[   83.265151][ T7343] hsr_slave_1: entered promiscuous mode
[   83.378489][ T7368] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   83.713147][ T7343] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   83.720221][ T7343] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   83.728518][ T7343] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   83.738038][ T7343] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.815604][ T7391] batadv_slave_0: entered promiscuous mode
[   83.819471][ T7390] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   83.828429][ T7343] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.832752][ T7396] batadv_slave_0: left promiscuous mode
[   83.851714][ T7343] 8021q: adding VLAN 0 to HW filter on device team0
[   83.876690][ T3600] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.879142][ T3600] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.883181][ T3600] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.886089][ T3600] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.900738][ T7398] t70: renamed from 70 (while UP)
[   83.907809][ T7398] A link change request failed with some changes committed already. Interface t70 may have been left with an inconsistent configuration, please check.
[   84.180054][ T7343] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.199208][ T5911] batadv0: left allmulticast mode
[   84.201594][ T5911] batadv0: left promiscuous mode
[   84.217762][ T5911] bridge0: port 3(batadv0) entered disabled state
[   84.231246][ T5911] bridge_slave_1: left allmulticast mode
[   84.233708][ T5911] bridge_slave_1: left promiscuous mode
[   84.237566][ T5911] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.246903][ T5911] bridge_slave_0: left allmulticast mode
[   84.249431][ T5911] bridge_slave_0: left promiscuous mode
[   84.252370][ T5911] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.543820][ T5911] team0: Port device bridge1 removed
[   84.586396][ T5856] Bluetooth: hci1: command tx timeout
[   84.630856][ T5911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   84.634960][ T5911] bond_slave_0: left allmulticast mode
[   84.637934][ T5911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   84.641359][ T5911] bond_slave_1: left allmulticast mode
[   84.643460][ T5911] bond0 (unregistering): Released all slaves
[   84.710844][ T5911] bond1 (unregistering): (slave wireguard0): Releasing backup interface
[   84.714820][ T5911] wireguard0: left promiscuous mode
[   84.718529][ T5911] bond1 (unregistering): Released all slaves
[   84.735975][ T7431] v70: renamed from h70 (while UP)
[   84.740071][ T7431] A link change request failed with some changes committed already. Interface v70 may have been left with an inconsistent configuration, please check.
[   84.795484][ T5911] tipc: Disabling bearer <eth:vlan0>
[   84.803583][ T5911] tipc: Left network mode
[   84.836896][ T7343] veth0_vlan: entered promiscuous mode
[   84.862682][ T7439] netlink: 'syz.2.519': attribute type 13 has an invalid length.
[   84.889575][ T7343] veth1_vlan: entered promiscuous mode
[   84.923928][ T7343] veth0_macvtap: entered promiscuous mode
[   84.929012][ T7439] netlink: 'syz.2.519': attribute type 1 has an invalid length.
[   84.938974][ T7343] veth1_macvtap: entered promiscuous mode
[   84.964921][ T7343] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.968797][ T7444] netlink: 'syz.1.521': attribute type 10 has an invalid length.
[   85.000372][ T7443] netlink: 'syz.1.521': attribute type 10 has an invalid length.
[   85.001069][ T7343] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.016194][ T7443] batadv0: entered promiscuous mode
[   85.024196][ T7443] batadv0: entered allmulticast mode
[   85.027387][ T7443] bond0: (slave batadv0): Releasing backup interface
[   85.030939][ T7443] bridge0: port 3(batadv0) entered blocking state
[   85.033111][ T7443] bridge0: port 3(batadv0) entered disabled state
[   85.039284][ T5876] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.052693][ T5876] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.065575][ T5876] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.089370][ T5876] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.195321][ T1368] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.197914][ T1368] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.211053][ T7452] lo speed is unknown, defaulting to 1000
[   85.246518][ T5911] hsr_slave_0: left promiscuous mode
[   85.252223][ T5911] hsr_slave_1: left promiscuous mode
[   85.254980][ T5911] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.258175][ T5911] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.455675][ T7445] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   85.459337][ T7445] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   85.506705][ T5911] team0 (unregistering): Port device team_slave_1 removed
[   85.533748][ T5911] team0 (unregistering): Port device team_slave_0 removed
[   85.769691][ T1368] smc: removing ib device syz0
[   85.790866][ T7458] w70: renamed from t70 (while UP)
[   85.795805][ T7458] A link change request failed with some changes committed already. Interface w70 may have been left with an inconsistent configuration, please check.
[   85.829196][ T7461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.872522][ T6669] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.882049][ T6669] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.449160][ T7472] tipc: Started in network mode
[   86.450829][ T7472] tipc: Node identity ea54bfe2c8ca, cluster identity 4711
[   86.453262][ T7472] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   86.462197][ T7472] syzkaller0: entered promiscuous mode
[   86.472079][ T7472] syzkaller0: entered allmulticast mode
[   86.523269][ T7472] tipc: Resetting bearer <eth:syzkaller0>
[   86.528709][ T7472] __nla_validate_parse: 30 callbacks suppressed
[   86.528719][ T7472] netlink: 20 bytes leftover after parsing attributes in process `syz.1.530'.
[   86.563712][ T7471] tipc: Resetting bearer <eth:syzkaller0>
[   86.604404][ T7471] tipc: Disabling bearer <eth:syzkaller0>
[   86.629368][ T5911] IPVS: stop unused estimator thread 0...
[   86.674674][ T5856] Bluetooth: hci1: command tx timeout
[   86.776273][ T7489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   87.315692][ T7504] netlink: 844 bytes leftover after parsing attributes in process `syz.2.542'.
[   87.368360][ T7506] netlink: 'syz.2.543': attribute type 13 has an invalid length.
[   87.379730][ T7506] netlink: 'syz.2.543': attribute type 1 has an invalid length.
[   87.383048][ T7506] netlink: 600 bytes leftover after parsing attributes in process `syz.2.543'.
[   87.391966][ T7506] netlink: 232 bytes leftover after parsing attributes in process `syz.2.543'.
[   87.397493][ T7506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.543'.
[   87.441317][ T7508] netlink: 9 bytes leftover after parsing attributes in process `syz.2.544'.
[   87.446549][ T7508] C0: renamed from v70 (while UP)
[   87.451241][ T7508] A link change request failed with some changes committed already. Interface C0 may have been left with an inconsistent configuration, please check.
[   87.558494][ T7514] netlink: 20 bytes leftover after parsing attributes in process `syz.2.547'.
[   87.586212][ T7514] 8021q: adding VLAN 0 to HW filter on device bond3
[   87.590703][ T7514] bond0: (slave bond3): Enslaving as an active interface with an up link
[   87.607698][ T7516] netlink: 20 bytes leftover after parsing attributes in process `syz.2.547'.
[   87.644500][ T7520] netlink: 65051 bytes leftover after parsing attributes in process `syz.2.548'.
[   87.711396][ T7526] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[   87.717344][ T7526] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   87.727149][ T7526] netlink: 'syz.0.550': attribute type 1 has an invalid length.
[   87.778794][ T7526] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[   87.878114][ T7536] netlink: 'syz.0.553': attribute type 1 has an invalid length.
[   87.937834][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.0.553'.
[   88.245223][ T7551] bridge0: port 4(veth0_to_bridge) entered blocking state
[   88.248638][ T7551] bridge0: port 4(veth0_to_bridge) entered disabled state
[   88.251989][ T7551] veth0_to_bridge: entered allmulticast mode
[   88.256273][ T7551] veth0_to_bridge: entered promiscuous mode
[   88.259096][ T7551] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   88.264788][ T7551] bridge0: port 4(veth0_to_bridge) entered blocking state
[   88.267709][ T7551] bridge0: port 4(veth0_to_bridge) entered forwarding state
[   88.624533][ T7569] netlink: 'syz.1.563': attribute type 1 has an invalid length.
[   88.627836][ T7569] netlink: 'syz.1.563': attribute type 2 has an invalid length.
[   88.631549][ T7569] netlink: 'syz.1.563': attribute type 1 has an invalid length.
[   88.637716][ T7569] netlink: 'syz.1.563': attribute type 2 has an invalid length.
[   88.718986][ T7576] vxcan3: entered allmulticast mode
[   88.754509][ T5851] Bluetooth: hci1: command tx timeout
[   88.793016][ T7585] netlink: 'syz.0.570': attribute type 13 has an invalid length.
[   88.802936][ T7585] netlink: 'syz.0.570': attribute type 1 has an invalid length.
[   88.976297][ T7600] netlink: 'syz.1.577': attribute type 1 has an invalid length.
[   89.028012][ T7605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   89.083569][ T7610] netlink: 'syz.2.581': attribute type 13 has an invalid length.
[   89.096861][ T7610] netlink: 'syz.2.581': attribute type 1 has an invalid length.
[   89.142742][ T7614] 8021q: adding VLAN 0 to HW filter on device bond1
[   89.148436][ T7614] bond0: (slave bond1): Enslaving as an active interface with an up link
[   89.260494][ T7626] unknown channel width for channel at 909000KHz?
[   89.545588][ T7642] C0: left allmulticast mode
[   89.547738][ T7642] hsr_slave_0: left allmulticast mode
[   89.550014][ T7642] hsr_slave_1: left allmulticast mode
[   89.573422][ T7642] bond1: left promiscuous mode
[   89.589565][ T7642] vlan2: left promiscuous mode
[   89.591885][ T7642] bond2: left promiscuous mode
[   89.594702][ T7642] vlan2: left allmulticast mode
[   89.596949][ T7642] bond2: left allmulticast mode
[   89.599356][ T7642] gtp0: left allmulticast mode
[   89.755472][ T7666] openvswitch: netlink: nsh attr 2560 is out of range max 3
[   89.761461][ T7666] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   89.762753][ T7669] netlink: 'syz.1.601': attribute type 13 has an invalid length.
[   89.980702][ T7691] syzkaller1: entered promiscuous mode
[   89.982652][ T7691] syzkaller1: entered allmulticast mode
[   90.265103][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   90.269825][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   90.274989][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   90.280658][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   90.285641][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   90.289802][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   90.293786][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   90.297810][    C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[   90.839465][ T5851] Bluetooth: hci1: command tx timeout
[   91.089417][ T7747] tipc: Started in network mode
[   91.091152][ T7747] tipc: Node identity ac1414aa, cluster identity 4711
[   91.095105][ T7747] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   92.053481][ T7797] __nla_validate_parse: 30 callbacks suppressed
[   92.053499][ T7797] netlink: 600 bytes leftover after parsing attributes in process `syz.2.647'.
[   92.072703][ T7797] netlink: 232 bytes leftover after parsing attributes in process `syz.2.647'.
[   92.083423][ T7797] netlink: 4 bytes leftover after parsing attributes in process `syz.2.647'.
[   92.359244][ T7806] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   92.739059][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.656'.
[   92.949633][ T7828] nbd: couldn't find device at index 536870912
[   93.396847][ T7846] 8021q: adding VLAN 0 to HW filter on device bond4
[   93.442920][ T7859] netlink: 9 bytes leftover after parsing attributes in process `syz.1.670'.
[   93.476148][ T7855] netlink: 4 bytes leftover after parsing attributes in process `syz.0.668'.
[   93.481398][ T7862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.668'.
[   93.486526][ T7861] netlink: 256 bytes leftover after parsing attributes in process `syz.1.671'.
[   93.490412][ T7855] netlink: 4 bytes leftover after parsing attributes in process `syz.0.668'.
[   93.500233][ T7862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.668'.
[   93.643455][ T7868] validate_nla: 14 callbacks suppressed
[   93.643475][ T7868] netlink: 'syz.0.674': attribute type 1 has an invalid length.
[   94.101961][ T7886] bridge0: port 4(veth0_to_bridge) entered disabled state
[   94.104792][ T7886] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.108520][ T7886] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.146722][ T7895] netlink: 'syz.2.684': attribute type 1 has an invalid length.
[   94.150353][ T7895] netlink: 'syz.2.684': attribute type 1 has an invalid length.
[   94.246002][ T7905] netlink: 'syz.0.687': attribute type 1 has an invalid length.
[   94.281990][ T7907] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[   94.287906][ T7907] bond1: (slave vxcan3): Error -95 calling set_mac_address
[   94.332359][ T7911] 8021q: adding VLAN 0 to HW filter on device bond5
[   94.352147][ T7911] macvlan2: entered promiscuous mode
[   94.364008][ T7911] macvlan2: entered allmulticast mode
[   94.367425][ T7911] bond5: (slave macvlan2): Opening slave failed
[   94.507306][ T7932] syzkaller1: entered promiscuous mode
[   94.509305][ T7932] syzkaller1: entered allmulticast mode
[   94.529735][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.533271][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.999336][ T7972] netlink: 'syz.2.710': attribute type 13 has an invalid length.
[   95.016905][ T7972] netlink: 'syz.2.710': attribute type 1 has an invalid length.
[   95.472764][ T8004] syzkaller1: entered promiscuous mode
[   95.477114][ T8004] syzkaller1: entered allmulticast mode
[   95.653124][ T8011] netlink: 'syz.0.720': attribute type 1 has an invalid length.
[   95.670112][ T8011] 8021q: adding VLAN 0 to HW filter on device bond2
[   96.091078][ T8042] erspan0: entered promiscuous mode
[   96.197229][ T8051] sctp: [Deprecated]: syz.1.736 (pid 8051) Use of int in maxseg socket option.
[   96.197229][ T8051] Use struct sctp_assoc_value instead
[   97.599775][    C1] vcan0: j1939_tp_rxtimer: 0xffff88810eb44400: rx timeout, send abort
[   97.683708][ T8086] __nla_validate_parse: 24 callbacks suppressed
[   97.683723][ T8086] netlink: 44 bytes leftover after parsing attributes in process `syz.1.748'.
[   97.722786][ T8084] netlink: 6 bytes leftover after parsing attributes in process `syz.2.747'.
[   97.730374][ T8084] net_ratelimit: 18707 callbacks suppressed
[   97.730392][ T8084] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   97.740551][ T8084] netlink: 32 bytes leftover after parsing attributes in process `syz.2.747'.
[   97.820123][ T8093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.751'.
[   97.928238][ T8100] sctp: [Deprecated]: syz.1.754 (pid 8100) Use of int in maxseg socket option.
[   97.928238][ T8100] Use struct sctp_assoc_value instead
[   98.078189][ T8108] netlink: 'syz.2.758': attribute type 1 has an invalid length.
[   98.103467][    C1] vcan0: j1939_tp_rxtimer: 0xffff88810eb44400: abort rx timeout. Force session deactivation
[   98.170856][ T8113] netlink: 120 bytes leftover after parsing attributes in process `syz.0.760'.
[   98.220276][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.0.761'.
[   98.291683][ T8125] netlink: 9 bytes leftover after parsing attributes in process `syz.0.765'.
[   98.295860][ T8125] 0: renamed from hsr0 (while UP)
[   98.300917][ T8125] 0: entered allmulticast mode
[   98.303108][ T8125] hsr_slave_0: entered allmulticast mode
[   98.308688][ T8125] hsr_slave_1: entered allmulticast mode
[   98.311864][ T8125] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[   98.359162][ T8127] netlink: 324 bytes leftover after parsing attributes in process `syz.2.766'.
[   98.447166][ T8136] netlink: 28 bytes leftover after parsing attributes in process `syz.2.770'.
[   98.554140][ T8144] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[   98.627161][ T8146] netlink: 9 bytes leftover after parsing attributes in process `syz.0.774'.
