last executing test programs:

1.622651941s ago: executing program 0 (id=2536):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket(0x400000000010, 0x3, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r1, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
connect$vsock_stream(r1, &(0x7f0000000280)={0x28, 0x0, 0x0, @local}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3, 0x0, 0x8}, 0x18)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)
r4 = socket$kcm(0x2, 0xa, 0x2)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r5)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={0x0, 0x20}}, 0x2000c094)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0))
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32], 0x1c}}, 0x0)

914.816424ms ago: executing program 1 (id=2547):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x4, 0xa, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x50)

914.512528ms ago: executing program 1 (id=2549):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x58, 0xe, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x10, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x6}]}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xc8}}, 0x0)

844.708933ms ago: executing program 1 (id=2551):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0x503, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x61}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_ADDRESS={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc840)

844.561025ms ago: executing program 1 (id=2552):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b702000008000000bfa300000000000007030000ffffffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000000000095000000000000006623848adf1dc9a764ab51a064caff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b81ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6b6981978d51514b00dcc4a2748b376358c33c9753beab62bdf27dc04e4cb4bc598affd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b770009524edd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd88345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1757b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c35af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d9900000011000003971b32fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d677d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc37e5aa23bff8cce0600000000000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68f536a03353a55a8a8e176e5d48887d31c8e0f77f2c1e68ec7c01bd5a2028a8fc107007f5f4c67600a6ade3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d9029f071fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2020ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a017ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f6c3652c423ce6ecc1be5d4e8133fc32f68ea86a2df1e7df98a0ae216c405d0ae9eed114ff2d6fe27dfdff1cf9194849c4cc0da9533e5983863e526a7dc0d8728f3b573ca4427bdb44df9341e9b8420e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9467b51d92e0993af4beaf1f3d47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c27c318475802e2c62681bd1a331422a6e47bbd40857d52c4894944fae5c5000000000000000000000000e0c47613e950b6aefeae054fc723f62ac7d13941de11b018f1f48ac50335df91c771729f81929128135b2803562c1171ee00a3f4a31281aa363e087d53d86dd85e3ff979a7e72d16fdd7e1a0f07a1c8e6085d280d760f74975ceb3a5be6cfb4da8e0aeb769b8b75f4aad803ed77d34872eed2711aa40a3b38099dc2752e8ec9b520faf39e416752aa0830206736570f5d41a4df848c9052551cf8dcb1be000000000eb2577188e8e96bd825d462350905d3eb916b397d2a46a64081e85661d7a5a2716cc87cb1976d15d9b6418e94f165911803e43830432226c660f4da67bb7c8ceb3755c07197d8b80b8d16b12c2ec63bebe107aa2350a7ae564bf69a6c52a2da1496016dd66a1c1b112"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x27, 0x0, &(0x7f0000000140)="3d6ee2e04b91ab10143d9abe86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

774.152652ms ago: executing program 2 (id=2553):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000f40)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r3, {0xfff2, 0xfff0}, {}, {0xc}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4947}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{0x9, 0x0, 0x1}, 'f'}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x34000844}, 0x4040000)

773.933934ms ago: executing program 0 (id=2554):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r0, 0x0, 0x3, 0x0, 0x0)

773.776895ms ago: executing program 1 (id=2555):
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000540)={@ifindex, 0x26, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

703.551769ms ago: executing program 0 (id=2556):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000), 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x7a28, 0x4)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x13, &(0x7f0000000400)=0x101, 0x4)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x20}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000840)={0x11, 0x4, 0x0, 0x1, 0x5e, 0x6, @remote}, 0x14)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

