last executing test programs:

21.139888797s ago: executing program 1 (id=2388):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x4, 0x2, 0x1, 0x20}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc042}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000007c0)={'ip6gre0\x00', &(0x7f0000000740)={'syztnl1\x00', <r3=>0x0, 0x4, 0x0, 0x9, 0xffffffff, 0x2, @private1, @dev={0xfe, 0x80, '\x00', 0xc}, 0x80, 0x700, 0x1, 0x5b1d}})
setsockopt$inet6_mreq(r2, 0x29, 0x0, &(0x7f0000000800)={@private0={0xfc, 0x0, '\x00', 0x1}, r3}, 0x14)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRESOCT=r0, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="5400f3339d4d66804829976e00", @ANYRES32=0x0, @ANYBLOB="00000000003f00002c0012800b00010067726574617000001c00028006000e0001000000080007007f000001060010000100000008000a00", @ANYRES32=r4, @ANYBLOB], 0x54}}, 0x4000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r6=>0x0})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="0200000002"], 0x10)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r9, r10, 0x2, 0x2}, 0x10)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="180000000000000000000000000000009500160000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r12 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r11}, 0x10)
r13 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r12}, 0x8)
close(r13)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r12, 0x0, 0x24, &(0x7f0000000840)='cgroup\x00\x90\xd8\xfa+6:g\xe33P\xe7\x9d \x12\xf3\xac\xd8#\xf0\xea9\xbc,wX\xc3}d\xdd'}, 0x30)
r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
r15 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r15, r14, 0x2, 0x6, 0x4000}, 0x10)
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x3d, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0xc7, '\x00', 0x86dc, 0x3, 0x100, 0xc}}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x9}]}, 0x50}}, 0x4000010)
r16 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r1)
sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000700)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000001240)=ANY=[@ANYBLOB="8803000057bb1000340bdb095524f3a7acb912e29e7d23afff8e3e8a465c5da1ca0400000000454ec34ba05fdec31d8f625c4cd4432fd9a256e96a8ed734e7f0456fbf979ed76992aefa575a6f9b9229abc35340fe22cfbfe51381d20139bcc21d210cb5ef352dd796f25980fa64bc78df9d259f35e37866ca52de83958f808e4f7d8c0e38ebd43eb3b73e3d8e", @ANYRES16=r16, @ANYBLOB="000226bd7000ffdbdf25090000004000078008000100080000000c0004000500000000000000080002000000000008000200090000000c00040006000000000000000c000300ff01000000000000280005801400028008000200240e0000080001001a000000070001006962000008000100657468002000078008000200070000000c000400060000000000000008000100fbffffff10000680080006000300000004000200380004801300010062726f6164636173742d6c696e6b00000900010073797a30000000001300010062726f6164636173742d6c696e6b0000b000068050000300f12abc2d5a4d8dfc0dd54d4e4a8ec8f669d661622e3a18dc13b5a28dbaf1da9b9947fe2244169651ffb2b34733614adaa74f496273434e6fdaa821382939a32f15a8dd244a05aa19c152369408000100b82f0000040002004000040067636d286165732900000000000000000000000000000000000000000000000018000000e0bf0243445b93111e4e3f7cb9ce3264ff0abf99c494f190040002000800010086000000040002005c00048044000780080002000400000008000200060000000800040007000000080004004500000008000400ffffff7f0800010011000000080001001d00000008000200080000001300010062726f6164636173742d6c696e6b000024000380080002000400000008000200040000000800030008000000080001000f0000007401068004000500040005000800060001000000f800030087095fa02cb1116a2f939f52335b9e17a835bc95412104d744ba6dd5a4ece2439ba7dfe86d043b4ff60c93feb3948284444cbdeb59d53d3cdf01fbf47ce09354c6a9ce3b6f269bbc9c9051080119c6876c269150cfe897a34dbef5f2030d7aacfea61abc4ab71eadd6c437f98d5b117f761dececb4029b887012e074073ca0e3c3d0fc44d569807ad1967d891d8dc0121ddec32dbb895e499edbb323dd4b769ea15cb83157341a35c933e21998d1419614a1cd9fd2335df6e3d8c6ac684a7589fef91c3627e6bf0f410d8589d8feeeb86c915513b5475153d35f07b36ab9a9cd452369e012855b704222d25b6682bd765e02d57508000600040000003d00040067636d2861657329000000000000000000000000000000000000000000000000150000004b1a87691e0e409bc867ac1986ec6d1c2cdad5e1cf000000080001000500000008000100400000000f0003009211b549cf327667d31f4900"], 0x388}, 0x1, 0x0, 0x0, 0x8840}, 0x4000)

21.090439288s ago: executing program 1 (id=2389):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000000), r0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x4000, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/132, 0x84}, {&(0x7f0000002bc0)=""/4096, 0x1000}], 0x2}, 0xfffffff8}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000001740)=""/187, 0xbb}, {&(0x7f0000001800)=""/231, 0xe7}, {&(0x7f0000001900)=""/4096, 0x1000}, {&(0x7f0000000440)=""/77, 0x4d}, {&(0x7f0000002980)=""/18, 0x12}, {&(0x7f00000029c0)=""/76, 0x4c}, {&(0x7f0000000380)=""/147, 0x93}, {&(0x7f0000002b00)=""/50, 0x32}], 0x8}, 0x5e7}, {{0x0, 0x0, 0x0}, 0x3}], 0x4, 0x0, 0x0)

21.090054813s ago: executing program 1 (id=2390):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'wg2\x00'})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x4a0, 0x0, 0x9403, 0x3002, 0x2b8, 0x2c0, 0x3d0, 0x3d8, 0x3d8, 0x3d0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2b8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x8, 0xfc, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x80, 0x1, 0x0, 'syz1\x00', 0x1}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@local, @empty, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0x140b6964c6a3d8d0, 0x1ff0001ff, 0xffffff00, 0xff], 'gre0\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0x2e, 0x3, 0x2, 0x64}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0xfffffff4, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$cgroup_subtree(r4, &(0x7f0000000700)=ANY=[], 0xfe33)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000001100), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000001140)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001180)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4008010)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={r4, 0x20, &(0x7f00000002c0)={&(0x7f0000000480)=""/236, 0xec, <r9=>0x0, &(0x7f00000001c0)=""/115, 0x73}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x48)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r11, &(0x7f0000000480), &(0x7f0000000580)=@tcp=r13}, 0x99)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r11, &(0x7f0000000280)="aa", &(0x7f0000000400)=@udp=r12}, 0x20)
close(0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r10}, 0x10)
r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r14}, 0x10)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r15, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r16, 0xb0b}, 0x14}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))

17.057427882s ago: executing program 1 (id=2390):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'wg2\x00'})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x4a0, 0x0, 0x9403, 0x3002, 0x2b8, 0x2c0, 0x3d0, 0x3d8, 0x3d8, 0x3d0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2b8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x8, 0xfc, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x80, 0x1, 0x0, 'syz1\x00', 0x1}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@local, @empty, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0x140b6964c6a3d8d0, 0x1ff0001ff, 0xffffff00, 0xff], 'gre0\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0x2e, 0x3, 0x2, 0x64}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0xfffffff4, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$cgroup_subtree(r4, &(0x7f0000000700)=ANY=[], 0xfe33)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000001100), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000001140)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001180)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4008010)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={r4, 0x20, &(0x7f00000002c0)={&(0x7f0000000480)=""/236, 0xec, <r9=>0x0, &(0x7f00000001c0)=""/115, 0x73}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x48)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r11, &(0x7f0000000480), &(0x7f0000000580)=@tcp=r13}, 0x99)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r11, &(0x7f0000000280)="aa", &(0x7f0000000400)=@udp=r12}, 0x20)
close(0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r10}, 0x10)
r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r14}, 0x10)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r15, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r16, 0xb0b}, 0x14}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))

11.198734225s ago: executing program 1 (id=2390):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'wg2\x00'})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x4a0, 0x0, 0x9403, 0x3002, 0x2b8, 0x2c0, 0x3d0, 0x3d8, 0x3d8, 0x3d0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2b8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x8, 0xfc, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x80, 0x1, 0x0, 'syz1\x00', 0x1}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@local, @empty, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0x140b6964c6a3d8d0, 0x1ff0001ff, 0xffffff00, 0xff], 'gre0\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0x2e, 0x3, 0x2, 0x64}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0xfffffff4, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$cgroup_subtree(r4, &(0x7f0000000700)=ANY=[], 0xfe33)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000001100), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000001140)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001180)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4008010)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={r4, 0x20, &(0x7f00000002c0)={&(0x7f0000000480)=""/236, 0xec, <r9=>0x0, &(0x7f00000001c0)=""/115, 0x73}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x48)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r11, &(0x7f0000000480), &(0x7f0000000580)=@tcp=r13}, 0x99)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r11, &(0x7f0000000280)="aa", &(0x7f0000000400)=@udp=r12}, 0x20)
close(0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r10}, 0x10)
r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r14}, 0x10)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r15, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r16, 0xb0b}, 0x14}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))

5.072124131s ago: executing program 1 (id=2390):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'wg2\x00'})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x4a0, 0x0, 0x9403, 0x3002, 0x2b8, 0x2c0, 0x3d0, 0x3d8, 0x3d8, 0x3d0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2b8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x0, 0x8, 0xfc, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x80, 0x1, 0x0, 'syz1\x00', 0x1}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@local, @empty, [0xffffff00, 0xff000000, 0xff, 0xffffff00], [0x140b6964c6a3d8d0, 0x1ff0001ff, 0xffffff00, 0xff], 'gre0\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0x2e, 0x3, 0x2, 0x64}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0xfffffff4, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$cgroup_subtree(r4, &(0x7f0000000700)=ANY=[], 0xfe33)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000001100), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000001140)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r5, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001180)={0x1c, r7, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4008010)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={r4, 0x20, &(0x7f00000002c0)={&(0x7f0000000480)=""/236, 0xec, <r9=>0x0, &(0x7f00000001c0)=""/115, 0x73}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x48)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r12=>0xffffffffffffffff, <r13=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r11, &(0x7f0000000480), &(0x7f0000000580)=@tcp=r13}, 0x99)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r11, &(0x7f0000000280)="aa", &(0x7f0000000400)=@udp=r12}, 0x20)
close(0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r10}, 0x10)
r14 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r14}, 0x10)
r15 = socket$nl_generic(0x10, 0x3, 0x10)
r16 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_DAEMON(r15, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r16, 0xb0b}, 0x14}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300))

386.794524ms ago: executing program 0 (id=2700):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="ac0100001000330600000f0000001f00fc000000000000000000000000000000ffffffff00ffffffff00000000ffff0000004000000080010000200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff0200000000000000000000000000010000000032000000e000000200000000000000000000000023030000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000029bd7000000000000a000200000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00200000004e2200000000ac1414bb0000000000000000000000001c00040002004e2100000000fc00000000000000000000000000000108000c000400000008000b00070000002c0017", @ANYRES16=0x0], 0x1ac}}, 0x0)

219.500925ms ago: executing program 0 (id=2703):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x50}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf01d}]}}]}, 0x44}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="d5"], 0x24}}, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r1, 0x8983, &(0x7f0000000040))
recvmmsg$unix(r1, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000016c0)=""/164, 0xa4}, {&(0x7f0000000480)=""/4088, 0xff8}, {&(0x7f0000001480)=""/83, 0x53}, {&(0x7f0000001580)=""/60, 0x3c}, {&(0x7f0000001980)=""/231, 0xe7}, {&(0x7f00000018c0)=""/182, 0xb6}], 0x6}}], 0x1, 0x40010122, 0x0)
write(r1, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x4880}, 0x20008844)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x50}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf01d}]}}]}, 0x44}}, 0x0) (async)
socket(0x10, 0x3, 0x0) (async)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="d5"], 0x24}}, 0x0) (async)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(r1, 0x8983, &(0x7f0000000040)) (async)
recvmmsg$unix(r1, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000016c0)=""/164, 0xa4}, {&(0x7f0000000480)=""/4088, 0xff8}, {&(0x7f0000001480)=""/83, 0x53}, {&(0x7f0000001580)=""/60, 0x3c}, {&(0x7f0000001980)=""/231, 0xe7}, {&(0x7f00000018c0)=""/182, 0xb6}], 0x6}}], 0x1, 0x40010122, 0x0) (async)
write(r1, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) (async)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x4880}, 0x20008844) (async)

218.499083ms ago: executing program 0 (id=2707):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
bind$llc(0xffffffffffffffff, &(0x7f0000000140)={0x1a, 0x101, 0x3, 0x1, 0x0, 0x40, @remote}, 0x10)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000002c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f00000014c0)={0x1100, 0x1, 0x52, 0xf6a})
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000030202000900010073797a3100000000573e1056895a15e1e0c24aaed3f395c5ce5a3431fdd63f178b2efd02cc21bd0366cbfd5a9d171ff804597b3195604223c2df84ea61fa528c1ca5fb2c344d1c8de490f1dbb42bce03f96b651f8403e4ec34c0796bca6ba4c35ba674e24f26d2ee9872f8ec6473350d878c1bf277896e61d1cb9837a15c697d5a269d9dfce4cf91dc7ee1a131ee35887958e155615f382654c420b5f27e988212afa0f9c5883071d521d9885e414a72942de682ca8c37ec81"], 0x20}, 0x1, 0x40030000000000}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet_sctp(r4, &(0x7f0000009d40)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000002340)=[@sndrcv={0x30, 0x84, 0x1, {0x2, 0x8000, 0x8004, 0x6, 0xfffffffc, 0x80000000, 0x5, 0x8}}], 0x30, 0x44000040}], 0x1, 0x90)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000300), 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r5, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2040}, 0xc, &(0x7f0000000180)={&(0x7f0000000600)={0x18, 0x0, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20004005}, 0x2000c800)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000007540), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000040000000000000000008000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000900000900020073797a31000000000900010073797a30000000000800054000000021600000000c0a01030000000000000000070000090900020073797a31000000000900010073797a30000000003400038030000080080003400000000224000b8020"], 0xe4}}, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r7, &(0x7f0000007640)={0x0, 0xffffffffffffff93, &(0x7f0000007600)={&(0x7f0000000840)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002abd70ebfbdbdf2512050000080006000200000018000180140002006261746164765f736c6176655f300000fa42185058a3c6cfb750b95c31acb0df291473d163d49ecad25f4f908bdcf462e9874106e13f9e9cf8a92ffbbb8538557b96c7e76cf65301a891e7a15e8250414d1cdc676df69383ed3cb130882734a5c55483e7a3b52acfdcbff3e73c79d83757df4680d21c3d9b3ab6b1beb09d87f92ebd1639c724c52131e8724270d10f64a87587f2260fb6c0e045e7adaf7fb71e305261deecdfcc6e7149a4cb39f8fa329acfd28fc9e2e390084d695206c1b2428e3b76df748eb7f6f6755b771f5649d9db71a34b02a1081c466adbe45b793e511c5954c2253ea6f35254fe6a30568ca6b434405a44f4d020981c14ebbfdf773cc79343def9821db1fb0101a8fc68263046b2538bec7ec144c522ee5c9f9c04ce490b5b9c0910c9032c944f44b56cd07bd2ff6534a9dfdacc4c72ebb78045f49227a297731c278d0581503866de677d2aefe22f52f601cec218cee2c6"], 0x34}}, 0x4)

170.072308ms ago: executing program 2 (id=2708):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000009000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

169.8557ms ago: executing program 0 (id=2709):
bind$802154_raw(0xffffffffffffffff, &(0x7f0000000000)={0x24, @none={0x0, 0x2}}, 0x14) (async)
bind$802154_raw(0xffffffffffffffff, &(0x7f0000000000)={0x24, @none={0x0, 0x2}}, 0x14)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth1_to_bridge\x00', <r2=>0x0})
syz_emit_ethernet(0xd2, &(0x7f00000003c0)={@multicast, @random="000000fb3f00", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, ' \x00', 0x9c, 0x2f, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], {0x0, 0x883e, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "926ddd87a7b54ac02080bb3dd72a7163cfd8c8846e295f23e9ae01fbc196384b", "f7493188326aadd6d93ff50028ac3fecd607f707b73523bd0fe799302b73842c1ae0404b654b0cb98310c96581f4bd4e", "f9aeef2b179973c34bcc6428e9e0f9c720f52f351a673b943aa99d67", {"2f89dbfff7badbcb59f3dbe3817104e9", "15d4f80ec6c1d0485272fe25b352766c"}}}}}}}}, 0x0) (async)
syz_emit_ethernet(0xd2, &(0x7f00000003c0)={@multicast, @random="000000fb3f00", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, ' \x00', 0x9c, 0x2f, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], {0x0, 0x883e, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "926ddd87a7b54ac02080bb3dd72a7163cfd8c8846e295f23e9ae01fbc196384b", "f7493188326aadd6d93ff50028ac3fecd607f707b73523bd0fe799302b73842c1ae0404b654b0cb98310c96581f4bd4e", "f9aeef2b179973c34bcc6428e9e0f9c720f52f351a673b943aa99d67", {"2f89dbfff7badbcb59f3dbe3817104e9", "15d4f80ec6c1d0485272fe25b352766c"}}}}}}}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB="780000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e00000000400002800600010000000000340003800c000100ff010000060000000c0001007f000000000000000c000100ff000000010000000c000100ff0100000008000008000500", @ANYRES32=r2], 0x78}}, 0x0)