[   98.631961][ T8146] 1: renamed from 70 (while UP)
[   98.635908][ T8146] A link change request failed with some changes committed already. Interface 71 may have been left with an inconsistent configuration, please check.
[   98.689700][ T8152] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[   99.050808][ T8167] sctp: [Deprecated]: syz.1.784 (pid 8167) Use of struct sctp_assoc_value in delayed_ack socket option.
[   99.050808][ T8167] Use struct sctp_sack_info instead
[   99.093586][ T8169] 0: renamed from w70 (while UP)
[   99.097027][ T8169] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[   99.139399][ T8171] openvswitch: netlink: Message has 4 unknown bytes.
[   99.862244][ T8188] netlink: 'syz.0.792': attribute type 20 has an invalid length.
[   99.879428][ T7445] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   99.883177][ T8188] netlink: 'syz.0.792': attribute type 20 has an invalid length.
[   99.883621][ T7445] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   99.892106][ T7445] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   99.897193][ T7445] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  100.097993][ T8197] sctp: [Deprecated]: syz.1.796 (pid 8197) Use of int in maxseg socket option.
[  100.097993][ T8197] Use struct sctp_assoc_value instead
[  100.207841][ T8202] netlink: 'syz.1.798': attribute type 1 has an invalid length.
[  100.560772][ T8222] netlink: 'syz.2.805': attribute type 13 has an invalid length.
[  100.570636][ T8222] netlink: 'syz.2.805': attribute type 1 has an invalid length.
[  101.103378][ T8225] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  101.161767][ T8230] 1: renamed from 70 (while UP)
[  101.168084][ T8230] A link change request failed with some changes committed already. Interface 71 may have been left with an inconsistent configuration, please check.
[  101.453219][ T8259] syzkaller1: entered promiscuous mode
[  101.455232][ T8259] syzkaller1: entered allmulticast mode
[  101.512582][ T8269] netlink: 'syz.1.819': attribute type 13 has an invalid length.
[  101.526619][ T8269] netlink: 'syz.1.819': attribute type 17 has an invalid length.
[  101.577387][ T8269] bridge0: port 4(veth0_to_bridge) entered blocking state
[  101.579815][ T8269] bridge0: port 4(veth0_to_bridge) entered listening state
[  101.582512][ T8269] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.584912][ T8269] bridge0: port 2(bridge_slave_1) entered listening state
[  101.587397][ T8269] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.589890][ T8269] bridge0: port 1(bridge_slave_0) entered listening state
[  101.602300][ T8269] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  101.617664][ T8259] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  101.715365][ T8285] netlink: 'syz.0.824': attribute type 13 has an invalid length.
[  101.722426][ T8285] netlink: 'syz.0.824': attribute type 1 has an invalid length.
[  101.775811][ T8288] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check.
[  101.902492][ T8309] netlink: 'syz.1.832': attribute type 1 has an invalid length.
[  101.940988][ T8309] 8021q: adding VLAN 0 to HW filter on device bond2
[  101.946026][ T8308] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  101.951707][ T8308] tipc: Resetting bearer <eth:syzkaller0>
[  101.960087][ T8311] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  102.341380][ T8333] 0: renamed from 71 (while UP)
[  102.346575][ T8333] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[  102.393280][ T8335] syzkaller1: entered promiscuous mode
[  102.395651][ T8335] syzkaller1: entered allmulticast mode
[  102.725005][ T8359] __nla_validate_parse: 23 callbacks suppressed
[  102.725015][ T8359] netlink: 600 bytes leftover after parsing attributes in process `syz.1.851'.
[  102.757324][ T8306] tipc: Disabling bearer <eth:syzkaller0>
[  102.761596][ T8359] netlink: 232 bytes leftover after parsing attributes in process `syz.1.851'.
[  102.766094][ T8363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.853'.
[  102.766167][ T8359] netlink: 4 bytes leftover after parsing attributes in process `syz.1.851'.
[  102.772054][ T8363] netlink: 4 bytes leftover after parsing attributes in process `syz.0.853'.
[  102.798964][ T8366] sctp: [Deprecated]: syz.1.855 (pid 8366) Use of int in maxseg socket option.
[  102.798964][ T8366] Use struct sctp_assoc_value instead
[  102.809421][   T10] IPVS: starting estimator thread 0...
[  102.882428][ T8377] syzkaller1: entered promiscuous mode
[  102.884436][ T8377] syzkaller1: entered allmulticast mode
[  102.889500][ T8379] netlink: 20 bytes leftover after parsing attributes in process `syz.1.859'.
[  102.904139][ T8368] IPVS: using max 79 ests per chain, 189600 per kthread
[  102.971858][ T8382] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  103.636227][    C1] bridge0: port 4(veth0_to_bridge) entered blocking state
[  103.937937][ T8394] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[  103.998594][ T8405] netlink: 16 bytes leftover after parsing attributes in process `syz.0.868'.
[  104.031792][ T8407] netlink: 600 bytes leftover after parsing attributes in process `syz.2.869'.
[  104.040696][ T8407] netlink: 232 bytes leftover after parsing attributes in process `syz.2.869'.
[  104.050617][ T8407] netlink: 4 bytes leftover after parsing attributes in process `syz.2.869'.
[  104.065616][ T8414] 0: renamed from 71 (while UP)
[  104.074315][ T8414] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[  104.254037][ T8432] sctp: [Deprecated]: syz.2.877 (pid 8432) Use of struct sctp_assoc_value in delayed_ack socket option.
[  104.254037][ T8432] Use struct sctp_sack_info instead
[  104.566483][ T8463] syzkaller1: entered promiscuous mode
[  104.570720][ T8463] syzkaller1: entered allmulticast mode
[  104.988581][ T8481] validate_nla: 5 callbacks suppressed
[  104.988598][ T8481] netlink: 'syz.0.894': attribute type 1 has an invalid length.
[  105.172076][ T8493] sctp: [Deprecated]: syz.0.899 (pid 8493) Use of int in maxseg socket option.
[  105.172076][ T8493] Use struct sctp_assoc_value instead
[  105.382759][ T8503] netlink: 'syz.2.903': attribute type 1 has an invalid length.
[  105.409009][ T8503] 8021q: adding VLAN 0 to HW filter on device bond6
[  105.510930][ T8516] : entered promiscuous mode
[  105.990664][ T8561] 1: renamed from 70 (while UP)
[  105.998554][ T8561] A link change request failed with some changes committed already. Interface 71 may have been left with an inconsistent configuration, please check.
[  106.279310][ T8585] syzkaller1: entered promiscuous mode
[  106.281631][ T8585] syzkaller1: entered allmulticast mode
[  106.470692][ T8594] 0: renamed from 71 (while UP)
[  106.478144][ T8594] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[  106.599479][ T8600] netlink: 'syz.0.935': attribute type 1 has an invalid length.
[  106.621689][ T8600] 8021q: adding VLAN 0 to HW filter on device bond3
[  106.901666][ T8606] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  107.036309][ T8615] batman_adv: batadv0: Adding interface: macvlan2
[  107.039249][ T8615] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1280) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.049868][ T8615] batman_adv: batadv0: Interface activated: macvlan2
[  107.514311][ T8650] netlink: 'syz.2.953': attribute type 1 has an invalid length.
[  107.541877][ T8650] 8021q: adding VLAN 0 to HW filter on device bond7
[  107.567471][ T8652] netlink: 'syz.1.954': attribute type 1 has an invalid length.
[  107.718557][ T8674] netlink: 'syz.2.962': attribute type 1 has an invalid length.
[  107.752478][ T8681] __nla_validate_parse: 23 callbacks suppressed
[  107.752490][ T8681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.965'.
[  107.772282][ T8683] workqueue: name exceeds WQ_NAME_LEN. Truncating to: ^>>Mv^侦Kc'A
[  107.849822][ T8691] netlink: 'syz.1.968': attribute type 13 has an invalid length.
[  107.867466][ T8691] netlink: 'syz.1.968': attribute type 1 has an invalid length.
[  107.869920][ T8691] netlink: 600 bytes leftover after parsing attributes in process `syz.1.968'.
[  107.875804][ T8691] netlink: 232 bytes leftover after parsing attributes in process `syz.1.968'.
[  107.880117][ T8691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.968'.
[  107.905233][ T8695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.969'.
[  107.908863][ T8695] netlink: 16 bytes leftover after parsing attributes in process `syz.2.969'.
[  107.933377][ T8697] netlink: 'syz.1.970': attribute type 1 has an invalid length.
[  107.969973][ T8697] 8021q: adding VLAN 0 to HW filter on device bond3
[  108.022795][ T8706] netlink: 'syz.1.972': attribute type 1 has an invalid length.
[  108.065433][ T8706] 8021q: adding VLAN 0 to HW filter on device bond4
[  108.105186][ T8709] gretap0: entered promiscuous mode
[  108.133178][ T8709] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.140305][ T8709] 8021q: adding VLAN 0 to HW filter on device team0
[  108.153261][ T8709] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  108.515009][ T8738] netlink: 600 bytes leftover after parsing attributes in process `syz.2.978'.
[  108.530869][ T8738] netlink: 232 bytes leftover after parsing attributes in process `syz.2.978'.
[  108.544441][ T8738] netlink: 4 bytes leftover after parsing attributes in process `syz.2.978'.
[  108.697297][ T8751] netlink: 12 bytes leftover after parsing attributes in process `syz.0.982'.
[  108.986919][ T8785] syzkaller1: entered promiscuous mode
[  108.989506][ T8785] syzkaller1: entered allmulticast mode
[  109.116891][ T8793] 8021q: adding VLAN 0 to HW filter on device bond8
[  109.184944][ T8805] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  109.257228][ T8813] block nbd0: Unsupported socket: shutdown callout must be supported.
[  109.283741][ T8811] 8021q: adding VLAN 0 to HW filter on device bond5
[  109.335625][ T8821] syzkaller1: entered promiscuous mode
[  109.345220][ T8821] syzkaller1: entered allmulticast mode
[  109.382560][ T8827] 0: renamed from C0
[  109.389827][ T8827] 0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  109.393564][ T8827] 0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  109.397223][ T8827] 0: entered allmulticast mode
[  109.399294][ T8827] hsr_slave_0: entered allmulticast mode
[  109.401221][ T8827] hsr_slave_1: entered allmulticast mode
[  109.405632][ T8827] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[  109.592073][ T8846] 8021q: adding VLAN 0 to HW filter on device bond6
[  109.672691][ T8856] syzkaller1: entered promiscuous mode
[  109.685733][ T8856] syzkaller1: entered allmulticast mode
[  109.897874][ T8875] 8021q: adding VLAN 0 to HW filter on device bond7
[  110.389171][ T8926] validate_nla: 15 callbacks suppressed
[  110.389181][ T8926] netlink: 'syz.2.1041': attribute type 13 has an invalid length.
[  110.406523][ T8926] netlink: 'syz.2.1041': attribute type 1 has an invalid length.
[  110.631989][ T8952] netlink: 'syz.0.1050': attribute type 10 has an invalid length.
[  110.678530][ T8946] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  110.708491][ T8956] netlink: 'syz.0.1052': attribute type 27 has an invalid length.
[  110.754416][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  110.779164][ T8969] netlink: 'syz.2.1055': attribute type 13 has an invalid length.
[  110.779192][ T8971] openvswitch: netlink: Duplicate or invalid key (type 0).
[  110.785305][ T8971] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  110.790066][ T8969] netlink: 'syz.2.1055': attribute type 1 has an invalid length.
[  110.792152][ T8971] Bluetooth: MGMT ver 1.23
[  110.793475][   T33] audit: type=1107 audit(1755018144.947:2): pid=8970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='67Jzhpόy'[!HyCܯWM%7ĬKZÄx_,okJpHL}`ZVC|{+PKy)i0%:#e7xqSReaI'
[  110.797691][ T8971] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  110.839862][ T8971] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  110.973505][ T8987] tipc: New replicast peer: 255.255.255.255
[  110.976206][ T8987] tipc: Enabled bearer <udp:syz2>, priority 10
[  110.980853][ T8987] tipc: Disabling bearer <udp:syz2>
[  110.985481][ T8986] netlink: 'syz.1.1064': attribute type 1 has an invalid length.
[  111.124633][ T9006] netlink: 'syz.2.1071': attribute type 1 has an invalid length.
[  111.263765][ T9017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  111.508264][ T9029] syzkaller1: entered promiscuous mode
[  111.510337][ T9029] syzkaller1: entered allmulticast mode
[  111.869224][ T9047] netlink: 'syz.2.1085': attribute type 9 has an invalid length.
[  112.003104][ T9055] IPVS: Error connecting to the multicast addr
[  112.296931][ T9063] netlink: 'syz.1.1089': attribute type 3 has an invalid length.
[  112.479888][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880387d5800: rx timeout, send abort
[  112.982769][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880387d5800: abort rx timeout. Force session deactivation
[  113.563141][ T9098] sctp: [Deprecated]: syz.2.1102 (pid 9098) Use of int in maxseg socket option.
[  113.563141][ T9098] Use struct sctp_assoc_value instead
[  113.631595][ T9100] sctp: [Deprecated]: syz.0.1101 (pid 9100) Use of int in max_burst socket option deprecated.
[  113.631595][ T9100] Use struct sctp_assoc_value instead
[  113.639739][ T9100] __nla_validate_parse: 32 callbacks suppressed
[  113.639752][ T9100] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1101'.
[  113.707863][ T9113] delete_channel: no stack
[  113.771884][ T9118] bond8: entered promiscuous mode
[  113.777891][ T9118] 8021q: adding VLAN 0 to HW filter on device bond8
[  113.807163][ T9118] 8021q: adding VLAN 0 to HW filter on device bond8
[  113.810069][ T9118] bond8: (slave wireguard0): The slave device specified does not support setting the MAC address
[  113.814595][ T9118] bond8: (slave wireguard0): Setting fail_over_mac to active for active-backup mode
[  113.820599][ T9118] bond8: (slave wireguard0): making interface the new active one
[  113.823690][ T9118] wireguard0: entered promiscuous mode
[  113.826950][ T9118] bond8: (slave wireguard0): Enslaving as an active interface with an up link
[  113.890361][ T9128] syzkaller1: entered promiscuous mode
[  113.892138][ T9128] syzkaller1: entered allmulticast mode
[  114.039563][ T9133] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1111'.
[  114.043308][ T9133] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1111'.
[  114.064055][ T9135] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1112'.
[  114.113641][ T9142] sctp: [Deprecated]: syz.1.1114 (pid 9142) Use of int in maxseg socket option.
[  114.113641][ T9142] Use struct sctp_assoc_value instead
[  114.142242][ T9144] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1115'.
[  114.255413][ T9152] 8021q: adding VLAN 0 to HW filter on device bond9
[  114.301793][ T9156] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1119'.
[  114.331129][ T9158] pim6reg1: entered promiscuous mode
[  114.333113][ T9158] pim6reg1: entered allmulticast mode
[  114.361402][ T9159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1119'.
[  114.442500][ T9161] syzkaller1: entered promiscuous mode
[  114.446136][ T9161] syzkaller1: entered allmulticast mode
[  114.546886][ T9163] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1122'.
[  114.663625][ T9167] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  114.983331][ T9185] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1131'.
[  115.256573][ T9201] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1137'.