703.391909ms ago: executing program 1 (id=2557):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3a, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r1, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa)
sendmsg$sock(r1, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002200)=[{&(0x7f0000000200)="a74d7d9b0ce4e7e479bf307db7f3a50be9b8eb870e507cbca5b559b62ab42126949210113c698b32d85424d87254d726dbb0959aa61e398b5d87844fdea000f4f2e0f0f6cdc21156003bd276ba84e90bb8a87c8ed6fa907a45436894aac9b661ba9da2dacbc5a6fb2c949d3c0124d7f8e32cba95d09494c84e7e8ff51dc0f7bc7e12d45083fd27b605710a88efb59615a2b86456484d2530f766ec01bf22f994b59a2d2f084f20cff127142a933639b9939529625a3c05e68dc7bd6ee96e1feffd4133ea01ca124d6cde6bf4bf063f02943fb961181f1092249d0234c1ad1273df2f917cc5bea7d855d09985239d9a5c01845ca9bf0bf0ef595ed5e49324e01f1ab80733dcb0837ac35eb29427d28d93fb5e7de40eb4cf1695902b54637b3110491afd5559aa8ddcb03d08d012b3eebbd60b3aff4b57e03c6a762b4d8542dfe4d452bdb88ab3f4a9ce39fed81d590e7c28518ed70ce2ec5b3673650921172e093aff30991a509511df50a0c5ceca130e7c7fa9cf159bab17449663b8dfbc0c700c48800704230a04ba87b8c92e855679f39bf8d93c2b6a2308cce6e5583afcb7d27a27b5c500a28843ac17e01d55a5fdc24dccd36ec4d79bfc4295855e8e827ddfddda3500cb4796483dfab8e4beb817daf1955ec239f9b9280ba7ee3f6ed20ed5d2b6db7ab725a2820d24d0242f9023eb516c1ac1cc56417ec93ce511e3febfb2ac382d27c9ae5e3ec765e7c4b3ce3f6dae11259ad396d6697be67ac307b478e6dec895e2632d9a680d7271af47fe7069f167b76b34c93bc8669b8aade89cf5b2272412565fa0d6bd39a1c97031fb000ed7a6701e9c1b4ebb78abb6cc43f4b5c9a5ec9abcf3c7651b67f01dfdc62217c125863fea960c3ac63907cb79f0f0a8a18d90e639a0cd836b696fd60db6e3e820a1e326253dae688c3ed797692f79495ae392c69c4d826a5edb42a1694145b55f4f09fdb0567be8ccac41c2aad3b7609a6427979814c004309a7f97aa368766aa9a72abc995949515d7331878dc7a3629ae41185ce9f0ff2b329496a3d58475c73a28fe29a0e81c096e0fe3f31dc345be1980756ae19b486893f4cf1c4b9d9155dc0f926a2daf3b25fb364f56e4a3cc80a19913f0ac2103b5d56fa580020a49b79f40e0b5f2f651376b41341fc1bbde9ffb6e2d75120c1e0b61ebbe2748449d790fd1e41e464ffa34931e35ed505115b8150b8221a216dead6d0dd2885ad7f014468afb4f8c0a5cf647bb54992fd76b32bf7bdfea7873bd78cf0a197e67abc7b3dc8ddc3d19dd38fa97b6f518ed9ab73add5a6dda1ae77da18a16f5f178aba29ae8bb9ea888a9b8dec4e564b8984a7fb490e9234e45675b386d710f8cbde233df44343c33442b059b94525e54b6a693ae2aa176ced4994e1dcea1619dcf566ed222887e44c60cf9cb1118ecd0a08d56f0eff0eeffcc282bc9214f2c39981a85938becee3a427d978afe19525e9fc97c6f2f110f5eb1c4f77820b31b0d0efb7ebd16005b4ce966490f5cc3ae135310df1b6d7bba98da94785f5b3c6563b0e5a72f0c1630f9cc538be74846fda22508f74ab13df8aecca48dc2997be3e8bc90bfc4c93ba556b779805993e7d0da3dd2bdcfdddb6c5f7d26726969b96a9c989f415d9a76e614b3b33b231459b7021b5c5eeed8efe33cdeef9a729b60272613eda88fe14e780af569a2f64d41e339e52d74478783779270eec51fcee2e22adaaf0ca53bcfd3ba5a802e943f38eaff7c6684c0702a6edd01c8976e0b6a5f15379ec6359151c7b47c3c268cf5650b901718b05264e824cbc6316bd40eb2822e1655eda5f9eca0447ab4f4d80ae3f900f0f8b5eaba228502fb47ae310996c489e5057316e1dadba4f247d9cfab382bf88844252dff2f5c453ce9917ca3f3678498c8d81a436ca45b81f79ee66f3f2f8326f6a4c1b08180129514bc1fdc1763483fb75dd35944a7265d08ca88f8e8d1c78c8810605ddc2b5278bb2e55c83968d2e4868a5d0fbd915f55cf5edeab9dd82c57763f3ccbc8ecf920d2bf9d0ed3800046b8d56ec0bd0d2a8cd8242e90d04e777729a5be9a636f1b20d31710031fc93d10d641bbd282d3039ccce50cdb227c110246e2cb201aba4c2d17f9fd9e59b752ab441a604e4c6888ba39c22f2400824dafefd9a48fff2be29bf9ddb0a2ea56833cb9b3990d0291ac757f0f2fb9726a1a79950a7e8f1d3be6abd5ed62491a6fb6e323d8fa1ef756ca2e00e2428468ea7b2f79b49eb857a9af3e4165a8700dd6fb4ef61647b57d73225236b5a39490c40711efb8c70a316b7183adc1bf359b78c89eab892fae9ebcc3902d9fbb382e750212bc268de569a359ea5580ea3c14f6dfc30a462760b92915b8c1cb8b18774dbbe3c4a1f8d8ca566cf4ce2eba1a11008912ffa64b52fcc1b94cacb907e30b75a6083d0387abb96bdace199abea973b90a0736ed6ffa40ba2794a12daaf8d4fa070fcea51f973fe1512a0f364ec546be14b143a37c42072e6dff693b0d57555bd2af0932f24f3189467855ab5e8f4b27963a587ebaf2080a204c3df02bf186233cb0b0013a1d8594019b3a9fdd129c9d45ca853b454d62d79566da6a2d9a3419ec1d67e448258dd45793c66eedace47d2219f5af46ef7f0b26eb64cd5a0d7b9eed13fe487a30d9493a54bd0ac35517beda5dff95b2b4ab76e6267885cba22e9c68c15495435233a1b70a3e5ea851fcb75b0786d30768c00e96a1c3242c22670c7e24e9374656bcfe66fe4a3e6f7f7ffbe584bcdee5647d25d86492b49df94a94267fb6c056cdd30e57cd09cb961f4754b55d65115ccb53dfc9e298a293a77a3a469318964b4c259232e3c2f6f6e460a7de8d9a2cb5dc289e362089ede1eb9e72168af0806f442f004f3fbe0649e1d755a28a8577f3b05d5c151e9c843c2fddc39ebfe017191e62232bf4634ef34bbbc33312f26cd4bcf08931cd80477a008eae9f8bac515b6008ae05ad60d808865187c43037c733958d158f9156f593ee2f312d11f39a3f451a62a620c915704464fedaa7c698567dc186bfb963edc436c0313770677d24cfef9122bb13dacee611e57f8c9a4eb43aa8fed0b7ed81e3113c77e7d4bb248b5f116f4dd7066c953af9635a743b31edc3cadf519cb3edd3ff43870dd43d84e917cfefa9852551ea39721333d209e56ef48a979e846cc503c59449677284f2f7c66eadc91e6383dea79d5afe51da3ff704753a4bf3ae4d0e6d311c8aa32f92057f339492044f4307f2ec278415313cd36b06e84dfbf9c6ea55577e5ee08e0c23ac1c372a2eb95a2dafe9e8cbd5ad4f1159d889b7cc220e46c845c2d302b81103139e41b44004cf0cc0bea25fe32f2994638f75ae6ee96e2f5ee22436ce632a17651ed48de53db485de16c56b8590ae8c47503baee410f406f667a1af8ba900b5db12c221f95941ff60d306fcbdabaccb87a785f8fc25417503fffd03e671e274410f00919725db2ec88e5f91dd8301130b6b375bb1a4607911d9e77659bdb661c60d04330fa77643eabe1ee40c69ef38948db515210af1f319d6dad487684c37a29641a1dde31516007df050ed458c5ab7d4044e8c4390a646b31b7ee7882096b303dc3995321dcc8e6917a0478115f782a40bf824b9ec3d518713a73bd6870aa7795eb656c78fe531aa0cdcc4f1ead8768be51ac3d14c01a8ea2f7ce46cf89c37eb0a6c79c218f2a66f244f6d2e6dee2cb2d5623d2ee5baab33d52d50639e6ec363deb56d75324f07b484afbb4556da75c133f2296979e463a2b4854c9ca9cdee6a7b301132033fc1b99bb4a2f77dbda6644490a240d3418e0e7392a90f070dd336ac3358d52ec8c78ac42e3aaea57702579f91e78cb8c95df9bb718577c3472e6d115724c715a5de10b38e3df11333224cccbe97fc6bac041cf68e4c898dbf2825af7129fcd9d705ff55676ed61d87e0a067f88e5ec726537864c40c11d0eb6c2721dc54f9d9ca9fa90e90ba1876e460935578ec83051d101576ebddcb6a2cc7724e911e76a426af64bae5b021447c943e18e2221ccb557a7b117e60b6e8b0472354047d46aff39f02e980572363fd127236fe1bc7d18624c2f9c77f0033ec22c044dab18135d8a7d3b7ea5e8d360a75abb0daaf336088a68512653dc86802f7adeb62ac849729cd4b6e8a329bae02a5782247521f78cb85838c9e6cb4fb915be8188594714d94ff316e56c1d2a36a9c49e41b1cc6048caaeb", 0xbbb}, {&(0x7f0000001200)="f55d42593d0684c8aa70712dcfc9c1065096404b96a3a7f93a4614407f4112937b99add88419c7aed853f4288cdffa731e07af240f24e6a396e9499518d50a53613b2efd83d251c791ed1c7d6b1b225c46e12a06f80cba57a435ff4bee841085028ce0a869a57acdd17bafe6e8fd7234b9f31d9f2c3de189679f29d320d21c0ccd88a1331ed9943582a1ed9a2b461ff780b37de13f6fc36976b67b4c3a823d93df0679689cb8578b89f557578c1717fbb07d9c238b2b73a0b6c7d726c8c02e68be42c7262f17cb14a59885fbb73ff37f03b7eb56a683346ac5aa1ac344c98f392596593cc3711f2f1592922022eb91880f5f1bcd1ffc832a1e99f5737a13e71cbbb6019ee730698e9866560c3600981e1d48411aee1dc9524f42a0e35607ccb3e68a8e7b2c08e81db32038cc9873e30432152f1e8b125f3a2f7b38c3161554816c0ba7322e80190f8f95ce690d2c8671b3ce53f384ce5c4bdd96738e18c26b55c19f41eb7881f3076b1eef59d57704d249873c2ef058bf82d18f517c61066ef4f20546b0323afc85911180152748bec5b657bfb3ddc78f34c552659d262d9eb37f4ecd75495074e1377a4dcaf0b07b461f0757629a202a3ed4c33be39a92d2cf92fdcbb5dde6cf7019018a86a81a4c016c834e93cbb374a8452ad60db54f5ce593438f895e79ac4fe4c1fa1b08516d605436a13b6fc802d525752bcff60715f345e12dd48032e6519e79459ce869e45103c4d1df1b845e1bdf23ee73b53b5bd3bb6872b1913948c8095637ea01d6a667f5fd1a2b2c73a16e9f21c8e7add1275cd60973337b5941d1c2b58048aea1554d2cd18dd9c37b22d0c6bb6e9b8d68217bcef62890f9089606bc4ec44257dac9bcec02ead78f207a2d4d7f5e6f9be80b7f6bf65fc147b80697d6c5b8dd5c5b7a8cfba22a56d518dd936fdaa799eb329c1f00e45542862e8e2122e1cfd0b84889e594aa54c68103a8181737c53c4e00367dd300b0c00715eefcb983aa24e00dc68bc3b09cf8f2be6f360f42d4aa58c426198a0eb76d6d60e8f74933c50153d546dc991024cef921e32206600d359e45e44c67ce9f3ef3c7538ccb7dcdb8e60e02c570e104b9fff4d29d18759f0e5c16d2a293cbea01f6e69804b3651ea6b2a8ba5f8ba6be1835c6a30e7224197bb4910fcbfd4e3add9d4ba2b7003241ead23e5937bbf2d7932ffe835f6ab729fa5b95be10042e6f740a2c09bb371cc8a49c26863fc3101116adc25ae6495d321a49248db0467b7e16df783d2e4e854bf7e37eed3d959a14ebd3a7f235130e89cff3b1dde698a2d558d6ef286d293d44b5c571a350ee53d7d911e37a6bb7956fe893249e4b84d596cd47750b133706919bb353d27f05102ea019c698c08c0aff0c2b4e01b9910a61ce33ef4401489058fcf3178adc7149c29434fd94ad49afd0eb2ef288c62a67866d1f6d031b9d532bfde6198c0454be303a5f1e0527500760684bb8dd95c33c97e19fce64eb9fa2fc4728a9183e26e25fb6b46b8fde2e8973d4f50e8e4da21a301c92e11688cf6d3f22cd21f164029e89aaa69f21c72c2c0238f1e8319f18e9c657c5164f22d9b053126440e7c1d5d60d8af86947e9df26907ddff7f942a736c1a24ff68a643d814733f0ef8b82ad61a7aa8981e6dd4f166df8c80bdac44709cd8f441578b4eb9357377048fe09b7267c98d3f9c0ee2897d9d11de7ed724616e4d1e2a8ea37ba7bd7c7c25ce18a4d6fac26eec2a2589295762c84bed23e7664d175581f5e6f8544e85c67a5dbfd5cbb6036e71082b3dbef29432e8f368ac1c68c49c3c21eb78e197f8933b8d71d717f2d0871c7861a52639079fd1c965f04047e374f4d1abeabfb2b40751244a0465f3489a00f05742e744d550c4ec3a24ddd4fcc169d62d911f38bc7aa3ceb285ec7e9293e75041ce8dda2dd68b26e5832a1dd7d71f92ced44f9e4e846f4ada1811da2c64c97b3689878beb02936e37b8dc0d70471916dfb4ffecd4225995785e9654ff668f305fd8857fdfcc500ba88d1e83f44f62c38e71091014037224296b61e9cfd8ec875e26b148db3cd2e590338279a87c5ddb4f70bf03b75f7a426b182572d91933d8e3394ed9621eb500c2705cc858c9e2cf1f1dede8d59aa72fc67d98a50a51d4b55727d0f14dc0d458c749f311337250f7eacf120a5efb4d2df25de99a09d2d3e2ed54dfe0213aed2035cf2074d757d7cdbbd21e3fe44ccd09c9c6f32a598fee80da6c9aa07578f76ccd5aaa72e6779e5104d048670406c972b35ec107283c9ab4bac88e1deb9ba3303158fe53409974190a17014da89f7f4b7c31662dc3c9b76217df4a56230a1248970dd18ff4195b083520b94c0e6594175095dec768b6f006f9c85c2d2c251b4e7faa01982e1d87f7cd56ac879cb1db665bd275a92e5e318f4641312c9f32868c25b7f7d766113ddea4e92bf27f1f3b4f02ed946b193f00cc6931e9b6e1b6df1e6cde744fa7d881ea1ccb5dc21871076d2b989ac760f0e850a40084cd7566484364371a71a94ba95ff4005d54685240c4f449a1cc9e730e5fea643caf2c2d7a245253cc26a82451775e95125c5c46f8f5c51cb9f2d3b3820d56e53970f83029f0e130140a8fdb75d5793ebb2076ffc6a7328910bde1578fc98ec3d2ec99fd0a321edfb78593545e762dac5086b127192507495bceda6d11d5be304008dd8a68d54bbc7959a2c8ab635cc7820e5d742e6c5cfd012a2a0519a25b2c659e9cd351ce4c2e7acb88d29d1d98090108a7dff3cdc46c18943c057dc9b65b20da6e27e8c0e975f04d703df1005395ef7fb10e7d60a43782144c2f9c64682c7516f5027d62f7eefb04a22245e081691ebde93b5c577cf33363b63718d1b2923b2d8e687cbffa3a1c8f06d3c466c1ad20a8d0e79a61aed620da4a85c30786b55938814b47e0f876b35a38ec4e5dd09977f40ea66fd53c87d6a54febfd44b0ad6e846b1147bb7621d512ccc682911b44de0f0baf5ff07e79d51e5c5480ccfd5a2ff8e14b489de1359a5420424f6a8890ce21e7e71afc800869c16867473bdafd8c71b1ae475ee437ce3326a23acda7cc603445aa84329c3ed6c2d9814985dff777f77744e0ebc7076fe791b8561e82938379956646151d0d2592f8238747d61626fca44b003526b2cf693da02e77e0c798d969dd6354f25fa3b417379008df9dec0289c347047e85c7763d9737d1951168837c8919ddf8c6a663cba2394fa8dd864ae30489dbf17e9b61813e2ed6285f29d7df59cec8826fe34add48530ab7f2c9cfdb5773b019a6bd96eb786467f0a2b7c857cc9a4ade8cd1dc8949b8b79fca5059baddc4dcb3a0c77e7dc1c61a000e6f76f5727e735400e94613a51726a1a002437543f2c43788fb8e5a05a484cd4aae985b32103cd7930238c73ea229deb54fea5f520b7d505c2f11f5b9eea5c0ed59e8c8aa941c7bae3aa1f6a8bf91b2e14d68647fab7562a04956ae4f56c2c48b17eef74dfc2374d7b5413f2181d4e255802d66afa864e4d482c8f746a9b4e436ace813cd60177e828199d64f85ecb820c07663d2b2af016ba9467cb29afcc051ac4986b82fa4018fafe17b474982fe0aa00566de5765fc73923f3658cfc148a9e62e1ae6c24e481a12d776fef7d531593987ffc82ab84e82bd6378ce58a6a0a7727ace58c817f7abbaf9b687eccc9475c9accad52f8239c991840edf2a3a10be884995072531cff7147da5969378bc3b3bedef722278bd708ff019d81be8c3c248e33b0fb5a1aa586336142d1d2b4a16833fe3931308b39aed4b25159c72c356b94e90bf2737f536f16efdf30e9f433f61b4fa10660a3e50b0f7687939cad680f04907c46029ff47cea5bb2f1c441cf484093a3fdbed590f2be5938e9c0a75b077680471ac386d5ea5eb303e8274b260b85e866b2c544f4cb5a84c010d3db918651620f8055eedd83e82c7c6486ae44859239e67a3e6ab716741a9c165cc267174457bace3746322068a62cda0a5e77f968a692b1bf901077340779576d89cca22a355531d1d17e236c49b18d728448cb9fc4e156d46adbf21e890ee5981ee0cf93625e4a32858e02d6d36381ed307a7096b4e1ee326b06b58a5abc47ccbd7d6131b47be4ab4d890bb6d486ce2d3db9d82244aaebfdf4857ef4ebe88950dddf1eedafc7dede19595676684dddd3c4d23a0642c559beae8bca56f30b40d0eada2a667276893ba0b2796d4ac8f9fdb6ae8c4659cfa88a7b2eac628bb5fb3e99ecb8cdf3b4a7cb3706b47f32435a87acfb59ac6ba1feefc849c609ba51ed453620c4981091a8797f279eebc50fb92b01ef680d995cc6d67ff273eecd22e890cf60c2740618a8b18ce60b2a6733ba64811a69edaf51411c848f5fb0dc10c8284dc8457ba57d9329a7b82a149900d722f096d40867608021e88c138b3872605a789e0d630b47db96ec64da0ad3fda71478c9e0250048d4aaf9beb1f63c5f609577cfdd52442106d2b30d332cfa4a3a9ae15015e02d36276993795f4342b9113937b5e18507d02c6a77af351a5d69b552973979ea9b02c0017bb27197635bf17edeac56d456b51876bd20d3a5b05d43cb949d98095e959d1413a9b27b0bcc86863adb3cbff65429c33001620ea45c88afe0021fb70625e43204e5da66d18c0a87bc178f42b85d157e43375fb6e9eb3be2782d3c133916f24b5e8b37157258ac679410f3f889e05f66cafcddcea0bee6295f17a0561804d67e427fa5656250f361bf8990ea35c914c7f26fee12b4c537134f594e2de25742d71d7313afd5aad3b2b477e83618e7b56eff6c7440079cf90f9efe3046498585464d03d8f5a7e95a697c900e38e0cf7f1bdc1a2658231669be0c713784e4f5e097e32a423ba552b8c467847a4a355e07f8e8b7e6a9f4d02c95820255a6665da596466acebf294202d33266cddc48e535458f7e8944fae44822f94f430bb645e7847c72aa2e62f7290049f5cf4d844241eb9e1e5f8601daf9c44012fd806ae2521e49aff64df62ead668efef0cf7ee404fe8b5b5c43b4ae5fcf59f71ed208111cc3090e8e52c22abc25bca393ae8ac25293fed7f882dd6c56631520574dc8326ada94775e68849cfd801618e5940abfd00d84f6fed8a8bdd7a05c1936fb8b34b9dc10b978a964a10a6d3414f15ebf8ad0c1ffbb5ed8be8fd6d4a11c848193debd3561735a4162ef2cc86f6173375ef236122c592d4028614edc83e67dbd8921ec04aa3cca0368eb3fb78752ecdd01771e884f0d3fdb3b7c75a85b3b8de1abb680f084fb421e1c552aa5348f6560ed42f491fa2074a1bdd0577a9d138cce251d902e044175c5a35b7ac0f1d6a1872cbd179b91b09fa5789d920b515fd6fc83abacd564fe61a2401213317921980451964cca", 0xeee}], 0x2, &(0x7f0000002240)=[@txtime={{0x18}}, @timestamping={{0x14}}], 0x30}, 0x4008804)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x1c, &(0x7f00000010c0)={@map, 0xffffffffffffffff, 0x2c}, 0x20)
sendmsg$sock(r1, &(0x7f0000000ec0)={&(0x7f0000000e00)=@caif=@util={0x25, "2cd0304c7cd94cae7b290dc41210f7f8"}, 0x80, &(0x7f0000000e80)}, 0x14)
sendmsg$nl_route(r0, 0x0, 0x4000800)

702.076103ms ago: executing program 2 (id=2558):
r0 = socket(0x2b, 0x80801, 0x1)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ppoll(&(0x7f0000000580)=[{r1, 0x2000}], 0x1, &(0x7f00000005c0)={0x77359400}, &(0x7f0000000600)={[0x3]}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4, 0x3fc, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2}, 0x1c)
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0xcf)
getpeername$ax25(r2, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, 0x0, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000140)=[{&(0x7f0000000340)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000300080c10000000000000000000", 0x58}], 0x1)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r6, 0x29, 0x14, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0xd}}, 0x14)
socket$netlink(0x10, 0x3, 0x9)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000180)={0x84, @rand_addr=0x64010102, 0x4e23, 0x2, 'dh\x00', 0x17, 0x5, 0x4a}, 0x2c)
ioctl$VFAT_IOCTL_READDIR_BOTH(r7, 0x82187201, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r8, 0x400448ca, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@random="9ffbf4c8e5bfa99ac3b577c9dda93f037a6aed8189d9775647e82c64ac89f4a2", 0x20, 0x1)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYBLOB="80000000080211000001080211000000080211000000000000e3ffffffffffff63822f07c13b1974f100010000060202020202020108"], 0x36)
bind$bt_hci(r8, &(0x7f0000000280), 0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)

489.510965ms ago: executing program 0 (id=2559):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000280)='\x00', 0x1)
setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x1d06037, 0x4)

405.461698ms ago: executing program 0 (id=2560):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000080)='>', 0x1)
setsockopt$inet6_int(r0, 0x29, 0x4b, 0x0, 0x0)

405.279244ms ago: executing program 0 (id=2561):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r2=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r2}}], 0x20, 0x2400e044}, 0x0)

158.888394ms ago: executing program 2 (id=2562):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)={0x38, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x10, 0x8, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x13, 0x4}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

115.174721ms ago: executing program 2 (id=2563):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x52}}], 0x1, 0x0, 0x0)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

33.628008ms ago: executing program 2 (id=2564):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@deltfilter={0x24, 0x2d, 0x200, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xf, 0x10}, {0x3, 0xe}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0xc0}, 0x50)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'hsr0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0xb4}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