169.439858ms ago: executing program 2 (id=2710):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x1b, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a0300000000f5ffffff00010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000020000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x8040)

107.624245ms ago: executing program 2 (id=2711):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x2})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x304)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @random="1dcc31e5284b"})
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x2}) (async)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x304) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
close(r0) (async)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @random="1dcc31e5284b"}) (async)

106.598297ms ago: executing program 0 (id=2712):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x80000001, '\x00', 0x0, 0x0}, 0x48)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4)
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000000)=r3, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x1c}}, 0x24000044)
sendmsg$kcm(r2, &(0x7f0000000b00)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x6}, 0x80, &(0x7f0000000100), 0x79}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x6)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb88a8470081004900080045"], 0x0)
ioctl$TUNSETLINK(r1, 0x400454cd, 0x305)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000002000010015220000000000000a0020400000000700000000050013000100000014000200fe8000000000000000000000000000aa"], 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0xc0, 0x30, 0x1, 0x0, 0x25dfdbfe, {}, [{0xac, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x0, 0x0, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0xb, 0x12, 0x6, 0x695}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc0}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x68, r8, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x68}, @val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x7ff, 0x8000070}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "2636771b94125a0194f4aecb08ce1d2dbf2891914e801669"}]]}, 0x68}, 0x1, 0x0, 0x0, 0x20008081}, 0x24044884)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r11, 0x84, 0x7f, &(0x7f0000000080)="020000000d800000", 0x45)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r12)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x22}}}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x40}}, 0x0)

106.148016ms ago: executing program 2 (id=2713):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001800090000000000000000001c140000fe05000100000000140012000000f1c6a81697008d68a0328c49d2ee0800010000000300"], 0x44}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ADD(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d00)={0x14, r5, 0x4c1dad3e3d6a7499, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x20000000)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB="38e9ff00", @ANYRES8=r5, @ANYRES64], 0x38}}, 0xc044)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x887)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3a8, 0x278, 0x148, 0xb0, 0x278, 0x278, 0x310, 0x310, 0x310, 0x310, 0x310, 0x6, 0x0, {[{{@ip={@local, @multicast1, 0x0, 0xff000000, 'geneve1\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x48}, 0x0, 0x70, 0xb0}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3ff, 0xf3, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e21}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x2}}}, {{@ip={@empty, @private=0xa010102, 0xff, 0x0, 'virt_wifi0\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0x89, 0x2, 0x41}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg0\x00', 'erspan0\x00', {}, {}, 0x62}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x0, 0x2, 0xff}}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'pimreg0\x00', {}, {}, 0x0, 0x2, 0x14}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x408)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r8)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x48, r10, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={{{}, {}, @device_b}, @ext_ch_sw={0x4, 0x4, {{}, @val={0x76, 0x6, {0x4, 0x5, 0x19, 0x3}}}}}}]}, 0x48}}, 0x0)
socket(0x400000000010, 0x4, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

55.76958ms ago: executing program 2 (id=2714):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r2, @ANYBLOB="0800051dfcffffff1400060076657468115f746f5f7465616d0000000400cc0008000500070000001400040073"], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

189.183µs ago: executing program 2 (id=2715):
r0 = socket$netlink(0x10, 0x3, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, 0x0, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0}}, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8d0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001880)=@newtaction={0x8c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x78, 0x1, [@m_police={0x35, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0xffc, 0x3, 0xfffffffd, 0x0, 0x4000000, {}, {0x0, 0x0, 0xfffc, 0x0, 0x0, 0x8}, 0x8}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x8}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)
socket(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r6], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r9, 0xc020f509, &(0x7f0000000180)={0xffffffffffffffff, 0x9, 0xfffffffffffffe00, 0xb})
socket(0x1, 0x803, 0x0)
unshare(0x6020400)
pipe(&(0x7f0000000000)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
close(r10)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
close(r12)
tee(r10, r11, 0x6, 0x0)

0s ago: executing program 0 (id=2716):
ioctl$SIOCAX25OPTRT(0xffffffffffffffff, 0x89e7, &(0x7f0000000300)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x2, 0x20})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500e1fd08005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000005000001000000000000000000000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e75021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)

kernel console output (not intermixed with test programs):