[  115.583422][ T5912] hid-generic 0005:046D:FFF9.0001: item fetching failed at offset 0/1
[  115.587604][ T5912] hid-generic 0005:046D:FFF9.0001: probe with driver hid-generic failed with error -22
[  115.596448][ T9227] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  115.606495][ T9227] tipc: Enabled bearer <eth:ipvlan1>, priority 14
[  115.730425][ T9237] syzkaller1: entered promiscuous mode
[  115.732451][ T9237] syzkaller1: entered allmulticast mode
[  115.899831][ T9243] validate_nla: 6 callbacks suppressed
[  115.899845][ T9243] netlink: 'syz.1.1153': attribute type 3 has an invalid length.
[  115.906690][ T9243] netlink: 'syz.1.1153': attribute type 3 has an invalid length.
[  116.109379][ T9269] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  116.112529][ T9270] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  116.117450][ T9269] openvswitch: netlink: Duplicate key (type 0).
[  116.119278][ T9270] openvswitch: netlink: Duplicate key (type 0).
[  116.336421][ T9292] netlink: 'syz.1.1172': attribute type 13 has an invalid length.
[  116.352109][ T9292] netlink: 'syz.1.1172': attribute type 1 has an invalid length.
[  116.488355][ T9315] syzkaller1: entered promiscuous mode
[  116.490239][ T9315] syzkaller1: entered allmulticast mode
[  116.570116][ T9319] ip6tnl2: entered promiscuous mode
[  116.571972][ T9319] ip6tnl2: entered allmulticast mode
[  116.573738][ T9321] sctp: [Deprecated]: syz.0.1182 (pid 9321) Use of int in maxseg socket option.
[  116.573738][ T9321] Use struct sctp_assoc_value instead
[  116.576358][ T9319] team0: Device ip6tnl2 is of different type
[  116.604527][   T24] tipc: Node number set to 580829154
[  116.765158][ T9333] netlink: 'syz.2.1186': attribute type 13 has an invalid length.
[  116.778182][ T9333] netlink: 'syz.2.1186': attribute type 1 has an invalid length.
[  117.041727][ T9359] batadv_slave_1: entered promiscuous mode
[  117.047415][ T9358] batadv_slave_1: left promiscuous mode
[  117.119700][ T9363] netlink: 'syz.0.1197': attribute type 29 has an invalid length.
[  117.122352][ T9363] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  117.173018][ T9370] trusted_key: syz.2.1200 sent an empty control message without MSG_MORE.
[  117.191518][ T9372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  117.416857][ T9392] bond0: (slave vxlan0): Enslaving as an active interface with an up link
[  117.420956][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  117.425410][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  117.430860][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  117.437745][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  117.627208][ T9408] syzkaller1: entered promiscuous mode
[  117.629603][ T9408] syzkaller1: entered allmulticast mode
[  117.717057][ T9412] netlink: 'syz.2.1216': attribute type 21 has an invalid length.
[  117.769759][ T9416] syzkaller1: entered promiscuous mode
[  117.771700][ T9416] syzkaller1: entered allmulticast mode
[  117.878881][ T9428] netlink: 'syz.0.1223': attribute type 13 has an invalid length.
[  117.889833][ T9428] netlink: 'syz.0.1223': attribute type 1 has an invalid length.
[  118.255911][ T9493] syzkaller1: entered promiscuous mode
[  118.257889][ T9493] syzkaller1: entered allmulticast mode
[  118.552890][ T9526] sctp: [Deprecated]: syz.1.1239 (pid 9526) Use of int in maxseg socket option.
[  118.552890][ T9526] Use struct sctp_assoc_value instead
[  118.564655][ T9521] block nbd0: server does not support multiple connections per device.
[  118.570313][ T9521] block nbd0: shutting down sockets
[  118.808592][ T9546] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  118.813388][ T9544] __nla_validate_parse: 34 callbacks suppressed
[  118.813404][ T9544] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1244'.
[  118.821219][ T9544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1244'.
[  118.936234][ T9561] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1250'.
[  118.988469][ T9564] syzkaller1: entered promiscuous mode
[  118.990509][ T9564] syzkaller1: entered allmulticast mode
[  119.152934][ T9566] 0: left allmulticast mode
[  119.155175][ T9566] hsr_slave_0: left allmulticast mode
[  119.157473][ T9566] hsr_slave_1: left allmulticast mode
[  119.181384][ T9566] batman_adv: batadv0: Interface deactivated: macvlan2
[  119.230711][ T9571] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1253'.
[  119.588028][ T9606] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  119.781993][ T9624] sctp: [Deprecated]: syz.0.1270 (pid 9624) Use of int in maxseg socket option.
[  119.781993][ T9624] Use struct sctp_assoc_value instead
[  119.831877][ T9625] : renamed from bond_slave_0 (while UP)
[  119.984670][ T9642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1274'.
[  119.989882][ T9643] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1274'.
[  119.996964][ T9643] bridge0: port 5(macvlan2) entered blocking state
[  119.999278][ T9643] bridge0: port 5(macvlan2) entered disabled state
[  120.001658][ T9643] macvlan2: entered allmulticast mode
[  120.003507][ T9643] bridge0: entered allmulticast mode
[  120.009487][ T9643] macvlan2: left allmulticast mode
[  120.011195][ T9643] bridge0: left allmulticast mode
[  120.011589][ T9645] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1272'.
[  120.061963][ T9647] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1275'.
[  120.148839][ T9658] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1279'.
[  120.303022][ T9674] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1284'.
[  120.328918][ T9676] batadv1: entered promiscuous mode
[  120.380077][ T9680] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  120.493324][ T9688] 8021q: adding VLAN 0 to HW filter on device bond10
[  120.579591][ T9700] syzkaller1: entered promiscuous mode
[  120.582154][ T9700] syzkaller1: entered allmulticast mode
[  120.734975][ T9713] syzkaller1: entered promiscuous mode
[  120.737634][ T9713] syzkaller1: entered allmulticast mode
[  120.895800][ T9717] sctp: [Deprecated]: syz.2.1300 (pid 9717) Use of int in maxseg socket option.
[  120.895800][ T9717] Use struct sctp_assoc_value instead
[  120.970125][ T9720] validate_nla: 5 callbacks suppressed
[  120.970143][ T9720] netlink: 'syz.0.1301': attribute type 5 has an invalid length.
[  122.027756][ T9729] geneve3: entered promiscuous mode
[  122.131692][ T9735] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[  122.140030][ T9735] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5)
[  122.273595][ T9747] netlink: 'syz.2.1309': attribute type 1 has an invalid length.
[  122.312889][ T9747] 8021q: adding VLAN 0 to HW filter on device bond11
[  122.402128][ T9757] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.416448][ T9757] syzkaller0: entered promiscuous mode
[  122.418909][ T9757] syzkaller0: entered allmulticast mode
[  122.451423][ T9757] tipc: Resetting bearer <eth:syzkaller0>
[  122.460345][ T9756] tipc: Resetting bearer <eth:syzkaller0>
[  122.479369][ T9756] tipc: Disabling bearer <eth:syzkaller0>
[  122.524748][ T9764] bridge0: port 5(vlan3) entered blocking state
[  122.527130][ T9764] bridge0: port 5(vlan3) entered disabled state
[  122.529760][ T9764] vlan3: entered allmulticast mode
[  122.531984][ T9764] bond0: entered allmulticast mode
[  122.537957][ T9764] : entered allmulticast mode
[  122.540302][ T9764] bond_slave_1: entered allmulticast mode
[  122.542814][ T9764] bond1: entered allmulticast mode
[  122.545243][ T9764] vxlan0: entered allmulticast mode
[  122.549066][ T9764] vlan3: entered promiscuous mode
[  122.551347][ T9764] bond0: entered promiscuous mode
[  122.553567][ T9764] : entered promiscuous mode
[  122.558197][ T9764] bond_slave_1: entered promiscuous mode
[  122.560852][ T9764] bond1: entered promiscuous mode
[  122.564572][ T9764] vxlan0: entered promiscuous mode
[  122.613019][ T9771] netlink: 'syz.2.1318': attribute type 1 has an invalid length.
[  122.688696][ T9777] tap0: tun_chr_ioctl cmd 1074025680
[  122.703150][ T9777] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.712380][ T9776] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  122.755833][ T9776] D: renamed from syzkaller0
[  122.765954][ T9776] tipc: Disabling bearer <eth:syzkaller0>
[  123.087083][ T9806] netlink: 'syz.2.1329': attribute type 1 has an invalid length.
[  123.115426][ T9814] netlink: 'syz.1.1331': attribute type 13 has an invalid length.
[  123.130645][ T9806] 8021q: adding VLAN 0 to HW filter on device bond12
[  123.170276][ T9814] netlink: 'syz.1.1331': attribute type 1 has an invalid length.
[  123.212697][ T9825] sctp: [Deprecated]: syz.0.1334 (pid 9825) Use of int in maxseg socket option.
[  123.212697][ T9825] Use struct sctp_assoc_value instead
[  123.383427][ T9846] netlink: 'syz.0.1341': attribute type 1 has an invalid length.
[  123.396658][ T9848] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  123.432806][ T9846] 8021q: adding VLAN 0 to HW filter on device bond4
[  123.441086][ T9853] netlink: 'syz.1.1344': attribute type 1 has an invalid length.
[  123.480968][ T9853] 8021q: adding VLAN 0 to HW filter on device bond9
[  123.507405][ T9853] vlan4: entered promiscuous mode
[  123.509245][ T9853] bond9: entered promiscuous mode
[  123.511194][ T9853] vlan4: entered allmulticast mode
[  123.512929][ T9853] bond9: entered allmulticast mode
[  123.677970][ T9882] netlink: 'syz.0.1354': attribute type 1 has an invalid length.
[  123.687269][ T9885] netlink: 'syz.2.1355': attribute type 1 has an invalid length.
[  123.735136][ T9885] 8021q: adding VLAN 0 to HW filter on device bond13
[  123.893231][ T9902] __nla_validate_parse: 47 callbacks suppressed
[  123.893252][ T9902] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1361'.
[  123.927525][ T9904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1363'.
[  123.978920][ T9910] sctp: [Deprecated]: syz.2.1366 (pid 9910) Use of int in maxseg socket option.
[  123.978920][ T9910] Use struct sctp_assoc_value instead
[  123.998691][ T9912] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  124.107461][ T9916] netlink: 600 bytes leftover after parsing attributes in process `syz.0.1368'.
[  124.117315][ T9916] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1368'.
[  124.121885][ T9917] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1367'.
[  124.127448][ T9917] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1367'.
[  124.131812][ T9916] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1368'.
[  124.146392][ T9917] syzkaller1: entered promiscuous mode
[  124.148654][ T9917] syzkaller1: entered allmulticast mode
[  124.250304][ T9924] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1369'.
[  124.255006][ T9920] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1369'.
[  124.452674][ T9939] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  124.677025][ T9945] sctp: [Deprecated]: syz.2.1377 (pid 9945) Use of int in maxseg socket option.
[  124.677025][ T9945] Use struct sctp_assoc_value instead
[  124.871390][ T9947] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1378'.
[  124.962412][ T9954] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  125.019071][ T9959] 8021q: adding VLAN 0 to HW filter on device bond5
[  125.069947][ T9967] sctp: [Deprecated]: syz.0.1385 (pid 9967) Use of int in maxseg socket option.