0s ago: executing program 2 (id=2565):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000100)={@val={0x0, 0x800}, @val={0x3, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x66, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @redirect={0x5, 0x0, 0x0, @multicast2, {0x5, 0x4, 0x3, 0x2, 0xf6c, 0x68, 0x2f, 0x5, 0x33, 0x1, @remote, @rand_addr=0x64010101}}}}, 0xfdef)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:3413' (ED25519) to the list of known hosts.
syzkaller login: [   48.753928][ T5745] cgroup: Unknown subsys name 'net'
[   48.840200][ T5745] cgroup: Unknown subsys name 'cpuset'
[   48.843723][ T5745] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.088952][ T5745] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   59.680826][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   59.684802][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   59.689676][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   59.692907][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   59.696396][ T5867] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   59.699307][ T5867] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   59.719953][ T5866] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   59.723107][ T5866] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   59.728438][ T5867] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   59.730934][ T5867] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   59.748422][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   59.759396][ T5871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   59.764118][ T5871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   59.767479][ T5871] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   59.775499][ T5209] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   60.033422][ T5864] chnl_net:caif_netlink_parms(): no params data found
[   60.154832][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.157736][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.160241][ T5864] bridge_slave_0: entered allmulticast mode
[   60.162951][ T5864] bridge_slave_0: entered promiscuous mode
[   60.176556][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.180829][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.183889][ T5864] bridge_slave_1: entered allmulticast mode
[   60.188607][ T5864] bridge_slave_1: entered promiscuous mode
[   60.249857][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.256492][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.289415][ T5864] team0: Port device team_slave_0 added
[   60.294616][ T5864] team0: Port device team_slave_1 added
[   60.306130][ T5868] chnl_net:caif_netlink_parms(): no params data found
[   60.349733][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.351928][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.360576][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.370984][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.373526][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.383023][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.406378][ T5860] chnl_net:caif_netlink_parms(): no params data found
[   60.468387][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.471094][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.473326][ T5868] bridge_slave_0: entered allmulticast mode
[   60.476657][ T5868] bridge_slave_0: entered promiscuous mode
[   60.493829][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.496761][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.501102][ T5868] bridge_slave_1: entered allmulticast mode
[   60.504398][ T5868] bridge_slave_1: entered promiscuous mode
[   60.514102][ T5864] hsr_slave_0: entered promiscuous mode
[   60.517164][ T5864] hsr_slave_1: entered promiscuous mode
[   60.569677][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.588067][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.598999][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.602038][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.604586][ T5860] bridge_slave_0: entered allmulticast mode
[   60.608754][ T5860] bridge_slave_0: entered promiscuous mode
[   60.631679][ T5868] team0: Port device team_slave_0 added
[   60.634193][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.637043][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.640315][ T5860] bridge_slave_1: entered allmulticast mode
[   60.643821][ T5860] bridge_slave_1: entered promiscuous mode
[   60.652102][ T5868] team0: Port device team_slave_1 added
[   60.702416][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.710564][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.713137][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.723738][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.734288][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.745237][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.747425][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.755858][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.799182][ T5860] team0: Port device team_slave_0 added
[   60.813142][ T5868] hsr_slave_0: entered promiscuous mode
[   60.815686][ T5868] hsr_slave_1: entered promiscuous mode
[   60.818274][ T5868] debugfs: 'hsr0' already exists in 'hsr'
[   60.820344][ T5868] Cannot create hsr debugfs directory
[   60.826021][ T5860] team0: Port device team_slave_1 added
[   60.871520][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.874104][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.883404][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.899633][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.902362][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.913001][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.980272][ T5860] hsr_slave_0: entered promiscuous mode
[   60.983164][ T5860] hsr_slave_1: entered promiscuous mode
[   60.985321][ T5860] debugfs: 'hsr0' already exists in 'hsr'
[   60.987281][ T5860] Cannot create hsr debugfs directory
[   61.012099][ T5864] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   61.037417][ T5864] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   61.042438][ T5864] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   61.061933][ T5864] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   61.185103][ T5868] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   61.198389][ T5868] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   61.210772][ T5868] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   61.227254][ T5868] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   61.261524][ T5860] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.268062][ T5860] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.280610][ T5860] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.286387][ T5860] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.322379][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.356200][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[   61.370786][ T4368] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.373763][ T4368] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.403233][ T4368] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.406297][ T4368] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.451260][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.468752][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.490064][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[   61.500637][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.503483][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.514860][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.517624][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.525292][ T5860] 8021q: adding VLAN 0 to HW filter on device team0
[   61.537040][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.539903][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.562666][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.565260][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.586238][ T5868] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   61.592938][ T5868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.643603][ T5860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.684075][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.721983][ T5864] veth0_vlan: entered promiscuous mode
[   61.738920][ T5864] veth1_vlan: entered promiscuous mode
[   61.764067][ T5864] veth0_macvtap: entered promiscuous mode
[   61.783899][ T5864] veth1_macvtap: entered promiscuous mode
[   61.809112][   T55] Bluetooth: hci1: command tx timeout
[   61.810051][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.811460][   T55] Bluetooth: hci2: command tx timeout
[   61.816283][   T55] Bluetooth: hci0: command tx timeout
[   61.832746][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.851381][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.861028][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.863777][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.869523][ T5874] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.882676][ T5874] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.934817][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.967074][ T5868] veth0_vlan: entered promiscuous mode
[   61.979881][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.984290][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.001188][ T5868] veth1_vlan: entered promiscuous mode
[   62.030081][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.035080][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.035509][ T5860] veth0_vlan: entered promiscuous mode
[   62.055583][ T5868] veth0_macvtap: entered promiscuous mode
[   62.058929][ T5860] veth1_vlan: entered promiscuous mode
[   62.063274][ T5868] veth1_macvtap: entered promiscuous mode
[   62.071798][ T5864] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   62.086805][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.099010][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.103827][ T5860] veth0_macvtap: entered promiscuous mode
[   62.112088][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.115662][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.124727][ T5860] veth1_macvtap: entered promiscuous mode
[   62.135908][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.139745][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.220290][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.240025][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.289769][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.301195][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.310881][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.314159][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.318327][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.321333][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.386082][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.390087][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.450181][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.456807][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.514949][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.522052][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.655254][ T5942] netlink: 26 bytes leftover after parsing attributes in process `syz.0.28'.
[   62.905791][ T5966] netem: incorrect gi model size
[   62.908880][ T5966] netem: change failed
[   63.372265][ T6002] syz_tun: entered promiscuous mode
[   63.374099][ T6002] syz_tun: entered allmulticast mode
[   63.473424][ T6007] netlink: 4 bytes leftover after parsing attributes in process `syz.0.66'.
[   63.888931][   T55] Bluetooth: hci0: command tx timeout
[   63.891292][   T55] Bluetooth: hci2: command tx timeout
[   63.893635][   T55] Bluetooth: hci1: command tx timeout
[   64.306524][ T6073] Driver unsupported XDP return value 0 on prog  (id 11) dev N/A, expect packet loss!
[   64.872371][ T6116] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[   64.878835][ T6116] macvtap1: entered allmulticast mode
[   64.881052][ T6116] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[   64.888951][ T6116] batman_adv: batadv0: Adding interface: macvtap1
[   64.891735][ T6116] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.905903][ T6116] batman_adv: batadv0: Interface activated: macvtap1
[   64.964576][ T6122] netlink: 104 bytes leftover after parsing attributes in process `syz.2.119'.
[   65.235569][ T6136] netlink: 'syz.1.126': attribute type 8 has an invalid length.
[   65.420819][ T6150] warning: `syz.0.132' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   65.588707][ T6162] netlink: 'syz.0.139': attribute type 1 has an invalid length.
[   65.591580][ T6162] netlink: 'syz.0.139': attribute type 3 has an invalid length.
[   65.596997][ T6162] netlink: 224 bytes leftover after parsing attributes in process `syz.0.139'.
[   65.807315][ T6182] tipc: Started in network mode
[   65.824481][ T6182] tipc: Node identity 22d7deb8ed28, cluster identity 4711
[   65.827502][ T6182] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   65.855929][ T6182] syzkaller0: entered promiscuous mode
[   65.860278][ T6182] syzkaller0: entered allmulticast mode
[   65.900935][ T6182] tipc: Resetting bearer <eth:syzkaller0>
[   65.923005][ T6180] tipc: Resetting bearer <eth:syzkaller0>
[   65.946913][ T6180] tipc: Disabling bearer <eth:syzkaller0>
[   65.965052][ T6194] openvswitch: netlink: IPv6 tunnel dst address is zero
[   65.979319][ T5871] Bluetooth: hci2: command tx timeout
[   65.981900][ T5209] Bluetooth: hci0: command tx timeout
[   65.984156][   T55] Bluetooth: hci1: command tx timeout
[   66.161624][ T6202] bond1: entered promiscuous mode
[   66.163678][ T6202] 8021q: adding VLAN 0 to HW filter on device bond1
[   66.203410][ T6208] netlink: 240 bytes leftover after parsing attributes in process `syz.1.160'.
[   66.442843][ T6229] Zero length message leads to an empty skb
[   67.530516][ T6249] netlink: 8 bytes leftover after parsing attributes in process `syz.0.178'.
[   67.614960][ T6250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.176'.
[   67.619976][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[   67.623043][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.626433][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.629860][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.633185][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.636604][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.640136][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.643486][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.646907][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.650434][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.653911][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.657246][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.660706][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.664050][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.667480][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.670824][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.674077][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.677388][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.680901][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.684249][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.687605][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.691024][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.694252][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.697434][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.700827][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.704119][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.707329][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.710686][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.714076][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.717394][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.720880][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.724112][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.727481][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.730823][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.733774][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.736343][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.739117][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.742247][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.745491][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.748770][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.751981][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.755132][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.758229][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.761346][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.764582][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.767722][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.771066][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.774122][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.776991][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.780152][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.783391][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.786577][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.789661][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.792363][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.795035][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.797541][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.800140][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.802723][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.805356][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.808438][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.811107][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.813848][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.816864][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.819425][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.822260][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.824810][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.827438][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[   67.830334][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[   67.909591][ T6259] netlink: 72 bytes leftover after parsing attributes in process `syz.1.181'.
[   68.058804][   T55] Bluetooth: hci1: command tx timeout
[   68.058854][ T5871] Bluetooth: hci2: command tx timeout
[   68.061176][   T55] Bluetooth: hci0: command tx timeout
[   68.484663][   T13] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   68.492717][   T13] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   68.510662][    T9] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   68.581773][    T9] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   68.693657][ T6313] team0: entered promiscuous mode
[   68.695856][ T6313] team_slave_0: entered promiscuous mode
[   68.698734][ T6313] team_slave_1: entered promiscuous mode
[   68.723900][ T6315] syz.1.206 uses obsolete (PF_INET,SOCK_PACKET)
[   68.812479][ T6319] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[   69.248415][ T5861] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   69.350144][ T6361] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.537129][ T6383] netlink: 'syz.1.233': attribute type 1 has an invalid length.