mode
[  136.750843][T12222] netdevsim netdevsim0 eth0: left allmulticast mode
[  136.753069][T12222] netdevsim netdevsim0 eth1: left allmulticast mode
[  136.756220][T12222] netdevsim netdevsim0 eth2: left allmulticast mode
[  136.758441][T12222] netdevsim netdevsim0 eth3: left allmulticast mode
[  136.760660][T12222] bridge14: left allmulticast mode
[  136.762409][T12222] vlan0: left promiscuous mode
[  136.763998][T12222] bridge0: left promiscuous mode
[  136.766942][T12222] bridge16: left promiscuous mode
[  136.827456][T12231] tipc: Resetting bearer <eth:syzkaller0>
[  136.829506][T12231] tipc: Resetting bearer <eth:syzkaller0>
[  136.833226][T12231] x_tables: duplicate underflow at hook 2
[  136.959247][T12242] netlink: 'syz.0.1767': attribute type 1 has an invalid length.
[  136.981829][T12242] 8021q: adding VLAN 0 to HW filter on device bond22
[  137.002188][T12241] pim6reg1: entered allmulticast mode
[  137.135370][T12255] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  137.143516][T12255] syzkaller0: entered promiscuous mode
[  137.147003][T12255] syzkaller0: entered allmulticast mode
[  137.152034][T12255] tipc: Resetting bearer <eth:syzkaller0>
[  137.158525][T12252] tipc: Resetting bearer <eth:syzkaller0>
[  137.168927][T12252] tipc: Disabling bearer <eth:syzkaller0>
[  137.185639][T12259] pim6reg1: entered allmulticast mode
[  137.205545][T12259] pim6reg1: left allmulticast mode
[  137.307917][T12270] xt_hashlimit: size too large, truncated to 1048576
[  137.352531][T12273] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  137.375092][T12274] xt_bpf: check failed: parse error
[  137.473716][T12266] lo speed is unknown, defaulting to 1000
[  137.709231][T12296] batadv_slave_0: entered promiscuous mode
[  137.748923][T12300] bridge0: failed insert local address into bridge forwarding table
[  137.809702][T12306] __nla_validate_parse: 62 callbacks suppressed
[  137.809712][T12306] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1788'.
[  137.818738][T12306] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1788'.
[  137.821840][T12306] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1788'.
[  137.880662][T12313] netlink: 'syz.2.1789': attribute type 1 has an invalid length.
[  137.969934][T12315] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1791'.
[  138.067817][T12332] netlink: 'syz.2.1795': attribute type 32 has an invalid length.
[  138.098007][T12333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1794'.
[  138.101441][T12333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1794'.
[  138.196154][T12353] netlink: 'syz.0.1799': attribute type 1 has an invalid length.
[  138.218673][T12353] bond23: (slave gretap3): making interface the new active one
[  138.221541][T12353] bond23: (slave gretap3): Enslaving as an active interface with an up link
[  138.231618][T12359] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1801'.
[  138.300118][T12362] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1802'.
[  138.303213][T12362] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1802'.
[  138.308231][T12362] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1802'.
[  138.397051][T12381] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  138.487173][T12402] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  138.493928][T12402] syzkaller0: entered promiscuous mode
[  138.500046][T12402] syzkaller0: entered allmulticast mode
[  138.502052][T12402] tipc: Resetting bearer <eth:syzkaller0>
[  138.530349][T12406] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check.
[  138.635589][T12424] tipc: Resetting bearer <eth:syzkaller0>
[  138.638350][T12424] syzkaller0: left promiscuous mode
[  138.640089][T12424] syzkaller0: left allmulticast mode
[  138.689110][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.691653][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.721262][T12428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  138.853960][T12443] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.858863][T12444] syzkaller0: entered promiscuous mode
[  138.860678][T12444] syzkaller0: entered allmulticast mode
[  138.881233][T12444] tipc: Resetting bearer <eth:syzkaller0>
[  138.892193][T12444] tipc: Disabling bearer <eth:syzkaller0>
[  139.010893][T12453] 8021q: adding VLAN 0 to HW filter on device bond17
[  139.020537][T12453] gretap3: entered promiscuous mode
[  139.026737][T12453] bond17: (slave gretap3): making interface the new active one
[  139.029817][T12453] bond17: (slave gretap3): Enslaving as an active interface with an up link
[  139.039103][T12453] bond17: (slave vlan0): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  139.414498][T12474] dummy0: entered promiscuous mode
[  139.419945][T12474] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  139.427078][T12479] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  139.488730][T12484] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  139.677630][T12500] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  139.680518][T12500] CPU: 0 UID: 0 PID: 12500 Comm: syz.2.1839 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  139.680536][T12500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  139.680544][T12500] Call Trace:
[  139.680550][T12500]  <TASK>
[  139.680556][T12500]  dump_stack_lvl+0x189/0x250
[  139.680582][T12500]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.680602][T12500]  ? __pfx__printk+0x10/0x10
[  139.680617][T12500]  ? kernfs_path_from_node+0x2c/0x260
[  139.680632][T12500]  ? kernfs_path_from_node+0x2c/0x260
[  139.680644][T12500]  ? kernfs_path_from_node+0x2c/0x260
[  139.680660][T12500]  ? kernfs_path_from_node+0x22c/0x260
[  139.680673][T12500]  ? kernfs_path_from_node+0x2c/0x260
[  139.680690][T12500]  sysfs_warn_dup+0x8e/0xa0
[  139.680705][T12500]  sysfs_do_create_link_sd+0xc0/0x110
[  139.680723][T12500]  device_add_class_symlinks+0x1cf/0x240
[  139.680739][T12500]  device_add+0x475/0xb50
[  139.680756][T12500]  wiphy_register+0x199a/0x26b0
[  139.680785][T12500]  ? __pfx_wiphy_register+0x10/0x10
[  139.680798][T12500]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  139.680819][T12500]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  139.680869][T12500]  ieee80211_register_hw+0x33e1/0x4120
[  139.680900][T12500]  ? ieee80211_register_hw+0x14c1/0x4120
[  139.680924][T12500]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  139.680944][T12500]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  139.680968][T12500]  ? __hrtimer_setup+0x187/0x210
[  139.680986][T12500]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  139.681002][T12500]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  139.681046][T12500]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  139.681064][T12500]  ? trace_kmalloc+0x1f/0xd0
[  139.681074][T12500]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  139.681086][T12500]  ? kstrndup+0xbf/0x160
[  139.681109][T12500]  hwsim_new_radio_nl+0xea4/0x1b10
[  139.681124][T12500]  ? __pfx___nla_validate_parse+0x10/0x10
[  139.681153][T12500]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  139.681187][T12500]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  139.681215][T12500]  ? __nla_parse+0x40/0x60
[  139.681242][T12500]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  139.681267][T12500]  genl_family_rcv_msg_doit+0x215/0x300
[  139.681292][T12500]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  139.681315][T12500]  ? bpf_lsm_capable+0x9/0x20
[  139.681321][T12500]  ? security_capable+0x7e/0x2e0
[  139.681333][T12500]  genl_rcv_msg+0x60e/0x790
[  139.681347][T12500]  ? __pfx_genl_rcv_msg+0x10/0x10
[  139.681356][T12500]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  139.681369][T12500]  netlink_rcv_skb+0x208/0x470
[  139.681378][T12500]  ? __pfx_genl_rcv_msg+0x10/0x10
[  139.681389][T12500]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  139.681404][T12500]  ? down_read+0x1ad/0x2e0
[  139.681413][T12500]  genl_rcv+0x28/0x40
[  139.681422][T12500]  netlink_unicast+0x75b/0x8d0
[  139.681434][T12500]  netlink_sendmsg+0x805/0xb30
[  139.681446][T12500]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.681456][T12500]  ? aa_sock_msg_perm+0x94/0x160
[  139.681466][T12500]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  139.681475][T12500]  ? __pfx_netlink_sendmsg+0x10/0x10
[  139.681483][T12500]  __sock_sendmsg+0x21c/0x270
[  139.681495][T12500]  ____sys_sendmsg+0x505/0x830
[  139.681507][T12500]  ? __pfx_____sys_sendmsg+0x10/0x10
[  139.681519][T12500]  ? import_iovec+0x74/0xa0
[  139.681528][T12500]  ___sys_sendmsg+0x21f/0x2a0
[  139.681538][T12500]  ? __pfx____sys_sendmsg+0x10/0x10
[  139.681562][T12500]  ? __fget_files+0x2a/0x420
[  139.681570][T12500]  ? __fget_files+0x3a0/0x420
[  139.681582][T12500]  __x64_sys_sendmsg+0x19b/0x260
[  139.681592][T12500]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  139.681606][T12500]  ? rcu_is_watching+0x15/0xb0
[  139.681619][T12500]  ? do_syscall_64+0xbe/0x3b0
[  139.681627][T12500]  do_syscall_64+0xfa/0x3b0
[  139.681633][T12500]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.681642][T12500]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.681649][T12500]  ? exc_page_fault+0x9f/0xf0
[  139.681660][T12500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.681668][T12500] RIP: 0033:0x7f0ab5d8e929
[  139.681675][T12500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.681682][T12500] RSP: 002b:00007f0ab6c7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  139.681691][T12500] RAX: ffffffffffffffda RBX: 00007f0ab5fb5fa0 RCX: 00007f0ab5d8e929
[  139.681696][T12500] RDX: 000000002000c800 RSI: 0000200000000040 RDI: 0000000000000004
[  139.681701][T12500] RBP: 00007f0ab5e10b39 R08: 0000000000000000 R09: 0000000000000000
[  139.681706][T12500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  139.681710][T12500] R13: 0000000000000000 R14: 00007f0ab5fb5fa0 R15: 00007ffd63b00de8
[  139.681723][T12500]  </TASK>
[  140.013868][T12526] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-tlb(5)
[  140.018762][T12527] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-tlb(5)
[  140.130525][T12541] validate_nla: 10 callbacks suppressed
[  140.130534][T12541] netlink: 'syz.2.1855': attribute type 39 has an invalid length.
[  140.168717][T12547] netlink: 'syz.1.1857': attribute type 9 has an invalid length.
[  140.171422][T12547] netlink: 'syz.1.1857': attribute type 6 has an invalid length.
[  140.433970][T12585] netlink: 'syz.0.1868': attribute type 14 has an invalid length.
[  140.450556][T12589] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  140.454387][T12589] CPU: 1 UID: 0 PID: 12589 Comm: syz.2.1870 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  140.454398][T12589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  140.454403][T12589] Call Trace:
[  140.454407][T12589]  <TASK>
[  140.454410][T12589]  dump_stack_lvl+0x189/0x250
[  140.454427][T12589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.454439][T12589]  ? __pfx__printk+0x10/0x10
[  140.454447][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.454456][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.454463][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.454472][T12589]  ? kernfs_path_from_node+0x22c/0x260
[  140.454479][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.454488][T12589]  sysfs_warn_dup+0x8e/0xa0
[  140.454497][T12589]  sysfs_do_create_link_sd+0xc0/0x110
[  140.454506][T12589]  device_add_class_symlinks+0x1cf/0x240
[  140.454515][T12589]  device_add+0x475/0xb50
[  140.454524][T12589]  wiphy_register+0x199a/0x26b0
[  140.454553][T12589]  ? __pfx_wiphy_register+0x10/0x10
[  140.454563][T12589]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  140.454575][T12589]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  140.454585][T12589]  ieee80211_register_hw+0x33e1/0x4120
[  140.454602][T12589]  ? ieee80211_register_hw+0x14c1/0x4120
[  140.454614][T12589]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  140.454625][T12589]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  140.454639][T12589]  ? __hrtimer_setup+0x187/0x210
[  140.454651][T12589]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  140.454665][T12589]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  140.454689][T12589]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  140.454700][T12589]  ? trace_kmalloc+0x1f/0xd0
[  140.454706][T12589]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  140.454713][T12589]  ? kstrndup+0xbf/0x160
[  140.454726][T12589]  hwsim_new_radio_nl+0xea4/0x1b10
[  140.454735][T12589]  ? __pfx___nla_validate_parse+0x10/0x10
[  140.454752][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.454764][T12589]  ? __nla_parse+0x40/0x60
[  140.454775][T12589]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  140.454789][T12589]  genl_family_rcv_msg_doit+0x215/0x300
[  140.454803][T12589]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  140.454837][T12589]  ? bpf_lsm_capable+0x9/0x20
[  140.454846][T12589]  ? security_capable+0x7e/0x2e0
[  140.454857][T12589]  genl_rcv_msg+0x60e/0x790
[  140.454870][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.454879][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.454892][T12589]  netlink_rcv_skb+0x208/0x470
[  140.454901][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.454911][T12589]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  140.454926][T12589]  ? down_read+0x1ad/0x2e0
[  140.454934][T12589]  genl_rcv+0x28/0x40
[  140.454943][T12589]  netlink_unicast+0x75b/0x8d0
[  140.454954][T12589]  netlink_sendmsg+0x805/0xb30
[  140.454966][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.454976][T12589]  ? aa_sock_msg_perm+0x94/0x160
[  140.454986][T12589]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  140.454995][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.455003][T12589]  __sock_sendmsg+0x21c/0x270
[  140.455016][T12589]  ____sys_sendmsg+0x505/0x830
[  140.455027][T12589]  ? __pfx_____sys_sendmsg+0x10/0x10
[  140.455039][T12589]  ? import_iovec+0x74/0xa0
[  140.455047][T12589]  ___sys_sendmsg+0x21f/0x2a0
[  140.455057][T12589]  ? __pfx____sys_sendmsg+0x10/0x10
[  140.455081][T12589]  ? __fget_files+0x2a/0x420
[  140.455088][T12589]  ? __fget_files+0x3a0/0x420
[  140.455100][T12589]  __x64_sys_sendmsg+0x19b/0x260
[  140.455110][T12589]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  140.455123][T12589]  ? rcu_is_watching+0x15/0xb0
[  140.455136][T12589]  ? do_syscall_64+0xbe/0x3b0
[  140.455144][T12589]  do_syscall_64+0xfa/0x3b0
[  140.455150][T12589]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.455159][T12589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.455166][T12589]  ? exc_page_fault+0x9f/0xf0
[  140.455177][T12589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.455188][T12589] RIP: 0033:0x7f0ab5d8e929
[  140.455195][T12589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.455201][T12589] RSP: 002b:00007f0ab6c5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.455211][T12589] RAX: ffffffffffffffda RBX: 00007f0ab5fb6080 RCX: 00007f0ab5d8e929
[  140.455216][T12589] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  140.455221][T12589] RBP: 00007f0ab5e10b39 R08: 0000000000000000 R09: 0000000000000000
[  140.455225][T12589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  140.455229][T12589] R13: 0000000000000000 R14: 00007f0ab5fb6080 R15: 00007ffd63b00de8
[  140.455241][T12589]  </TASK>
[  140.464130][T12592] netlink: 'syz.1.1871': attribute type 9 has an invalid length.
[  140.468135][T12586] netlink: 'syz.0.1868': attribute type 14 has an invalid length.
[  140.517757][T12585] openvswitch: netlink: Key type 30 is not supported
[  140.671505][T12589] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  140.678212][T12589] CPU: 1 UID: 0 PID: 12589 Comm: syz.2.1870 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  140.678224][T12589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  140.678229][T12589] Call Trace:
[  140.678232][T12589]  <TASK>
[  140.678235][T12589]  dump_stack_lvl+0x189/0x250
[  140.678251][T12589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.678262][T12589]  ? __pfx__printk+0x10/0x10
[  140.678271][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.678280][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.678287][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.678295][T12589]  ? kernfs_path_from_node+0x22c/0x260
[  140.678303][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.678312][T12589]  sysfs_warn_dup+0x8e/0xa0
[  140.678321][T12589]  sysfs_do_create_link_sd+0xc0/0x110
[  140.678330][T12589]  device_add_class_symlinks+0x1cf/0x240
[  140.678340][T12589]  device_add+0x475/0xb50
[  140.678349][T12589]  wiphy_register+0x199a/0x26b0
[  140.678364][T12589]  ? __pfx_wiphy_register+0x10/0x10
[  140.678371][T12589]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  140.678383][T12589]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  140.678393][T12589]  ieee80211_register_hw+0x33e1/0x4120
[  140.678409][T12589]  ? ieee80211_register_hw+0x14c1/0x4120
[  140.678441][T12589]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  140.678452][T12589]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  140.678466][T12589]  ? __hrtimer_setup+0x187/0x210
[  140.678476][T12589]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  140.678485][T12589]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  140.678509][T12589]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  140.678520][T12589]  ? trace_kmalloc+0x1f/0xd0
[  140.678526][T12589]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  140.678533][T12589]  ? kstrndup+0xbf/0x160
[  140.678547][T12589]  hwsim_new_radio_nl+0xea4/0x1b10
[  140.678555][T12589]  ? __pfx___nla_validate_parse+0x10/0x10
[  140.678572][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.678584][T12589]  ? __nla_parse+0x40/0x60
[  140.678596][T12589]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  140.678610][T12589]  genl_family_rcv_msg_doit+0x215/0x300
[  140.678623][T12589]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  140.678638][T12589]  ? bpf_lsm_capable+0x9/0x20
[  140.678645][T12589]  ? security_capable+0x7e/0x2e0
[  140.678656][T12589]  genl_rcv_msg+0x60e/0x790
[  140.678669][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.678679][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.678692][T12589]  netlink_rcv_skb+0x208/0x470
[  140.678700][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.678710][T12589]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  140.678725][T12589]  ? down_read+0x1ad/0x2e0
[  140.678733][T12589]  genl_rcv+0x28/0x40
[  140.678742][T12589]  netlink_unicast+0x75b/0x8d0
[  140.678753][T12589]  netlink_sendmsg+0x805/0xb30
[  140.678765][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.678775][T12589]  ? aa_sock_msg_perm+0x94/0x160
[  140.678786][T12589]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  140.678794][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.678803][T12589]  __sock_sendmsg+0x21c/0x270
[  140.678838][T12589]  ____sys_sendmsg+0x505/0x830
[  140.678851][T12589]  ? __pfx_____sys_sendmsg+0x10/0x10
[  140.678864][T12589]  ? import_iovec+0x74/0xa0
[  140.678873][T12589]  ___sys_sendmsg+0x21f/0x2a0
[  140.678883][T12589]  ? __pfx____sys_sendmsg+0x10/0x10
[  140.678907][T12589]  ? __fget_files+0x2a/0x420
[  140.678914][T12589]  ? __fget_files+0x3a0/0x420
[  140.678926][T12589]  __x64_sys_sendmsg+0x19b/0x260
[  140.678936][T12589]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  140.678949][T12589]  ? rcu_is_watching+0x15/0xb0
[  140.678962][T12589]  ? do_syscall_64+0xbe/0x3b0
[  140.678970][T12589]  do_syscall_64+0xfa/0x3b0
[  140.678976][T12589]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.678986][T12589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.678993][T12589]  ? exc_page_fault+0x9f/0xf0
[  140.679004][T12589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.679011][T12589] RIP: 0033:0x7f0ab5d8e929
[  140.679018][T12589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.679025][T12589] RSP: 002b:00007f0ab6c5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.679033][T12589] RAX: ffffffffffffffda RBX: 00007f0ab5fb6080 RCX: 00007f0ab5d8e929
[  140.679039][T12589] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  140.679043][T12589] RBP: 00007f0ab5e10b39 R08: 0000000000000000 R09: 0000000000000000
[  140.679047][T12589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  140.679052][T12589] R13: 0000000000000000 R14: 00007f0ab5fb6080 R15: 00007ffd63b00de8
[  140.679063][T12589]  </TASK>
[  140.823262][T12602] netlink: 'syz.1.1873': attribute type 13 has an invalid length.
[  140.837661][T12589] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  140.849220][T12602] netlink: 'syz.1.1873': attribute type 17 has an invalid length.
[  140.852566][T12589] CPU: 0 UID: 0 PID: 12589 Comm: syz.2.1870 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  140.852579][T12589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  140.852583][T12589] Call Trace:
[  140.852586][T12589]  <TASK>
[  140.852591][T12589]  dump_stack_lvl+0x189/0x250
[  140.852607][T12589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.852618][T12589]  ? __pfx__printk+0x10/0x10
[  140.852627][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.852636][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.852643][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.852651][T12589]  ? kernfs_path_from_node+0x22c/0x260
[  140.852659][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  140.852668][T12589]  sysfs_warn_dup+0x8e/0xa0
[  140.852676][T12589]  sysfs_do_create_link_sd+0xc0/0x110
[  140.852685][T12589]  device_add_class_symlinks+0x1cf/0x240
[  140.852695][T12589]  device_add+0x475/0xb50
[  140.852704][T12589]  wiphy_register+0x199a/0x26b0
[  140.852719][T12589]  ? __pfx_wiphy_register+0x10/0x10
[  140.852726][T12589]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  140.852738][T12589]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  140.852748][T12589]  ieee80211_register_hw+0x33e1/0x4120
[  140.852765][T12589]  ? ieee80211_register_hw+0x14c1/0x4120
[  140.852777][T12589]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  140.852788][T12589]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  140.852801][T12589]  ? __hrtimer_setup+0x187/0x210
[  140.852812][T12589]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  140.852847][T12589]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  140.852871][T12589]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  140.852882][T12589]  ? trace_kmalloc+0x1f/0xd0
[  140.852889][T12589]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  140.852895][T12589]  ? kstrndup+0xbf/0x160
[  140.852908][T12589]  hwsim_new_radio_nl+0xea4/0x1b10
[  140.852916][T12589]  ? __pfx___nla_validate_parse+0x10/0x10
[  140.852933][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.852944][T12589]  ? __nla_parse+0x40/0x60
[  140.852956][T12589]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  140.852970][T12589]  genl_family_rcv_msg_doit+0x215/0x300
[  140.852983][T12589]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  140.852998][T12589]  ? bpf_lsm_capable+0x9/0x20
[  140.853005][T12589]  ? security_capable+0x7e/0x2e0
[  140.853018][T12589]  genl_rcv_msg+0x60e/0x790
[  140.853032][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.853041][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.853054][T12589]  netlink_rcv_skb+0x208/0x470
[  140.853062][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.853072][T12589]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  140.853087][T12589]  ? down_read+0x1ad/0x2e0
[  140.853095][T12589]  genl_rcv+0x28/0x40
[  140.853105][T12589]  netlink_unicast+0x75b/0x8d0
[  140.853116][T12589]  netlink_sendmsg+0x805/0xb30
[  140.853128][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.853138][T12589]  ? aa_sock_msg_perm+0x94/0x160
[  140.853149][T12589]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  140.853158][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.853168][T12589]  __sock_sendmsg+0x21c/0x270
[  140.853180][T12589]  ____sys_sendmsg+0x505/0x830
[  140.853191][T12589]  ? __pfx_____sys_sendmsg+0x10/0x10
[  140.853204][T12589]  ? import_iovec+0x74/0xa0
[  140.853212][T12589]  ___sys_sendmsg+0x21f/0x2a0
[  140.853222][T12589]  ? __pfx____sys_sendmsg+0x10/0x10
[  140.853245][T12589]  ? __fget_files+0x2a/0x420
[  140.853252][T12589]  ? __fget_files+0x3a0/0x420
[  140.853264][T12589]  __x64_sys_sendmsg+0x19b/0x260
[  140.853272][T12589]  ? _raw_spin_unlock_irq+0x23/0x50
[  140.853282][T12589]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  140.853295][T12589]  ? rcu_is_watching+0x15/0xb0
[  140.853308][T12589]  ? do_syscall_64+0xbe/0x3b0
[  140.853317][T12589]  do_syscall_64+0xfa/0x3b0
[  140.853322][T12589]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.853332][T12589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.853339][T12589]  ? exc_page_fault+0x9f/0xf0