[  125.069947][ T9967] Use struct sctp_assoc_value instead
[  125.382438][ T9989] syzkaller1: entered promiscuous mode
[  125.388242][ T9989] syzkaller1: entered allmulticast mode
[  125.448411][ T9996] GUP no longer grows the stack in syz.0.1396 (9996): 200000003000-20000000a000 (200000001000)
[  125.452358][ T9996] CPU: 0 UID: 0 PID: 9996 Comm: syz.0.1396 Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0 PREEMPT(full) 
[  125.452372][ T9996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  125.452378][ T9996] Call Trace:
[  125.452382][ T9996]  <TASK>
[  125.452386][ T9996]  dump_stack_lvl+0x189/0x250
[  125.452405][ T9996]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.452415][ T9996]  ? __pfx__printk+0x10/0x10
[  125.452426][ T9996]  ? find_vma+0xe7/0x160
[  125.452439][ T9996]  ? __lock_acquire+0xab9/0xd20
[  125.452457][ T9996]  __get_user_pages+0x24d0/0x2ce0
[  125.452466][ T9996]  ? __lock_acquire+0xab9/0xd20
[  125.452489][ T9996]  ? __gup_longterm_locked+0xc68/0x1660
[  125.452501][ T9996]  __gup_longterm_locked+0xde9/0x1660
[  125.452517][ T9996]  ? sanity_check_pinned_pages+0x123a/0x1300
[  125.452530][ T9996]  gup_fast_fallback+0x1e6a/0x2010
[  125.452551][ T9996]  ? __pfx_gup_fast_fallback+0x10/0x10
[  125.452559][ T9996]  ? stack_trace_save+0x9c/0xe0
[  125.452568][ T9996]  ? __pfx_stack_trace_save+0x10/0x10
[  125.452581][ T9996]  ? pin_user_pages_fast+0x4d/0xb0
[  125.452591][ T9996]  iov_iter_extract_pages+0x35a/0x5e0
[  125.452602][ T9996]  extract_iter_to_sg+0xe46/0x24e0
[  125.452618][ T9996]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  125.452635][ T9996]  ? __asan_memset+0x22/0x50
[  125.452644][ T9996]  af_alg_get_rsgl+0x436/0x810
[  125.452660][ T9996]  aead_recvmsg+0x4cc/0x13f0
[  125.452677][ T9996]  ? __pfx_aead_recvmsg+0x10/0x10
[  125.452687][ T9996]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  125.452697][ T9996]  ? __pfx_aead_recvmsg+0x10/0x10
[  125.452707][ T9996]  sock_recvmsg_nosec+0x186/0x1c0
[  125.452719][ T9996]  ____sys_recvmsg+0x3aa/0x460
[  125.452733][ T9996]  ? __pfx_____sys_recvmsg+0x10/0x10
[  125.452751][ T9996]  ? import_iovec+0x74/0xa0
[  125.452758][ T9996]  ___sys_recvmsg+0x1b5/0x510
[  125.452771][ T9996]  ? __pfx____sys_recvmsg+0x10/0x10
[  125.452794][ T9996]  ? __might_fault+0xb0/0x130
[  125.452805][ T9996]  do_recvmmsg+0x307/0x770
[  125.452820][ T9996]  ? __pfx_do_recvmmsg+0x10/0x10
[  125.452836][ T9996]  ? __pfx_do_futex+0x10/0x10
[  125.452852][ T9996]  __x64_sys_recvmmsg+0x190/0x240
[  125.452864][ T9996]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  125.452874][ T9996]  ? rcu_is_watching+0x15/0xb0
[  125.452886][ T9996]  ? do_syscall_64+0xbe/0x3b0
[  125.452898][ T9996]  do_syscall_64+0xfa/0x3b0
[  125.452906][ T9996]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.452914][ T9996]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.452922][ T9996]  ? exc_page_fault+0x9f/0xf0
[  125.452931][ T9996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.452938][ T9996] RIP: 0033:0x7f810e78ebe9
[  125.452952][ T9996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.452960][ T9996] RSP: 002b:00007f810f55e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  125.452970][ T9996] RAX: ffffffffffffffda RBX: 00007f810e9b6090 RCX: 00007f810e78ebe9
[  125.452976][ T9996] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000008
[  125.452982][ T9996] RBP: 00007f810e811e19 R08: 0000000000000000 R09: 0000000000000000
[  125.452988][ T9996] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000000
[  125.452993][ T9996] R13: 00007f810e9b6128 R14: 00007f810e9b6090 R15: 00007ffc6377d268
[  125.453006][ T9996]  </TASK>
[  125.797501][T10017] syz.2.1403: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  125.852126][T10017] CPU: 0 UID: 0 PID: 10017 Comm: syz.2.1403 Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0 PREEMPT(full) 
[  125.852150][T10017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  125.852158][T10017] Call Trace:
[  125.852163][T10017]  <TASK>
[  125.852169][T10017]  dump_stack_lvl+0x189/0x250
[  125.852224][T10017]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.852238][T10017]  ? __pfx__printk+0x10/0x10
[  125.852255][T10017]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  125.852270][T10017]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  125.852286][T10017]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  125.852300][T10017]  warn_alloc+0x214/0x310
[  125.852318][T10017]  ? stack_depot_save_flags+0x41b/0x860
[  125.852331][T10017]  ? __pfx_warn_alloc+0x10/0x10
[  125.852342][T10017]  ? kasan_save_track+0x4f/0x80
[  125.852352][T10017]  ? xskq_create+0x56/0x170
[  125.852361][T10017]  ? xsk_init_queue+0xb0/0x110
[  125.852367][T10017]  ? xsk_setsockopt+0x4dc/0x8d0
[  125.852374][T10017]  ? do_sock_setsockopt+0x17c/0x1b0
[  125.852384][T10017]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  125.852395][T10017]  ? do_syscall_64+0xfa/0x3b0
[  125.852409][T10017]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.852425][T10017]  __vmalloc_node_range_noprof+0x125/0x12f0
[  125.852461][T10017]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  125.852483][T10017]  ? __kasan_kmalloc+0x93/0xb0
[  125.852499][T10017]  vmalloc_user_noprof+0xad/0xf0
[  125.852515][T10017]  ? xskq_create+0xbf/0x170
[  125.852529][T10017]  xskq_create+0xbf/0x170
[  125.852543][T10017]  xsk_init_queue+0xb0/0x110
[  125.852557][T10017]  xsk_setsockopt+0x4dc/0x8d0
[  125.852570][T10017]  ? __pfx_xsk_setsockopt+0x10/0x10
[  125.852582][T10017]  ? __pfx_aa_sk_perm+0x10/0x10
[  125.852599][T10017]  ? aa_sock_opt_perm+0xff/0x1b0
[  125.852618][T10017]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  125.852631][T10017]  ? __pfx_xsk_setsockopt+0x10/0x10
[  125.852644][T10017]  do_sock_setsockopt+0x17c/0x1b0
[  125.852663][T10017]  __x64_sys_setsockopt+0x13f/0x1b0
[  125.852682][T10017]  do_syscall_64+0xfa/0x3b0
[  125.852695][T10017]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.852708][T10017]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.852718][T10017]  ? exc_page_fault+0x9f/0xf0
[  125.852732][T10017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.852743][T10017] RIP: 0033:0x7f8ef598ebe9
[  125.852755][T10017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.852764][T10017] RSP: 002b:00007f8ef6767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  125.852778][T10017] RAX: ffffffffffffffda RBX: 00007f8ef5bb5fa0 RCX: 00007f8ef598ebe9
[  125.852787][T10017] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  125.852818][T10017] RBP: 00007f8ef5a11e19 R08: 0000000000000004 R09: 0000000000000000
[  125.852825][T10017] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  125.852831][T10017] R13: 00007f8ef5bb6038 R14: 00007f8ef5bb5fa0 R15: 00007ffe487e5a18
[  125.852849][T10017]  </TASK>
[  125.895928][T10017] Mem-Info:
[  125.993240][T10017] active_anon:5654 inactive_anon:0 isolated_anon:0
[  125.993240][T10017]  active_file:1146 inactive_file:38239 isolated_file:0
[  125.993240][T10017]  unevictable:1768 dirty:77 writeback:0
[  125.993240][T10017]  slab_reclaimable:9787 slab_unreclaimable:82943
[  125.993240][T10017]  mapped:18334 shmem:2415 pagetables:963
[  125.993240][T10017]  sec_pagetables:0 bounce:0
[  125.993240][T10017]  kernel_misc_reclaimable:0
[  125.993240][T10017]  free:268527 free_pcp:14923 free_cma:0
[  126.025793][T10017] Node 0 active_anon:14132kB inactive_anon:0kB active_file:4108kB inactive_file:132316kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:21784kB dirty:284kB writeback:0kB shmem:4700kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8824kB pagetables:2212kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  126.039600][T10017] Node 1 active_anon:8348kB inactive_anon:0kB active_file:476kB inactive_file:20640kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:51484kB dirty:24kB writeback:0kB shmem:4960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4444kB pagetables:1636kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  126.047666][T10034] validate_nla: 6 callbacks suppressed
[  126.047676][T10034] netlink: 'syz.1.1407': attribute type 1 has an invalid length.
[  126.053424][T10017] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  126.073583][T10017] lowmem_reserve[]: 0 811 811 811 811
[  126.076975][T10017] Node 0 DMA32 free:327168kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14336kB inactive_anon:0kB active_file:4108kB inactive_file:132316kB unevictable:3536kB writepending:284kB present:1556484kB managed:830996kB mlocked:0kB bounce:0kB free_pcp:29036kB local_pcp:16884kB free_cma:0kB
[  126.091400][T10017] lowmem_reserve[]: 0 0 0 0 0
[  126.093488][T10017] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  126.105918][T10017] lowmem_reserve[]: 0 0 854 854 854
[  126.107766][T10034] 8021q: adding VLAN 0 to HW filter on device bond10
[  126.108416][T10017] Node 1 Normal free:272964kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8348kB inactive_anon:0kB active_file:476kB inactive_file:20640kB unevictable:3536kB writepending:24kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:32460kB local_pcp:15992kB free_cma:0kB
[  126.124832][T10017] lowmem_reserve[]: 0 0 0 0 0
[  126.126893][T10017] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  126.132269][T10017] Node 0 DMA32: 245*4kB (UME) 342*8kB (UME) 198*16kB (UME) 148*32kB (UME) 195*64kB (UME) 84*128kB (UM) 36*256kB (UME) 18*512kB (UME) 11*1024kB (UME) 2*2048kB (ME) 63*4096kB (UM) = 326692kB
[  126.152398][T10017] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  126.159542][T10017] Node 1 Normal: 629*4kB (UE) 191*8kB (UE) 152*16kB (UE) 270*32kB (UME) 67*64kB (UME) 23*128kB (UM) 15*256kB (M) 8*512kB (UM) 5*1024kB (ME) 2*2048kB (UE) 57*4096kB (M) = 272972kB
[  126.176018][T10042] syzkaller1: entered promiscuous mode
[  126.178080][T10042] syzkaller1: entered allmulticast mode
[  126.180621][T10017] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  126.186814][T10017] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  126.191086][T10017] 41800 total pagecache pages
[  126.193155][T10017] 0 pages in swap cache
[  126.195776][T10017] Free swap  = 124996kB
[  126.216026][T10017] Total swap = 124996kB
[  126.217985][T10017] 786301 pages RAM
[  126.220208][T10017] 0 pages HighMem/MovableOnly
[  126.222130][T10017] 241320 pages reserved
[  126.224529][T10017] 0 pages cma reserved
[  126.283652][T10045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  126.397782][T10062] batman_adv: batadv0: Adding interface: dummy0
[  126.400401][T10062] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.413539][T10062] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  126.439134][T10062] netlink: 'syz.2.1415': attribute type 1 has an invalid length.
[  126.600737][T10075] batadv_slave_0: entered promiscuous mode
[  126.605862][T10074] batadv_slave_0: left promiscuous mode
[  126.835670][T10095] netlink: 'syz.2.1429': attribute type 13 has an invalid length.
[  126.920045][T10105] netlink: 'syz.0.1433': attribute type 3 has an invalid length.
[  126.929707][T10103] netlink: 'syz.1.1431': attribute type 7 has an invalid length.
[  126.938047][T10103] netlink: 'syz.1.1431': attribute type 8 has an invalid length.
[  126.965275][T10109] syzkaller1: entered promiscuous mode
[  126.967209][T10109] syzkaller1: entered allmulticast mode
[  126.989648][   T33] audit: type=1804 audit(1755018161.147:3): pid=10103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1431" name="x000000000000000800000000000000000000010" dev="tmpfs" ino=2807 res=1 errno=0
[  127.018698][   T33] audit: type=1800 audit(1755018161.147:4): pid=10103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1431" name="x000000000000000800000000000000000000010" dev="tmpfs" ino=2807 res=0 errno=0
[  127.150247][T10126] tipc: Enabled bearer <udp:syz0>, priority 10
[  127.346508][T10142] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.379139][T10146] netlink: 'syz.0.1448': attribute type 1 has an invalid length.
[  127.395936][T10146] 8021q: adding VLAN 0 to HW filter on device bond6
[  127.824036][T10169] netlink: 'syz.0.1456': attribute type 1 has an invalid length.
[  127.841109][T10169] 8021q: adding VLAN 0 to HW filter on device bond7
[  127.875617][T10174] netlink: 'syz.0.1458': attribute type 2 has an invalid length.
[  127.908731][T10176] netlink: 'syz.0.1459': attribute type 2 has an invalid length.
[  128.119055][   T13] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x9
[  128.125022][T10182] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  128.168556][T10195] 8021q: adding VLAN 0 to HW filter on device bond8
[  128.814458][T10254] 8021q: adding VLAN 0 to HW filter on device bond11
[  128.967850][T10266] __nla_validate_parse: 15 callbacks suppressed
[  128.967863][T10266] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1488'.
[  129.184648][T10285] netlink: 600 bytes leftover after parsing attributes in process `syz.1.1491'.
[  129.192740][T10285] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1491'.
[  129.202357][T10285] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1491'.
[  129.337545][T10291] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1494'.
[  129.722073][T10308] netlink: 600 bytes leftover after parsing attributes in process `syz.1.1500'.
[  129.730638][T10308] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1500'.
[  129.736252][T10308] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1500'.
[  129.790924][T10311] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1502'.
[  129.802700][T10315] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1502'.
[  129.940372][T10326] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  130.125922][T10344] 8021q: adding VLAN 0 to HW filter on device bond9
[  130.171485][T10349] lo speed is unknown, defaulting to 1000
[  130.177412][T10349] lo speed is unknown, defaulting to 1000
[  130.180719][T10349] lo speed is unknown, defaulting to 1000
[  130.336237][T10349] infiniband syz0: set down
[  130.338347][ T2289] lo speed is unknown, defaulting to 1000
[  130.340828][T10349] infiniband syz0: added lo
[  130.402922][T10349] RDS/IB: syz0: added
[  130.418032][T10349] smc: adding ib device syz0 with port count 1
[  130.433643][T10349] smc:    ib device syz0 port 1 has pnetid 
[  130.451732][ T2289] lo speed is unknown, defaulting to 1000
[  130.455290][T10349] lo speed is unknown, defaulting to 1000
[  130.736341][T10369] syzkaller1: entered promiscuous mode
[  130.738770][T10369] syzkaller1: entered allmulticast mode
[  131.036455][T10347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  131.102839][T10349] lo speed is unknown, defaulting to 1000
[  131.246688][T10384] validate_nla: 10 callbacks suppressed
[  131.246709][T10384] netlink: 'syz.1.1524': attribute type 2 has an invalid length.
[  131.359433][T10349] lo speed is unknown, defaulting to 1000
[  131.438751][T10399] netlink: 'syz.1.1530': attribute type 10 has an invalid length.
[  131.442350][T10399] batadv0: left allmulticast mode
[  131.445363][T10399] batadv0: left promiscuous mode
[  131.448190][T10399] bridge0: port 3(batadv0) entered disabled state
[  131.455667][T10399] 8021q: adding VLAN 0 to HW filter on device batadv0
[  131.461511][T10399] batadv0: entered promiscuous mode
[  131.471605][T10399] batadv0: entered allmulticast mode
[  131.480074][T10399] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  131.750062][T10412] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  131.865414][    C1] bridge0: port 1(bridge_slave_0) entered learning state
[  131.869648][    C1] bridge0: port 2(bridge_slave_1) entered learning state
[  132.307361][T10467] netlink: 'syz.0.1546': attribute type 1 has an invalid length.
[  132.336997][T10467] 8021q: adding VLAN 0 to HW filter on device bond10
[  132.648909][T10481] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  132.742614][T10490] netlink: 'syz.0.1555': attribute type 1 has an invalid length.
[  132.759694][T10490] 8021q: adding VLAN 0 to HW filter on device bond11
[  132.887269][T10505] netlink: 'syz.2.1559': attribute type 13 has an invalid length.
[  132.896991][T10505] netlink: 'syz.2.1559': attribute type 1 has an invalid length.
[  133.108784][T10526] netlink: 'syz.2.1569': attribute type 13 has an invalid length.
[  133.117677][T10526] netlink: 'syz.2.1569': attribute type 1 has an invalid length.
[  133.439223][T10548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  133.620573][T10567] netlink: 'syz.1.1578': attribute type 1 has an invalid length.
[  133.648185][T10567] 8021q: adding VLAN 0 to HW filter on device bond12
[  134.056458][T10579] __nla_validate_parse: 23 callbacks suppressed
[  134.056469][T10579] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1582'.
[  134.091162][T10582] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1583'.
[  134.936436][T10594] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1586'.
[  135.339955][T10616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1594'.
[  135.616807][T10645] sctp: [Deprecated]: syz.1.1602 (pid 10645) Use of int in maxseg socket option.
[  135.616807][T10645] Use struct sctp_assoc_value instead
[  135.720917][T10647] netlink: 'syz.1.1603': attribute type 32 has an invalid length.
[  135.917208][T10655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1606'.
[  136.009867][T10666] sctp: [Deprecated]: syz.1.1609 (pid 10666) Use of int in maxseg socket option.
[  136.009867][T10666] Use struct sctp_assoc_value instead
[  136.171672][T10669] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  136.178985][T10669] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.274600][T10669] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  136.306149][T10669] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.384293][T10669] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  136.388763][T10669] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.460023][T10669] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  136.465271][T10669] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.566231][   T13] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  136.571701][   T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.590835][   T13] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  136.596847][   T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.621306][   T13] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  136.625629][   T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.628762][   T13] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  136.632115][   T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.759875][T10676] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  137.571127][T10690] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1618'.
[  137.598787][T10693] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1619'.
[  137.650718][T10694] netlink: 4660 bytes leftover after parsing attributes in process `syz.2.1619'.
[  138.588694][T10707] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1624'.
[  138.592516][T10708] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1624'.
[  138.600882][T10709] netlink: 'syz.2.1624': attribute type 1 has an invalid length.
[  138.600888][T10708] netlink: 'syz.2.1624': attribute type 1 has an invalid length.
[  138.616852][T10709] 8021q: adding VLAN 0 to HW filter on device bond14
[  138.629405][T10707] bond14: (slave gretap1): making interface the new active one
[  138.633787][T10707] bond14: (slave gretap1): Enslaving as an active interface with an up link
[  138.806416][T10720] sctp: [Deprecated]: syz.2.1629 (pid 10720) Use of int in maxseg socket option.
[  138.806416][T10720] Use struct sctp_assoc_value instead
[  140.319303][T10795] __nla_validate_parse: 2 callbacks suppressed
[  140.319322][T10795] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1655'.
[  140.406623][T10799] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1656'.
[  140.418854][T10799] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1656'.
[  140.443796][T10799] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1656'.