[   69.595998][ T6383] bond1: (slave bridge1): making interface the new active one
[   69.603456][ T6383] bond1: (slave bridge1): Enslaving as an active interface with an up link
[   69.914047][ T6415] netlink: 'syz.2.248': attribute type 1 has an invalid length.
[   69.917475][ T6415] netlink: 'syz.2.248': attribute type 2 has an invalid length.
[   69.959099][ T6412] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[   70.300157][ T6432] netlink: 12 bytes leftover after parsing attributes in process `syz.0.256'.
[   71.084235][ T6488] bridge2: the hash_elasticity option has been deprecated and is always 16
[   71.090732][ T6488] bridge2: entered allmulticast mode
[   71.173283][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.176083][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.288697][ T6509] netlink: 12 bytes leftover after parsing attributes in process `syz.0.291'.
[   71.295244][ T6509] netlink: 'syz.0.291': attribute type 1 has an invalid length.
[   71.368365][ T6509] netlink: 20 bytes leftover after parsing attributes in process `syz.0.291'.
[   71.374928][ T6509] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[   71.446247][ T6523] netdevsim netdevsim2: Direct firmware load for 2Q failed with error -2
[   71.467187][ T6523] netdevsim netdevsim2: Falling back to sysfs fallback for: 2Q
[   71.585320][ T6531] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   72.490470][ T6558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.313'.
[   72.495150][ T6558] netlink: 'syz.2.313': attribute type 5 has an invalid length.
[   72.499397][ T6558] netlink: 20 bytes leftover after parsing attributes in process `syz.2.313'.
[   72.516163][ T6558] geneve2: entered promiscuous mode
[   72.522225][ T6558] geneve2: entered allmulticast mode
[   72.525263][   T12] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[   72.541513][   T12] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[   72.547915][   T12] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[   72.555761][   T12] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[   72.571926][ T6562] netlink: 10 bytes leftover after parsing attributes in process `syz.2.315'.
[   72.755482][ T6581] netlink: 8 bytes leftover after parsing attributes in process `syz.2.324'.
[   72.761240][ T6581] netlink: 7 bytes leftover after parsing attributes in process `syz.2.324'.
[   72.796748][ T6585] netlink: 'syz.2.325': attribute type 8 has an invalid length.
[   72.847916][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[   72.852136][ T6589] netlink: 'syz.0.327': attribute type 7 has an invalid length.
[   72.855665][ T6589] netlink: 'syz.0.327': attribute type 8 has an invalid length.
[   73.257434][ T6617] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   73.262660][ T6617] syzkaller0: entered promiscuous mode
[   73.264455][ T6617] syzkaller0: entered allmulticast mode
[   73.282513][ T6617] tipc: Resetting bearer <eth:syzkaller0>
[   73.290518][ T6616] tipc: Resetting bearer <eth:syzkaller0>
[   73.308644][ T6616] tipc: Disabling bearer <eth:syzkaller0>
[   73.491648][ T6626] __nla_validate_parse: 3 callbacks suppressed
[   73.491658][ T6626] netlink: 36 bytes leftover after parsing attributes in process `syz.1.344'.
[   73.497396][ T6626] netlink: 16 bytes leftover after parsing attributes in process `syz.1.344'.
[   73.501796][ T6626] netlink: 36 bytes leftover after parsing attributes in process `syz.1.344'.
[   73.506999][ T6626] netlink: 36 bytes leftover after parsing attributes in process `syz.1.344'.
[   73.695683][ T6630] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.699184][ T6630] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.804996][ T6630] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.815559][ T6630] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.960074][   T13] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.970033][   T13] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.973673][   T13] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.990826][   T13] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.221840][ T6650] netlink: 'syz.1.353': attribute type 12 has an invalid length.
[   74.286093][ T6656] openvswitch: netlink: Geneve opt len 11 is not a multiple of 4.
[   74.383190][ T6661] netlink: 'syz.2.357': attribute type 1 has an invalid length.
[   74.476266][ T6665] netlink: 20 bytes leftover after parsing attributes in process `syz.0.359'.
[   74.756838][ T6687] netlink: 24 bytes leftover after parsing attributes in process `syz.1.370'.
[   74.903956][ T6699] netlink: 'syz.0.376': attribute type 10 has an invalid length.
[   74.918066][ T6699] netlink: 40 bytes leftover after parsing attributes in process `syz.0.376'.
[   74.922350][ T6699] dummy0: entered promiscuous mode
[   74.935353][ T6699] bridge0: port 3(dummy0) entered blocking state
[   74.946594][ T6699] bridge0: port 3(dummy0) entered disabled state
[   74.951355][ T6699] dummy0: entered allmulticast mode
[   74.956362][ T6699] bridge0: port 3(dummy0) entered blocking state
[   74.958959][ T6699] bridge0: port 3(dummy0) entered forwarding state
[   75.247227][ T6726] netlink: 'syz.0.389': attribute type 21 has an invalid length.
[   75.299890][ T6731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.391'.
[   75.385247][ T6735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.393'.
[   75.670065][ T6764] bridge0: port 4(netdevsim2) entered blocking state
[   75.672836][ T6764] bridge0: port 4(netdevsim2) entered disabled state
[   75.675667][ T6764] netdevsim netdevsim0 netdevsim2: entered allmulticast mode
[   75.682069][ T6764] netdevsim netdevsim0 netdevsim2: entered promiscuous mode
[   75.686417][ T6764] bridge0: port 4(netdevsim2) entered blocking state
[   75.689378][ T6764] bridge0: port 4(netdevsim2) entered forwarding state
[   76.175578][ T6796] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   76.190372][ T6796] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   76.663853][ T6821] netlink: 'syz.2.427': attribute type 21 has an invalid length.
[   76.681116][ T6821] netlink: 'syz.2.427': attribute type 6 has an invalid length.
[   76.684386][ T6821] netlink: 64 bytes leftover after parsing attributes in process `syz.2.427'.
[   76.808830][ T6832] netlink: 'syz.0.431': attribute type 83 has an invalid length.
[   77.414472][ T6875] batman_adv: batadv0: Adding interface: gretap1
[   77.417078][ T6875] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.431282][ T6875] batman_adv: batadv0: Interface activated: gretap1
[   77.536439][ T6891] veth2: entered allmulticast mode
[   77.591135][ T6897] C: renamed from lo
[   77.594284][ T6897] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   77.736210][ T6907] netlink: 'syz.2.466': attribute type 12 has an invalid length.
[   78.041247][ T6937] netlink: 'syz.1.482': attribute type 9 has an invalid length.
[   78.141338][ T6949] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   78.341954][ T6973] netlink: 'syz.2.496': attribute type 1 has an invalid length.
[   78.356969][ T6960] netlink: 'syz.1.493': attribute type 13 has an invalid length.
[   78.360644][ T6960] netlink: 'syz.1.493': attribute type 17 has an invalid length.
[   78.373394][ T6973] 8021q: adding VLAN 0 to HW filter on device bond2
[   78.477631][ T6960] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.487997][ T6960] 8021q: adding VLAN 0 to HW filter on device team0
[   78.498826][ T6960] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   78.543241][ T6960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   78.751814][ T6988] __nla_validate_parse: 5 callbacks suppressed
[   78.751828][ T6988] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.501'.
[   78.761995][ T6987] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.501'.
[   79.551060][ T6960] syz.1.493 (6960) used greatest stack depth: 19800 bytes left
[   79.864249][ T7040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.524'.
[   79.942721][ T7042] netlink: 12 bytes leftover after parsing attributes in process `syz.1.525'.
[   80.295596][ T7064] netlink: 208 bytes leftover after parsing attributes in process `syz.1.536'.
[   80.302568][ T7064] netlink: 208 bytes leftover after parsing attributes in process `syz.1.536'.
[   80.627312][ T7092] netlink: 'syz.1.548': attribute type 16 has an invalid length.
[   80.638268][ T7092] netlink: 'syz.1.548': attribute type 1 has an invalid length.
[   81.096143][   T12] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   81.140274][ T7139] IPv6: Can't replace route, no match found
[   81.420474][ T1284] cfg80211: failed to load regulatory.db
[   85.652269][ T7188] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.588'.
[   85.775983][ T7200] netlink: 20 bytes leftover after parsing attributes in process `syz.2.594'.
[   85.870084][ T7207] netlink: 92 bytes leftover after parsing attributes in process `syz.1.596'.
[   85.956995][ T7212] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   86.086744][ T7220] netlink: 20 bytes leftover after parsing attributes in process `syz.2.601'.
[   86.105104][ T7220] ip6_vti0: entered promiscuous mode
[   86.110296][ T7220] ip6_vti0: entered allmulticast mode
[   86.290398][ T7233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.608'.
[   87.081571][ T7261] netlink: 96 bytes leftover after parsing attributes in process `syz.2.620'.
[   87.319734][ T7271] netlink: 64 bytes leftover after parsing attributes in process `syz.1.625'.
[   87.322854][ T7271] nbd: must specify at least one socket
[   87.335233][ T7273] tipc: Started in network mode
[   87.340737][ T7273] tipc: Node identity 4ab38526b0bf, cluster identity 4711
[   87.343787][ T7273] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   87.348483][ T7273] syzkaller0: entered promiscuous mode
[   87.351571][ T7273] syzkaller0: entered allmulticast mode
[   87.367285][ T7273] tipc: Resetting bearer <eth:syzkaller0>
[   87.375043][ T7272] tipc: Resetting bearer <eth:syzkaller0>
[   87.385755][ T7272] tipc: Disabling bearer <eth:syzkaller0>
[   87.570977][ T7280] validate_nla: 1 callbacks suppressed
[   87.570991][ T7280] netlink: 'syz.2.629': attribute type 6 has an invalid length.
[   87.576814][ T7284] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.630'.
[   87.729695][ T7299] netlink: 6 bytes leftover after parsing attributes in process `syz.0.636'.
[   87.734603][ T7299] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   87.904495][ T7302] erspan0: entered promiscuous mode
[   87.912475][ T7302] erspan0: left promiscuous mode
[   87.995867][ T7318] bridge0: port 3(erspan0) entered blocking state
[   88.000230][ T7318] bridge0: port 3(erspan0) entered disabled state
[   88.003166][ T7318] erspan0: entered allmulticast mode
[   88.007303][ T7318] erspan0: entered promiscuous mode
[   88.010747][ T7318] bridge0: port 3(erspan0) entered blocking state
[   88.014063][ T7318] bridge0: port 3(erspan0) entered forwarding state
[   88.030543][ T7302] netlink: 12 bytes leftover after parsing attributes in process `syz.2.640'.
[   88.090758][ T7323] erspan0: left allmulticast mode
[   88.093055][ T7323] erspan0: left promiscuous mode
[   88.095539][ T7323] bridge0: port 3(erspan0) entered disabled state
[   88.428564][ T7344] bridge0: port 4(netdevsim2) entered disabled state
[   88.431362][ T7344] bridge0: port 3(dummy0) entered disabled state
[   88.434165][ T7344] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.437461][ T7344] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.526107][ T7344] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.535388][ T7344] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   88.651390][   T13] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.658209][   T13] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.661791][   T13] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.678906][   T13] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   88.744966][ T7360] vlan2: entered promiscuous mode
[   88.747062][ T7360] batadv0: entered promiscuous mode
[   89.266220][   T33] audit: type=1800 audit(1755200138.563:2): pid=7371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.659" name="cgroup.controllers" dev="tmpfs" ino=914 res=0 errno=0
[   89.643614][ T7389] netlink: 'syz.0.668': attribute type 4 has an invalid length.
[   90.011833][ T7417] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   90.027082][ T7419] netlink: 'syz.2.682': attribute type 32 has an invalid length.
[   90.031322][ T7419] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[   90.261600][ T7440] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[   90.731854][ T7470] syz_tun: entered allmulticast mode
[   90.740946][ T7470] dvmrp8: entered allmulticast mode
[   90.747440][ T7469] syz_tun: left allmulticast mode
[   90.752062][ T7469] dvmrp8: left allmulticast mode
[   91.083780][ T7490] netlink: 'syz.2.716': attribute type 2 has an invalid length.
[   91.166990][ T7494] lo speed is unknown, defaulting to 1000
[   91.172058][ T7494] lo speed is unknown, defaulting to 1000
[   91.175218][ T7494] lo speed is unknown, defaulting to 1000
[   91.188842][ T7494] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   91.283985][ T7494] lo speed is unknown, defaulting to 1000
[   91.293051][ T7494] lo speed is unknown, defaulting to 1000
[   91.308356][ T7494] lo speed is unknown, defaulting to 1000
[   91.490501][ T7510] siw: device registration error -23
[   91.493906][ T7510] Bluetooth: MGMT ver 1.23
[   91.742089][ T7529] openvswitch: netlink: Missing valid actions attribute.
[   91.744502][ T7529] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   92.178713][ T7546] block nbd0: server does not support multiple connections per device.
[   92.183936][ T7546] block nbd0: shutting down sockets
[   92.227860][ T7548] __nla_validate_parse: 3 callbacks suppressed
[   92.227874][ T7548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.742'.
[   92.273257][ T7552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.744'.
[   92.279597][ T7552] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   92.946461][ T7597] netlink: 596 bytes leftover after parsing attributes in process `syz.1.763'.
[   93.061993][ T7602] netlink: 176 bytes leftover after parsing attributes in process `syz.2.767'.
[   93.606209][ T7636] netlink: 8 bytes leftover after parsing attributes in process `syz.2.778'.
[   93.612961][ T7636] netlink: 4 bytes leftover after parsing attributes in process `syz.2.778'.
[   93.692089][ T7643] netlink: 'syz.0.782': attribute type 29 has an invalid length.
[   93.695556][ T7643] netlink: 'syz.0.782': attribute type 29 has an invalid length.
[   93.735741][ T7647] netlink: 'syz.0.783': attribute type 28 has an invalid length.
[   93.893558][ T7667] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   93.896750][ T7667] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   94.061222][ T7678] netlink: 8 bytes leftover after parsing attributes in process `syz.2.798'.
[   94.114265][ T7682] netlink: 8 bytes leftover after parsing attributes in process `syz.2.800'.
[   94.802169][ T7708] macvlan0: entered allmulticast mode
[   94.804361][ T7708] veth1_vlan: entered allmulticast mode
[   94.869412][ T7713] netlink: 277 bytes leftover after parsing attributes in process `syz.0.809'.
[   95.166555][ T7729] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.817'.
[   95.361638][ T7739] netlink: 'syz.1.823': attribute type 1 has an invalid length.
[   95.364752][ T7739] netlink: 'syz.1.823': attribute type 10 has an invalid length.
[   95.633162][ T7764] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[   95.871728][ T7783] sctp: [Deprecated]: syz.2.841 (pid 7783) Use of int in max_burst socket option deprecated.
[   95.871728][ T7783] Use struct sctp_assoc_value instead
[   96.932261][ T7864] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-xor(2)
[   97.532158][ T7925] netlink: 'syz.1.911': attribute type 3 has an invalid length.
[   97.572192][ T7931] netlink: 'syz.0.914': attribute type 4 has an invalid length.
[   97.594171][ T7933] __nla_validate_parse: 8 callbacks suppressed
[   97.594187][ T7933] netlink: 244 bytes leftover after parsing attributes in process `syz.1.915'.
[   97.622370][ T7936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.916'.
[   98.034749][   T57] block nbd0: Wrong magic (0x0)
[   98.867391][ T7980] lo speed is unknown, defaulting to 1000
[   99.191184][ T7994] netlink: 96 bytes leftover after parsing attributes in process `syz.0.940'.
[   99.276004][ T8000] netlink: 'syz.1.938': attribute type 4 has an invalid length.
[  100.019867][ T8025] netdevsim netdevsim0 netdevsim2 (unregistering): left allmulticast mode
[  100.024115][ T8025] netdevsim netdevsim0 netdevsim2 (unregistering): left promiscuous mode
[  100.027994][ T8025] bridge0: port 4(netdevsim2) entered disabled state
[  100.089787][ T8030] netlink: 'syz.1.954': attribute type 3 has an invalid length.
[  100.423160][ T8052] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  100.510898][ T8057] netlink: 104 bytes leftover after parsing attributes in process `syz.2.965'.
[  100.826052][ T8071] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  100.834998][ T8071] syzkaller0: entered promiscuous mode
[  100.841728][ T8071] syzkaller0: entered allmulticast mode
[  100.861084][ T8071] tipc: Resetting bearer <eth:syzkaller0>
[  100.863250][ T8071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  100.866123][ T8071] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  100.870844][ T8070] tipc: Resetting bearer <eth:syzkaller0>
[  100.874627][ T8073] netlink: 28 bytes leftover after parsing attributes in process `syz.0.973'.
[  100.879126][ T8073] netlink: 28 bytes leftover after parsing attributes in process `syz.0.973'.
[  100.886620][ T8070] tipc: Disabling bearer <eth:syzkaller0>
[  100.897168][ T8073] bridge0: entered promiscuous mode
[  100.900556][ T8073] ip6gretap0: entered promiscuous mode
[  100.903436][ T8073] hsr1: Slave A (bridge0) is not up; please bring it up to get a fully working HSR network
[  100.906858][ T8073] hsr1: Slave B (ip6gretap0) is not up; please bring it up to get a fully working HSR network
[  100.985982][ T8077] netlink: 'syz.2.975': attribute type 1 has an invalid length.
[  100.999029][ T8079] tipc: Started in network mode
[  101.001027][ T8079] tipc: Node identity , cluster identity 4711
[  101.004697][ T8079] tipc: Failed to obtain node identity
[  101.006878][ T8079] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  101.013437][ T8079] syzkaller0: entered promiscuous mode
[  101.015308][ T8079] syzkaller0: entered allmulticast mode
[  101.093481][ T8086] syz.2.979: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  101.098872][ T8086] CPU: 1 UID: 0 PID: 8086 Comm: syz.2.979 Not tainted 6.16.0-syzkaller-06620-gae633388cae3-dirty #0 PREEMPT(full) 
[  101.098883][ T8086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  101.098888][ T8086] Call Trace:
[  101.098891][ T8086]  <TASK>
[  101.098894][ T8086]  dump_stack_lvl+0x189/0x250
[  101.098907][ T8086]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.098914][ T8086]  ? __pfx__printk+0x10/0x10
[  101.098925][ T8086]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  101.098935][ T8086]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  101.098944][ T8086]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  101.098953][ T8086]  warn_alloc+0x214/0x310
[  101.098961][ T8086]  ? stack_depot_save_flags+0x445/0x900