[  140.853350][T12589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.853356][T12589] RIP: 0033:0x7f0ab5d8e929
[  140.853364][T12589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.853370][T12589] RSP: 002b:00007f0ab6c5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.853379][T12589] RAX: ffffffffffffffda RBX: 00007f0ab5fb6080 RCX: 00007f0ab5d8e929
[  140.853385][T12589] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  140.853389][T12589] RBP: 00007f0ab5e10b39 R08: 0000000000000000 R09: 0000000000000000
[  140.853394][T12589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  140.853398][T12589] R13: 0000000000000000 R14: 00007f0ab5fb6080 R15: 00007ffd63b00de8
[  140.853410][T12589]  </TASK>
[  141.016616][T12602] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  141.048769][T12589] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  141.052658][T12589] CPU: 0 UID: 0 PID: 12589 Comm: syz.2.1870 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  141.052669][T12589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  141.052674][T12589] Call Trace:
[  141.052677][T12589]  <TASK>
[  141.052680][T12589]  dump_stack_lvl+0x189/0x250
[  141.052697][T12589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.052708][T12589]  ? __pfx__printk+0x10/0x10
[  141.052716][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  141.052725][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  141.052732][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  141.052741][T12589]  ? kernfs_path_from_node+0x22c/0x260
[  141.052748][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  141.052758][T12589]  sysfs_warn_dup+0x8e/0xa0
[  141.052766][T12589]  sysfs_do_create_link_sd+0xc0/0x110
[  141.052775][T12589]  device_add_class_symlinks+0x1cf/0x240
[  141.052785][T12589]  device_add+0x475/0xb50
[  141.052794][T12589]  wiphy_register+0x199a/0x26b0
[  141.052808][T12589]  ? __pfx_wiphy_register+0x10/0x10
[  141.052838][T12589]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  141.052849][T12589]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  141.052860][T12589]  ieee80211_register_hw+0x33e1/0x4120
[  141.052876][T12589]  ? ieee80211_register_hw+0x14c1/0x4120
[  141.052888][T12589]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  141.052899][T12589]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  141.052912][T12589]  ? __hrtimer_setup+0x187/0x210
[  141.052922][T12589]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  141.052932][T12589]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  141.052955][T12589]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  141.052966][T12589]  ? trace_kmalloc+0x1f/0xd0
[  141.052972][T12589]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  141.052979][T12589]  ? kstrndup+0xbf/0x160
[  141.052991][T12589]  hwsim_new_radio_nl+0xea4/0x1b10
[  141.053000][T12589]  ? __pfx___nla_validate_parse+0x10/0x10
[  141.053015][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  141.053028][T12589]  ? __nla_parse+0x40/0x60
[  141.053039][T12589]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  141.053053][T12589]  genl_family_rcv_msg_doit+0x215/0x300
[  141.053066][T12589]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  141.053081][T12589]  ? bpf_lsm_capable+0x9/0x20
[  141.053088][T12589]  ? security_capable+0x7e/0x2e0
[  141.053099][T12589]  genl_rcv_msg+0x60e/0x790
[  141.053112][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  141.053121][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  141.053134][T12589]  netlink_rcv_skb+0x208/0x470
[  141.053142][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  141.053152][T12589]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  141.053167][T12589]  ? down_read+0x1ad/0x2e0
[  141.053175][T12589]  genl_rcv+0x28/0x40
[  141.053184][T12589]  netlink_unicast+0x75b/0x8d0
[  141.053196][T12589]  netlink_sendmsg+0x805/0xb30
[  141.053208][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.053217][T12589]  ? aa_sock_msg_perm+0x94/0x160
[  141.053227][T12589]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  141.053236][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.053244][T12589]  __sock_sendmsg+0x21c/0x270
[  141.053257][T12589]  ____sys_sendmsg+0x505/0x830
[  141.053268][T12589]  ? __pfx_____sys_sendmsg+0x10/0x10
[  141.053280][T12589]  ? import_iovec+0x74/0xa0
[  141.053289][T12589]  ___sys_sendmsg+0x21f/0x2a0
[  141.053298][T12589]  ? __pfx____sys_sendmsg+0x10/0x10
[  141.053322][T12589]  ? __fget_files+0x2a/0x420
[  141.053329][T12589]  ? __fget_files+0x3a0/0x420
[  141.053341][T12589]  __x64_sys_sendmsg+0x19b/0x260
[  141.053349][T12589]  ? _raw_spin_unlock_irq+0x23/0x50
[  141.053359][T12589]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  141.053372][T12589]  ? rcu_is_watching+0x15/0xb0
[  141.053384][T12589]  ? do_syscall_64+0xbe/0x3b0
[  141.053393][T12589]  do_syscall_64+0xfa/0x3b0
[  141.053399][T12589]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.053408][T12589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.053420][T12589]  ? exc_page_fault+0x9f/0xf0
[  141.053431][T12589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.053438][T12589] RIP: 0033:0x7f0ab5d8e929
[  141.053445][T12589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.053452][T12589] RSP: 002b:00007f0ab6c5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.053460][T12589] RAX: ffffffffffffffda RBX: 00007f0ab5fb6080 RCX: 00007f0ab5d8e929
[  141.053466][T12589] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  141.053470][T12589] RBP: 00007f0ab5e10b39 R08: 0000000000000000 R09: 0000000000000000
[  141.053474][T12589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  141.053478][T12589] R13: 0000000000000000 R14: 00007f0ab5fb6080 R15: 00007ffd63b00de8
[  141.053490][T12589]  </TASK>
[  141.221217][T12589] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  141.226119][T12589] CPU: 0 UID: 0 PID: 12589 Comm: syz.2.1870 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  141.226135][T12589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  141.226142][T12589] Call Trace:
[  141.226146][T12589]  <TASK>
[  141.226152][T12589]  dump_stack_lvl+0x189/0x250
[  141.226176][T12589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.226193][T12589]  ? __pfx__printk+0x10/0x10
[  141.226206][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  141.226219][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  141.226230][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  141.226241][T12589]  ? kernfs_path_from_node+0x22c/0x260
[  141.226248][T12589]  ? kernfs_path_from_node+0x2c/0x260
[  141.226257][T12589]  sysfs_warn_dup+0x8e/0xa0
[  141.226266][T12589]  sysfs_do_create_link_sd+0xc0/0x110
[  141.226275][T12589]  device_add_class_symlinks+0x1cf/0x240
[  141.226284][T12589]  device_add+0x475/0xb50
[  141.226293][T12589]  wiphy_register+0x199a/0x26b0
[  141.226308][T12589]  ? __pfx_wiphy_register+0x10/0x10
[  141.226315][T12589]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  141.226327][T12589]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  141.226337][T12589]  ieee80211_register_hw+0x33e1/0x4120
[  141.226353][T12589]  ? ieee80211_register_hw+0x14c1/0x4120
[  141.226365][T12589]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  141.226376][T12589]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  141.226389][T12589]  ? __hrtimer_setup+0x187/0x210
[  141.226399][T12589]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  141.226415][T12589]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  141.226438][T12589]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  141.226449][T12589]  ? trace_kmalloc+0x1f/0xd0
[  141.226454][T12589]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  141.226461][T12589]  ? kstrndup+0xbf/0x160
[  141.226474][T12589]  hwsim_new_radio_nl+0xea4/0x1b10
[  141.226482][T12589]  ? __pfx___nla_validate_parse+0x10/0x10
[  141.226498][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  141.226510][T12589]  ? __nla_parse+0x40/0x60
[  141.226521][T12589]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  141.226536][T12589]  genl_family_rcv_msg_doit+0x215/0x300
[  141.226549][T12589]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  141.226564][T12589]  ? bpf_lsm_capable+0x9/0x20
[  141.226570][T12589]  ? security_capable+0x7e/0x2e0
[  141.226582][T12589]  genl_rcv_msg+0x60e/0x790
[  141.226594][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  141.226603][T12589]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  141.226616][T12589]  netlink_rcv_skb+0x208/0x470
[  141.226624][T12589]  ? __pfx_genl_rcv_msg+0x10/0x10
[  141.226634][T12589]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  141.226649][T12589]  ? down_read+0x1ad/0x2e0
[  141.226657][T12589]  genl_rcv+0x28/0x40
[  141.226666][T12589]  netlink_unicast+0x75b/0x8d0
[  141.226677][T12589]  netlink_sendmsg+0x805/0xb30
[  141.226689][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.226699][T12589]  ? aa_sock_msg_perm+0x94/0x160
[  141.226708][T12589]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  141.226717][T12589]  ? __pfx_netlink_sendmsg+0x10/0x10
[  141.226726][T12589]  __sock_sendmsg+0x21c/0x270
[  141.226737][T12589]  ____sys_sendmsg+0x505/0x830
[  141.226748][T12589]  ? __pfx_____sys_sendmsg+0x10/0x10
[  141.226761][T12589]  ? import_iovec+0x74/0xa0
[  141.226769][T12589]  ___sys_sendmsg+0x21f/0x2a0
[  141.226778][T12589]  ? __pfx____sys_sendmsg+0x10/0x10
[  141.226802][T12589]  ? __fget_files+0x2a/0x420
[  141.226833][T12589]  ? __fget_files+0x3a0/0x420
[  141.226847][T12589]  __x64_sys_sendmsg+0x19b/0x260
[  141.226855][T12589]  ? _raw_spin_unlock_irq+0x23/0x50
[  141.226865][T12589]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  141.226878][T12589]  ? rcu_is_watching+0x15/0xb0
[  141.226891][T12589]  ? do_syscall_64+0xbe/0x3b0
[  141.226899][T12589]  do_syscall_64+0xfa/0x3b0
[  141.226905][T12589]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.226915][T12589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.226922][T12589]  ? exc_page_fault+0x9f/0xf0
[  141.226932][T12589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.226939][T12589] RIP: 0033:0x7f0ab5d8e929
[  141.226953][T12589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.226959][T12589] RSP: 002b:00007f0ab6c5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  141.226968][T12589] RAX: ffffffffffffffda RBX: 00007f0ab5fb6080 RCX: 00007f0ab5d8e929
[  141.226973][T12589] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  141.226978][T12589] RBP: 00007f0ab5e10b39 R08: 0000000000000000 R09: 0000000000000000
[  141.226982][T12589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  141.226986][T12589] R13: 0000000000000000 R14: 00007f0ab5fb6080 R15: 00007ffd63b00de8
[  141.226998][T12589]  </TASK>
[  141.407402][T12602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  141.457105][T12602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  141.589740][T12620] tipc: Resetting bearer <eth:syzkaller0>
[  141.740985][T12637] netlink: 'syz.0.1886': attribute type 30 has an invalid length.
[  141.752603][T12637] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  141.755462][T12637] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  141.758087][T12637] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  141.760676][T12637] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  141.765717][T12637] netlink: 'syz.0.1886': attribute type 30 has an invalid length.
[  141.957338][T12660] dvmrp0: entered allmulticast mode
[  142.122074][T12681] bond0: entered promiscuous mode
[  142.124433][T12681] batadv0: entered promiscuous mode
[  142.127868][T12681] batadv0: left promiscuous mode
[  142.129834][T12681] bond0: left promiscuous mode
[  142.228386][T12695] pimreg: entered allmulticast mode
[  142.243624][T12686] dvmrp0: left allmulticast mode
[  142.251817][T12686] pimreg: left allmulticast mode
[  142.294923][T12679] openvswitch: netlink: Flow actions attr not present in new flow.
[  142.449647][T12718] lo speed is unknown, defaulting to 1000
[  142.808839][T12726] bond23: entered promiscuous mode
[  142.810746][T12726] 8021q: adding VLAN 0 to HW filter on device bond23
[  142.833026][T12726] 8021q: adding VLAN 0 to HW filter on device bond23
[  142.835692][T12726] bond23: (slave vcan0): The slave device specified does not support setting the MAC address
[  142.838826][T12726] bond23: (slave vcan0): Setting fail_over_mac to active for active-backup mode
[  142.845645][T12726] bond23: (slave vcan0): making interface the new active one
[  142.848026][T12726] vcan0: entered promiscuous mode
[  142.850295][T12726] bond23: (slave vcan0): Enslaving as an active interface with an up link
[  142.906907][T12732] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.077047][T12752] 8021q: adding VLAN 0 to HW filter on device bond25
[  143.089380][T12752] 8021q: adding VLAN 0 to HW filter on device bond25
[  143.091842][T12752] bond25: (slave vxcan1): The slave device specified does not support setting the MAC address
[  143.096391][T12752] bond25: (slave vxcan1): Error -95 calling set_mac_address
[  143.137614][T12752] __nla_validate_parse: 107 callbacks suppressed
[  143.137624][T12752] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1917'.
[  143.143371][T12752] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1917'.
[  143.187704][T12752] erspan0: entered allmulticast mode
[  143.403412][T12773] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1923'.
[  143.557729][T12797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1928'.
[  143.611602][T12802] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1931'.
[  143.802914][T12811] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1933'.
[  144.570282][T12824] lo speed is unknown, defaulting to 1000
[  144.606660][T12824] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1938'.
[  144.654363][T12832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1939'.
[  144.673220][ T5281] IPVS: starting estimator thread 0...
[  144.732248][T12835] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  144.764976][T12833] IPVS: using max 78 ests per chain, 187200 per kthread
[  144.769146][T12837] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1940'.
[  144.789169][T12835] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  144.849469][T12835] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  144.867290][T12841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1942'.
[  144.898958][ T8376] IPVS: stop unused estimator thread 0...
[  144.927925][T12835] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  144.999613][T12848] Cannot find del_set index 2 as target
[  145.028497][T12835] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  145.038041][T12835] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  145.047314][T12835] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  145.055344][T12835] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  145.065985][T12852] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  145.167308][T12862] ip6gre2: entered allmulticast mode
[  145.195025][T12864] Cannot find del_set index 2 as target
[  145.453561][T12887] dvmrp0: entered allmulticast mode
[  145.541937][T12900] netpci0: tun_chr_ioctl cmd 1074025681
[  145.620298][T12905] pim6reg9: entered allmulticast mode
[  145.791823][T12909] tipc: Resetting bearer <eth:syzkaller0>
[  145.818269][T12917] validate_nla: 12 callbacks suppressed
[  145.818278][T12917] netlink: 'syz.0.1969': attribute type 1 has an invalid length.
[  145.832961][T12917] 8021q: adding VLAN 0 to HW filter on device bond26
[  145.861612][T12917] bond26: (slave bridge19): making interface the new active one
[  145.865346][T12917] bond26: (slave bridge19): Enslaving as an active interface with an up link
[  145.876342][T12917] bond26: (slave vlan1): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  146.063388][T12937] Cannot find del_set index 2 as target
[  146.199790][T12955] netlink: 'syz.1.1983': attribute type 10 has an invalid length.
[  146.291878][T12964] netlink: 'syz.1.1987': attribute type 1 has an invalid length.
[  146.314400][T12964] bond18: (slave gretap4): making interface the new active one
[  146.320134][T12964] bond18: (slave gretap4): Enslaving as an active interface with an up link
[  146.374510][T12972] lo speed is unknown, defaulting to 1000
[  146.457411][T12981] Cannot find del_set index 2 as target
[  146.465656][T12972] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  146.521363][T12986] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  146.522223][T12972] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  146.531112][T12985] netlink: 'syz.0.1994': attribute type 32 has an invalid length.
[  146.587852][T12972] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  146.587885][T12973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  146.995613][T13009] Cannot find del_set index 2 as target
[  147.061337][T13016] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  147.065791][T13017] netlink: 'syz.2.2004': attribute type 1 has an invalid length.
[  147.180875][T13025] vlan0: entered allmulticast mode
[  147.183816][T13025] dummy0: entered allmulticast mode
[  147.315830][T13041] netlink: 'syz.1.2012': attribute type 39 has an invalid length.
[  147.507284][T13059] bond16: (slave veth21): Releasing active interface
[  147.512388][T13059] bond17: (slave gretap3): Releasing active interface
[  147.518792][T13059] bond18: (slave gretap4): Releasing active interface
[  147.533273][T13059] netlink: 'syz.1.2017': attribute type 10 has an invalid length.
[  147.542196][   T47] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[  147.595643][T13067] netlink: 'syz.1.2020': attribute type 32 has an invalid length.
[  147.741357][T13085] Cannot find del_set index 2 as target
[  147.769499][T13087] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  147.897827][T13096] netlink: 'syz.0.2029': attribute type 1 has an invalid length.
[  148.007379][T13108] netlink: 'syz.1.2032': attribute type 1 has an invalid length.
[  148.026182][   T47] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[  148.247392][T13131] openvswitch: netlink: Flow key attr not present in new flow.
[  148.333327][T13131] sctp: [Deprecated]: syz.2.2036 (pid 13131) Use of int in max_burst socket option deprecated.
[  148.333327][T13131] Use struct sctp_assoc_value instead
[  148.535191][T13147] __nla_validate_parse: 41 callbacks suppressed
[  148.535201][T13147] netlink: 312 bytes leftover after parsing attributes in process `syz.1.2044'.
[  148.579319][T13151] set match dimension is over the limit!
[  148.626262][T13157] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2048'.
[  148.641620][T13157] netlink: 200 bytes leftover after parsing attributes in process `syz.1.2048'.
[  148.647390][T13157] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2048'.
[  148.698504][T13161] netlink: 120 bytes leftover after parsing attributes in process `syz.1.2050'.
[  148.728997][T13161] bond21: (slave ip6gretap4): Enslaving as a backup interface with an up link
[  148.744001][ T5830] bond21: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  148.744452][T13162] 8021q: adding VLAN 0 to HW filter on device bond21
[  148.781814][T13173] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2054'.
[  148.854678][ T5826] bond21: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  148.937109][T13192] netlink: 248 bytes leftover after parsing attributes in process `syz.0.2060'.
[  149.197050][T13213] 8021q: adding VLAN 0 to HW filter on device bond27
[  149.199892][T13213] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2063'.
[  149.224937][T13219] Cannot find del_set index 2 as target
[  149.272016][T13223] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  149.307301][T13223] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  149.322392][T13224] x_tables: duplicate underflow at hook 1
[  149.348028][T13223] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  149.389874][T13223] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  149.435276][T13223] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  149.442270][T13223] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  149.450095][T13223] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  149.456928][T13223] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  149.536152][T13230] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  149.576057][T13234] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2069'.
[  149.611004][T13236] : entered promiscuous mode
[  149.672046][T13248] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2073'.
[  149.752245][T13257] bond17: (slave erspan0): Releasing active interface
[  149.759615][T13257] bond17: (slave veth15): Releasing active interface
[  149.771660][T13257] bond18: (slave gretap2): Releasing backup interface
[  149.781335][T13257] bond23: (slave vcan0): Releasing backup interface
[  149.783412][T13257] vcan0: left promiscuous mode
[  150.054034][T13288] IPVS: length: 24 != 10680
[  150.064156][T13289] 8021q: adding VLAN 0 to HW filter on device bond26
[  150.069187][T13289] bridge0: port 1(bond26) entered blocking state
[  150.071445][T13289] bridge0: port 1(bond26) entered disabled state
[  150.073533][T13289] bond26: entered allmulticast mode
[  150.076568][T13289] bond26: entered promiscuous mode
[  150.090251][T13288] 8021q: adding VLAN 0 to HW filter on device bond28
[  150.176839][T13297] vlan3: entered promiscuous mode
[  150.178575][T13297] bridge0: entered promiscuous mode
[  150.307213][T13316] netlink: 'syz.1.2102': attribute type 11 has an invalid length.
[  150.459612][T13333] 8021q: adding VLAN 0 to HW filter on device bond22
[  150.906758][T13374] sctp: [Deprecated]: syz.0.2122 (pid 13374) Use of int in maxseg socket option.
[  150.906758][T13374] Use struct sctp_assoc_value instead
[  151.280603][T13378] gretap0: entered allmulticast mode
[  151.366847][T13382] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  151.390452][T13384] validate_nla: 14 callbacks suppressed
[  151.390462][T13384] netlink: 'syz.2.2126': attribute type 1 has an invalid length.
[  151.421462][T13384] 8021q: adding VLAN 0 to HW filter on device bond27
[  151.425347][T13384] netlink: 'syz.2.2126': attribute type 1 has an invalid length.
[  151.604369][T13401] bridge9: port 1(veth19) entered blocking state
[  151.607361][T13401] bridge9: port 1(veth19) entered disabled state
[  151.609658][T13401] veth19: entered allmulticast mode
[  151.612300][T13401] veth19: entered promiscuous mode
[  151.617884][T13401] veth0_to_bond: left allmulticast mode
[  151.619990][T13401] bridge9: port 2(veth0_to_bond) entered blocking state
[  151.622458][T13401] bridge9: port 2(veth0_to_bond) entered disabled state
[  151.625670][T13401] veth0_to_bond: entered allmulticast mode
[  151.628589][T13401] veth0_to_bond: entered promiscuous mode
[  151.636721][T13401] vlan0: entered allmulticast mode
[  151.638524][T13401] veth1: entered allmulticast mode
[  151.640453][T13401] bridge9: port 3(vlan0) entered blocking state
[  151.642796][T13401] bridge9: port 3(vlan0) entered disabled state
[  151.646125][T13401] vlan0: entered promiscuous mode
[  151.647822][T13401] veth1: entered promiscuous mode
[  151.704397][T13406] netlink: 'syz.2.2134': attribute type 11 has an invalid length.
[  151.869300][T13429] netlink: 'syz.0.2143': attribute type 11 has an invalid length.
[  151.981310][T13444] dvmrp8: entered allmulticast mode
[  152.134731][    C0] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[  152.369992][T13494] netlink: 'syz.2.2166': attribute type 2 has an invalid length.
[  152.377776][T13494] : entered promiscuous mode
[  152.447486][T13503] netlink: 'syz.1.2168': attribute type 11 has an invalid length.
[  152.452767][T13501] 8021q: adding VLAN 0 to HW filter on device bond29
[  152.471065][T13501] 8021q: adding VLAN 0 to HW filter on device bond29
[  152.473730][T13501] bond29: (slave vti2): The slave device specified does not support setting the MAC address
[  152.477715][T13501] bond29: (slave vti2): Error -95 calling set_mac_address
[  152.531122][T13510] batadv_slave_0: left allmulticast mode
[  152.567888][T13514] netlink: 'syz.1.2174': attribute type 1 has an invalid length.
[  152.588962][T13514] bond23: entered promiscuous mode
[  152.592797][T13514] 8021q: adding VLAN 0 to HW filter on device bond23
[  152.596249][T13519] netlink: 'syz.0.2175': attribute type 1 has an invalid length.
[  152.632244][T13519] bond30: (slave bridge22): making interface the new active one
[  152.636738][T13519] bond30: (slave bridge22): Enslaving as an active interface with an up link
[  152.732325][T13527] lo speed is unknown, defaulting to 1000
[  152.758846][T13534] Cannot find del_set index 2 as target
[  152.857284][T13544] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  152.857532][T13546] x_tables: duplicate underflow at hook 1