[  140.685613][T10811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  141.371985][T10841] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  141.377676][T10840] IPv6: NLM_F_REPLACE set, but no existing node found!
[  141.382358][T10840] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1665'.
[  141.387516][T10840] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1665'.
[  141.391199][T10840] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1665'.
[  141.399415][T10840] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  161.944090][    C1] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.946966][    C1] bridge0: topology change detected, propagating
[  161.950310][    C1] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.953064][    C1] bridge0: topology change detected, propagating
[  165.573467][T10871] bond13: entered promiscuous mode
[  165.677625][T10883] team0: Device sit2 is of different type
[  165.712907][T10886] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1676'.
[  165.787156][T10889] netlink: 'syz.2.1676': attribute type 3 has an invalid length.
[  165.790562][T10889] netlink: 'syz.2.1676': attribute type 3 has an invalid length.
[  165.813647][T10891] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1678'.
[  165.813772][T10894] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  165.818071][T10891] unsupported nlmsg_type 40
[  165.902658][T10896] veth0_to_bond: entered allmulticast mode
[  165.912797][T10891] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  165.988127][T10898] macsec0: entered promiscuous mode
[  165.990569][T10898] macsec0: entered allmulticast mode
[  166.152475][T10905] netlink: 'syz.1.1682': attribute type 13 has an invalid length.
[  166.162529][T10905] netlink: 'syz.1.1682': attribute type 1 has an invalid length.
[  166.169826][T10905] netlink: 600 bytes leftover after parsing attributes in process `syz.1.1682'.
[  166.179527][T10905] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1682'.
[  166.183792][T10905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1682'.
[  166.483264][T10921] bond12: entered promiscuous mode
[  166.650252][T10934] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1689'.
[  166.776448][T10945] veth0_to_bond: entered allmulticast mode
[  166.847096][T10951] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  166.861694][T10953] macsec0: entered promiscuous mode
[  166.867097][T10953] macsec0: entered allmulticast mode
[  166.974414][T10956] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1697'.
[  167.038876][T10957] netlink: 'syz.1.1697': attribute type 3 has an invalid length.
[  167.042476][T10957] netlink: 'syz.1.1697': attribute type 3 has an invalid length.
[  167.469613][T10973] netlink: 'syz.2.1705': attribute type 13 has an invalid length.
[  167.479616][T10973] netlink: 'syz.2.1705': attribute type 1 has an invalid length.
[  167.483022][T10973] netlink: 600 bytes leftover after parsing attributes in process `syz.2.1705'.
[  167.488536][T10973] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1705'.
[  167.496353][T10973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1705'.
[  167.886395][T11008] netlink: 'syz.1.1717': attribute type 6 has an invalid length.
[  167.890979][T11009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  168.167067][T11026] netlink: 'syz.1.1723': attribute type 13 has an invalid length.
[  168.393111][T11039] openvswitch: netlink: IPv6 tunnel dst address is zero
[  168.510653][T11045] lo speed is unknown, defaulting to 1000
[  168.610582][T11065] sctp: [Deprecated]: syz.1.1735 (pid 11065) Use of int in maxseg socket option.
[  168.610582][T11065] Use struct sctp_assoc_value instead
[  168.657833][   T33] audit: type=1107 audit(1755018202.817:5): pid=11066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  169.015277][T11096] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  169.025158][T11096] tipc: Failed to remove unknown binding: 66,1,1/580829154:3391549182/3391549184
[  169.351385][T11126] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  169.355195][T11126] syzkaller0: entered promiscuous mode
[  169.357629][T11126] syzkaller0: entered allmulticast mode
[  169.375438][T11126] tipc: Resetting bearer <eth:syzkaller0>
[  169.428097][T11125] tipc: Resetting bearer <eth:syzkaller0>
[  169.446589][T11130] Bluetooth: MGMT ver 1.23
[  169.448334][T11125] tipc: Disabling bearer <eth:syzkaller0>
[  169.610853][T11144] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  169.817059][T11158] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  169.961754][ T5851] Bluetooth: hci1: link tx timeout
[  169.964984][ T5851] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  170.091937][T11165] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  170.095096][T11165] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  170.721692][T11186] __nla_validate_parse: 24 callbacks suppressed
[  170.721707][T11186] netlink: 600 bytes leftover after parsing attributes in process `syz.1.1786'.
[  170.733185][T11186] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1786'.
[  170.738819][T11186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1786'.
[  170.849359][   T55] block nbd0: Receive control failed (result -104)
[  171.132051][T11215] validate_nla: 12 callbacks suppressed
[  171.132069][T11215] netlink: 'syz.1.1798': attribute type 13 has an invalid length.
[  171.148686][T11215] netlink: 'syz.1.1798': attribute type 1 has an invalid length.
[  171.152222][T11215] netlink: 600 bytes leftover after parsing attributes in process `syz.1.1798'.
[  171.161505][T11215] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1798'.
[  171.176692][T11215] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1798'.
[  171.230761][T11220] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1800'.
[  171.282242][T11225] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1802'.
[  171.297571][T11225] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1802'.
[  171.301436][T11225] netlink: 'syz.1.1802': attribute type 20 has an invalid length.
[  171.343396][T11227] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1803'.
[  171.349607][T11225] netlink: 'syz.1.1802': attribute type 20 has an invalid length.
[  171.564958][T11239] sctp: [Deprecated]: syz.0.1808 (pid 11239) Use of int in maxseg socket option.
[  171.564958][T11239] Use struct sctp_assoc_value instead
[  171.617511][T11243] netlink: 'syz.1.1810': attribute type 1 has an invalid length.
[  171.823248][T11266] netlink: 'syz.2.1820': attribute type 26 has an invalid length.
[  171.924783][T11277] sctp: [Deprecated]: syz.2.1822 (pid 11277) Use of int in maxseg socket option.
[  171.924783][T11277] Use struct sctp_assoc_value instead
[  172.024507][ T5851] Bluetooth: hci1: command 0x0406 tx timeout
[  172.393543][T11302] netlink: 'syz.2.1833': attribute type 13 has an invalid length.
[  172.400908][T11302] netlink: 'syz.2.1833': attribute type 1 has an invalid length.
[  172.771737][T11318] can: request_module (can-proto-4) failed.
[  172.940369][T11334] netlink: 'syz.1.1845': attribute type 13 has an invalid length.
[  172.950552][T11334] netlink: 'syz.1.1845': attribute type 1 has an invalid length.
[  172.989919][T11339] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551615)
[  172.993190][T11339] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[  173.102284][T11350] caif0: entered allmulticast mode
[  173.106422][T11350] syzkaller1: entered promiscuous mode
[  174.171093][T11399] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  174.391560][T11405] sctp: [Deprecated]: syz.1.1868 (pid 11405) Use of int in maxseg socket option.
[  174.391560][T11405] Use struct sctp_assoc_value instead
[  174.844896][T11433] sctp: [Deprecated]: syz.0.1877 (pid 11433) Use of int in maxseg socket option.
[  174.844896][T11433] Use struct sctp_assoc_value instead
[  175.646645][T11520] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  175.761405][T11527] __nla_validate_parse: 35 callbacks suppressed
[  175.761425][T11527] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1904'.
[  175.829687][T11530] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1905'.
[  176.575382][T11552] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1909'.
[  176.666696][T11557] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  176.700788][T11552] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  176.709108][T11552] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  176.715957][T11552] bond0 (unregistering): Released all slaves
[  176.970584][T11572] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1917'.
[  177.297614][T11595] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1926'.
[  177.492919][T11614] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1931'.
[  177.539164][T11618] validate_nla: 4 callbacks suppressed
[  177.539183][T11618] netlink: 'syz.1.1935': attribute type 29 has an invalid length.
[  177.552710][T11618] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1935'.
[  177.553419][T11620] netlink: 'syz.0.1936': attribute type 13 has an invalid length.
[  177.558653][T11618] netlink: 'syz.1.1935': attribute type 4 has an invalid length.
[  177.570831][T11618] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1935'.
[  177.571011][T11620] netlink: 'syz.0.1936': attribute type 1 has an invalid length.
[  177.571027][T11620] netlink: 600 bytes leftover after parsing attributes in process `syz.0.1936'.
[  177.575575][T11618] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1935'.
[  177.760202][T11631] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  177.825718][T11633] lo speed is unknown, defaulting to 1000
[  178.410041][T11644] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  178.870113][T11660] netlink: 'syz.0.1952': attribute type 25 has an invalid length.
[  178.879083][T11660] netlink: 'syz.0.1952': attribute type 7 has an invalid length.
[  179.098753][T11685] netlink: 'syz.2.1958': attribute type 32 has an invalid length.
[  179.256349][T11699] unknown channel width for channel at 909000KHz?
[  179.266977][T11702] netlink: 'syz.1.1962': attribute type 1 has an invalid length.
[  179.279482][T11704] netlink: 'syz.1.1962': attribute type 1 has an invalid length.
[  179.320158][T11708] sctp: [Deprecated]: syz.1.1965 (pid 11708) Use of int in maxseg socket option.
[  179.320158][T11708] Use struct sctp_assoc_value instead
[  179.671687][T11740] netlink: 'syz.0.1974': attribute type 10 has an invalid length.
[  179.690490][T11740] batman_adv: batadv0: Adding interface: team0
[  179.692838][T11740] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  179.703489][T11740] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  179.718248][T11740] team0: entered promiscuous mode
[  179.720374][T11740] team_slave_0: entered promiscuous mode
[  179.724256][T11740] team_slave_1: entered promiscuous mode
[  179.727909][T11740] 8021q: adding VLAN 0 to HW filter on device team0
[  179.730245][T11740] batman_adv: batadv0: Interface activated: team0
[  179.732242][T11740] batman_adv: batadv0: Interface deactivated: team0
[  179.738367][T11740] batman_adv: batadv0: Removing interface: team0
[  179.741622][T11740] bridge0: port 3(team0) entered blocking state
[  179.744225][T11740] bridge0: port 3(team0) entered disabled state
[  179.747438][T11740] team0: entered allmulticast mode
[  179.750440][T11740] team_slave_0: entered allmulticast mode
[  179.752758][T11740] team_slave_1: entered allmulticast mode
[  179.761716][T11740] bridge0: port 3(team0) entered blocking state
[  179.764382][T11740] bridge0: port 3(team0) entered forwarding state
[  179.826340][T11746] tipc: New replicast peer: 255.255.255.255
[  179.829077][T11746] tipc: Enabled bearer <udp:syz2>, priority 10
[  180.822193][T11768] __nla_validate_parse: 8 callbacks suppressed
[  180.822207][T11768] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1985'.
[  180.842918][T11768] smc: removing ib device syz0
[  180.944155][ T5912] tipc: Node number set to 2818759135
[  181.032178][T11781] sctp: [Deprecated]: syz.0.1987 (pid 11781) Use of int in maxseg socket option.
[  181.032178][T11781] Use struct sctp_assoc_value instead
[  181.428278][T11801] netlink: 600 bytes leftover after parsing attributes in process `syz.0.1995'.
[  181.441921][T11801] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1995'.
[  181.455498][T11801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1995'.
[  181.490463][T11804] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1996'.
[  181.530154][T11804] 8021q: adding VLAN 0 to HW filter on device batadv0
[  181.534453][T11804] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  181.539861][T11804] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1996'.
[  181.558188][T11804] batadv0: entered promiscuous mode
[  181.560278][T11804] batadv0: entered allmulticast mode
[  181.579335][T11804] bond0: (slave batadv0): Releasing backup interface
[  181.592925][T11804] bridge0: port 3(batadv0) entered blocking state
[  181.598923][T11804] bridge0: port 3(batadv0) entered disabled state
[  181.633772][T11817] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2001'.
[  181.636989][T11817] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2001'.
[  181.640521][T11817] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2001'.
[  181.650810][T11817] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2001'.
[  181.833816][T11831] sctp: [Deprecated]: syz.0.2006 (pid 11831) Use of int in maxseg socket option.
[  181.833816][T11831] Use struct sctp_assoc_value instead
[  181.938115][T11835] vlan3 (unregistering): left allmulticast mode
[  181.940933][T11835] bond0 (unregistering): left allmulticast mode
[  181.943522][T11835] : left allmulticast mode
[  181.946888][T11835] bond_slave_1: left allmulticast mode
[  181.949240][T11835] bond1: left allmulticast mode
[  181.954128][T11835] vxlan0: left allmulticast mode
[  181.956292][T11835] batadv0: left allmulticast mode
[  181.958492][T11835] vlan3 (unregistering): left promiscuous mode
[  181.961066][T11835] bond0 (unregistering): left promiscuous mode
[  181.963641][T11835] : left promiscuous mode
[  181.966012][T11835] bond_slave_1: left promiscuous mode
[  181.968431][T11835] bond1: left promiscuous mode
[  181.970600][T11835] vxlan0: left promiscuous mode
[  181.972705][T11835] batadv0: left promiscuous mode
[  181.978879][T11835] bridge0: port 5(vlan3) entered disabled state
[  181.997457][T11835] bond0 (unregistering): (slave 77): Releasing backup interface
[  182.009029][T11835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  182.015938][T11835] bond0 (unregistering): (slave bond1): Releasing backup interface
[  182.020389][T11835] bond0 (unregistering): (slave vxlan0): Releasing backup interface
[  182.026841][T11835] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  182.027205][ T5911] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  182.033359][ T5911] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  182.041396][T11835] bond0 (unregistering): Released all slaves
[  182.064090][   T13] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  182.067144][   T13] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  182.069997][   T13] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  182.074361][   T13] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  182.574138][T11876] sctp: [Deprecated]: syz.2.2020 (pid 11876) Use of int in maxseg socket option.
[  182.574138][T11876] Use struct sctp_assoc_value instead
[  182.741866][T11885] validate_nla: 6 callbacks suppressed
[  182.741876][T11885] netlink: 'syz.0.2024': attribute type 1 has an invalid length.
[  182.754188][T11885] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR
[  182.946093][T11902] IPVS: Error connecting to the multicast addr
[  183.094406][T11914] sctp: [Deprecated]: syz.2.2034 (pid 11914) Use of int in maxseg socket option.
[  183.094406][T11914] Use struct sctp_assoc_value instead
[  183.457882][T11934] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  183.476313][T11934] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  183.488004][T11934] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  184.512392][T11986] x_tables: ip_tables: udp match: only valid for protocol 17
[  184.513937][T11979] openvswitch: netlink: Actions may not be safe on all matching packets
[  184.549790][T11987] IPVS: set_ctl: invalid protocol: 58 100.1.1.2:20004
[  184.838949][T11999] sctp: [Deprecated]: syz.1.2059 (pid 11999) Use of int in maxseg socket option.
[  184.838949][T11999] Use struct sctp_assoc_value instead
[  185.665910][T12062] netlink: 'syz.1.2079': attribute type 13 has an invalid length.
[  185.678819][T12062] netlink: 'syz.1.2079': attribute type 1 has an invalid length.
[  185.761770][T12073] sctp: [Deprecated]: syz.1.2084 (pid 12073) Use of int in maxseg socket option.
[  185.761770][T12073] Use struct sctp_assoc_value instead
[  185.945143][T12089] __nla_validate_parse: 10 callbacks suppressed
[  185.945158][T12089] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2090'.
[  186.047871][T12103] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2095'.
[  186.051065][T12103] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2095'.
[  186.056575][T12103] netlink: 'syz.2.2095': attribute type 1 has an invalid length.