[  101.098970][ T8086]  ? __pfx_warn_alloc+0x10/0x10
[  101.098978][ T8086]  ? kasan_save_track+0x4f/0x80
[  101.098988][ T8086]  ? xskq_create+0x56/0x170
[  101.098997][ T8086]  ? xsk_init_queue+0xb0/0x110
[  101.099005][ T8086]  ? xsk_setsockopt+0x4dc/0x8d0
[  101.099013][ T8086]  ? do_sock_setsockopt+0x17c/0x1b0
[  101.099020][ T8086]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  101.099026][ T8086]  ? do_syscall_64+0xfa/0x3b0
[  101.099036][ T8086]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.099046][ T8086]  __vmalloc_node_range_noprof+0x125/0x12f0
[  101.099064][ T8086]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  101.099074][ T8086]  ? __kasan_kmalloc+0x93/0xb0
[  101.099085][ T8086]  vmalloc_user_noprof+0xad/0xf0
[  101.099092][ T8086]  ? xskq_create+0xbf/0x170
[  101.099101][ T8086]  xskq_create+0xbf/0x170
[  101.099112][ T8086]  xsk_init_queue+0xb0/0x110
[  101.099122][ T8086]  xsk_setsockopt+0x4dc/0x8d0
[  101.099132][ T8086]  ? __pfx_xsk_setsockopt+0x10/0x10
[  101.099141][ T8086]  ? __pfx_aa_sk_perm+0x10/0x10
[  101.099151][ T8086]  ? aa_sock_opt_perm+0x74/0x110
[  101.099162][ T8086]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  101.099170][ T8086]  ? __pfx_xsk_setsockopt+0x10/0x10
[  101.099180][ T8086]  do_sock_setsockopt+0x17c/0x1b0
[  101.099189][ T8086]  __x64_sys_setsockopt+0x13f/0x1b0
[  101.099198][ T8086]  do_syscall_64+0xfa/0x3b0
[  101.099208][ T8086]  ? lockdep_hardirqs_on+0x9c/0x150
[  101.099217][ T8086]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.099224][ T8086]  ? exc_page_fault+0x9f/0xf0
[  101.099234][ T8086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.099241][ T8086] RIP: 0033:0x7f4c0b58ebe9
[  101.099248][ T8086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  101.099254][ T8086] RSP: 002b:00007f4c0c31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  101.099262][ T8086] RAX: ffffffffffffffda RBX: 00007f4c0b7b5fa0 RCX: 00007f4c0b58ebe9
[  101.099267][ T8086] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  101.099271][ T8086] RBP: 00007f4c0b611e19 R08: 0000000000000004 R09: 0000000000000000
[  101.099276][ T8086] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  101.099280][ T8086] R13: 00007f4c0b7b6038 R14: 00007f4c0b7b5fa0 R15: 00007ffcb893ccd8
[  101.099291][ T8086]  </TASK>
[  101.099294][ T8086] Mem-Info:
[  101.212479][ T8086] active_anon:5520 inactive_anon:0 isolated_anon:0
[  101.212479][ T8086]  active_file:1112 inactive_file:38230 isolated_file:0
[  101.212479][ T8086]  unevictable:1768 dirty:374 writeback:0
[  101.212479][ T8086]  slab_reclaimable:9637 slab_unreclaimable:53953
[  101.212479][ T8086]  mapped:18192 shmem:2446 pagetables:1106
[  101.212479][ T8086]  sec_pagetables:0 bounce:0
[  101.212479][ T8086]  kernel_misc_reclaimable:0
[  101.212479][ T8086]  free:292253 free_pcp:23177 free_cma:0
[  101.230043][ T8086] Node 0 active_anon:11756kB inactive_anon:0kB active_file:3080kB inactive_file:145184kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:48708kB dirty:1100kB writeback:0kB shmem:4856kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5256kB pagetables:2724kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  101.241411][ T8086] Node 1 active_anon:10256kB inactive_anon:0kB active_file:1368kB inactive_file:7736kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24060kB dirty:396kB writeback:0kB shmem:4928kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6364kB pagetables:1360kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  101.253145][ T8086] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  101.262610][ T8086] lowmem_reserve[]: 0 814 814 814 814
[  101.269119][ T8086] Node 0 DMA32 free:244400kB boost:0kB min:33720kB low:42148kB high:50576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11756kB inactive_anon:0kB active_file:3080kB inactive_file:145184kB unevictable:3536kB writepending:1100kB present:1556484kB managed:834028kB mlocked:0kB bounce:0kB free_pcp:53440kB local_pcp:18332kB free_cma:0kB
[  101.279901][ T8086] lowmem_reserve[]: 0 0 0 0 0
[  101.281494][ T8086] Node 1 DMA32 free:458616kB boost:0kB min:19168kB low:23960kB high:28752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  101.291972][ T8086] lowmem_reserve[]: 0 0 854 854 854
[  101.296836][ T8086] Node 1 Normal free:450636kB boost:0kB min:36576kB low:45720kB high:54864kB reserved_highatomic:0KB free_highatomic:0KB active_anon:10256kB inactive_anon:0kB active_file:1368kB inactive_file:7736kB unevictable:3536kB writepending:396kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:40216kB local_pcp:22744kB free_cma:0kB
[  101.308665][ T8086] lowmem_reserve[]: 0 0 0 0 0
[  101.310793][ T8086] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  101.316156][ T8086] Node 0 DMA32: 768*4kB (UME) 372*8kB (UME) 197*16kB (UM) 72*32kB (UME) 29*64kB (UM) 19*128kB (UM) 7*256kB (UME) 3*512kB (UME) 6*1024kB (UME) 7*2048kB (UM) 50*4096kB (UM) = 244400kB
[  101.323741][ T8086] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  101.330017][ T8086] Node 1 Normal: 1404*4kB (UME) 742*8kB (UME) 520*16kB (UME) 294*32kB (UM) 149*64kB (UME) 43*128kB (UME) 11*256kB (UM) 12*512kB (UME) 6*1024kB (M) 1*2048kB (U) 95*4096kB (UM) = 450592kB
[  101.336023][ T8086] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  101.341384][ T8086] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
[  101.344757][ T8086] 41788 total pagecache pages
[  101.346532][ T8086] 0 pages in swap cache
[  101.349837][ T8086] Free swap  = 124996kB
[  101.351935][ T8086] Total swap = 124996kB
[  101.353696][ T8086] 786301 pages RAM
[  101.354964][ T8086] 0 pages HighMem/MovableOnly
[  101.356652][ T8086] 240546 pages reserved
[  101.359314][ T8086] 0 pages cma reserved
[  101.378894][ T8106] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.989'.
[  101.381970][ T8106] netlink: zone id is out of range
[  101.383811][ T8106] netlink: zone id is out of range
[  101.385747][ T8106] netlink: zone id is out of range
[  101.387571][ T8106] netlink: get zone limit has 8 unknown bytes
[  101.420560][ T8112] netlink: 'syz.2.992': attribute type 2 has an invalid length.
[  101.482905][ T8120] netlink: 24 bytes leftover after parsing attributes in process `syz.2.996'.
[  101.504626][ T8122] netlink: 8 bytes leftover after parsing attributes in process `syz.2.997'.
[  101.550442][ T8127] netlink: 4 bytes leftover after parsing attributes in process `syz.1.999'.
[  101.592585][ T8132] netlink: 'syz.2.1002': attribute type 3 has an invalid length.
[  101.595927][ T8132] netlink: 'syz.2.1002': attribute type 2 has an invalid length.
[  101.607671][ T8132] netlink: 'syz.2.1002': attribute type 2 has an invalid length.
[  101.672552][ T8140] lo speed is unknown, defaulting to 1000
[  101.956423][ T8161] netlink: 'syz.2.1015': attribute type 1 has an invalid length.
[  101.967392][ T8161] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  101.973156][ T8161] gretap1: entered promiscuous mode
[  102.440607][ T8188] tipc: Trying to set illegal importance in message
[  102.789708][ T8212] __nla_validate_parse: 7 callbacks suppressed
[  102.789722][ T8212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1037'.
[  103.044409][ T8240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1050'.
[  103.045887][ T8239] netlink: 'syz.0.1051': attribute type 15 has an invalid length.
[  103.048472][ T8240] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[  103.048534][ T8240] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  103.097925][ T8245] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1054'.
[  103.220569][ T8260] netlink: 'syz.2.1060': attribute type 27 has an invalid length.
[  103.372562][ T8275] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1064'.
[  103.537604][ T8295] lo speed is unknown, defaulting to 1000
[  103.680368][ T8308] syzkaller1: entered promiscuous mode
[  103.683589][ T8308] syzkaller1: entered allmulticast mode
[  103.731361][ T8313] ieee802154 phy0 wpan0: encryption failed: -22
[  103.777222][ T8317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1084'.
[  103.888728][ T8325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1088'.
[  103.919996][ T8329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1089'.
[  104.037613][ T8345] bridge4: entered allmulticast mode
[  104.332143][ T8375] lo speed is unknown, defaulting to 1000
[  104.692341][ T8402] lo speed is unknown, defaulting to 1000
[  104.752015][ T8408] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1125'.
[  104.755099][ T8408] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1125'.
[  104.900042][ T8418] tls_set_device_offload: netdev not found
[  105.052229][ T8429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1134'.
[  105.228904][ T8451] netlink: 'syz.2.1144': attribute type 1 has an invalid length.
[  105.239271][ T8451] netlink: 'syz.2.1144': attribute type 10 has an invalid length.
[  105.462815][ T8466] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.466335][ T8466] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  105.587428][ T8466] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.596817][ T8466] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  105.674688][ T8466] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.684957][ T8466] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  105.750984][ T8466] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.756149][ T8466] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  105.890910][ T5874] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 256 - 0
[  105.894399][ T5874] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  105.928096][ T5874] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 256 - 0
[  105.931748][ T5874] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  105.952074][ T5874] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 256 - 0
[  105.955532][ T5874] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  105.973095][ T5874] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 256 - 0
[  105.976350][ T5874] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  106.166648][ T8501] netlink: 'syz.0.1166': attribute type 1 has an invalid length.
[  106.689243][ T8544] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  106.696699][ T8544] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  107.818599][ T8584] netlink: 'syz.0.1200': attribute type 3 has an invalid length.
[  108.666088][ T8611] __nla_validate_parse: 11 callbacks suppressed
[  108.666099][ T8611] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1213'.
[  109.029833][ T8641] batman_adv: batadv0: Adding interface: ip6gretap1
[  109.032685][ T8641] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.044480][ T8641] batman_adv: batadv0: Interface activated: ip6gretap1
[  110.087113][ T8668] netlink: 'syz.2.1240': attribute type 1 has an invalid length.
[  110.375497][ T8687] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1249'.
[  110.643960][ T8709] dummy0: Device is already in use.
[  110.853713][ T5861] IPVS: starting estimator thread 0...
[  110.947882][ T8716] IPVS: using max 79 ests per chain, 189600 per kthread
[  111.532826][ T8721] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1262'.
[  112.070348][ T8762] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1282'.
[  112.152466][   T57] block nbd1: Receive control failed (result -104)
[  112.282417][ T8781] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1290'.
[  112.403892][ T5861] lo speed is unknown, defaulting to 1000
[  113.632232][ T8851] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1319'.
[  113.654638][ T8853] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1321'.
[  113.957189][ T8873] batadv_slave_0: entered promiscuous mode
[  113.960625][ T8872] batadv_slave_0: left promiscuous mode
[  114.171560][ T8882] netlink: 'syz.2.1334': attribute type 3 has an invalid length.
[  114.738278][ T8897] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1341'.
[  114.829447][ T8905] tap0: tun_chr_ioctl cmd 1074025677
[  114.831378][ T8905] tap0: linktype set to 780
[  114.852304][ T8909] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  115.138553][ T8940] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1360'.
[  115.210727][ T8940] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  115.216072][ T8940] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  115.220460][ T8940] bond0 (unregistering): Released all slaves
[  115.524233][ T8972] syzkaller0: entered promiscuous mode
[  115.526193][ T8972] syzkaller0: entered allmulticast mode
[  115.535735][ T8972] netlink: 'syz.1.1376': attribute type 11 has an invalid length.
[  115.725298][ T8980] rdma_rxe: rxe_newlink: failed to add bond0
[  115.872560][ T8986] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1383'.
[  115.876194][ T8986] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1383'.
[  115.935463][ T8989] Bluetooth: MGMT ver 1.23
[  116.186267][ T9011] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  116.227005][ T9018] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1398'.
[  116.287686][ T9027] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1402'.
[  116.293241][ T9027] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1402'.
[  116.565048][ T9048] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  116.705300][ T9061] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1417'.
[  116.765342][ T9062] pim6reg: entered allmulticast mode
[  116.769940][ T9062] pim6reg: left allmulticast mode
[  117.281950][ T9069] veth5: entered promiscuous mode
[  117.569391][ T9090] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1429'.
[  117.829066][ T9105] : renamed from bond_slave_0
[  117.968057][ T5871] Bluetooth: hci2: command 0x0401 tx timeout
[  117.970577][   T55] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  118.608087][ T5209] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  119.013816][ T9114] lo speed is unknown, defaulting to 1000
[  119.124588][ T9122] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  119.561138][ T9147] lo speed is unknown, defaulting to 1000
[  119.935471][ T9172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1462'.
[  120.141219][ T9182] lo speed is unknown, defaulting to 1000
[  121.784781][ T9236] lo speed is unknown, defaulting to 1000
[  121.854693][ T9249] netlink: 'syz.0.1496': attribute type 16 has an invalid length.
[  121.858336][ T9249] netlink: 'syz.0.1496': attribute type 17 has an invalid length.
[  121.922635][ T9253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1498'.
[  122.020099][ T9257] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1500'.
[  122.092179][ T9257] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address
[  122.097414][ T9257] bond2: (slave vxcan1): Error -95 calling set_mac_address
[  122.138382][ T9265] macvlan3: entered promiscuous mode
[  122.140599][ T9265] macvlan3: entered allmulticast mode
[  122.142976][ T9265] bond2: (slave macvlan3): Error -98 calling set_mac_address
[  122.853442][ T9294] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1516'.
[  122.921073][ T9300] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1519'.
[  123.147977][ T9315] netlink: 'syz.2.1526': attribute type 8 has an invalid length.
[  123.323734][ T9334] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1532'.
[  123.482335][ T9352] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1541'.
[  123.663489][ T9370] netlink: 'syz.2.1551': attribute type 7 has an invalid length.
[  123.666782][ T9370] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1551'.
[  123.853154][ T9388] netlink: 'syz.2.1558': attribute type 282 has an invalid length.
[  124.066425][ T9413] C: renamed from team_slave_0
[  124.071292][ T9413] netlink: 'syz.0.1570': attribute type 8 has an invalid length.
[  124.074422][ T9413] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  124.663969][ T9452] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1586'.
[  124.669013][ T9452] 0: renamed from hsr0
[  124.674793][ T9452] 0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  124.680621][ T9452] 0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  124.684796][ T9452] 0: entered allmulticast mode
[  124.686864][ T9452] hsr_slave_0: entered allmulticast mode
[  124.689360][ T9452] hsr_slave_1: entered allmulticast mode
[  124.692984][ T9452] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check.
[  124.742023][ T9454] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  125.131375][ T9481] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1600'.
[  125.170397][ T9486] netlink: 'syz.0.1603': attribute type 1 has an invalid length.
[  125.173705][ T9486] netlink: 'syz.0.1603': attribute type 3 has an invalid length.
[  125.180866][ T9486] netlink: 'syz.0.1603': attribute type 1 has an invalid length.
[  125.185808][ T9486] netlink: 204 bytes leftover after parsing attributes in process `syz.0.1603'.
[  125.192814][ T9486] NCSI netlink: No device for ifindex 0
[  125.195650][ T9488] netlink: 'syz.2.1605': attribute type 4 has an invalid length.
[  125.207494][ T5861] lo speed is unknown, defaulting to 1000
[  125.209740][ T5861] syz2: Port: 1 Link DOWN
[  125.214648][ T5861] lo speed is unknown, defaulting to 1000
[  125.216947][ T5861] syz2: Port: 1 Link ACTIVE
[  125.272912][ T9496] syzkaller0: entered promiscuous mode
[  125.274840][ T9496] syzkaller0: entered allmulticast mode
[  126.337198][ T9519] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1618'.
[  126.412313][ T9519] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  126.427952][ T1284] IPVS: starting estimator thread 0...
[  126.517869][ T9523] IPVS: using max 45 ests per chain, 108000 per kthread
[  126.705984][ T9551] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1633'.
[  126.751320][ T9554] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1635'.
[  126.754428][ T9554] dummy0: entered promiscuous mode
[  126.761282][ T9554] dummy0: entered allmulticast mode
[  126.763299][ T9554] bridge0: port 3(dummy0) entered blocking state
[  126.765413][ T9554] bridge0: port 3(dummy0) entered disabled state
[  126.769614][ T9554] bridge0: port 3(dummy0) entered blocking state
[  126.772191][ T9554] bridge0: port 3(dummy0) entered forwarding state
[  126.806880][ T9561] tipc: Started in network mode
[  126.809781][ T9561] tipc: Node identity 9eabeb1756a, cluster identity 4711
[  126.812245][ T9561] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  126.818787][ T9561] syzkaller0: entered promiscuous mode
[  126.825529][ T9561] syzkaller0: entered allmulticast mode
[  126.856877][ T9561] tipc: Resetting bearer <eth:syzkaller0>
[  126.870398][ T9560] tipc: Resetting bearer <eth:syzkaller0>
[  126.890541][ T9560] tipc: Disabling bearer <eth:syzkaller0>
[  126.998522][ T9581] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1648'.
[  127.124333][ T9598] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1658'.
[  127.194975][ T9611] lo: entered allmulticast mode
[  127.197624][ T9611] lo: left allmulticast mode
[  127.223261][ T9615] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  127.300699][ T9622] tun0: tun_chr_ioctl cmd 1074025675
[  127.303139][ T9622] tun0: persist enabled
[  127.310085][ T9622] tun0: tun_chr_ioctl cmd 1074025675
[  127.311831][ T9622] tun0: persist enabled
[  127.595182][ T9656] syzkaller1: entered promiscuous mode
[  127.597531][ T9656] syzkaller1: entered allmulticast mode
[  127.665556][ T9660] syzkaller0: entered promiscuous mode