[  152.860361][T13544] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 51208 - 0
[  152.928854][T13544] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  152.931953][T13544] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 51208 - 0
[  152.970116][T13544] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  152.973229][T13544] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 51208 - 0
[  152.991497][T13551] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  153.017472][T13544] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  153.020597][T13544] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 51208 - 0
[  153.057805][T13551] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  153.132530][T13544] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  153.135531][T13544] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 51208 - 0
[  153.143007][T13544] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  153.146737][T13544] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 51208 - 0
[  153.154032][T13544] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  153.156779][T13544] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 51208 - 0
[  153.165993][T13544] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  153.168484][T13544] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 51208 - 0
[  153.173053][T13551] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  153.216433][T13559] netlink: 'syz.2.2191': attribute type 4 has an invalid length.
[  153.228876][T13551] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  153.244372][T13561] Cannot find del_set index 2 as target
[  153.286699][T13551] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  153.297694][T13551] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  153.306607][T13551] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  153.315585][T13551] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  153.353745][T13569] bond0: (slave wlan1): Releasing backup interface
[  153.358905][T13569] tipc: Resetting bearer <eth:syzkaller0>
[  153.361713][T13569] bond19: (slave bridge13): Releasing active interface
[  153.366903][T13569] bond23: (slave gretap3): Releasing active interface
[  153.370886][T13569] bond26: (slave bridge19): Releasing active interface
[  153.376423][T13569] bond30: (slave bridge22): Releasing active interface
[  153.380708][T13567] batadv_slave_0: left promiscuous mode
[  153.423799][T13574] veth14: entered promiscuous mode
[  153.468979][T13578] lo speed is unknown, defaulting to 1000
[  153.559785][T13587] __nla_validate_parse: 32 callbacks suppressed
[  153.559795][T13587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2204'.
[  153.579905][T13587] 8021q: adding VLAN 0 to HW filter on device bond31
[  153.583353][T13590] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2200'.
[  153.594476][T13590] veth0_to_bond: left allmulticast mode
[  153.597226][T13590] veth0_to_bond: left promiscuous mode
[  153.601984][T13590] bridge9: port 2(veth0_to_bond) entered disabled state
[  153.621832][T13590] bond26: left allmulticast mode
[  153.623935][T13590] bond26: left promiscuous mode
[  153.627985][T13590] bridge0: port 1(bond26) entered disabled state
[  153.636526][T13590] veth19: left allmulticast mode
[  153.639218][T13590] veth19: left promiscuous mode
[  153.640996][T13590] bridge9: port 1(veth19) entered disabled state
[  153.644255][T13590] vlan0: left promiscuous mode
[  153.654413][T13590] veth1: left promiscuous mode
[  153.657594][T13590] bridge9: port 3(vlan0) entered disabled state
[  153.695786][T13599] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2208'.
[  153.796990][T13609] Bluetooth: MGMT ver 1.23
[  153.902083][T13617] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2215'.
[  153.979726][T13624] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2217'.
[  153.982601][T13624] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2217'.
[  153.987222][T13624] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2217'.
[  154.066315][T13634] Cannot find del_set index 2 as target
[  154.123141][T13638] netlink: 'syz.0.2222': attribute type 1 has an invalid length.
[  154.130711][T13643] netlink: 'syz.1.2223': attribute type 1 has an invalid length.
[  154.138904][T13638] 8021q: adding VLAN 0 to HW filter on device bond32
[  154.152016][T13643] 8021q: adding VLAN 0 to HW filter on device bond24
[  154.161707][T13638] veth14: entered promiscuous mode
[  154.166445][T13638] bond32: (slave veth14): Enslaving as an active interface with a down link
[  154.174023][T13638] sctp: [Deprecated]: syz.0.2222 (pid 13638) Use of int in max_burst socket option.
[  154.174023][T13638] Use struct sctp_assoc_value instead
[  154.178488][T13643] 8021q: adding VLAN 0 to HW filter on device bond24
[  154.180940][T13643] bond24: (slave vxcan1): The slave device specified does not support setting the MAC address
[  154.185544][T13643] bond24: (slave vxcan1): Error -95 calling set_mac_address
[  154.212535][T13647] macvlan5: entered promiscuous mode
[  154.214322][T13647] macvlan5: entered allmulticast mode
[  154.216621][T13647] bond24: entered promiscuous mode
[  154.219138][T13647] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  154.223063][T13647] bond24: left promiscuous mode
[  154.297185][T13654] netlink: 'syz.0.2226': attribute type 11 has an invalid length.
[  154.311534][T13654] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2226'.
[  154.333584][T13654] batadv_slave_1 (unregistering): left promiscuous mode
[  154.389232][T13660] netlink: 27 bytes leftover after parsing attributes in process `syz.2.2229'.
[  154.603120][T13689] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  154.619759][T13692] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2239'.
[  154.710510][T13702] netlink: 'syz.1.2243': attribute type 10 has an invalid length.
[  154.713231][T13702] netlink: 'syz.1.2243': attribute type 10 has an invalid length.
[  155.479949][T13784] sysfs: cannot create duplicate filename '/class/ieee80211/^>>Mv^侦Kc'A_xDpj8TT!'
[  155.484208][T13784] CPU: 1 UID: 0 PID: 13784 Comm: syz.1.2261 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  155.484219][T13784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  155.484224][T13784] Call Trace:
[  155.484228][T13784]  <TASK>
[  155.484231][T13784]  dump_stack_lvl+0x189/0x250
[  155.484247][T13784]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.484258][T13784]  ? __pfx__printk+0x10/0x10
[  155.484266][T13784]  ? kernfs_path_from_node+0x2c/0x260
[  155.484275][T13784]  ? kernfs_path_from_node+0x2c/0x260
[  155.484283][T13784]  ? kernfs_path_from_node+0x2c/0x260
[  155.484291][T13784]  ? kernfs_path_from_node+0x22c/0x260
[  155.484299][T13784]  ? kernfs_path_from_node+0x2c/0x260
[  155.484308][T13784]  sysfs_warn_dup+0x8e/0xa0
[  155.484317][T13784]  sysfs_do_create_link_sd+0xc0/0x110
[  155.484326][T13784]  device_add_class_symlinks+0x1cf/0x240
[  155.484335][T13784]  device_add+0x475/0xb50
[  155.484344][T13784]  wiphy_register+0x199a/0x26b0
[  155.484359][T13784]  ? __pfx_wiphy_register+0x10/0x10
[  155.484366][T13784]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  155.484379][T13784]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  155.484389][T13784]  ieee80211_register_hw+0x33e1/0x4120
[  155.484405][T13784]  ? ieee80211_register_hw+0x14c1/0x4120
[  155.484417][T13784]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  155.484428][T13784]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  155.484441][T13784]  ? __hrtimer_setup+0x187/0x210
[  155.484451][T13784]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  155.484462][T13784]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  155.484485][T13784]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  155.484495][T13784]  ? trace_kmalloc+0x1f/0xd0
[  155.484502][T13784]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  155.484509][T13784]  ? kstrndup+0xbf/0x160
[  155.484521][T13784]  hwsim_new_radio_nl+0xea4/0x1b10
[  155.484530][T13784]  ? __pfx___nla_validate_parse+0x10/0x10
[  155.484563][T13784]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  155.484573][T13784]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  155.484587][T13784]  ? __nla_parse+0x40/0x60
[  155.484599][T13784]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  155.484612][T13784]  genl_family_rcv_msg_doit+0x215/0x300
[  155.484625][T13784]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  155.484663][T13784]  ? bpf_lsm_capable+0x9/0x20
[  155.484671][T13784]  ? security_capable+0x7e/0x2e0
[  155.484683][T13784]  genl_rcv_msg+0x60e/0x790
[  155.484696][T13784]  ? __pfx_genl_rcv_msg+0x10/0x10
[  155.484705][T13784]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  155.484718][T13784]  netlink_rcv_skb+0x208/0x470
[  155.484727][T13784]  ? __pfx_genl_rcv_msg+0x10/0x10
[  155.484737][T13784]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  155.484752][T13784]  ? down_read+0x1ad/0x2e0
[  155.484760][T13784]  genl_rcv+0x28/0x40
[  155.484769][T13784]  netlink_unicast+0x75b/0x8d0
[  155.484781][T13784]  netlink_sendmsg+0x805/0xb30
[  155.484793][T13784]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.484802][T13784]  ? aa_sock_msg_perm+0x94/0x160
[  155.484812][T13784]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  155.484821][T13784]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.484829][T13784]  __sock_sendmsg+0x21c/0x270
[  155.484842][T13784]  ____sys_sendmsg+0x505/0x830
[  155.484853][T13784]  ? __pfx_____sys_sendmsg+0x10/0x10
[  155.484866][T13784]  ? import_iovec+0x74/0xa0
[  155.484874][T13784]  ___sys_sendmsg+0x21f/0x2a0
[  155.484884][T13784]  ? __pfx____sys_sendmsg+0x10/0x10
[  155.484908][T13784]  ? __fget_files+0x2a/0x420
[  155.484915][T13784]  ? __fget_files+0x3a0/0x420
[  155.484927][T13784]  __x64_sys_sendmsg+0x19b/0x260
[  155.484937][T13784]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  155.484950][T13784]  ? rcu_is_watching+0x15/0xb0
[  155.484963][T13784]  ? do_syscall_64+0xbe/0x3b0
[  155.484971][T13784]  do_syscall_64+0xfa/0x3b0
[  155.484977][T13784]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.484987][T13784]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.484993][T13784]  ? exc_page_fault+0x9f/0xf0
[  155.485004][T13784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.485017][T13784] RIP: 0033:0x7fc463d8e929
[  155.485024][T13784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.485031][T13784] RSP: 002b:00007fc464b52038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  155.485040][T13784] RAX: ffffffffffffffda RBX: 00007fc463fb6080 RCX: 00007fc463d8e929
[  155.485045][T13784] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  155.485049][T13784] RBP: 00007fc463e10b39 R08: 0000000000000000 R09: 0000000000000000
[  155.485054][T13784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  155.485058][T13784] R13: 0000000000000000 R14: 00007fc463fb6080 R15: 00007ffc676c8898
[  155.485070][T13784]  </TASK>
[  155.685506][T13788] pim6reg1: entered promiscuous mode
[  155.687373][T13788] pim6reg1: entered allmulticast mode
[  155.721128][T13790] netlink: 'syz.0.2264': attribute type 11 has an invalid length.
[  155.778021][T13794] pim6reg1: entered promiscuous mode
[  155.784319][T13794] pim6reg1: entered allmulticast mode
[  155.817089][T13798] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  155.946952][T13794] bond25 (unregistering): Released all slaves
[  156.072442][T13812] macsec0: entered promiscuous mode
[  156.247936][T13838] syzkaller0: entered promiscuous mode
[  156.251170][T13838] syzkaller0: entered allmulticast mode
[  156.253173][T13838] tipc: Resetting bearer <eth:syzkaller0>
[  156.401197][ T3604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  156.404149][ T3604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  156.472977][T13848] lo speed is unknown, defaulting to 1000
[  156.709003][T13859] netlink: 'syz.0.2283': attribute type 11 has an invalid length.
[  156.712661][T13860] macsec2: entered promiscuous mode
[  156.714378][T13860] team0: entered promiscuous mode
[  156.802243][T13871] Cannot find set identified by id 0 to match
[  156.845893][T13878] netlink: 'syz.0.2293': attribute type 11 has an invalid length.
[  157.103327][T13904] validate_nla: 8 callbacks suppressed
[  157.103336][T13904] netlink: 'syz.2.2303': attribute type 1 has an invalid length.
[  157.170759][T13915] netlink: 'syz.1.2307': attribute type 1 has an invalid length.
[  157.211698][T13915] 8021q: adding VLAN 0 to HW filter on device bond25
[  157.222438][T13915] veth23: entered promiscuous mode
[  157.226158][T13915] bond25: (slave veth23): Enslaving as a backup interface with a down link
[  157.241461][T13915] bond21: (slave ip6gretap4): Removing an active aggregator
[  157.244164][T13915] bond21: (slave ip6gretap4): Releasing backup interface
[  157.252597][T13915] bond25: (slave veth23): Releasing backup interface
[  157.255549][   T24] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[  157.275712][T13927] netlink: 'syz.0.2310': attribute type 1 has an invalid length.
[  157.279885][T13928] netlink: 'syz.0.2310': attribute type 1 has an invalid length.
[  157.288990][T13927] 8021q: adding VLAN 0 to HW filter on device bond33
[  157.496312][T13951] sock: sock_timestamping_bind_phc: sock not bind to device
[  157.614516][T13966] lo speed is unknown, defaulting to 1000
[  157.773328][T13979] vlan1: entered allmulticast mode
[  157.776045][T13979] bridge_slave_0: entered allmulticast mode
[  157.855031][T13986] vlan1: entered allmulticast mode
[  157.967535][   T24] ip6_tunnel: ip6gre4 xmit: Local address not yet configured!
[  158.040254][T14004] netlink: 'syz.1.2339': attribute type 11 has an invalid length.
[  158.087426][T14002] lo speed is unknown, defaulting to 1000
[  158.274173][T14028] lo speed is unknown, defaulting to 1000
[  158.601919][T14056] __nla_validate_parse: 38 callbacks suppressed
[  158.601929][T14056] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2354'.
[  158.610592][T14056] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2354'.
[  158.616083][T14056] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2354'.
[  158.692143][T14062] lo speed is unknown, defaulting to 1000
[  158.775802][T14062] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2355'.
[  158.779039][T14062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2355'.
[  158.918244][T14071] netlink: 'syz.0.2358': attribute type 1 has an invalid length.
[  159.019848][T14075] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2360'.
[  159.022942][T14076] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2360'.
[  159.071013][T14082] netlink: 176 bytes leftover after parsing attributes in process `syz.0.2362'.
[  159.132736][T14088] Cannot find set identified by id 0 to match
[  159.151204][T14089] tipc: Resetting bearer <eth:gre0>
[  159.197465][T14094] netlink: 'syz.0.2367': attribute type 32 has an invalid length.
[  159.216449][T14089] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 20000 - 0
[  159.219546][T14089] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 20000 - 0
[  159.222284][T14089] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 20000 - 0
[  159.225128][T14089] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 20000 - 0
[  159.301101][   T24] lo speed is unknown, defaulting to 1000
[  159.314509][   T24] syz2: Port: 1 Link DOWN
[  159.337310][T14106] Cannot find set identified by id 0 to match
[  159.385033][T14106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2368'.
[  159.412973][T14113] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2369'.
[  159.502278][T14124] Cannot find add_set index 2 as target
[  159.574431][T14126] Cannot find set identified by id 0 to match
[  160.135135][T14142] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  160.138139][T14142] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  160.140796][T14142] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  160.143398][T14142] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  160.178514][T14145] netlink: 'syz.0.2378': attribute type 1 has an invalid length.
[  160.204513][T14145] 8021q: adding VLAN 0 to HW filter on device bond34
[  160.221122][T14145] bond34: (slave bridge24): making interface the new active one
[  160.224264][T14145] bond34: (slave bridge24): Enslaving as an active interface with an up link
[  160.233476][T14145] bond34: (slave vlan1): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[  160.332415][T14152] ip6gre5: entered allmulticast mode
[  160.381499][T14156] netlink: 'syz.1.2386': attribute type 1 has an invalid length.
[  160.416268][T14156] veth27: entered promiscuous mode
[  160.917509][ T5814] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  160.920929][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  160.923501][ T5814] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  160.926904][ T5814] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  160.929746][ T5814] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  160.958250][T14169] netlink: 'syz.2.2393': attribute type 11 has an invalid length.
[  160.971415][T14165] lo speed is unknown, defaulting to 1000
[  161.011005][T14172] 8021q: adding VLAN 0 to HW filter on device bond30
[  161.022219][T14172] 8021q: adding VLAN 0 to HW filter on device bond30
[  161.024457][T14172] bond30: (slave vti2): The slave device specified does not support setting the MAC address
[  161.031140][T14172] bond30: (slave vti2): Error -95 calling set_mac_address
[  161.135757][T14183] netlink: 'syz.2.2397': attribute type 10 has an invalid length.
[  161.146168][T14165] chnl_net:caif_netlink_parms(): no params data found
[  161.178945][T14190] netlink: 'syz.2.2399': attribute type 30 has an invalid length.
[  161.207278][T14165] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.209513][T14165] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.211716][T14165] bridge_slave_0: entered allmulticast mode
[  161.214443][T14165] bridge_slave_0: entered promiscuous mode
[  161.218687][T14165] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.221057][T14165] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.223265][T14165] bridge_slave_1: entered allmulticast mode
[  161.226015][T14165] bridge_slave_1: entered promiscuous mode
[  161.244192][T14165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.253873][T14165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  161.289142][T14165] team0: Port device team_slave_0 added
[  161.294401][T14165] team0: Port device team_slave_1 added
[  161.311792][T14165] batman_adv: batadv0: Adding interface: batadv_slave_0
[  161.313983][T14165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.326530][T14165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  161.334090][T14165] batman_adv: batadv0: Adding interface: batadv_slave_1
[  161.339923][T14165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  161.349967][T14165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  161.397129][T14165] hsr_slave_0: entered promiscuous mode
[  161.399467][T14165] hsr_slave_1: entered promiscuous mode
[  161.401610][T14165] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  161.407497][T14165] Cannot create hsr debugfs directory
[  161.411170][T14207] Cannot find set identified by id 0 to match
[  161.537693][T14165] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  161.592062][T14165] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  161.617792][T14165] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  161.680243][T14165] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  161.782433][T14165] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  161.791531][T14165] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  161.797698][T14165] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  161.801366][T14226] Cannot find set identified by id 0 to match
[  161.806019][T14165] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  161.834144][T14232] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  161.837175][T14232] openvswitch: netlink: Message has 5 unknown bytes.
[  161.911796][T14165] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.921477][T14165] 8021q: adding VLAN 0 to HW filter on device team0
[  161.928195][T12950] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.930413][T12950] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.940616][T12950] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.942831][T12950] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.035585][T14165] 8021q: adding VLAN 0 to HW filter on device batadv0
[  162.051581][T14241] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  162.055308][T14241] Cannot find set identified by id 0 to match
[  162.082311][T14165] veth0_vlan: entered promiscuous mode
[  162.091621][T14165] veth1_vlan: entered promiscuous mode
[  162.120815][T14165] veth0_macvtap: entered promiscuous mode
[  162.128023][T14165] veth1_macvtap: entered promiscuous mode
[  162.146864][T14165] batman_adv: batadv0: Interface activated: batadv_slave_0
[  162.152485][T14165] batman_adv: batadv0: Interface activated: batadv_slave_1
[  162.157440][T14165] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  162.160168][T14165] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  162.163133][T14165] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  162.166715][T14165] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  162.171919][T14247] pim6reg1: entered promiscuous mode
[  162.173604][T14247] pim6reg1: entered allmulticast mode
[  162.233583][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.237940][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.280443][  T197] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.282924][  T197] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.309457][T14259] validate_nla: 1 callbacks suppressed
[  162.309467][T14259] netlink: 'syz.0.2417': attribute type 10 has an invalid length.
[  162.313790][T14259] dummy0: left promiscuous mode
[  163.165653][T14295] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  163.168510][T14295] CPU: 1 UID: 0 PID: 14295 Comm: syz.2.2428 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  163.168522][T14295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  163.168527][T14295] Call Trace:
[  163.168531][T14295]  <TASK>
[  163.168535][T14295]  dump_stack_lvl+0x189/0x250
[  163.168577][T14295]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.168590][T14295]  ? __pfx__printk+0x10/0x10
[  163.168599][T14295]  ? kernfs_path_from_node+0x2c/0x260
[  163.168609][T14295]  ? kernfs_path_from_node+0x2c/0x260
[  163.168617][T14295]  ? kernfs_path_from_node+0x2c/0x260
[  163.168626][T14295]  ? kernfs_path_from_node+0x22c/0x260
[  163.168634][T14295]  ? kernfs_path_from_node+0x2c/0x260
[  163.168645][T14295]  sysfs_warn_dup+0x8e/0xa0
[  163.168654][T14295]  sysfs_do_create_link_sd+0xc0/0x110
[  163.168663][T14295]  device_add_class_symlinks+0x1cf/0x240
[  163.168673][T14295]  device_add+0x475/0xb50
[  163.168682][T14295]  wiphy_register+0x199a/0x26b0
[  163.168698][T14295]  ? __pfx_wiphy_register+0x10/0x10
[  163.168705][T14295]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  163.168716][T14295]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  163.168727][T14295]  ieee80211_register_hw+0x33e1/0x4120
[  163.168744][T14295]  ? ieee80211_register_hw+0x14c1/0x4120
[  163.168774][T14295]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  163.168785][T14295]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  163.168799][T14295]  ? __hrtimer_setup+0x187/0x210
[  163.168809][T14295]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  163.168820][T14295]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  163.168843][T14295]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  163.168854][T14295]  ? trace_kmalloc+0x1f/0xd0
[  163.168860][T14295]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  163.168867][T14295]  ? kstrndup+0xbf/0x160
[  163.168879][T14295]  hwsim_new_radio_nl+0xea4/0x1b10
[  163.168888][T14295]  ? __pfx___nla_validate_parse+0x10/0x10
[  163.168904][T14295]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  163.168917][T14295]  ? __nla_parse+0x40/0x60
[  163.168928][T14295]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  163.168942][T14295]  genl_family_rcv_msg_doit+0x215/0x300
[  163.168957][T14295]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  163.168974][T14295]  ? bpf_lsm_capable+0x9/0x20
[  163.168980][T14295]  ? security_capable+0x7e/0x2e0
[  163.168991][T14295]  genl_rcv_msg+0x60e/0x790
[  163.169004][T14295]  ? __pfx_genl_rcv_msg+0x10/0x10
[  163.169014][T14295]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  163.169027][T14295]  netlink_rcv_skb+0x208/0x470
[  163.169035][T14295]  ? __pfx_genl_rcv_msg+0x10/0x10
[  163.169046][T14295]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  163.169061][T14295]  ? down_read+0x1ad/0x2e0
[  163.169069][T14295]  genl_rcv+0x28/0x40
[  163.169078][T14295]  netlink_unicast+0x75b/0x8d0