[  186.059890][T12103] netlink: 10 bytes leftover after parsing attributes in process `syz.2.2095'.
[  186.085858][T12103] nbd: socks must be embedded in a SOCK_ITEM attr
[  186.089070][T12103] block nbd1: shutting down sockets
[  186.150303][T12107] netlink: 'syz.2.2096': attribute type 13 has an invalid length.
[  186.162216][T12107] netlink: 'syz.2.2096': attribute type 1 has an invalid length.
[  186.168200][T12107] netlink: 600 bytes leftover after parsing attributes in process `syz.2.2096'.
[  186.177531][T12107] netlink: 232 bytes leftover after parsing attributes in process `syz.2.2096'.
[  186.184283][T12107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2096'.
[  186.249031][T12113] netlink: 'syz.1.2098': attribute type 15 has an invalid length.
[  186.298409][T12115] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  186.301322][T12116] syzkaller0: entered promiscuous mode
[  186.303178][T12116] syzkaller0: entered allmulticast mode
[  186.311182][T12115] tipc: Resetting bearer <eth:syzkaller0>
[  186.325817][T12115] tipc: Resetting bearer <eth:syzkaller0>
[  186.340904][T12115] tipc: Disabling bearer <eth:syzkaller0>
[  186.423302][T12120] netlink: 'syz.1.2100': attribute type 2 has an invalid length.
[  186.439153][T12120] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2100'.
[  186.443010][T12120] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2100'.
[  186.453790][T12120] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[  186.458960][T12120] gretap2: entered promiscuous mode
[  186.461394][T12120] gretap2: entered allmulticast mode
[  186.478741][T12122] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2101'.
[  186.863579][T12161] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (65535)
[  186.867954][T12161] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023
[  187.072957][T12185] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[  187.169041][T12193] bridge0: port 3(macvlan2) entered blocking state
[  187.171652][T12193] bridge0: port 3(macvlan2) entered disabled state
[  187.174817][T12193] macvlan2: entered allmulticast mode
[  187.176821][T12193] bridge0: entered allmulticast mode
[  187.180244][T12193] macvlan2: left allmulticast mode
[  187.182120][T12193] bridge0: left allmulticast mode
[  188.179760][T12227] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  188.183522][T12227] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  188.447666][T12253] netlink: 'syz.2.2140': attribute type 13 has an invalid length.
[  188.448768][T12252] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  188.453346][T12252] syzkaller0: entered promiscuous mode
[  188.456174][T12252] syzkaller0: entered allmulticast mode
[  188.460283][T12253] netlink: 'syz.2.2140': attribute type 1 has an invalid length.
[  188.489751][T12252] tipc: Resetting bearer <eth:syzkaller0>
[  188.513789][T12255] tipc: Resetting bearer <eth:syzkaller0>
[  188.530696][T12255] tipc: Disabling bearer <eth:syzkaller0>
[  188.639400][T12267] netlink: 'syz.1.2145': attribute type 1 has an invalid length.
[  188.678134][T12267] bond0: (slave vti0): The slave device specified does not support setting the MAC address
[  188.682623][T12267] bond0: (slave vti0): Setting fail_over_mac to active for active-backup mode
[  188.690267][T12267] bond0: (slave vti0): making interface the new active one
[  188.693644][T12267] bond0: (slave vti0): Enslaving as an active interface with an up link
[  188.858652][T12282] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  188.861876][T12283] syzkaller0: entered promiscuous mode
[  188.864726][T12283] syzkaller0: entered allmulticast mode
[  188.877711][T12282] tipc: Resetting bearer <eth:syzkaller0>
[  188.893168][T12287] tipc: Resetting bearer <eth:syzkaller0>
[  188.910079][T12287] tipc: Disabling bearer <eth:syzkaller0>
[  189.080091][T12297] netlink: 'syz.0.2156': attribute type 13 has an invalid length.
[  189.090923][T12297] netlink: 'syz.0.2156': attribute type 1 has an invalid length.
[  189.227061][ T5851] Bluetooth: hci1: command 0x0406 tx timeout
[  189.523286][T12330] netlink: 'syz.0.2171': attribute type 13 has an invalid length.
[  189.530972][T12330] netlink: 'syz.0.2171': attribute type 1 has an invalid length.
[  189.596483][T12335] netlink: 'syz.2.2173': attribute type 10 has an invalid length.
[  189.605035][T12335] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  189.809632][T12361] netlink: 'syz.1.2181': attribute type 1 has an invalid length.
[  189.837350][T12361] bond14: (slave geneve4): making interface the new active one
[  189.840322][T12361] bond14: (slave geneve4): Enslaving as an active interface with an up link
[  189.843178][   T12] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[  189.847015][   T12] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[  189.849641][   T12] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[  189.852831][   T12] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[  189.935793][T12370] 8021q: adding VLAN 0 to HW filter on device bond15
[  189.984924][T12376] vlan0: entered promiscuous mode
[  189.996011][T12376] vlan3: entered allmulticast mode
[  190.085578][T12382] gretap3: entered promiscuous mode
[  190.087365][T12382] gretap3: entered allmulticast mode
[  190.129066][T12389] netlink: 'syz.1.2191': attribute type 13 has an invalid length.
[  191.058043][T12463] __nla_validate_parse: 37 callbacks suppressed
[  191.058056][T12463] netlink: 600 bytes leftover after parsing attributes in process `syz.2.2221'.
[  191.061235][T12464] netdevsim netdevsim0: Direct firmware load for 2Q failed with error -2
[  191.068681][T12464] netdevsim netdevsim0: Falling back to sysfs fallback for: 2Q
[  191.075918][T12463] netlink: 232 bytes leftover after parsing attributes in process `syz.2.2221'.
[  191.079231][T12463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2221'.
[  191.120691][T12467] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2220'.
[  191.135205][T12467] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2220'.
[  191.138219][T12467] netlink: 38 bytes leftover after parsing attributes in process `syz.0.2220'.
[  191.277288][T12472] ip6erspan0: entered promiscuous mode
[  191.573458][T12488] batadv_slave_1: entered promiscuous mode
[  191.579170][T12485] batadv_slave_1: left promiscuous mode
[  191.619360][T12490] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2232'.
[  191.940923][T12506] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2237'.
[  192.390827][T12534] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2246'.
[  192.477445][T12542] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  192.499321][T12544] netlink: 600 bytes leftover after parsing attributes in process `syz.0.2251'.
[  192.757711][T12563] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  193.538791][T12623] tipc: Can't bind to reserved service type 1
[  193.632624][T12634] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  193.640933][T12635] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  193.849381][T12655] validate_nla: 15 callbacks suppressed
[  193.849425][T12655] netlink: 'syz.0.2286': attribute type 13 has an invalid length.
[  193.861379][T12655] netlink: 'syz.0.2286': attribute type 1 has an invalid length.
[  193.930240][T12659] sctp: [Deprecated]: syz.0.2288 (pid 12659) Use of int in max_burst socket option.
[  193.930240][T12659] Use struct sctp_assoc_value instead
[  194.312850][T12673] netlink: 'syz.0.2294': attribute type 11 has an invalid length.
[  194.429956][T12678] netlink: 'syz.0.2296': attribute type 13 has an invalid length.
[  194.434941][T12678] netlink: 'syz.0.2296': attribute type 1 has an invalid length.
[  194.540226][T12690] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  194.546411][T12688] IPVS: stopping backup sync thread 12690 ...
[  194.659526][T12699] netlink: 'syz.0.2302': attribute type 29 has an invalid length.
[  194.663591][T12699] netlink: 'syz.0.2302': attribute type 29 has an invalid length.
[  194.670473][T12699] netlink: 'syz.0.2302': attribute type 29 has an invalid length.
[  194.673408][T12699] netlink: 'syz.0.2302': attribute type 29 has an invalid length.
[  194.679563][T12699] netlink: 'syz.0.2302': attribute type 29 has an invalid length.
[  195.205705][T12737] IPVS: set_ctl: invalid protocol: 2 172.30.0.3:20001
[  195.295202][T12751] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  195.298325][T12751] syzkaller0: entered promiscuous mode
[  195.300438][T12751] syzkaller0: entered allmulticast mode
[  195.308811][T12751] tipc: Resetting bearer <eth:syzkaller0>
[  195.312130][T12750] tipc: Resetting bearer <eth:syzkaller0>
[  195.327427][T12750] tipc: Disabling bearer <eth:syzkaller0>
[  195.347360][T12755] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  195.351170][T12755] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (7)
[  195.409051][T12759] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  195.587892][T12781] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-tlb(5)
[  195.663104][T12791] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input5
[  196.560581][T12817] __nla_validate_parse: 26 callbacks suppressed
[  196.560595][T12817] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2343'.
[  196.612351][T12820] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  196.620173][T12820] bridge0: port 4(veth0_to_bridge) entered disabled state
[  196.622636][T12820] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.625702][T12820] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.667055][T12824] netlink: 1156 bytes leftover after parsing attributes in process `syz.1.2347'.
[  196.799213][T12833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2351'.
[  196.802335][T12833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2351'.
[  196.905488][T12844] netlink: 19 bytes leftover after parsing attributes in process `syz.2.2352'.
[  197.707575][T12882] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2363'.
[  197.736571][T12884] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2364'.
[  197.839813][T12892] netlink: 600 bytes leftover after parsing attributes in process `syz.2.2368'.
[  197.849258][T12892] netlink: 232 bytes leftover after parsing attributes in process `syz.2.2368'.
[  197.852589][T12892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2368'.
[  198.109777][T12903] pim6reg: entered allmulticast mode
[  198.112478][T12903] pim6reg: left allmulticast mode
[  198.872944][T12940] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[  198.901620][T12942] validate_nla: 38 callbacks suppressed
[  198.901630][T12942] netlink: 'syz.1.2389': attribute type 13 has an invalid length.
[  198.911174][T12942] netlink: 'syz.1.2389': attribute type 1 has an invalid length.
[  199.173734][T12968] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  199.179005][T12968] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  199.204729][T12971] netlink: 'syz.1.2400': attribute type 13 has an invalid length.
[  199.209967][T12971] netlink: 'syz.1.2400': attribute type 1 has an invalid length.
[  199.241288][T12975] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.418518][T12991] netlink: 'syz.1.2408': attribute type 19 has an invalid length.
[  199.597408][T13004] netlink: 'syz.0.2412': attribute type 6 has an invalid length.
[  199.601096][T13006] netlink: 'syz.0.2412': attribute type 6 has an invalid length.
[  199.668201][T13008] netlink: 'syz.1.2413': attribute type 13 has an invalid length.
[  199.677316][T13008] netlink: 'syz.1.2413': attribute type 1 has an invalid length.
[  199.963821][T13034] netlink: 'syz.0.2422': attribute type 13 has an invalid length.
[  200.058175][T13040] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  200.071891][T13040] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  200.080931][T13040] mac80211_hwsim hwsim9 wlan1: left allmulticast mode
[  200.086473][T13040] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  200.089630][T13040] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  201.141572][T13077] sock: sock_timestamping_bind_phc: sock not bind to device
[  201.179118][T13082] : entered promiscuous mode
[  201.268766][T13089] vlan0: left promiscuous mode
[  201.284800][T13089] macsec0: left promiscuous mode
[  201.286627][T13089] ip6erspan0: left promiscuous mode
[  201.587185][T13137] __nla_validate_parse: 29 callbacks suppressed
[  201.587200][T13137] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2461'.
[  201.606821][T13141] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2462'.
[  201.625608][T13146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2460'.
[  201.631682][T13146] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2460'.
[  201.645852][T13146] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2460'.
[  201.853658][T13171] netlink: 600 bytes leftover after parsing attributes in process `syz.1.2467'.
[  201.859154][T13171] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2467'.
[  201.863813][T13171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2467'.
[  201.914816][T13176] syzkaller0: entered promiscuous mode
[  201.917200][T13176] syzkaller0: entered allmulticast mode
[  202.128507][T13194] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2473'.
[  202.176190][T13198] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2474'.
[  203.655578][T13301] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  203.784139][ T5856] Bluetooth: hci2: command 0x040f tx timeout
[  203.787003][T13154] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  203.794001][T13154] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  203.918687][T13311] openvswitch: netlink: Missing key (keys=44, expected=200000)
[  204.572226][T13352] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  204.576700][T13352] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0
[  204.687405][T13154] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  204.690039][T13154] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  205.010414][T13386] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  205.731287][T13434] validate_nla: 19 callbacks suppressed
[  205.731297][T13434] netlink: 'syz.0.2532': attribute type 13 has an invalid length.
[  205.741610][T13434] netlink: 'syz.0.2532': attribute type 1 has an invalid length.
[  205.843403][T13443] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  205.875016][T13443] tipc: Resetting bearer <eth:syzkaller0>
[  205.878142][T13441] tipc: Resetting bearer <eth:syzkaller0>
[  205.895167][T13446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  205.899716][T13441] tipc: Disabling bearer <eth:syzkaller0>
[  206.230373][T13476] netlink: 'syz.0.2542': attribute type 13 has an invalid length.
[  206.243378][T13476] netlink: 'syz.0.2542': attribute type 1 has an invalid length.
[  206.725859][T13504] bond0: (slave rose0): Error: Device can not be enslaved while up
[  207.001736][T13524] __nla_validate_parse: 27 callbacks suppressed
[  207.001752][T13524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2552'.
[  207.009352][T13524] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2552'.
[  207.013366][T13524] netlink: 'syz.0.2552': attribute type 20 has an invalid length.
[  207.018985][T13524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2552'.
[  207.023012][T13524] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2552'.
[  207.031264][T13524] netlink: 'syz.0.2552': attribute type 20 has an invalid length.
[  207.579365][T13549] netlink: 'syz.1.2560': attribute type 13 has an invalid length.
[  207.587437][T13549] netlink: 'syz.1.2560': attribute type 1 has an invalid length.
[  207.590127][T13549] netlink: 600 bytes leftover after parsing attributes in process `syz.1.2560'.
[  207.596782][T13549] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2560'.
[  207.600073][T13549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2560'.
[  207.799359][T13566] xfrm0: entered promiscuous mode
[  207.801161][T13566] xfrm0: entered allmulticast mode
[  207.842125][T13571] netlink: 'syz.1.2567': attribute type 13 has an invalid length.
[  207.848415][T13571] netlink: 'syz.1.2567': attribute type 1 has an invalid length.
[  207.851085][T13571] netlink: 600 bytes leftover after parsing attributes in process `syz.1.2567'.
[  207.857312][T13571] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2567'.
[  207.860773][T13571] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2567'.