[  127.669377][ T9660] syzkaller0: entered allmulticast mode
[  127.843380][ T9676] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1695'.
[  127.847180][ T9676] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1695'.
[  128.627043][ T9672] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  128.765650][ T9694] netlink: 732 bytes leftover after parsing attributes in process `syz.1.1704'.
[  130.153548][ T9797] __nla_validate_parse: 3 callbacks suppressed
[  130.153559][ T9797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'.
[  130.332007][ T9807] lo speed is unknown, defaulting to 1000
[  130.386818][ T9809] lo speed is unknown, defaulting to 1000
[  131.027569][ T9829] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1762'.
[  131.032931][ T9829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1762'.
[  132.017421][ T9864] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1780'.
[  132.022482][ T9863] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1780'.
[  132.109737][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  132.116491][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  132.224304][ T9880] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1788'.
[  132.274222][ T9886] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  132.277404][ T9886] syzkaller0: entered promiscuous mode
[  132.280246][ T9886] syzkaller0: entered allmulticast mode
[  132.287710][ T9886] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  132.291600][ T9888] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1792'.
[  132.310049][ T9886] tipc: Resetting bearer <eth:syzkaller0>
[  132.313949][ T9885] tipc: Resetting bearer <eth:syzkaller0>
[  132.324040][ T9885] tipc: Disabling bearer <eth:syzkaller0>
[  132.370534][ T9896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1796'.
[  132.432379][ T9900] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  132.499862][ T9908] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1800'.
[  132.613212][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  132.615181][ T9919] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  132.617590][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  132.620153][ T9919] macsec1: entered promiscuous mode
[  132.623163][ T9919] macsec1: entered allmulticast mode
[  132.642876][ T9919] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  132.772561][ T9937] netlink: 47 bytes leftover after parsing attributes in process `syz.1.1816'.
[  132.817656][ T9941] validate_nla: 3 callbacks suppressed
[  132.817665][ T9941] netlink: 'syz.2.1817': attribute type 10 has an invalid length.
[  132.826422][ T9941] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  132.995587][ T9959] openvswitch: netlink: Tunnel attr 227 out of range max 16
[  133.042877][ T9965] netlink: 'syz.2.1831': attribute type 10 has an invalid length.
[  133.045600][ T9963] wireguard1: entered promiscuous mode
[  133.047686][ T9965] netlink: 'syz.2.1831': attribute type 49 has an invalid length.
[  133.050627][ T9963] wireguard1: entered allmulticast mode
[  133.661110][T10017] veth1_vlan: left allmulticast mode
[  133.684835][T10017] batman_adv: batadv0: Interface deactivated: gretap1
[  133.699002][T10017] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  133.725879][T10017] mac80211_hwsim hwsim2 wlan0: left allmulticast mode
[  133.814752][T10038] netlink: 'syz.0.1863': attribute type 29 has an invalid length.
[  133.834266][T10038] netlink: 'syz.0.1863': attribute type 29 has an invalid length.
[  134.410731][T10092] netlink: 'syz.2.1889': attribute type 2 has an invalid length.
[  134.437019][T10095] netlink: 'syz.0.1891': attribute type 1 has an invalid length.
[  134.482181][T10101] netlink: 'syz.2.1893': attribute type 12 has an invalid length.
[  134.703593][T10115] bridge0: port 3(dummy0) entered disabled state
[  134.758871][T10115] bridge_slave_1: left allmulticast mode
[  134.764315][T10115] bridge_slave_1: left promiscuous mode
[  134.773385][T10115] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.801261][T10115] bridge_slave_0: left allmulticast mode
[  134.805806][T10115] bridge_slave_0: left promiscuous mode
[  134.811178][T10115] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.755685][T10151] netlink: 'syz.0.1913': attribute type 11 has an invalid length.
[  135.908748][T10167] netlink: 'syz.0.1921': attribute type 10 has an invalid length.
[  135.912020][T10167] __nla_validate_parse: 7 callbacks suppressed
[  135.912032][T10167] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1921'.
[  135.916979][T10169] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.1920'.
[  136.673832][T10191] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1929'.
[  136.677217][T10191] dummy0: entered promiscuous mode
[  136.679275][T10191] dummy0: entered allmulticast mode
[  136.681126][T10191] bridge0: port 3(dummy0) entered blocking state
[  136.683200][T10191] bridge0: port 3(dummy0) entered disabled state
[  136.686171][T10193] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1936'.
[  136.713382][T10190] lo speed is unknown, defaulting to 1000
[  136.772129][T10198] lo speed is unknown, defaulting to 1000
[  137.123120][T10214] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1939'.
[  137.131218][T10214] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  137.367556][T10217] ipvlan2: entered promiscuous mode
[  137.511378][T10227] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1944'.
[  137.797573][T10249] lo speed is unknown, defaulting to 1000
[  137.842214][T10253] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1955'.
[  137.940103][T10261] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1961'.
[  137.957728][T10261] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1961'.
[  137.991352][T10267] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1963'.
[  139.018427][ T5209] Bluetooth: hci2: command 0x0401 tx timeout
[  139.712085][T10382] syz.1.2008 (10382) used obsolete PPPIOCDETACH ioctl
[  140.094774][T10405] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  140.097713][T10405] IPv6: NLM_F_CREATE should be set when creating new route
[  140.293915][T10417] validate_nla: 3 callbacks suppressed
[  140.293928][T10417] netlink: 'syz.2.2023': attribute type 1 has an invalid length.
[  140.301742][T10417] netlink: 'syz.2.2023': attribute type 2 has an invalid length.
[  140.433827][T10427] netlink: 'syz.2.2028': attribute type 8 has an invalid length.
[  140.660617][T10443] sch_tbf: burst 2 is lower than device lo mtu (11337746) !
[  140.696642][T10443] sch_tbf: burst 2 is lower than device lo mtu (11337746) !
[  140.702234][T10443] sch_tbf: burst 2 is lower than device lo mtu (11337746) !
[  140.716998][   T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.722440][   T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.807254][T10454] syzkaller1: entered promiscuous mode
[  140.810925][T10454] syzkaller1: entered allmulticast mode
[  140.959188][T10463] __nla_validate_parse: 9 callbacks suppressed
[  140.959198][T10463] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2044'.
[  140.965340][T10460] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.2044'.
[  140.985401][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.988823][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.047180][T10492] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2060'.
[  142.051186][T10492] IPVS: Unknown mcast interface: vcan0
[  142.113454][T10498] netlink: 248 bytes leftover after parsing attributes in process `syz.2.2062'.
[  142.175392][T10498] ip6_vti0: left promiscuous mode
[  142.177469][T10498] ip6_vti0: left allmulticast mode
[  142.193171][T10498] syz_tun: left promiscuous mode
[  142.198438][T10498] syz_tun: left allmulticast mode
[  142.205699][T10498] team0: left promiscuous mode
[  142.208822][T10498] team_slave_0: left promiscuous mode
[  142.211359][T10498] team_slave_1: left promiscuous mode
[  142.215071][T10498] 8021q: adding VLAN 0 to HW filter on device team0
[  142.219170][T10498] dummy0: left promiscuous mode
[  142.221244][T10498] dummy0: left allmulticast mode
[  142.225860][T10498] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  142.458712][ T1284] IPVS: starting estimator thread 0...
[  142.473007][T10530] netlink: 'syz.2.2076': attribute type 10 has an invalid length.
[  142.493859][T10530] 8021q: adding VLAN 0 to HW filter on device team0
[  142.497742][T10530] bond0: (slave team0): Enslaving as an active interface with an up link
[  142.515108][T10536] team0: Port device vxlan0 added
[  142.517632][ T5680] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  142.523377][ T5680] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  142.526788][ T5680] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  142.548700][T10532] IPVS: using max 78 ests per chain, 187200 per kthread
[  142.557112][ T5680] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  142.776434][T10560] tap0: tun_chr_ioctl cmd 1074025677
[  142.782299][T10560] tap0: linktype set to 0
[  143.022929][T10570] netlink: 'syz.0.2095': attribute type 10 has an invalid length.
[  143.592093][T10624] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  143.673988][T10620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2117'.
[  143.682413][T10620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2117'.
[  144.677121][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.680117][T10653] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2130'.
[  144.682697][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  144.804262][T10668] netlink: 'syz.2.2137': attribute type 35 has an invalid length.
[  144.923345][T10679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2142'.
[  145.012421][ T5861] hid-generic 0005:16BF:5505.0001: item fetching failed at offset 0/4
[  145.017354][ T5861] hid-generic 0005:16BF:5505.0001: probe with driver hid-generic failed with error -22
[  145.096939][T10692] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  145.100219][T10692] syzkaller0: entered promiscuous mode
[  145.102361][T10692] syzkaller0: entered allmulticast mode
[  145.115993][T10692] tipc: Resetting bearer <eth:syzkaller0>
[  145.125092][T10691] tipc: Resetting bearer <eth:syzkaller0>
[  145.142743][T10691] tipc: Disabling bearer <eth:syzkaller0>
[  145.331469][T10708] netlink: 'syz.1.2153': attribute type 1 has an invalid length.
[  145.334026][T10708] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2153'.
[  145.362919][T10710] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2154'.
[  145.405852][T10710] 8021q: adding VLAN 0 to HW filter on device bond5
[  145.411218][T10710] bond4: (slave bond5): Enslaving as an active interface with an up link
[  145.424190][T10710] 8021q: adding VLAN 0 to HW filter on device bond4
[  145.590740][T10728] netlink: 'syz.1.2162': attribute type 30 has an invalid length.
[  145.601981][ T5874] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  145.604728][T10728] netlink: 'syz.1.2162': attribute type 30 has an invalid length.
[  145.608705][ T5874] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  145.611717][ T5874] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  145.614328][ T5874] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  146.024306][T10775] lo speed is unknown, defaulting to 1000
[  146.220490][T10799] netlink: 'syz.1.2193': attribute type 1 has an invalid length.
[  146.291441][T10807] pimreg3: entered allmulticast mode
[  147.861357][T10824] bond0: (slave team0): Releasing backup interface
[  147.874500][T10824] bond0: (slave bond_slave_0): Releasing backup interface
[  147.882979][T10824] bond0: (slave bond_slave_1): Releasing backup interface
[  147.894108][T10824] team0: Port device team_slave_0 removed
[  147.930112][T10824] team0: Port device team_slave_1 removed
[  147.933070][T10824] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  147.936042][T10824] batman_adv: batadv0: Removing interface: batadv_slave_0
[  147.952101][T10824] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  147.955163][T10824] batman_adv: batadv0: Removing interface: batadv_slave_1
[  147.971834][T10831] __nla_validate_parse: 5 callbacks suppressed
[  147.971844][T10831] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2207'.
[  147.973994][T10824] bond0: (slave wlan1): Releasing backup interface
[  148.008821][T10824] batman_adv: batadv0: Interface deactivated: macvtap1
[  148.011620][T10824] batman_adv: batadv0: Removing interface: macvtap1
[  148.020591][T10824] bond4: (slave bond5): Releasing backup interface
[  148.036404][T10825] team0: Mode changed to "loadbalance"
[  148.323944][T10862] netlink: 'syz.2.2224': attribute type 3 has an invalid length.
[  148.372933][T10869] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  148.377107][T10869] syzkaller0: entered promiscuous mode
[  148.380057][T10869] syzkaller0: entered allmulticast mode
[  148.400184][T10869] tipc: Resetting bearer <eth:syzkaller0>
[  148.403187][T10868] lo speed is unknown, defaulting to 1000
[  148.412813][T10867] tipc: Resetting bearer <eth:syzkaller0>
[  148.426529][T10867] tipc: Disabling bearer <eth:syzkaller0>
[  149.593383][T10895] netlink: 404 bytes leftover after parsing attributes in process `syz.2.2236'.
[  149.596488][T10895] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2236'.
[  149.608735][T10895] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2236'.
[  149.612063][T10895] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2236'.
[  149.823267][T10930] netlink: 'syz.1.2250': attribute type 1 has an invalid length.
[  149.854438][T10930] 8021q: adding VLAN 0 to HW filter on device bond3
[  149.902748][T10930] bond3: (slave veth5): Enslaving as an active interface with a down link
[  149.923096][T10930] 8021q: adding VLAN 0 to HW filter on device batadv1
[  149.925641][T10930] bond3: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  150.081797][T10953] lo speed is unknown, defaulting to 1000
[  150.224460][T10963] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2263'.
[  150.434209][T10966] lo speed is unknown, defaulting to 1000
[  150.571550][T10964] netlink: 'syz.0.2259': attribute type 6 has an invalid length.
[  150.936993][T10972] ip6tnl1: entered promiscuous mode
[  150.945191][T10972] ip6tnl1: entered allmulticast mode
[  151.123694][T10979] netlink: 'syz.0.2267': attribute type 1 has an invalid length.
[  151.159970][T10979] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.394027][T10979] bond0: (slave veth5): Enslaving as an active interface with a down link
[  151.440066][T10985] 8021q: adding VLAN 0 to HW filter on device batadv1
[  151.443295][T10985] bond0: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  151.493983][T10991] netlink: 165 bytes leftover after parsing attributes in process `syz.2.2269'.
[  151.926189][T11001] netlink: 'syz.2.2274': attribute type 10 has an invalid length.
[  151.945013][T11001] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  152.354517][T11023] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2281'.
[  152.538217][T11037] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  152.548772][T11037] syzkaller0: entered promiscuous mode
[  152.550524][T11037] syzkaller0: entered allmulticast mode
[  152.562619][T11037] tipc: Resetting bearer <eth:syzkaller0>
[  152.572092][T11036] tipc: Resetting bearer <eth:syzkaller0>
[  152.594636][T11036] tipc: Disabling bearer <eth:syzkaller0>
[  152.704681][T11053] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2296'.
[  152.746528][T11059] netlink: 232 bytes leftover after parsing attributes in process `syz.1.2299'.
[  152.810111][T11065] lo speed is unknown, defaulting to 1000
[  152.895919][T11063] netlink: 'syz.2.2301': attribute type 12 has an invalid length.
[  153.071309][T11081] netlink: 'syz.0.2309': attribute type 1 has an invalid length.
[  153.074261][T11081] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  153.220491][T11103] netlink: 'syz.1.2316': attribute type 13 has an invalid length.
[  153.223102][T11103] __nla_validate_parse: 3 callbacks suppressed
[  153.223109][T11103] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2316'.
[  153.364658][T11118] netlink: 'syz.2.2323': attribute type 13 has an invalid length.
[  153.555020][T11129] syzkaller0: entered promiscuous mode
[  153.557325][T11129] syzkaller0: entered allmulticast mode
[  154.025707][T11175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2342'.
[  154.084973][T11178] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  154.090426][T11178] syzkaller0: entered promiscuous mode
[  154.092853][T11178] syzkaller0: entered allmulticast mode
[  154.110180][T11178] tipc: Resetting bearer <eth:syzkaller0>
[  154.114534][T11177] tipc: Resetting bearer <eth:syzkaller0>
[  154.126054][T11177] tipc: Disabling bearer <eth:syzkaller0>
[  154.313862][T11185] lo speed is unknown, defaulting to 1000
[  154.774533][T11203] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2352'.
[  154.785122][T11203] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2352'.
[  155.214698][T11221] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  155.430900][T11238] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2367'.
[  155.461408][T11238] sch_tbf: burst 88 is lower than device veth7 mtu (1514) !
[  155.678059][T11264] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2381'.
[  155.690703][T11264] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2381'.
[  155.695938][T11264] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2381'.
[  155.699739][T11264] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2381'.
[  155.778373][T11272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2386'.
[  155.788487][T11275] netlink: 'syz.2.2385': attribute type 7 has an invalid length.
[  155.791032][T11275] netlink: 'syz.2.2385': attribute type 8 has an invalid length.
[  155.805132][T11272] team0: Port device C removed
[  155.817148][T11275] gretap0: entered promiscuous mode
[  155.829109][T11275] batadv_slave_1: entered promiscuous mode
[  155.831392][T11275] erspan0: entered promiscuous mode
[  155.833882][T11275] debugfs: 'hsr1' already exists in 'hsr'
[  155.836061][T11275] Cannot create hsr debugfs directory
[  156.106989][T11304] netlink: 'syz.2.2399': attribute type 1 has an invalid length.
[  156.110974][T11304] netlink: 'syz.2.2399': attribute type 2 has an invalid length.
[  156.113582][T11304] netlink: 'syz.2.2399': attribute type 1 has an invalid length.
[  156.238176][T11317] team0: Port device team_slave_0 removed
[  156.447109][T11345] geneve2: entered allmulticast mode
[  156.454535][   T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  156.465705][   T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  156.472768][   T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  156.476750][   T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  156.493600][T11349] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  156.501093][T11349] bridge0: port 3(dummy0) entered disabled state
[  156.506193][T11349] bridge_slave_0: left allmulticast mode
[  156.508519][T11349] bridge_slave_0: left promiscuous mode
[  156.510471][T11349] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.514855][T11349] bridge_slave_1: left allmulticast mode
[  156.516949][T11349] bridge_slave_1: left promiscuous mode
[  156.520510][T11349] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.520805][T11352] netlink: 'syz.2.2424': attribute type 1 has an invalid length.