[  163.169090][T14295]  netlink_sendmsg+0x805/0xb30
[  163.169103][T14295]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.169112][T14295]  ? aa_sock_msg_perm+0x94/0x160
[  163.169122][T14295]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  163.169131][T14295]  ? __pfx_netlink_sendmsg+0x10/0x10
[  163.169139][T14295]  __sock_sendmsg+0x21c/0x270
[  163.169152][T14295]  ____sys_sendmsg+0x505/0x830
[  163.169163][T14295]  ? __pfx_____sys_sendmsg+0x10/0x10
[  163.169176][T14295]  ? import_iovec+0x74/0xa0
[  163.169185][T14295]  ___sys_sendmsg+0x21f/0x2a0
[  163.169194][T14295]  ? __pfx____sys_sendmsg+0x10/0x10
[  163.169226][T14295]  ? __fget_files+0x2a/0x420
[  163.169234][T14295]  ? __fget_files+0x3a0/0x420
[  163.169247][T14295]  __x64_sys_sendmsg+0x19b/0x260
[  163.169257][T14295]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  163.169275][T14295]  ? do_syscall_64+0xbe/0x3b0
[  163.169284][T14295]  do_syscall_64+0xfa/0x3b0
[  163.169290][T14295]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.169300][T14295]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.169308][T14295]  ? exc_page_fault+0x9f/0xf0
[  163.169320][T14295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.169327][T14295] RIP: 0033:0x7f0ab5d8e929
[  163.169335][T14295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.169341][T14295] RSP: 002b:00007f0ab6c7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  163.169350][T14295] RAX: ffffffffffffffda RBX: 00007f0ab5fb5fa0 RCX: 00007f0ab5d8e929
[  163.169355][T14295] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000006
[  163.169360][T14295] RBP: 00007f0ab5e10b39 R08: 0000000000000000 R09: 0000000000000000
[  163.169364][T14295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  163.169368][T14295] R13: 0000000000000000 R14: 00007f0ab5fb5fa0 R15: 00007ffd63b00de8
[  163.169380][T14295]  </TASK>
[  163.393423][T14297] tipc: Resetting bearer <eth:syzkaller0>
[  163.397304][T14297] netdevsim netdevsim2 eth0: unset [1, 1] type 2 family 0 port 51208 - 0
[  163.400021][T14297] netdevsim netdevsim2 eth1: unset [1, 1] type 2 family 0 port 51208 - 0
[  163.402628][T14297] netdevsim netdevsim2 eth2: unset [1, 1] type 2 family 0 port 51208 - 0
[  163.405482][T14297] netdevsim netdevsim2 eth3: unset [1, 1] type 2 family 0 port 51208 - 0
[  163.416185][T14297] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 256 - 0
[  163.419140][T14297] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 256 - 0
[  163.421780][T14297] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 256 - 0
[  163.425604][T14297] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 256 - 0
[  163.441949][T14297] team0: left promiscuous mode
[  163.531352][T14308] IPVS: length: 163 != 187531613888
[  163.539418][T14308] macsec4: entered promiscuous mode
[  163.541129][T14308] ip6gretap0: entered promiscuous mode
[  163.542917][T14308] macsec4: entered allmulticast mode
[  163.544984][T14308] ip6gretap0: entered allmulticast mode
[  163.548262][T14308] ip6gretap0: left allmulticast mode
[  163.550051][T14308] ip6gretap0: left promiscuous mode
[  163.760571][T14312] tipc: Resetting bearer <eth:syzkaller0>
[  164.382701][T14322] __nla_validate_parse: 17 callbacks suppressed
[  164.382711][T14322] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2437'.
[  164.463460][T14331] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  164.539459][T14338] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2443'.
[  164.552197][T14338] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2443'.
[  164.632890][ T5830] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.652234][T14345] netlink: 'syz.2.2445': attribute type 1 has an invalid length.
[  164.682254][T14345] 8021q: adding VLAN 0 to HW filter on device bond32
[  164.711259][T14345] 8021q: adding VLAN 0 to HW filter on device bond32
[  164.714119][T14345] bond32: (slave vxcan1): The slave device specified does not support setting the MAC address
[  164.719600][T14345] bond32: (slave vxcan1): Error -95 calling set_mac_address
[  164.775950][T14350] veth21: entered promiscuous mode
[  164.779151][T14350] bond32: (slave veth21): Enslaving as an active interface with a down link
[  164.786968][T14345] bond32: (slave erspan0): making interface the new active one
[  164.789990][T14345] bond32: (slave erspan0): Enslaving as an active interface with an up link
[  164.838435][T14356] erspan0: Device is already in use.
[  164.903229][T14360] netlink: 'syz.2.2450': attribute type 23 has an invalid length.
[  164.920932][T14358] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2449'.
[  164.921066][ T5814] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  164.927837][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  164.930649][ T5814] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  164.935178][T14358] netlink: 'syz.0.2449': attribute type 2 has an invalid length.
[  164.935248][ T5814] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  164.940346][T14360] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2450'.
[  164.943473][ T5814] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  164.943881][T14358] : entered promiscuous mode
[  164.985319][T14361] lo speed is unknown, defaulting to 1000
[  164.989186][T14360] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2450'.
[  164.992061][T14360] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2450'.
[  164.997404][T14360] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2450'.
[  165.000205][T14360] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2450'.
[  165.078632][T14360] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2450'.
[  165.097565][T14361] chnl_net:caif_netlink_parms(): no params data found
[  165.165330][T14361] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.167981][T14361] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.170245][T14361] bridge_slave_0: entered allmulticast mode
[  165.173223][T14361] bridge_slave_0: entered promiscuous mode
[  165.176609][T14361] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.180958][T14361] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.184902][T14361] bridge_slave_1: entered allmulticast mode
[  165.188432][T14361] bridge_slave_1: entered promiscuous mode
[  165.209468][T14361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  165.214077][T14361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  165.241016][T14361] team0: Port device team_slave_0 added
[  165.245857][T14361] team0: Port device team_slave_1 added
[  165.268189][T14361] batman_adv: batadv0: Adding interface: batadv_slave_0
[  165.270742][T14361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.280431][T14361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  165.284426][T14387] netlink: 'syz.2.2456': attribute type 1 has an invalid length.
[  165.285371][T14361] batman_adv: batadv0: Adding interface: batadv_slave_1
[  165.289582][T14361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  165.298476][T14361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  165.313801][T14387] 8021q: adding VLAN 0 to HW filter on device bond33
[  165.339010][T14387] 8021q: adding VLAN 0 to HW filter on device bond33
[  165.341382][T14387] bond33: (slave vxcan1): The slave device specified does not support setting the MAC address
[  165.346016][T14387] bond33: (slave vxcan1): Error -95 calling set_mac_address
[  165.371151][T14361] hsr_slave_0: entered promiscuous mode
[  165.373664][T14361] hsr_slave_1: entered promiscuous mode
[  165.378475][T14361] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  165.381078][T14361] Cannot create hsr debugfs directory
[  165.391166][T14389] veth23: entered promiscuous mode
[  165.395705][T14389] bond33: (slave veth23): Enslaving as an active interface with a down link
[  165.414046][T14387] bond32: (slave erspan0): Releasing active interface
[  165.418465][T14387] bond33: (slave erspan0): making interface the new active one
[  165.421060][T14387] bond33: (slave erspan0): Enslaving as an active interface with an up link
[  165.461104][T14391] xt_SECMARK: invalid mode: 0
[  165.746058][T14407] netlink: 'syz.2.2462': attribute type 32 has an invalid length.
[  165.964776][T14428] Cannot find del_set index 2 as target
[  166.043684][T14438] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  166.046565][T14438] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check.
[  166.102539][T14445] netlink: 'syz.0.2473': attribute type 11 has an invalid length.
[  166.236548][T14455] netlink: 'syz.0.2477': attribute type 2 has an invalid length.
[  166.296724][T14462] netlink: 'syz.0.2479': attribute type 4 has an invalid length.
[  166.313125][T14466] netlink: 'syz.2.2480': attribute type 32 has an invalid length.
[  166.357652][ T5830] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.432118][ T5830] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.473407][ T5830] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.517273][T14486] syzkaller0: Caught tx_queue_len zero misconfig
[  166.577023][ T5830] bridge_slave_1: left allmulticast mode
[  166.578977][ T5830] bridge_slave_1: left promiscuous mode
[  166.581412][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.593952][ T5830] bridge_slave_0: left allmulticast mode
[  166.596523][ T5830] bridge_slave_0: left promiscuous mode
[  166.598883][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.817041][ T5830] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  166.821599][ T5830] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  166.825819][ T5830] bond0 (unregistering): Released all slaves
[  167.003515][T14512] netlink: 'syz.0.2489': attribute type 32 has an invalid length.
[  167.006193][ T5203] Bluetooth: hci1: command tx timeout
[  167.062294][ T5830] hsr_slave_0: left promiscuous mode
[  167.064460][ T5830] hsr_slave_1: left promiscuous mode
[  167.067906][ T5830] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  167.070213][ T5830] batman_adv: batadv0: Removing interface: batadv_slave_0
[  167.072948][ T5830] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  167.075659][ T5830] batman_adv: batadv0: Removing interface: batadv_slave_1
[  167.095369][ T5830] veth1_macvtap: left promiscuous mode
[  167.097249][ T5830] veth0_macvtap: left promiscuous mode
[  167.099457][ T5830] veth1_vlan: left promiscuous mode
[  167.101198][ T5830] veth0_vlan: left promiscuous mode
[  167.382220][T14530] netlink: 'syz.2.2492': attribute type 5 has an invalid length.
[  167.408468][ T5830] team0 (unregistering): Port device team_slave_1 removed
[  167.431327][ T5830] team0 (unregistering): Port device team_slave_0 removed
[  167.674136][T14523] tipc: Resetting bearer <eth:syzkaller0>
[  167.677190][T14535] tipc: Resetting bearer <eth:syzkaller0>
[  167.761112][T14543] netlink: 'syz.0.2494': attribute type 15 has an invalid length.
[  167.763804][T14361] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  167.771291][T14361] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  167.776095][T14361] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  167.780339][T14361] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  167.854520][T14361] 8021q: adding VLAN 0 to HW filter on device bond0
[  167.873870][T14361] 8021q: adding VLAN 0 to HW filter on device team0
[  167.883984][  T184] bridge0: port 1(bridge_slave_0) entered blocking state
[  167.886355][  T184] bridge0: port 1(bridge_slave_0) entered forwarding state
[  167.897301][ T1102] bridge0: port 2(bridge_slave_1) entered blocking state
[  167.900086][ T1102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  167.937960][T14361] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  167.951143][T14562] netlink: 'syz.2.2500': attribute type 11 has an invalid length.
[  168.015811][T14569] vlan1: entered allmulticast mode
[  168.019044][T14569] 0XD: entered allmulticast mode
[  168.040777][T14361] 8021q: adding VLAN 0 to HW filter on device batadv0
[  168.066210][T14361] veth0_vlan: entered promiscuous mode
[  168.070953][T14361] veth1_vlan: entered promiscuous mode
[  168.095809][T14361] veth0_macvtap: entered promiscuous mode
[  168.100136][T14361] veth1_macvtap: entered promiscuous mode
[  168.105276][T14577] netlink: 'syz.0.2505': attribute type 32 has an invalid length.
[  168.120682][T14361] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.128654][T14361] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.138133][T14361] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.140900][T14361] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.143556][T14361] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.155352][T14361] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.248833][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.266601][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.294080][T12950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.298072][T12950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.390510][T14594] tipc: Resetting bearer <eth:syzkaller0>
[  168.394435][T14594] bond32: (slave veth14): Releasing active interface
[  168.400370][T14594] bond34: (slave bridge24): Releasing active interface
[  168.409877][T14594] netlink: 'syz.0.2507': attribute type 10 has an invalid length.
[  168.412287][T14594] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  168.416038][T14594] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  168.497982][T14613] netlink: 'syz.0.2513': attribute type 11 has an invalid length.
[  168.523279][T14615] ipvlan0: entered promiscuous mode
[  168.526761][T14615] 8021q: adding VLAN 0 to HW filter on device ipvlan0
[  168.529805][T14615] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  168.541166][T14617] Cannot find set identified by id 0 to match
[  168.565899][T14619] netlink: 'syz.0.2516': attribute type 1 has an invalid length.
[  168.581802][T14619] 8021q: adding VLAN 0 to HW filter on device bond35
[  168.593340][T14619] 8021q: adding VLAN 0 to HW filter on device bond35
[  168.597185][T14619] bond35: (slave vxcan5): The slave device specified does not support setting the MAC address
[  168.601139][T14619] bond35: (slave vxcan5): Error -95 calling set_mac_address
[  168.626850][T14625] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  168.633022][T14625] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  168.635947][T14625] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  168.638533][T14625] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  168.641559][T14625] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  168.654325][T14626] veth16: entered promiscuous mode
[  168.659912][T14626] bond35: (slave veth16): Enslaving as an active interface with a down link
[  168.668386][T14619] bond35: (slave erspan0): making interface the new active one
[  168.671097][T14619] bond35: (slave erspan0): Enslaving as an active interface with an up link
[  168.727004][T14632] netlink: 'syz.0.2520': attribute type 12 has an invalid length.
[  168.939665][T14644] bond0: (slave ipvlan0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  168.940877][T14646] netlink: 'syz.0.2526': attribute type 32 has an invalid length.
[  168.943489][T14644] bond0: (slave ipvlan0): The slave device specified does not support setting the MAC address
[  168.951735][T14644] 8021q: adding VLAN 0 to HW filter on device ipvlan0
[  169.076316][T14657] netlink: 'syz.2.2527': attribute type 64 has an invalid length.
[  169.127789][T14657] dvmrp8: left allmulticast mode
[  169.268992][T14675] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  169.273405][T14675] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  169.292073][T14679] openvswitch: netlink: Tunnel attr 226 out of range max 16
[  169.337871][T14675] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  169.390849][T14684] __nla_validate_parse: 22 callbacks suppressed
[  169.390860][T14684] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2536'.
[  169.401268][T14685] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2536'.
[  169.408320][T14675] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  169.438178][T14675] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  169.503121][T14675] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  169.511223][T14675] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  169.518238][T14675] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  169.525589][T14675] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  169.601365][T14702] xfrm1: entered promiscuous mode
[  169.603313][T14702] xfrm1: entered allmulticast mode
[  169.612952][T14702] xt_hashlimit: size too large, truncated to 1048576
[  169.619647][T14702] syz.2.2541: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  169.626417][T14702] CPU: 0 UID: 0 PID: 14702 Comm: syz.2.2541 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  169.626429][T14702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  169.626434][T14702] Call Trace:
[  169.626438][T14702]  <TASK>
[  169.626441][T14702]  dump_stack_lvl+0x189/0x250
[  169.626457][T14702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.626492][T14702]  ? __pfx__printk+0x10/0x10
[  169.626500][T14702]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  169.626509][T14702]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  169.626518][T14702]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  169.626526][T14702]  warn_alloc+0x214/0x310
[  169.626537][T14702]  ? __pfx_warn_alloc+0x10/0x10
[  169.626549][T14702]  ? __get_vm_area_node+0x28f/0x300
[  169.626557][T14702]  ? htable_create+0xfc/0x7a0
[  169.626568][T14702]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  169.626587][T14702]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  169.626597][T14702]  ? rcu_is_watching+0x15/0xb0
[  169.626609][T14702]  ? htable_create+0xfc/0x7a0
[  169.626618][T14702]  ? htable_create+0xfc/0x7a0
[  169.626626][T14702]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  169.626634][T14702]  ? htable_create+0xfc/0x7a0
[  169.626642][T14702]  ? hashlimit_pernet+0x23/0x240
[  169.626654][T14702]  htable_create+0xfc/0x7a0
[  169.626666][T14702]  hashlimit_mt_check_common+0x719/0xa10
[  169.626680][T14702]  hashlimit_mt_check_v1+0x221/0x360
[  169.626690][T14702]  ? __pfx_hashlimit_mt_check_v1+0x10/0x10
[  169.626702][T14702]  ? xt_find_match+0x1f7/0x250
[  169.626714][T14702]  xt_check_match+0x3d1/0xab0
[  169.626722][T14702]  ? __pfx___mutex_lock+0x10/0x10
[  169.626735][T14702]  ? __pfx_xt_check_match+0x10/0x10
[  169.626745][T14702]  ? pcpu_alloc_noprof+0xfdd/0x16b0
[  169.626756][T14702]  ? xt_find_match+0x1f7/0x250
[  169.626768][T14702]  translate_table+0x1553/0x2040
[  169.626787][T14702]  ? __pfx_translate_table+0x10/0x10
[  169.626796][T14702]  ? __might_fault+0xb0/0x130
[  169.626810][T14702]  ? _copy_from_user+0x94/0xb0
[  169.626820][T14702]  do_ip6t_set_ctl+0x970/0xce0
[  169.626832][T14702]  ? rcu_is_watching+0x15/0xb0
[  169.626842][T14702]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  169.626858][T14702]  ? __pfx___mutex_lock+0x10/0x10
[  169.626869][T14702]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  169.626882][T14702]  ? __pfx_futex_wait+0x10/0x10
[  169.626895][T14702]  nf_setsockopt+0x26f/0x290
[  169.626906][T14702]  rawv6_setsockopt+0x23b/0x5b0
[  169.626916][T14702]  ? __lock_acquire+0xab9/0xd20
[  169.626926][T14702]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  169.626936][T14702]  ? aa_sock_opt_perm+0x74/0x110
[  169.626946][T14702]  ? sock_common_setsockopt+0x36/0xc0
[  169.626953][T14702]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  169.626965][T14702]  do_sock_setsockopt+0x25a/0x3e0
[  169.626974][T14702]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  169.626984][T14702]  ? __fget_files+0x2a/0x420
[  169.626996][T14702]  __x64_sys_setsockopt+0x18b/0x220
[  169.627006][T14702]  do_syscall_64+0xfa/0x3b0
[  169.627013][T14702]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.627022][T14702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.627029][T14702]  ? exc_page_fault+0x9f/0xf0
[  169.627040][T14702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.627047][T14702] RIP: 0033:0x7f0ab5d8e929
[  169.627054][T14702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.627062][T14702] RSP: 002b:00007f0ab6c7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  169.627070][T14702] RAX: ffffffffffffffda RBX: 00007f0ab5fb5fa0 RCX: 00007f0ab5d8e929
[  169.627075][T14702] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000007
[  169.627080][T14702] RBP: 00007f0ab5e10b39 R08: 00000000000004c0 R09: 0000000000000000
[  169.627084][T14702] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000000
[  169.627089][T14702] R13: 0000000000000000 R14: 00007f0ab5fb5fa0 R15: 00007ffd63b00de8
[  169.627100][T14702]  </TASK>
[  169.627103][T14702] Mem-Info:
[  169.751100][T14702] active_anon:5498 inactive_anon:0 isolated_anon:0
[  169.751100][T14702]  active_file:1322 inactive_file:38255 isolated_file:0
[  169.751100][T14702]  unevictable:1768 dirty:163 writeback:0
[  169.751100][T14702]  slab_reclaimable:11483 slab_unreclaimable:120757
[  169.751100][T14702]  mapped:18367 shmem:2455 pagetables:1060
[  169.751100][T14702]  sec_pagetables:0 bounce:0
[  169.751100][T14702]  kernel_misc_reclaimable:0
[  169.751100][T14702]  free:221041 free_pcp:26289 free_cma:0
[  169.765160][T14702] Node 0 active_anon:15912kB inactive_anon:0kB active_file:3180kB inactive_file:149732kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:50536kB dirty:156kB writeback:0kB shmem:4916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7628kB pagetables:2340kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  169.776260][T14702] Node 1 active_anon:6080kB inactive_anon:0kB active_file:2108kB inactive_file:3288kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:22932kB dirty:496kB writeback:0kB shmem:4904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:7204kB pagetables:1900kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  169.786997][T14702] Node 0 DMA free:14748kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:596kB local_pcp:280kB free_cma:0kB
[  169.795910][T14702] lowmem_reserve[]: 0 815 815 815 815
[  169.797649][T14702] Node 0 DMA32 free:64996kB boost:0kB min:33716kB low:42144kB high:50572kB reserved_highatomic:0KB free_highatomic:0KB active_anon:15912kB inactive_anon:0kB active_file:3180kB inactive_file:149732kB unevictable:3536kB writepending:156kB present:1556484kB managed:834740kB mlocked:0kB bounce:0kB free_pcp:34448kB local_pcp:14932kB free_cma:0kB
[  169.807960][T14702] lowmem_reserve[]: 0 0 0 0 0
[  169.809497][T14702] Node 1 DMA32 free:436768kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:21824kB local_pcp:10844kB free_cma:0kB
[  169.818859][T14702] lowmem_reserve[]: 0 0 854 854 854
[  169.820508][T14702] Node 1 Normal free:367460kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:5944kB inactive_anon:0kB active_file:2108kB inactive_file:3288kB unevictable:3536kB writepending:496kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:48644kB local_pcp:18312kB free_cma:0kB
[  169.830667][T14702] lowmem_reserve[]: 0 0 0 0 0
[  169.832275][T14710] netlink: 'syz.0.2543': attribute type 32 has an invalid length.
[  169.835542][T14702] Node 0 DMA: 3*4kB (UM) 2*8kB (UM) 0*16kB 2*32kB (UM) 1*64kB (U) 2*128kB (UM) 2*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 2*4096kB (U) = 14748kB
[  169.840734][T14702] Node 0 DMA32: 327*4kB (UM) 197*8kB (ME) 26*16kB (UM) 210*32kB (UME) 48*64kB (UME) 33*128kB (UME) 18*256kB (UME) 4*512kB (UM) 6*1024kB (ME) 7*2048kB (UME) 5*4096kB (UM) = 64932kB
[  169.846715][T14702] Node 1 DMA32: 5*4kB (UM) 4*8kB (UM) 4*16kB (UM) 6*32kB (UM) 6*64kB (UM) 7*128kB (UM) 8*256kB (UM) 8*512kB (UM) 7*1024kB (UM) 8*2048kB (UM) 99*4096kB (UM) = 436788kB
[  169.852084][T14702] Node 1 Normal: 2027*4kB (UE) 887*8kB (UME) 606*16kB (UME) 435*32kB (UME) 503*64kB (UME) 254*128kB (UME) 152*256kB (UME) 97*512kB (UME) 81*1024kB (UM) 5*2048kB (UME) 20*4096kB (UM) = 367204kB
[  169.858528][T14702] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  169.861425][T14702] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  169.864355][T14702] 42032 total pagecache pages
[  169.866010][T14702] 0 pages in swap cache
[  169.867332][T14702] Free swap  = 124996kB
[  169.868646][T14702] Total swap = 124996kB
[  169.871623][T14702] 786301 pages RAM
[  169.872893][T14702] 0 pages HighMem/MovableOnly
[  169.874401][T14702] 240368 pages reserved
[  169.875807][T14702] 0 pages cma reserved
[  169.959370][T14726] xt_hashlimit: size too large, truncated to 1048576
[  169.960171][T14727] netlink: 'syz.2.2545': attribute type 1 has an invalid length.
[  169.976368][T14727] bond35: entered promiscuous mode
[  169.978273][T14727] 8021q: adding VLAN 0 to HW filter on device bond35
[  170.013172][T14732] xt_bpf: check failed: parse error
[  170.061020][T14731] bond33: (slave erspan0): Releasing active interface
[  170.069319][T14731] bond32: (slave veth21): Releasing active interface