[  208.258407][T13598] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  208.821355][T13603] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  208.869171][T13605] nbd: couldn't find device at index 536870912
[  210.595884][T13641] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  356.505418][   T34] INFO: task kworker/1:1:51 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
[  356.508785][   T34]       Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  356.513122][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  356.517121][   T34] task:kworker/1:1     state:D stack:24272 pid:51    tgid:51    ppid:2      task_flags:0x4208060 flags:0x00004000
[  356.522194][   T34] Workqueue: events rfkill_global_led_trigger_worker
[  356.527389][   T34] Call Trace:
[  356.528859][   T34]  <TASK>
[  356.530181][   T34]  __schedule+0x1798/0x4cc0
[  356.532179][   T34]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  356.534711][   T34]  ? __pfx___schedule+0x10/0x10
[  356.536981][   T34]  ? schedule+0x91/0x360
[  356.538831][   T34]  schedule+0x165/0x360
[  356.540587][   T34]  schedule_preempt_disabled+0x13/0x30
[  356.542948][   T34]  __mutex_lock+0x7e6/0x1360
[  356.553992][   T34]  ? __mutex_lock+0x5b6/0x1360
[  356.556104][   T34]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  356.558820][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  356.560990][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  356.563444][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  356.571390][   T34]  rfkill_global_led_trigger_worker+0x27/0xd0
[  356.576440][   T34]  ? process_scheduled_works+0x9ef/0x17b0
[  356.578879][   T34]  process_scheduled_works+0xae1/0x17b0
[  356.581217][   T34]  ? __pfx_process_scheduled_works+0x10/0x10
[  356.583717][   T34]  worker_thread+0x8a0/0xda0
[  356.587322][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  356.590005][   T34]  ? __kthread_parkme+0x7b/0x200
[  356.592309][   T34]  kthread+0x711/0x8a0
[  356.596619][   T34]  ? __pfx_worker_thread+0x10/0x10
[  356.598868][   T34]  ? __pfx_kthread+0x10/0x10
[  356.600862][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  356.603011][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.606720][   T34]  ? __pfx_kthread+0x10/0x10
[  356.608304][   T34]  ret_from_fork+0x3fc/0x770
[  356.609867][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  356.611561][   T34]  ? __switch_to_asm+0x39/0x70
[  356.613157][   T34]  ? __switch_to_asm+0x33/0x70
[  356.615119][   T34]  ? __pfx_kthread+0x10/0x10
[  356.616749][   T34]  ret_from_fork_asm+0x1a/0x30
[  356.618343][   T34]  </TASK>
[  356.619476][   T34] INFO: task syz.2.2464:13153 blocked for more than 143 seconds.
[  356.622000][   T34]       Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0
[  356.625040][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  356.627873][   T34] task:syz.2.2464      state:D stack:26920 pid:13153 tgid:13153 ppid:5845   task_flags:0x400040 flags:0x00004004
[  356.631723][   T34] Call Trace:
[  356.632834][   T34]  <TASK>
[  356.634456][   T34]  __schedule+0x1798/0x4cc0
[  356.636029][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.637645][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.639254][   T34]  ? __pfx___schedule+0x10/0x10
[  356.640876][   T34]  ? schedule+0x91/0x360
[  356.642287][   T34]  schedule+0x165/0x360
[  356.643775][   T34]  schedule_preempt_disabled+0x13/0x30
[  356.649186][   T34]  __mutex_lock+0x7e6/0x1360
[  356.650698][   T34]  ? __mutex_lock+0x5b6/0x1360
[  356.652276][   T34]  ? rfkill_unregister+0xc8/0x220
[  356.654439][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  356.656159][   T34]  ? __pfx_device_del+0x10/0x10
[  356.657907][   T34]  rfkill_unregister+0xc8/0x220
[  356.659811][   T34]  nfc_unregister_device+0x96/0x2a0
[  356.661929][   T34]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  356.664397][   T34]  virtual_ncidev_close+0x56/0x90
[  356.666098][   T34]  __fput+0x44c/0xa70
[  356.667465][   T34]  task_work_run+0x1d4/0x260
[  356.669067][   T34]  ? __pfx_task_work_run+0x10/0x10
[  356.670772][   T34]  ? exit_to_user_mode_loop+0x40/0x110
[  356.672585][   T34]  exit_to_user_mode_loop+0xec/0x110
[  356.675499][   T34]  do_syscall_64+0x2bd/0x3b0
[  356.677229][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.679297][   T34]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  356.681358][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.683324][   T34] RIP: 0033:0x7f8ef598ebe9
[  356.685360][   T34] RSP: 002b:00007ffe487e5b78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  356.688125][   T34] RAX: 0000000000000000 RBX: 00007f8ef5bb7da0 RCX: 00007f8ef598ebe9
[  356.691175][   T34] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  356.694251][   T34] RBP: 00007f8ef5bb7da0 R08: 00000000000000c0 R09: 0000000b487e5e6f
[  356.696902][   T34] R10: 00007f8ef5bb7cb0 R11: 0000000000000246 R12: 0000000000031698
[  356.699523][   T34] R13: 00007ffe487e5c70 R14: ffffffffffffffff R15: 00007ffe487e5c90
[  356.702123][   T34]  </TASK>
[  356.703197][   T34] INFO: task syz.2.2464:13154 blocked for more than 143 seconds.
[  356.706416][   T34]       Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0
[  356.709250][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  356.712269][   T34] task:syz.2.2464      state:D stack:24936 pid:13154 tgid:13153 ppid:5845   task_flags:0x400140 flags:0x00004006
[  356.716648][   T34] Call Trace:
[  356.717835][   T34]  <TASK>
[  356.718944][   T34]  __schedule+0x1798/0x4cc0
[  356.720861][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.722482][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.724625][   T34]  ? __pfx___schedule+0x10/0x10
[  356.726271][   T34]  ? schedule+0x91/0x360
[  356.727691][   T34]  schedule+0x165/0x360
[  356.729211][   T34]  schedule_preempt_disabled+0x13/0x30
[  356.731224][   T34]  __mutex_lock+0x7e6/0x1360
[  356.732759][   T34]  ? __mutex_lock+0x5b6/0x1360
[  356.735784][   T34]  ? nfc_rfkill_set_block+0x50/0x2e0
[  356.737564][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  356.739279][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.740994][   T34]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  356.742957][   T34]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  356.745391][   T34]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  356.747284][   T34]  nfc_rfkill_set_block+0x50/0x2e0
[  356.749173][   T34]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  356.751325][   T34]  rfkill_set_block+0x1d2/0x440
[  356.752955][   T34]  rfkill_fop_write+0x44b/0x570
[  356.755966][   T34]  ? __pfx_rfkill_fop_write+0x10/0x10
[  356.757754][   T34]  ? security_file_permission+0x10/0x290
[  356.759806][   T34]  ? rw_verify_area+0x255/0x4d0
[  356.761376][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.762974][   T34]  ? __pfx_rfkill_fop_write+0x10/0x10
[  356.764850][   T34]  vfs_write+0x27e/0xa90
[  356.766280][   T34]  ? __pfx_vfs_write+0x10/0x10
[  356.767887][   T34]  ? __fget_files+0x2a/0x420
[  356.769503][   T34]  ? __fget_files+0x2a/0x420
[  356.771054][   T34]  ? __fget_files+0x3a0/0x420
[  356.772588][   T34]  ? __fget_files+0x2a/0x420
[  356.775302][   T34]  ksys_write+0x145/0x250
[  356.776762][   T34]  ? __pfx_ksys_write+0x10/0x10
[  356.778513][   T34]  ? rcu_is_watching+0x15/0xb0
[  356.780118][   T34]  ? trace_sys_enter+0x25/0x100
[  356.781724][   T34]  do_syscall_64+0xfa/0x3b0
[  356.783186][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.785420][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.787655][   T34]  ? exc_page_fault+0x9f/0xf0
[  356.789423][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.791484][   T34] RIP: 0033:0x7f8ef598ebe9
[  356.792975][   T34] RSP: 002b:00007f8ef6767038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  356.796548][   T34] RAX: ffffffffffffffda RBX: 00007f8ef5bb5fa0 RCX: 00007f8ef598ebe9
[  356.799915][   T34] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000003
[  356.803253][   T34] RBP: 00007f8ef5a11e19 R08: 0000000000000000 R09: 0000000000000000
[  356.806801][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  356.810140][   T34] R13: 00007f8ef5bb6038 R14: 00007f8ef5bb5fa0 R15: 00007ffe487e5a18
[  356.813510][   T34]  </TASK>
[  356.815098][   T34] INFO: task syz.1.2583:13607 blocked for more than 143 seconds.
[  356.817956][   T34]       Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0
[  356.820760][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  356.824785][   T34] task:syz.1.2583      state:D stack:26792 pid:13607 tgid:13606 ppid:5854   task_flags:0x400040 flags:0x00004004
[  356.829817][   T34] Call Trace:
[  356.831233][   T34]  <TASK>
[  356.832468][   T34]  __schedule+0x1798/0x4cc0
[  356.834730][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.836759][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.838852][   T34]  ? __pfx___schedule+0x10/0x10
[  356.840944][   T34]  ? schedule+0x91/0x360
[  356.842779][   T34]  schedule+0x165/0x360
[  356.844580][   T34]  schedule_preempt_disabled+0x13/0x30
[  356.846851][   T34]  __mutex_lock+0x7e6/0x1360
[  356.848400][   T34]  ? __mutex_lock+0x5b6/0x1360
[  356.850188][   T34]  ? rfkill_register+0x37/0x8e0
[  356.851992][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  356.853711][   T34]  ? __init_waitqueue_head+0xa9/0x150
[  356.856095][   T34]  ? device_initialize+0x24b/0x440
[  356.857782][   T34]  rfkill_register+0x37/0x8e0
[  356.859312][   T34]  nfc_register_device+0x14a/0x320
[  356.861007][   T34]  nci_register_device+0x87f/0x9d0
[  356.862738][   T34]  ? __pfx_nci_register_device+0x10/0x10
[  356.864888][   T34]  ? __raw_spin_lock_init+0x45/0x100
[  356.866586][   T34]  ? __init_waitqueue_head+0xa9/0x150
[  356.868340][   T34]  virtual_ncidev_open+0x129/0x1a0
[  356.870055][   T34]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  356.872059][   T34]  misc_open+0x2bc/0x330
[  356.873505][   T34]  chrdev_open+0x4cc/0x5e0
[  356.875451][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  356.877229][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  356.879786][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  356.881914][   T34]  do_dentry_open+0x953/0x13f0
[  356.884036][   T34]  vfs_open+0x3b/0x340
[  356.885813][   T34]  ? path_openat+0x2ecd/0x3830
[  356.887519][   T34]  path_openat+0x2ee5/0x3830
[  356.889059][   T34]  ? arch_stack_walk+0xfc/0x150
[  356.890887][   T34]  ? stack_depot_save_flags+0x40/0x860
[  356.893248][   T34]  ? __pfx_path_openat+0x10/0x10
[  356.896222][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.898414][   T34]  do_filp_open+0x1fa/0x410
[  356.899925][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.901511][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  356.903195][   T34]  ? _raw_spin_unlock+0x28/0x50
[  356.905100][   T34]  ? alloc_fd+0x64c/0x6c0
[  356.906537][   T34]  do_sys_openat2+0x121/0x1c0
[  356.908094][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  356.909801][   T34]  ? exc_page_fault+0x76/0xf0
[  356.911343][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  356.913076][   T34]  __x64_sys_openat+0x138/0x170
[  356.914782][   T34]  do_syscall_64+0xfa/0x3b0
[  356.916283][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  356.918000][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.919984][   T34]  ? exc_page_fault+0x9f/0xf0
[  356.921506][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.923451][   T34] RIP: 0033:0x7ff38e78ebe9
[  356.925102][   T34] RSP: 002b:00007ff38c9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  356.928517][   T34] RAX: ffffffffffffffda RBX: 00007ff38e9b5fa0 RCX: 00007ff38e78ebe9
[  356.931191][   T34] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  356.934192][   T34] RBP: 00007ff38e811e19 R08: 0000000000000000 R09: 0000000000000000
[  356.936803][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  356.939379][   T34] R13: 00007ff38e9b6038 R14: 00007ff38e9b5fa0 R15: 00007ffd378949e8
[  356.941980][   T34]  </TASK>
[  356.943112][   T34] INFO: task syz.1.2583:13612 blocked for more than 143 seconds.
[  356.945808][   T34]       Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0
[  356.948335][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  356.951150][   T34] task:syz.1.2583      state:D stack:27848 pid:13612 tgid:13606 ppid:5854   task_flags:0x400140 flags:0x00004004
[  356.955080][   T34] Call Trace:
[  356.956196][   T34]  <TASK>
[  356.957215][   T34]  __schedule+0x1798/0x4cc0
[  356.958732][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.960347][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.961965][   T34]  ? __pfx___schedule+0x10/0x10
[  356.963591][   T34]  ? schedule+0x91/0x360
[  356.965096][   T34]  schedule+0x165/0x360
[  356.966490][   T34]  schedule_preempt_disabled+0x13/0x30
[  356.968307][   T34]  __mutex_lock+0x7e6/0x1360
[  356.969867][   T34]  ? __mutex_lock+0x5b6/0x1360
[  356.971452][   T34]  ? misc_open+0x51/0x330
[  356.972923][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  356.974707][   T34]  misc_open+0x51/0x330
[  356.976109][   T34]  chrdev_open+0x4cc/0x5e0
[  356.977613][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  356.979289][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  356.981424][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  356.983053][   T34]  do_dentry_open+0x953/0x13f0
[  356.984755][   T34]  vfs_open+0x3b/0x340
[  356.986120][   T34]  ? path_openat+0x2ecd/0x3830
[  356.987730][   T34]  path_openat+0x2ee5/0x3830
[  356.989281][   T34]  ? arch_stack_walk+0xfc/0x150
[  356.990917][   T34]  ? stack_depot_save_flags+0x40/0x860
[  356.992739][   T34]  ? __pfx_path_openat+0x10/0x10
[  356.994739][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.996812][   T34]  do_filp_open+0x1fa/0x410
[  356.998370][   T34]  ? __lock_acquire+0xab9/0xd20
[  356.999980][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  357.001700][   T34]  ? _raw_spin_unlock+0x28/0x50
[  357.003311][   T34]  ? alloc_fd+0x64c/0x6c0
[  357.005038][   T34]  do_sys_openat2+0x121/0x1c0
[  357.006594][   T34]  ? __se_sys_futex+0x36f/0x400
[  357.008242][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  357.009957][   T34]  ? __pfx___se_sys_futex+0x10/0x10
[  357.011726][   T34]  ? fd_install+0x30d/0x540
[  357.013253][   T34]  __x64_sys_openat+0x138/0x170
[  357.016151][   T34]  do_syscall_64+0xfa/0x3b0
[  357.017691][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.019481][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.021930][   T34]  ? exc_page_fault+0x9f/0xf0
[  357.023511][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.025588][   T34] RIP: 0033:0x7ff38e78ebe9
[  357.027058][   T34] RSP: 002b:00007ff38c9d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  357.029965][   T34] RAX: ffffffffffffffda RBX: 00007ff38e9b6090 RCX: 00007ff38e78ebe9
[  357.032575][   T34] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  357.035542][   T34] RBP: 00007ff38e811e19 R08: 0000000000000000 R09: 0000000000000000
[  357.038216][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  357.040813][   T34] R13: 00007ff38e9b6128 R14: 00007ff38e9b6090 R15: 00007ffd378949e8
[  357.043416][   T34]  </TASK>
[  357.044574][   T34] INFO: task syz.0.2596:13640 blocked for more than 143 seconds.