[  156.528860][T11349] team0: Port device team_slave_1 removed
[  156.530902][T11349] batman_adv: batadv0: Removing interface: batadv_slave_0
[  156.533883][T11349] batman_adv: batadv0: Removing interface: batadv_slave_1
[  156.553283][T11349] team0: Port device vxlan0 removed
[  156.557736][T11349] bond0: (slave veth5): Releasing active interface
[  156.584870][   T13] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  156.587706][   T13] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  156.593294][T11349] netlink: 'syz.0.2423': attribute type 10 has an invalid length.
[  156.597604][T11357] bond6: (slave bridge7): making interface the new active one
[  156.600661][T11357] bond6: (slave bridge7): Enslaving as an active interface with an up link
[  156.603608][   T13] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  156.606228][   T13] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  156.610848][T11349] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  158.274861][T11410] syzkaller0: entered promiscuous mode
[  158.277113][T11410] syzkaller0: entered allmulticast mode
[  158.416822][T11426] __nla_validate_parse: 9 callbacks suppressed
[  158.416832][T11426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2451'.
[  158.423120][T11426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2451'.
[  158.426470][T11426] netlink: 'syz.1.2451': attribute type 12 has an invalid length.
[  158.429661][T11426] netlink: 'syz.1.2451': attribute type 14 has an invalid length.
[  159.409902][T11461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2459'.
[  159.419969][T11444] netlink: 'syz.1.2459': attribute type 1 has an invalid length.
[  159.422508][T11444] netlink: 5624 bytes leftover after parsing attributes in process `syz.1.2459'.
[  159.504225][T11472] geneve3: entered promiscuous mode
[  159.512531][T11476] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2471'.
[  159.518165][T11476] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2471'.
[  159.604181][T11488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2478'.
[  159.659497][T11496] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2482'.
[  159.831534][T11519] netlink: 228 bytes leftover after parsing attributes in process `syz.0.2493'.
[  159.834493][T11519] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2493'.
[  159.914747][T11533] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  160.461501][T11586] svc: failed to register nfsdv3 RPC service (errno 111).
[  160.464382][T11586] svc: failed to register nfsaclv3 RPC service (errno 111).
[  162.040342][T11670] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  162.665463][T11690] vlan2: entered allmulticast mode
[  162.667148][T11690] hsr0: entered allmulticast mode
[  162.669244][T11690] hsr_slave_0: entered allmulticast mode
[  162.671090][T11690] hsr_slave_1: entered allmulticast mode
[  162.748990][T11692] syzkaller1: entered promiscuous mode
[  162.751364][T11692] syzkaller1: entered allmulticast mode
[  162.756655][T11692] ==================================================================
[  162.759910][T11692] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  162.763085][T11692] Read of size 2 at addr ffff888020ccc5c2 by task syz.2.2565/11692
[  162.767023][T11692] 
[  162.767997][T11692] CPU: 1 UID: 0 PID: 11692 Comm: syz.2.2565 Not tainted 6.16.0-syzkaller-06620-gae633388cae3-dirty #0 PREEMPT(full) 
[  162.768011][T11692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  162.768018][T11692] Call Trace:
[  162.768023][T11692]  <TASK>
[  162.768029][T11692]  dump_stack_lvl+0x189/0x250
[  162.768042][T11692]  ? __kasan_check_byte+0x12/0x40
[  162.768061][T11692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.768072][T11692]  ? lock_release+0x4b/0x3e0
[  162.768090][T11692]  ? __virt_addr_valid+0x4a5/0x5c0
[  162.768103][T11692]  print_report+0xca/0x240
[  162.768120][T11692]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  162.768130][T11692]  kasan_report+0x118/0x150
[  162.768148][T11692]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  162.768160][T11692]  __xfrm_state_lookup+0x6ad/0x8d0
[  162.768173][T11692]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  162.768186][T11692]  ? xfrm_state_lookup+0x45/0x1e0
[  162.768197][T11692]  xfrm_state_lookup+0x11e/0x1e0
[  162.768213][T11692]  vti4_err+0x4d7/0x920
[  162.768228][T11692]  ? __pfx_vti4_err+0x10/0x10
[  162.768247][T11692]  xfrm4_ah_err+0x93/0x1e0
[  162.768262][T11692]  icmp_redirect+0x1a5/0x310
[  162.768280][T11692]  icmp_rcv+0xd15/0x1270
[  162.768297][T11692]  ? __pfx_icmp_rcv+0x10/0x10
[  162.768312][T11692]  ip_protocol_deliver_rcu+0x2e0/0x440
[  162.768330][T11692]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  162.768346][T11692]  ip_local_deliver_finish+0x3bb/0x6f0
[  162.768363][T11692]  NF_HOOK+0x30c/0x3a0
[  162.768380][T11692]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  162.768394][T11692]  ? NF_HOOK+0x9a/0x3a0
[  162.768410][T11692]  ? __pfx_NF_HOOK+0x10/0x10
[  162.768430][T11692]  ? ip_rcv_finish_core+0xda3/0x1c00
[  162.768447][T11692]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  162.768462][T11692]  ? skb_dst+0x4f/0xd0
[  162.768478][T11692]  ? ip_local_deliver+0x12a/0x1b0
[  162.768495][T11692]  NF_HOOK+0x30c/0x3a0
[  162.768511][T11692]  ? __pfx_ip_rcv_finish+0x10/0x10
[  162.768528][T11692]  ? NF_HOOK+0x9a/0x3a0
[  162.768542][T11692]  ? __pfx_NF_HOOK+0x10/0x10
[  162.768581][T11692]  ? ip_rcv_core+0x7f7/0xd00
[  162.768598][T11692]  ? __pfx_ip_rcv_finish+0x10/0x10
[  162.768617][T11692]  ? __pfx_ip_rcv+0x10/0x10
[  162.768632][T11692]  __netif_receive_skb+0x143/0x380
[  162.768652][T11692]  ? netif_receive_skb+0x115/0x790
[  162.768666][T11692]  netif_receive_skb+0x1cb/0x790
[  162.768681][T11692]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  162.768697][T11692]  ? __pfx_netif_receive_skb+0x10/0x10
[  162.768711][T11692]  ? skb_partial_csum_set+0x107/0x360
[  162.768730][T11692]  ? tun_rx_batched+0x160/0x730
[  162.768742][T11692]  tun_rx_batched+0x1b9/0x730
[  162.768753][T11692]  ? __lock_acquire+0xab9/0xd20
[  162.768771][T11692]  ? __pfx_tun_rx_batched+0x10/0x10
[  162.768783][T11692]  ? tun_get_user+0x266c/0x3e20
[  162.768799][T11692]  tun_get_user+0x2aa2/0x3e20
[  162.768814][T11692]  ? tun_get_user+0x266c/0x3e20
[  162.768828][T11692]  ? __pfx_tun_get_user+0x10/0x10
[  162.768842][T11692]  ? aa_file_perm+0x40c/0xe70
[  162.768859][T11692]  ? aa_file_perm+0x122/0xe70
[  162.768876][T11692]  ? ref_tracker_alloc+0x318/0x460
[  162.768887][T11692]  ? __lock_acquire+0xab9/0xd20
[  162.768903][T11692]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  162.768915][T11692]  ? tun_get+0x1c/0x2f0
[  162.768927][T11692]  ? tun_get+0x1c/0x2f0
[  162.768939][T11692]  ? tun_get+0x1c/0x2f0
[  162.768950][T11692]  tun_chr_write_iter+0x113/0x200
[  162.768963][T11692]  vfs_write+0x54b/0xa90
[  162.768980][T11692]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  162.768992][T11692]  ? __pfx_vfs_write+0x10/0x10
[  162.769009][T11692]  ? __fget_files+0x2a/0x420
[  162.769023][T11692]  ksys_write+0x145/0x250
[  162.769038][T11692]  ? __pfx_ksys_write+0x10/0x10
[  162.769053][T11692]  ? rcu_is_watching+0x15/0xb0
[  162.769070][T11692]  ? do_syscall_64+0xbe/0x3b0
[  162.769089][T11692]  do_syscall_64+0xfa/0x3b0
[  162.769103][T11692]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.769119][T11692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.769129][T11692]  ? exc_page_fault+0x9f/0xf0
[  162.769145][T11692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.769156][T11692] RIP: 0033:0x7f4c0b58ebe9
[  162.769165][T11692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.769176][T11692] RSP: 002b:00007f4c0c31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  162.769188][T11692] RAX: ffffffffffffffda RBX: 00007f4c0b7b5fa0 RCX: 00007f4c0b58ebe9
[  162.769198][T11692] RDX: 000000000000fdef RSI: 0000200000000100 RDI: 0000000000000003
[  162.769206][T11692] RBP: 00007f4c0b611e19 R08: 0000000000000000 R09: 0000000000000000
[  162.769213][T11692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  162.769220][T11692] R13: 00007f4c0b7b6038 R14: 00007f4c0b7b5fa0 R15: 00007ffcb893ccd8
[  162.769234][T11692]  </TASK>
[  162.769238][T11692] 
[  162.938413][T11692] Allocated by task 7654:
[  162.939843][T11692]  kasan_save_track+0x3e/0x80
[  162.941404][T11692]  __kasan_slab_alloc+0x6c/0x80
[  162.942973][T11692]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  162.944668][T11692]  xfrm_state_alloc+0x24/0x2f0
[  162.946279][T11692]  __find_acq_core+0x8a7/0x1c00
[  162.947905][T11692]  xfrm_find_acq+0x78/0xa0
[  162.949402][T11692]  xfrm_alloc_userspi+0x6b3/0xc90
[  162.951247][T11692]  xfrm_user_rcv_msg+0x7a3/0xab0
[  162.953087][T11692]  netlink_rcv_skb+0x208/0x470
[  162.954901][T11692]  xfrm_netlink_rcv+0x79/0x90
[  162.956466][T11692]  netlink_unicast+0x82f/0x9e0
[  162.958151][T11692]  netlink_sendmsg+0x805/0xb30
[  162.959707][T11692]  __sock_sendmsg+0x21c/0x270
[  162.961199][T11692]  ____sys_sendmsg+0x505/0x830
[  162.962716][T11692]  ___sys_sendmsg+0x21f/0x2a0
[  162.964410][T11692]  __x64_sys_sendmsg+0x19b/0x260
[  162.966262][T11692]  do_syscall_64+0xfa/0x3b0
[  162.968009][T11692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.970063][T11692] 
[  162.970970][T11692] Freed by task 5893:
[  162.972261][T11692]  kasan_save_track+0x3e/0x80
[  162.973791][T11692]  kasan_save_free_info+0x46/0x50
[  162.975453][T11692]  __kasan_slab_free+0x62/0x70
[  162.977058][T11692]  kmem_cache_free+0x18f/0x400
[  162.978816][T11692]  xfrm_state_gc_task+0x518/0x6a0
[  162.980751][T11692]  process_scheduled_works+0xae1/0x17b0
[  162.982726][T11692]  worker_thread+0x8a0/0xda0
[  162.984372][T11692]  kthread+0x711/0x8a0
[  162.985668][T11692]  ret_from_fork+0x3fc/0x770
[  162.987116][T11692]  ret_from_fork_asm+0x1a/0x30
[  162.988642][T11692] 
[  162.989427][T11692] The buggy address belongs to the object at ffff888020ccc480
[  162.989427][T11692]  which belongs to the cache xfrm_state of size 928
[  162.993979][T11692] The buggy address is located 322 bytes inside of
[  162.993979][T11692]  freed 928-byte region [ffff888020ccc480, ffff888020ccc820)
[  162.998484][T11692] 
[  162.999302][T11692] The buggy address belongs to the physical page:
[  163.001529][T11692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020ccdb00 pfn:0x20ccc
[  163.004990][T11692] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  163.007902][T11692] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  163.010573][T11692] page_type: f5(slab)
[  163.012057][T11692] raw: 00fff00000000040 ffff88801b309640 dead000000000122 0000000000000000
[  163.015290][T11692] raw: ffff888020ccdb00 00000000800e0008 00000000f5000000 0000000000000000
[  163.018080][T11692] head: 00fff00000000040 ffff88801b309640 dead000000000122 0000000000000000
[  163.021042][T11692] head: ffff888020ccdb00 00000000800e0008 00000000f5000000 0000000000000000
[  163.024103][T11692] head: 00fff00000000002 ffffea0000833301 00000000ffffffff 00000000ffffffff
[  163.027098][T11692] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  163.029876][T11692] page dumped because: kasan: bad access detected
[  163.031985][T11692] page_owner tracks the page as allocated
[  163.033774][T11692] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6505, tgid 6504 (syz.2.289), ts 71253134910, free_ts 71143958587
[  163.040115][T11692]  post_alloc_hook+0x240/0x2a0
[  163.041717][T11692]  get_page_from_freelist+0x21e4/0x22c0
[  163.043828][T11692]  __alloc_frozen_pages_noprof+0x181/0x370
[  163.045959][T11692]  alloc_pages_mpol+0x232/0x4a0
[  163.047593][T11692]  allocate_slab+0x8a/0x3b0
[  163.049058][T11692]  ___slab_alloc+0xbfc/0x1480
[  163.050579][T11692]  kmem_cache_alloc_noprof+0x283/0x3c0
[  163.052302][T11692]  xfrm_state_alloc+0x24/0x2f0
[  163.053863][T11692]  __find_acq_core+0x8a7/0x1c00
[  163.055434][T11692]  xfrm_find_acq+0x78/0xa0
[  163.056882][T11692]  pfkey_getspi+0x65d/0xee0
[  163.058344][T11692]  pfkey_sendmsg+0xbfe/0x1090
[  163.059810][T11692]  __sock_sendmsg+0x21c/0x270
[  163.061323][T11692]  ____sys_sendmsg+0x505/0x830
[  163.062857][T11692]  ___sys_sendmsg+0x21f/0x2a0
[  163.064471][T11692]  __x64_sys_sendmsg+0x19b/0x260
[  163.066044][T11692] page last free pid 6495 tgid 6494 stack trace:
[  163.068037][T11692]  __free_frozen_pages+0xc71/0xe70
[  163.069657][T11692]  stack_depot_save_flags+0x445/0x900
[  163.071312][T11692]  kasan_save_track+0x4f/0x80
[  163.072834][T11692]  __kasan_kmalloc+0x93/0xb0
[  163.074335][T11692]  __kmalloc_noprof+0x27a/0x4f0
[  163.075875][T11692]  tcf_idr_create+0x5d/0x6c0
[  163.077351][T11692]  tcf_idr_create_from_flags+0x60/0x80
[  163.079107][T11692]  tcf_gact_init+0x393/0x820
[  163.080568][T11692]  tcf_action_init_1+0x463/0x6d0
[  163.082103][T11692]  tcf_action_init+0x2cf/0xab0
[  163.083644][T11692]  tc_ctl_action+0x430/0xbd0
[  163.085133][T11692]  rtnetlink_rcv_msg+0x77c/0xb70
[  163.086705][T11692]  netlink_rcv_skb+0x208/0x470
[  163.088250][T11692]  netlink_unicast+0x82f/0x9e0
[  163.089835][T11692]  netlink_sendmsg+0x805/0xb30
[  163.091509][T11692]  __sock_sendmsg+0x21c/0x270
[  163.093164][T11692] 
[  163.093955][T11692] Memory state around the buggy address:
[  163.095812][T11692]  ffff888020ccc480: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  163.098380][T11692]  ffff888020ccc500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  163.100934][T11692] >ffff888020ccc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  163.103446][T11692]                                            ^
[  163.105431][T11692]  ffff888020ccc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  163.107940][T11692]  ffff888020ccc680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  163.110498][T11692] ==================================================================
[  163.113333][T11692] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  163.115579][T11692] CPU: 1 UID: 0 PID: 11692 Comm: syz.2.2565 Not tainted 6.16.0-syzkaller-06620-gae633388cae3-dirty #0 PREEMPT(full) 
[  163.119335][T11692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  163.122466][T11692] Call Trace:
[  163.123521][T11692]  <TASK>
[  163.124442][T11692]  dump_stack_lvl+0x99/0x250
[  163.125918][T11692]  ? __asan_memcpy+0x40/0x70
[  163.127355][T11692]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.129005][T11692]  ? __pfx__printk+0x10/0x10
[  163.130587][T11692]  panic+0x2db/0x790
[  163.131929][T11692]  ? __pfx_panic+0x10/0x10
[  163.133434][T11692]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  163.135668][T11692]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  163.137618][T11692]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  163.139697][T11692]  ? print_memory_metadata+0x314/0x400
[  163.141457][T11692]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  163.143192][T11692]  check_panic_on_warn+0x89/0xb0
[  163.144791][T11692]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  163.146468][T11692]  end_report+0x78/0x160
[  163.147913][T11692]  kasan_report+0x129/0x150
[  163.149369][T11692]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  163.151017][T11692]  __xfrm_state_lookup+0x6ad/0x8d0
[  163.152664][T11692]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  163.154400][T11692]  ? xfrm_state_lookup+0x45/0x1e0
[  163.155940][T11692]  xfrm_state_lookup+0x11e/0x1e0
[  163.157530][T11692]  vti4_err+0x4d7/0x920
[  163.158854][T11692]  ? __pfx_vti4_err+0x10/0x10
[  163.160449][T11692]  xfrm4_ah_err+0x93/0x1e0
[  163.161975][T11692]  icmp_redirect+0x1a5/0x310
[  163.163483][T11692]  icmp_rcv+0xd15/0x1270
[  163.164809][T11692]  ? __pfx_icmp_rcv+0x10/0x10
[  163.166280][T11692]  ip_protocol_deliver_rcu+0x2e0/0x440
[  163.168018][T11692]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  163.169859][T11692]  ip_local_deliver_finish+0x3bb/0x6f0
[  163.171694][T11692]  NF_HOOK+0x30c/0x3a0
[  163.173113][T11692]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  163.175343][T11692]  ? NF_HOOK+0x9a/0x3a0
[  163.176923][T11692]  ? __pfx_NF_HOOK+0x10/0x10
[  163.178743][T11692]  ? ip_rcv_finish_core+0xda3/0x1c00
[  163.180739][T11692]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  163.182920][T11692]  ? skb_dst+0x4f/0xd0
[  163.184268][T11692]  ? ip_local_deliver+0x12a/0x1b0
[  163.186187][T11692]  NF_HOOK+0x30c/0x3a0
[  163.187618][T11692]  ? __pfx_ip_rcv_finish+0x10/0x10
[  163.189271][T11692]  ? NF_HOOK+0x9a/0x3a0
[  163.190725][T11692]  ? __pfx_NF_HOOK+0x10/0x10
[  163.192373][T11692]  ? ip_rcv_core+0x7f7/0xd00
[  163.193875][T11692]  ? __pfx_ip_rcv_finish+0x10/0x10
[  163.195499][T11692]  ? __pfx_ip_rcv+0x10/0x10
[  163.196872][T11692]  __netif_receive_skb+0x143/0x380
[  163.198731][T11692]  ? netif_receive_skb+0x115/0x790
[  163.200330][T11692]  netif_receive_skb+0x1cb/0x790
[  163.201957][T11692]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  163.203921][T11692]  ? __pfx_netif_receive_skb+0x10/0x10
[  163.205718][T11692]  ? skb_partial_csum_set+0x107/0x360
[  163.207608][T11692]  ? tun_rx_batched+0x160/0x730
[  163.209206][T11692]  tun_rx_batched+0x1b9/0x730
[  163.210807][T11692]  ? __lock_acquire+0xab9/0xd20
[  163.212585][T11692]  ? __pfx_tun_rx_batched+0x10/0x10
[  163.214383][T11692]  ? tun_get_user+0x266c/0x3e20
[  163.216060][T11692]  tun_get_user+0x2aa2/0x3e20
[  163.217851][T11692]  ? tun_get_user+0x266c/0x3e20
[  163.219379][T11692]  ? __pfx_tun_get_user+0x10/0x10
[  163.221011][T11692]  ? aa_file_perm+0x40c/0xe70
[  163.222631][T11692]  ? aa_file_perm+0x122/0xe70
[  163.224211][T11692]  ? ref_tracker_alloc+0x318/0x460
[  163.225838][T11692]  ? __lock_acquire+0xab9/0xd20
[  163.227398][T11692]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  163.229139][T11692]  ? tun_get+0x1c/0x2f0
[  163.230476][T11692]  ? tun_get+0x1c/0x2f0
[  163.231848][T11692]  ? tun_get+0x1c/0x2f0
[  163.233185][T11692]  tun_chr_write_iter+0x113/0x200
[  163.234787][T11692]  vfs_write+0x54b/0xa90
[  163.236140][T11692]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  163.237930][T11692]  ? __pfx_vfs_write+0x10/0x10
[  163.239461][T11692]  ? __fget_files+0x2a/0x420
[  163.240943][T11692]  ksys_write+0x145/0x250
[  163.242335][T11692]  ? __pfx_ksys_write+0x10/0x10
[  163.243927][T11692]  ? rcu_is_watching+0x15/0xb0
[  163.245440][T11692]  ? do_syscall_64+0xbe/0x3b0
[  163.246958][T11692]  do_syscall_64+0xfa/0x3b0
[  163.248469][T11692]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.250132][T11692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.252019][T11692]  ? exc_page_fault+0x9f/0xf0
[  163.253464][T11692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.255292][T11692] RIP: 0033:0x7f4c0b58ebe9
[  163.256729][T11692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.263396][T11692] RSP: 002b:00007f4c0c31f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  163.266940][T11692] RAX: ffffffffffffffda RBX: 00007f4c0b7b5fa0 RCX: 00007f4c0b58ebe9
[  163.270188][T11692] RDX: 000000000000fdef RSI: 0000200000000100 RDI: 0000000000000003
[  163.273454][T11692] RBP: 00007f4c0b611e19 R08: 0000000000000000 R09: 0000000000000000
[  163.276698][T11692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  163.279924][T11692] R13: 00007f4c0b7b6038 R14: 00007f4c0b7b5fa0 R15: 00007ffcb893ccd8
[  163.283180][T11692]  </TASK>
[  163.285211][T11692] Kernel Offset: disabled
[  163.287029][T11692] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:36:52  Registers:
info registers vcpu 0