[  170.079814][T14731] bond33: (slave veth23): Releasing active interface
[  170.086088][T14731] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2547'.
[  170.220357][T14752] pim6reg1: entered allmulticast mode
[  170.430431][T14766] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2558'.
[  170.477552][ T5849] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.572537][T14771] dvmrp0: entered allmulticast mode
[  170.650712][T14781] mac80211_hwsim hwsim6 wlan0: left promiscuous mode
[  170.653410][   T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.656341][   T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.689257][ T5814] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  170.692433][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  170.695574][ T5814] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  170.698530][ T5814] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  170.701303][ T5814] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  170.725414][T14784] lo speed is unknown, defaulting to 1000
[  170.821594][T14784] chnl_net:caif_netlink_parms(): no params data found
[  170.890709][T14784] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.893384][T14784] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.895962][T14784] bridge_slave_0: entered allmulticast mode
[  170.899389][T14784] bridge_slave_0: entered promiscuous mode
[  170.903500][T14784] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.906659][T14784] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.909063][T14784] bridge_slave_1: entered allmulticast mode
[  170.911884][T14784] bridge_slave_1: entered promiscuous mode
[  170.945264][T14784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.952079][T14784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.981754][T14784] team0: Port device team_slave_0 added
[  170.985260][T14784] team0: Port device team_slave_1 added
[  171.003941][T14784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.006535][T14784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.021509][T14784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.026757][T14784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.029038][T14784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.037642][T14784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.063398][T14784] hsr_slave_0: entered promiscuous mode
[  171.066285][T14784] hsr_slave_1: entered promiscuous mode
[  171.068463][T14784] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  171.070834][T14784] Cannot create hsr debugfs directory
[  171.152872][T14811] netlink: 'syz.0.2569': attribute type 11 has an invalid length.
[  171.369096][T14824] 8021q: adding VLAN 0 to HW filter on device bond36
[  171.468036][T14833] netlink: 'syz.0.2578': attribute type 11 has an invalid length.
[  171.511930][T14835] IPv6: sit5: Disabled Multicast RS
[  171.638162][T14839] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  171.667785][T14839] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  171.690630][T14840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2581'.
[  171.700196][T14840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2581'.
[  171.708597][T14839] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  171.759016][T14839] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  171.794160][T14851] netlink: 'syz.2.2585': attribute type 11 has an invalid length.
[  171.826874][T14853] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  171.834396][T14839] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  171.847757][T14839] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  171.860052][T14839] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  171.869540][T14839] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  171.899765][T14857] Cannot find set identified by id 0 to match
[  171.985105][T14865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2591'.
[  171.993569][T14865] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2591'.
[  172.015835][T14865] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2591'.
[  172.069320][T14873] Cannot find set identified by id 0 to match
[  172.186471][ T5849] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.197833][T14881] bridge0: failed insert local address into bridge forwarding table
[  172.200895][T14881] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2598'.
[  172.293182][ T5849] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.333577][T14884] lo speed is unknown, defaulting to 1000
[  172.356105][ T5849] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  172.676735][ T5849] bridge_slave_1: left allmulticast mode
[  172.678982][ T5849] bridge_slave_1: left promiscuous mode
[  172.681241][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[  172.690789][ T5849] bridge_slave_0: left allmulticast mode
[  172.692774][ T5849] bridge_slave_0: left promiscuous mode
[  172.695063][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.775086][ T5814] Bluetooth: hci1: command tx timeout
[  172.984907][ T5849] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  172.989213][ T5849] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  172.992864][ T5849] bond0 (unregistering): Released all slaves
[  173.080382][T14894] validate_nla: 3 callbacks suppressed
[  173.080391][T14894] netlink: 'syz.2.2601': attribute type 1 has an invalid length.
[  173.087563][T14894] netlink: 'syz.2.2601': attribute type 1 has an invalid length.
[  173.297934][ T5849] hsr_slave_0: left promiscuous mode
[  173.300542][ T5849] hsr_slave_1: left promiscuous mode
[  173.302684][ T5849] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  173.306657][ T5849] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.309571][ T5849] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  173.312003][ T5849] batman_adv: batadv0: Removing interface: batadv_slave_1
[  173.329790][ T5849] veth1_macvtap: left promiscuous mode
[  173.331570][ T5849] veth0_macvtap: left promiscuous mode
[  173.333327][ T5849] veth1_vlan: left promiscuous mode
[  173.335368][ T5849] veth0_vlan: left promiscuous mode
[  173.618556][ T5849] team0 (unregistering): Port device team_slave_1 removed
[  173.642614][ T5849] team0 (unregistering): Port device team_slave_0 removed
[  173.960739][T14784] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  173.968685][T14784] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  173.988371][T14784] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  174.006463][T14784] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  174.011738][T14915] : renamed from bond_slave_0
[  174.037906][T14923] netlink: 'syz.2.2609': attribute type 32 has an invalid length.
[  174.073939][T14784] 8021q: adding VLAN 0 to HW filter on device bond0
[  174.106772][T14784] 8021q: adding VLAN 0 to HW filter on device team0
[  174.112715][T12950] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.114996][T12950] bridge0: port 1(bridge_slave_0) entered forwarding state
[  174.127390][T12950] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.129719][T12950] bridge0: port 2(bridge_slave_1) entered forwarding state
[  174.294867][T14943] nbd: must specify an index to disconnect
[  174.313087][T14784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  174.376204][T14784] veth0_vlan: entered promiscuous mode
[  174.381081][T14784] veth1_vlan: entered promiscuous mode
[  174.401974][T14784] veth0_macvtap: entered promiscuous mode
[  174.406487][T14784] veth1_macvtap: entered promiscuous mode
[  174.416439][T14784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  174.422319][T14784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  174.438430][T14784] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  174.441216][T14784] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  174.443963][T14784] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  174.447333][T14784] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  174.502496][T12950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  174.509610][T12950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  174.530536][T14951] __nla_validate_parse: 6 callbacks suppressed
[  174.530546][T14951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2615'.
[  174.536955][  T184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  174.539939][  T184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  174.622733][T14953] netlink: 'syz.2.2616': attribute type 11 has an invalid length.
[  174.713912][T14959] pim6reg1: entered allmulticast mode
[  174.928159][T14972] Cannot find set identified by id 0 to match
[  174.933992][T14968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2619'.
[  175.137242][T14997] lo speed is unknown, defaulting to 1000
[  175.190369][T15003] Cannot find set identified by id 0 to match
[  175.240572][T15007] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2630'.
[  176.241749][T15029] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2638'.
[  176.328912][T15034] netlink: 'syz.2.2640': attribute type 32 has an invalid length.
[  176.336221][T15037] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2641'.
[  176.562176][T15055] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2645'.
[  176.585859][ T5830] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  177.187398][T15063] Cannot find set identified by id 0 to match
[  177.210610][ T5203] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  177.214168][ T5203] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  177.217744][ T5203] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  177.221441][ T5203] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  177.224787][ T5203] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  177.247485][T15064] lo speed is unknown, defaulting to 1000
[  177.345802][T15075] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  177.358955][T15064] chnl_net:caif_netlink_parms(): no params data found
[  177.361518][T15075] netlink: 'syz.2.2652': attribute type 2 has an invalid length.
[  177.364066][T15075] netlink: 119 bytes leftover after parsing attributes in process `syz.2.2652'.
[  177.374449][T15077] mac80211_hwsim hwsim29 wlan0: entered promiscuous mode
[  177.413730][T15081] netlink: 'syz.0.2654': attribute type 11 has an invalid length.
[  177.434405][T15085] Cannot find del_set index 2 as target
[  177.463137][T15087] netlink: 308 bytes leftover after parsing attributes in process `syz.0.2656'.
[  177.466505][T15087] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2656'.
[  177.472234][T15087] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  177.479940][T15064] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.480278][T15087] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2656'.
[  177.482313][T15064] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.496443][T15064] bridge_slave_0: entered allmulticast mode
[  177.499312][T15064] bridge_slave_0: entered promiscuous mode
[  177.502572][T15064] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.506088][T15064] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.508577][T15064] bridge_slave_1: entered allmulticast mode
[  177.515862][T15064] bridge_slave_1: entered promiscuous mode
[  177.540415][T15064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  177.545533][T15064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  177.582776][T15064] team0: Port device team_slave_0 added
[  177.590192][T15064] team0: Port device team_slave_1 added
[  177.623533][T15064] batman_adv: batadv0: Adding interface: batadv_slave_0
[  177.628103][T15064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  177.637179][T15064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  177.641876][T15064] batman_adv: batadv0: Adding interface: batadv_slave_1
[  177.644197][T15064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  177.654190][T15064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  177.702068][T15064] hsr_slave_0: entered promiscuous mode
[  177.705932][T15064] hsr_slave_1: entered promiscuous mode
[  177.708213][T15064] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  177.710966][T15064] Cannot create hsr debugfs directory
[  177.800098][T15107] netlink: 'syz.0.2663': attribute type 11 has an invalid length.
[  178.038667][T15123] ipvlan0: entered promiscuous mode
[  178.043935][T15124] tipc: Resetting bearer <eth:syzkaller0>
[  178.092401][T15131] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  178.096024][T15131] netlink: 'syz.2.2672': attribute type 5 has an invalid length.
[  178.226549][ T5830] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.260936][ T5830] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.320224][T15144] : renamed from bond_slave_0
[  178.358766][ T5830] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  178.499161][ T5830] bridge_slave_1: left allmulticast mode
[  178.503030][ T5830] bridge_slave_1: left promiscuous mode
[  178.508878][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.513907][ T5830] bridge_slave_0: left allmulticast mode
[  178.516676][ T5830] bridge_slave_0: left promiscuous mode
[  178.519404][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.575214][T15153] netlink: 'syz.2.2679': attribute type 32 has an invalid length.
[  178.773712][ T5830] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  178.780974][ T5830] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  178.786463][ T5830] bond0 (unregistering): Released all slaves
[  179.029076][T15182] Cannot find del_set index 2 as target
[  179.070042][T15184] netlink: 'syz.0.2687': attribute type 11 has an invalid length.
[  179.075758][ T5830] hsr_slave_0: left promiscuous mode
[  179.078141][ T5830] hsr_slave_1: left promiscuous mode
[  179.080849][ T5830] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.086123][ T5830] batman_adv: batadv0: Removing interface: batadv_slave_0
[  179.105863][ T5830] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.108336][ T5830] batman_adv: batadv0: Removing interface: batadv_slave_1
[  179.132042][ T5830] veth1_macvtap: left promiscuous mode
[  179.133831][ T5830] veth0_macvtap: left promiscuous mode
[  179.136112][ T5830] veth1_vlan: left promiscuous mode
[  179.137794][ T5830] veth0_vlan: left promiscuous mode
[  179.234100][T15191] netlink: 'syz.2.2689': attribute type 13 has an invalid length.
[  179.239887][T15191] netlink: 'syz.2.2689': attribute type 17 has an invalid length.
[  179.254700][ T5203] Bluetooth: hci1: command tx timeout
[  179.391251][ T5830] team0 (unregistering): Port device team_slave_1 removed
[  179.416583][ T5830] team0 (unregistering): Port device team_slave_0 removed
[  179.660327][T15191] gretap0: left allmulticast mode
[  179.680581][T15191] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  179.710678][T15190] lo speed is unknown, defaulting to 1000
[  179.769554][T15064] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  179.781579][T15064] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  179.798360][T15064] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  179.812698][T15064] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  179.841406][T15203] netlink: 'syz.0.2691': attribute type 10 has an invalid length.
[  179.881279][T15206] siw: device registration error -23
[  179.899014][T15206] netlink: 'syz.2.2692': attribute type 1 has an invalid length.
[  179.913861][T15206] 8021q: adding VLAN 0 to HW filter on device bond37
[  179.920979][T15064] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.943191][T15064] 8021q: adding VLAN 0 to HW filter on device team0
[  179.956273][  T184] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.958588][  T184] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.967737][  T184] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.970303][  T184] bridge0: port 2(bridge_slave_1) entered forwarding state
[  180.052128][T15211] __nla_validate_parse: 10 callbacks suppressed
[  180.052141][T15211] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2693'.
[  180.122361][T15216] xt_hashlimit: size too large, truncated to 1048576
[  180.132108][T15064] 8021q: adding VLAN 0 to HW filter on device batadv0
[  180.218894][T15064] veth0_vlan: entered promiscuous mode
[  180.223370][T15064] veth1_vlan: entered promiscuous mode
[  180.251519][T15064] veth0_macvtap: entered promiscuous mode
[  180.259230][T15064] veth1_macvtap: entered promiscuous mode
[  180.262633][T15220] Cannot find del_set index 2 as target
[  180.270219][T15064] batman_adv: batadv0: Interface activated: batadv_slave_0
[  180.280595][T15064] batman_adv: batadv0: Interface activated: batadv_slave_1
[  180.288319][T15064] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.291233][T15064] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.294289][T15064] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.300232][T15064] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.358889][   T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.361425][   T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.385782][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.388266][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.469742][T15227] netlink: 'syz.2.2698': attribute type 1 has an invalid length.
[  180.486610][T15227] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2698'.
[  180.490051][T15227] 8021q: adding VLAN 0 to HW filter on device bond38
[  181.257309][T15230] Cannot find set identified by id 0 to match
[  181.264495][T15232] Unknown status report in ack skb
[  181.282761][T15234] netlink: 'syz.0.2700': attribute type 32 has an invalid length.
[  181.302263][T15237] netlink: 'syz.2.2701': attribute type 10 has an invalid length.
[  181.336118][T15242] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2702'.
[  181.409875][T15247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2703'.
[  181.412675][T15247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2703'.
[  181.418374][T15249] netlink: 'syz.2.2704': attribute type 11 has an invalid length.
[  181.563716][T15277] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2713'.
[  181.568732][T15275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2712'.
[  181.584291][T15277] xt_TPROXY: Can be used only with -p tcp or -p udp
[  181.610735][T15280] netlink: 'syz.2.2714': attribute type 11 has an invalid length.
[  181.637269][T15282] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2715'.
[  181.671188][T15282] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2715'.
[  181.675293][T15282] netlink: 37 bytes leftover after parsing attributes in process `syz.2.2715'.
[  181.713821][T15286] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  181.719467][T15287] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI
[  181.723735][T15287] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
[  181.727552][T15287] CPU: 1 UID: 0 PID: 15287 Comm: syz.2.2717 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[  181.731518][T15287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  181.734700][T15287] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480
[  181.736772][T15287] Code: 89 ef e8 00 80 b3 f8 4d 89 ef 85 db 74 0d e8 34 fc 4f f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 c9 7f b3 f8 48 8b
[  181.742785][T15287] RSP: 0018:ffffc90003f5f0c8 EFLAGS: 00010202
[  181.744748][T15287] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000000
[  181.747202][T15287] RDX: ffff888020b28000 RSI: 0000000000000000 RDI: 0000000000000000
[  181.749686][T15287] RBP: 0000000000000000 R08: ffff888020b28000 R09: 0000000000000002
[  181.752124][T15287] R10: 00000000ffffffff R11: 0000000000000000 R12: 00000000000b0002
[  181.754653][T15287] R13: ffff88803eab0800 R14: dffffc0000000000 R15: ffff88803eab0800
[  181.757173][T15287] FS:  00007f0ab6c5c6c0(0000) GS:ffff8881a3c50000(0000) knlGS:0000000000000000
[  181.760072][T15287] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  181.762120][T15287] CR2: 00007f0ab6c3afc8 CR3: 0000000126d44000 CR4: 00000000000006f0
[  181.764617][T15287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  181.767142][T15287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  181.769765][T15287] Call Trace:
[  181.770873][T15287]  <TASK>
[  181.771842][T15287]  ? qdisc_tree_reduce_backlog+0x3c/0x480
[  181.773672][T15287]  pie_change+0x96d/0xca0
[  181.775078][T15287]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  181.777007][T15287]  ? lockdep_hardirqs_on+0x9c/0x150
[  181.778748][T15287]  ? __pfx_pie_change+0x10/0x10
[  181.780341][T15287]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  181.782257][T15287]  ? timer_init_key+0x171/0x2d0
[  181.783863][T15287]  ? __pfx_pie_init+0x10/0x10
[  181.785423][T15287]  pie_init+0x2a3/0x3f0
[  181.786762][T15287]  qdisc_create+0x7ac/0xea0
[  181.788202][T15287]  tc_modify_qdisc+0x1426/0x2010
[  181.789796][T15287]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  181.791478][T15287]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  181.793156][T15287]  rtnetlink_rcv_msg+0x77c/0xb70
[  181.794766][T15287]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  181.796421][T15287]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  181.798178][T15287]  ? ref_tracker_free+0x63a/0x7d0
[  181.799821][T15287]  ? __copy_skb_header+0xa7/0x550
[  181.801451][T15287]  ? __pfx_ref_tracker_free+0x10/0x10
[  181.803165][T15287]  netlink_rcv_skb+0x208/0x470
[  181.804726][T15287]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  181.806557][T15287]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  181.808294][T15287]  ? netlink_deliver_tap+0x2e/0x1b0
[  181.809974][T15287]  ? netlink_deliver_tap+0x2e/0x1b0
[  181.811683][T15287]  netlink_unicast+0x75b/0x8d0
[  181.813273][T15287]  netlink_sendmsg+0x805/0xb30
[  181.814897][T15287]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.816672][T15287]  ? aa_sock_msg_perm+0x94/0x160
[  181.818247][T15287]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  181.819942][T15287]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.821628][T15287]  __sock_sendmsg+0x21c/0x270
[  181.823171][T15287]  ____sys_sendmsg+0x505/0x830
[  181.824767][T15287]  ? __pfx_____sys_sendmsg+0x10/0x10
[  181.826487][T15287]  ? import_iovec+0x74/0xa0
[  181.827967][T15287]  ___sys_sendmsg+0x21f/0x2a0
[  181.829504][T15287]  ? __pfx____sys_sendmsg+0x10/0x10
[  181.831192][T15287]  ? __fget_files+0x2a/0x420
[  181.832703][T15287]  ? __fget_files+0x3a0/0x420
[  181.834236][T15287]  __x64_sys_sendmsg+0x19b/0x260
[  181.835872][T15287]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  181.837602][T15287]  ? do_syscall_64+0xbe/0x3b0
[  181.839121][T15287]  do_syscall_64+0xfa/0x3b0
[  181.840601][T15287]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.842565][T15287]  ? asm_sysvec_call_function_single+0x1a/0x20
[  181.844568][T15287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.846499][T15287] RIP: 0033:0x7f0ab5d8e929
[  181.847952][T15287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.854156][T15287] RSP: 002b:00007f0ab6c5c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  181.856784][T15287] RAX: ffffffffffffffda RBX: 00007f0ab5fb6080 RCX: 00007f0ab5d8e929
[  181.859343][T15287] RDX: 0000000004008000 RSI: 0000200000000200 RDI: 000000000000000a
[  181.861953][T15287] RBP: 00007f0ab5e10b39 R08: 0000000000000000 R09: 0000000000000000
[  181.864510][T15287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  181.867012][T15287] R13: 0000000000000000 R14: 00007f0ab5fb6080 R15: 00007ffd63b00de8
[  181.869544][T15287]  </TASK>
[  181.870553][T15287] Modules linked in:
[  181.872192][T15287] ---[ end trace 0000000000000000 ]---
[  181.873970][T15287] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480
[  181.876115][T15287] Code: 89 ef e8 00 80 b3 f8 4d 89 ef 85 db 74 0d e8 34 fc 4f f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 c9 7f b3 f8 48 8b
[  181.882271][T15287] RSP: 0018:ffffc90003f5f0c8 EFLAGS: 00010202
[  181.884211][T15287] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000000
[  181.886808][T15287] RDX: ffff888020b28000 RSI: 0000000000000000 RDI: 0000000000000000
[  181.889335][T15287] RBP: 0000000000000000 R08: ffff888020b28000 R09: 0000000000000002
[  181.891846][T15287] R10: 00000000ffffffff R11: 0000000000000000 R12: 00000000000b0002
[  181.894381][T15287] R13: ffff88803eab0800 R14: dffffc0000000000 R15: ffff88803eab0800
[  181.896949][T15287] FS:  00007f0ab6c5c6c0(0000) GS:ffff8881a3c50000(0000) knlGS:0000000000000000
[  181.899869][T15287] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  181.901972][T15287] CR2: 00007f0ab6c3afc8 CR3: 0000000126d44000 CR4: 00000000000006f0
[  181.904527][T15287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  181.907168][T15287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  181.909836][T15287] Kernel panic - not syncing: Fatal exception in interrupt
[  181.912787][T15287] Kernel Offset: disabled
[  181.914207][T15287] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:07:12  Registers:
info registers vcpu 0