[  357.047291][   T34]       Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0
[  357.050038][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  357.053131][   T34] task:syz.0.2596      state:D stack:28328 pid:13640 tgid:13639 ppid:7343   task_flags:0x400040 flags:0x00004004
[  357.057406][   T34] Call Trace:
[  357.058565][   T34]  <TASK>
[  357.059563][   T34]  __schedule+0x1798/0x4cc0
[  357.061097][   T34]  ? kasan_save_free_info+0x46/0x50
[  357.062844][   T34]  ? __lock_acquire+0xab9/0xd20
[  357.064614][   T34]  ? __lock_acquire+0xab9/0xd20
[  357.066277][   T34]  ? __pfx___schedule+0x10/0x10
[  357.067886][   T34]  ? schedule+0x91/0x360
[  357.069302][   T34]  schedule+0x165/0x360
[  357.070734][   T34]  schedule_preempt_disabled+0x13/0x30
[  357.072595][   T34]  __mutex_lock+0x7e6/0x1360
[  357.074235][   T34]  ? __mutex_lock+0x5b6/0x1360
[  357.075817][   T34]  ? misc_open+0x51/0x330
[  357.077284][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  357.078918][   T34]  misc_open+0x51/0x330
[  357.080310][   T34]  chrdev_open+0x4cc/0x5e0
[  357.082008][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  357.083813][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  357.085966][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  357.087703][   T34]  do_dentry_open+0x953/0x13f0
[  357.089493][   T34]  vfs_open+0x3b/0x340
[  357.091026][   T34]  ? path_openat+0x2ecd/0x3830
[  357.092691][   T34]  path_openat+0x2ee5/0x3830
[  357.094487][   T34]  ? arch_stack_walk+0xfc/0x150
[  357.096294][   T34]  ? stack_depot_save_flags+0x40/0x860
[  357.098394][   T34]  ? __pfx_path_openat+0x10/0x10
[  357.100285][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.102315][   T34]  do_filp_open+0x1fa/0x410
[  357.103982][   T34]  ? __lock_acquire+0xab9/0xd20
[  357.105597][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  357.107380][   T34]  ? _raw_spin_unlock+0x28/0x50
[  357.109046][   T34]  ? alloc_fd+0x64c/0x6c0
[  357.110494][   T34]  do_sys_openat2+0x121/0x1c0
[  357.112053][   T34]  ? __se_sys_futex+0x36f/0x400
[  357.113647][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  357.115444][   T34]  ? __pfx___se_sys_futex+0x10/0x10
[  357.117407][   T34]  __x64_sys_openat+0x138/0x170
[  357.119011][   T34]  do_syscall_64+0xfa/0x3b0
[  357.120508][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.122214][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.124832][   T34]  ? exc_page_fault+0x9f/0xf0
[  357.126771][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.129191][   T34] RIP: 0033:0x7f810e78ebe9
[  357.131031][   T34] RSP: 002b:00007f810f57f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  357.134550][   T34] RAX: ffffffffffffffda RBX: 00007f810e9b5fa0 RCX: 00007f810e78ebe9
[  357.137805][   T34] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  357.140747][   T34] RBP: 00007f810e811e19 R08: 0000000000000000 R09: 0000000000000000
[  357.144242][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  357.147492][   T34] R13: 00007f810e9b6038 R14: 00007f810e9b5fa0 R15: 00007ffc6377d268
[  357.150764][   T34]  </TASK>
[  357.152046][   T34] INFO: task syz.0.2596:13642 blocked for more than 144 seconds.
[  357.154845][   T34]       Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0
[  357.157986][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  357.161455][   T34] task:syz.0.2596      state:D stack:28328 pid:13642 tgid:13639 ppid:7343   task_flags:0x400040 flags:0x00004004
[  357.166032][   T34] Call Trace:
[  357.167313][   T34]  <TASK>
[  357.168444][   T34]  __schedule+0x1798/0x4cc0
[  357.170148][   T34]  ? kasan_save_free_info+0x46/0x50
[  357.172298][   T34]  ? __lock_acquire+0xab9/0xd20
[  357.174311][   T34]  ? __lock_acquire+0xab9/0xd20
[  357.175967][   T34]  ? __pfx___schedule+0x10/0x10
[  357.177725][   T34]  ? schedule+0x91/0x360
[  357.179115][   T34]  schedule+0x165/0x360
[  357.180480][   T34]  schedule_preempt_disabled+0x13/0x30
[  357.182261][   T34]  __mutex_lock+0x7e6/0x1360
[  357.184137][   T34]  ? __mutex_lock+0x5b6/0x1360
[  357.185922][   T34]  ? misc_open+0x51/0x330
[  357.187385][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  357.189427][   T34]  misc_open+0x51/0x330
[  357.191242][   T34]  chrdev_open+0x4cc/0x5e0
[  357.193059][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  357.194849][   T34]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  357.197043][   T34]  ? __pfx_chrdev_open+0x10/0x10
[  357.199198][   T34]  do_dentry_open+0x953/0x13f0
[  357.201260][   T34]  vfs_open+0x3b/0x340
[  357.202973][   T34]  ? path_openat+0x2ecd/0x3830
[  357.205081][   T34]  path_openat+0x2ee5/0x3830
[  357.206601][   T34]  ? arch_stack_walk+0xfc/0x150
[  357.208229][   T34]  ? stack_depot_save_flags+0x40/0x860
[  357.210029][   T34]  ? __pfx_path_openat+0x10/0x10
[  357.211647][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.213786][   T34]  do_filp_open+0x1fa/0x410
[  357.215474][   T34]  ? __lock_acquire+0xab9/0xd20
[  357.217106][   T34]  ? __pfx_do_filp_open+0x10/0x10
[  357.218921][   T34]  ? _raw_spin_unlock+0x28/0x50
[  357.220991][   T34]  ? alloc_fd+0x64c/0x6c0
[  357.222658][   T34]  do_sys_openat2+0x121/0x1c0
[  357.224752][   T34]  ? __pfx_do_sys_openat2+0x10/0x10
[  357.226461][   T34]  ? exc_page_fault+0x76/0xf0
[  357.228061][   T34]  ? do_user_addr_fault+0xc8a/0x1390
[  357.229881][   T34]  __x64_sys_openat+0x138/0x170
[  357.231467][   T34]  do_syscall_64+0xfa/0x3b0
[  357.232979][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.235246][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.237862][   T34]  ? exc_page_fault+0x9f/0xf0
[  357.239899][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.242408][   T34] RIP: 0033:0x7f810e78ebe9
[  357.244460][   T34] RSP: 002b:00007f810f53d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  357.247980][   T34] RAX: ffffffffffffffda RBX: 00007f810e9b6180 RCX: 00007f810e78ebe9
[  357.251306][   T34] RDX: 0000000000000000 RSI: 0000200000000400 RDI: ffffffffffffff9c
[  357.254805][   T34] RBP: 00007f810e811e19 R08: 0000000000000000 R09: 0000000000000000
[  357.258217][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  357.261369][   T34] R13: 00007f810e9b6218 R14: 00007f810e9b6180 R15: 00007ffc6377d268
[  357.264281][   T34]  </TASK>
[  357.265390][   T34] 
[  357.265390][   T34] Showing all locks held in the system:
[  357.268446][   T34] 1 lock held by khungtaskd/34:
[  357.270557][   T34]  #0: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  357.274874][   T34] 3 locks held by kworker/1:1/51:
[  357.277043][   T34]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  357.281643][   T34]  #1: ffffc9000079fbc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  357.287422][   T34]  #2: ffffffff8f80e4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  357.292180][   T34] 2 locks held by getty/5680:
[  357.294364][   T34]  #0: ffff8880284f60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  357.298488][   T34]  #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  357.302770][   T34] 2 locks held by syz.2.2464/13153:
[  357.305134][   T34]  #0: ffff88810f2f4100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  357.309190][   T34]  #1: ffffffff8f80e4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  357.313453][   T34] 2 locks held by syz.2.2464/13154:
[  357.315916][   T34]  #0: ffffffff8f80e4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  357.320244][   T34]  #1: ffff88810f2f4100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  357.324621][   T34] 3 locks held by syz.1.2583/13607:
[  357.326944][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.330579][   T34]  #1: ffff888038fa2100 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320
[  357.334834][   T34]  #2: ffffffff8f80e4a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[  357.338600][   T34] 1 lock held by syz.1.2583/13612:
[  357.340295][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.343035][   T34] 1 lock held by syz.0.2596/13640:
[  357.345338][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.348819][   T34] 1 lock held by syz.0.2596/13642:
[  357.350946][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.354043][   T34] 1 lock held by syz-executor/13646:
[  357.356289][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.359910][   T34] 1 lock held by syz-executor/13648:
[  357.362257][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.366026][   T34] 1 lock held by syz-executor/13650:
[  357.368330][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.371918][   T34] 1 lock held by syz-executor/13655:
[  357.374204][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.377712][   T34] 1 lock held by syz-executor/13657:
[  357.379980][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.383363][   T34] 1 lock held by syz-executor/13659:
[  357.385790][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.389689][   T34] 1 lock held by syz-executor/13662:
[  357.391739][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.395097][   T34] 1 lock held by syz-executor/13664:
[  357.397408][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.400962][   T34] 1 lock held by syz-executor/13666:
[  357.403258][   T34]  #0: ffffffff8e9be128 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  357.406991][   T34] 
[  357.408054][   T34] =============================================
[  357.408054][   T34] 
[  357.411613][   T34] NMI backtrace for cpu 1
[  357.411625][   T34] CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0 PREEMPT(full) 
[  357.411641][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  357.411648][   T34] Call Trace:
[  357.411657][   T34]  <TASK>
[  357.411690][   T34]  dump_stack_lvl+0x189/0x250
[  357.411713][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  357.411727][   T34]  ? __pfx__printk+0x10/0x10
[  357.411752][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  357.411768][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  357.411782][   T34]  ? __pfx__printk+0x10/0x10
[  357.411800][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  357.411820][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  357.411834][   T34]  watchdog+0xf93/0xfe0
[  357.411860][   T34]  ? watchdog+0x1de/0xfe0
[  357.411880][   T34]  kthread+0x711/0x8a0
[  357.411898][   T34]  ? __pfx_watchdog+0x10/0x10
[  357.411914][   T34]  ? __pfx_kthread+0x10/0x10
[  357.411930][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  357.411943][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.411955][   T34]  ? __pfx_kthread+0x10/0x10
[  357.411971][   T34]  ret_from_fork+0x3fc/0x770
[  357.411985][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  357.412001][   T34]  ? __switch_to_asm+0x39/0x70
[  357.412015][   T34]  ? __switch_to_asm+0x33/0x70
[  357.412028][   T34]  ? __pfx_kthread+0x10/0x10
[  357.412043][   T34]  ret_from_fork_asm+0x1a/0x30
[  357.412069][   T34]  </TASK>
[  357.412074][   T34] Sending NMI from CPU 1 to CPUs 0:
[  357.472977][    C0] NMI backtrace for cpu 0
[  357.472997][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0 PREEMPT(full) 
[  357.473010][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  357.473017][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  357.473035][    C0] Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 53 77 0f 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  357.473044][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 00000282
[  357.473054][    C0] RAX: dcee640240607500 RBX: ffffffff81968308 RCX: dcee640240607500
[  357.473062][    C0] RDX: 0000000000000001 RSI: ffffffff8d9b494b RDI: ffffffff8be32680
[  357.473068][    C0] RBP: ffffffff8de07eb8 R08: ffff88804b032f9b R09: 1ffff110096065f3
[  357.473075][    C0] R10: dffffc0000000000 R11: ffffed10096065f4 R12: ffffffff8fa34730
[  357.473082][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20
[  357.473089][    C0] FS:  0000000000000000(0000) GS:ffff8880b8621000(0000) knlGS:0000000000000000
[  357.473096][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  357.473103][    C0] CR2: 000055e798b7a600 CR3: 000000000df36000 CR4: 00000000000006f0
[  357.473135][    C0] Call Trace:
[  357.473140][    C0]  <TASK>
[  357.473144][    C0]  default_idle+0x13/0x20
[  357.473157][    C0]  default_idle_call+0x74/0xb0
[  357.473172][    C0]  do_idle+0x1e8/0x510
[  357.473184][    C0]  ? __pfx_do_idle+0x10/0x10
[  357.473197][    C0]  cpu_startup_entry+0x44/0x60
[  357.473206][    C0]  rest_init+0x2de/0x300
[  357.473220][    C0]  start_kernel+0x3a9/0x410
[  357.473232][    C0]  x86_64_start_reservations+0x24/0x30
[  357.473246][    C0]  x86_64_start_kernel+0x143/0x1c0
[  357.473258][    C0]  common_startup_64+0x13e/0x147
[  357.473276][    C0]  </TASK>
[  357.473956][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  357.473973][   T34] CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted 6.16.0-syzkaller-12063-g37816488247d-dirty #0 PREEMPT(full) 
[  357.473989][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  357.473998][   T34] Call Trace:
[  357.474006][   T34]  <TASK>
[  357.474013][   T34]  dump_stack_lvl+0x99/0x250
[  357.474033][   T34]  ? __asan_memcpy+0x40/0x70
[  357.474048][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  357.474062][   T34]  ? __pfx__printk+0x10/0x10
[  357.474087][   T34]  vpanic+0x281/0x750
[  357.474103][   T34]  ? __pfx_vpanic+0x10/0x10
[  357.474117][   T34]  ? preempt_schedule+0xae/0xc0
[  357.474133][   T34]  ? preempt_schedule_common+0x83/0xd0
[  357.474151][   T34]  panic+0xb9/0xc0
[  357.474173][   T34]  ? __pfx_panic+0x10/0x10
[  357.474188][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  357.474211][   T34]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  357.474226][   T34]  watchdog+0xfd2/0xfe0
[  357.474246][   T34]  ? watchdog+0x1de/0xfe0
[  357.474267][   T34]  kthread+0x711/0x8a0
[  357.474285][   T34]  ? __pfx_watchdog+0x10/0x10
[  357.474301][   T34]  ? __pfx_kthread+0x10/0x10
[  357.474317][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  357.474331][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  357.474345][   T34]  ? __pfx_kthread+0x10/0x10
[  357.474360][   T34]  ret_from_fork+0x3fc/0x770
[  357.474375][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  357.474392][   T34]  ? __switch_to_asm+0x39/0x70
[  357.474406][   T34]  ? __switch_to_asm+0x33/0x70
[  357.474420][   T34]  ? __pfx_kthread+0x10/0x10
[  357.474437][   T34]  ret_from_fork_asm+0x1a/0x30
[  357.474464][   T34]  </TASK>
[  357.618220][   T34] Kernel Offset: disabled
[  357.620077][   T34] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:06:30  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000031 RBX=0000000000000031 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000068f6b0
R8 =ffff8880216d0237 R9 =1ffff110042da046 R10=dffffc0000000000 R11=ffffffff854e71d0
R12=dffffc0000000000 R13=ffffffff99af48fb R14=ffffffff99de94e0 R15=0000000000000000
RIP=ffffffff854e724c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8621000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055e798b7b680 CR3=000000010e8c4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 00007f9c2a787d20
XMM02=0030a40300000015 a003360800000000 XMM03=b40310040030b003 12080030a8030204
XMM04=0000000000000000 000000000000000e XMM05=0000000000000000 000000000003bf12
XMM06=02040030cc031004 0030c80300000017 XMM07=840030c600000000 80840030c6030401
XMM08=e08080840030c403 1804003000000016 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81ac7701 RBX=0000000000000010 RCX=ffffffff81ac779e RDX=0000000000000001
RSI=0000000000000010 RDI=ffffc90002fbfd80 RBP=0000000000000000 RSP=ffffc90002fbfd08
R8 =ffffc90002fbfd90 R9 =ffff800000000000 R10=ffffc90002fbfe60 R11=fffff520005f7fce
R12=1ffff920005f7fac R13=dffffc0000000000 R14=ffffc90002fbfd80 R15=1ffff920005f7fb0
RIP=ffffffff8222fe17 RFL=00000a02 [-O-----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8a9c68e800 ffffffff 00c00000
GS =0000 ffff8881a3c21000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fffe96f0f7c CR3=000000010e78c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