CPU#0
RAX=bd40fd300ee21b00 RBX=ffffffff81969b18 RCX=bd40fd300ee21b00 RDX=0000000000000001
RSI=ffffffff8d9792aa RDI=ffffffff8be30a00 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa07bf0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a18
RIP=ffffffff8b6fc4f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b3351eff8 CR3=000000003abac000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000003172 656c6c616b7a7973
XMM02=00007f4c0b787498 ffffffff81ace9aa XMM03=00007f4c0b7874a8 00007f4c0b7874a0
XMM04=00007f4c0c2ed100 00007f4c0b787460 XMM05=00007f4c0b787478 00007f4c0b7874c0
XMM06=00007f4c0b7874b8 00007f4c0b7874b0 XMM07=00007f4c0b7874a8 00007f4c0b7874a0
XMM08=0000000000000000 00007f4c0b612ee7 XMM09=0000000000000000 00007f4c0b612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000063 RBX=0000000000000063 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001b2b RDI=0000000000001b2c RBP=00000000000003f8 RSP=ffffc9000286e990
R8 =ffff8881081e0237 R9 =1ffff1102103c046 R10=dffffc0000000000 R11=ffffffff854c1d90
R12=dffffc0000000000 R13=ffffffff99a9591b R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1e0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4c0c31f6c0 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000020000000f000 CR3=000000003abac000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f4c0b787498 00007f4c0b787470 XMM03=00007f4c0b7874a8 00007f4c0b7874a0
XMM04=00007f4c0c2ed100 00007f4c0b787460 XMM05=00007f4c0b787478 00007f4c0b7874c0
XMM06=00007f4c0b7874b8 00007f4c0b7874b0 XMM07=00007f4c0b7874a8 00007f4c0b7874a0
XMM08=0000000000000000 00007f4c0b612ee7 XMM09=0000000000000000 00007f4c0b612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