CPU#0
RAX=1ffff110091c5730 RBX=ffffffff8f50ffb0 RCX=ffffffff819da768 RDX=0000000000000000
RSI=0000000000000008 RDI=0000000000000001 RBP=1ffffffff1ea1fec RSP=ffffc90003d6fa48
R8 =ffffffff8f50ff67 R9 =1ffffffff1ea1fec R10=dffffc0000000000 R11=fffffbfff1ea1fed
R12=ffffffff8f50ff60 R13=ffffffff8f50ffb0 R14=dffffc0000000000 R15=ffff888020b28000
RIP=ffffffff819da75b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f0ab6c3b6c0 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0ab6c3bd58 CR3=0000000126d44000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f0ab5f84478 00007f0ab5f84450 XMM03=00007f0ab5f84488 00007f0ab5f84480
XMM04=00007f0ab6aed100 00007f0ab5f84440 XMM05=00007f0ab5f84458 00007f0ab5f844a0
XMM06=00007f0ab5f84498 00007f0ab5f84490 XMM07=00007f0ab5f84488 00007f0ab5f84480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f0ab5e11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90003f5e8f0
R8 =ffff888020d88237 R9 =1ffff110041b1046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac4915 R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f0ab6c5c6c0 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f0ab6c3afc8 CR3=0000000126d44000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f0ab5f84478 00007f0ab5f84450 XMM03=00007f0ab5f84488 00007f0ab5f84480
XMM04=00007f0ab6aed100 00007f0ab5f84440 XMM05=00007f0ab5f84458 00007f0ab5f844a0
XMM06=00007f0ab5f84498 00007f0ab5f84490 XMM07=00007f0ab5f84488 00007f0ab5f84480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f0ab5e11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
