last executing test programs:

986.960248ms ago: executing program 1 (id=510):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newlink={0x50, 0x10, 0x401, 0x800000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4801, 0x15319}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x8}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

929.821903ms ago: executing program 1 (id=512):
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000600)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
pipe(&(0x7f0000000500)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r4, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0)
close(r5)
close(r3)
socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r0, 0x0, r3, 0x0, 0x1100000000f336, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040885)

709.55234ms ago: executing program 1 (id=519):
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x11000)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x6, 0x12)

659.929172ms ago: executing program 2 (id=522):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
setsockopt$sock_attach_bpf(r0, 0x1, 0xa, &(0x7f0000000180), 0x4)
recvmsg$unix(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x40021103)

659.806199ms ago: executing program 0 (id=523):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000001c0)="4b6a1bc33f6364cd8cfa6f0035e78321403825b1f336e4ba06f1dd123809ae8b32db03e4f1373a42a7a66637065c357825577583a5fde8a3427cc42f7d63c6cf", 0x40)

599.685628ms ago: executing program 1 (id=524):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000400)='dctcp\x00', 0x41)

599.531958ms ago: executing program 2 (id=525):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x15, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000040000000000000000800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000a6080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x39}, 0x94)

599.301826ms ago: executing program 2 (id=526):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001900)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x28, 0x0, 0x1, 0x8}, 0x28)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
unshare(0x2a020400)
socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000000c0)={'wlan1\x00', 0x0})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={<r6=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x14)
socket(0x1d, 0x2, 0x6)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x3}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000840)={r6, @in={{0x2, 0x4e22, @empty}}, 0x2, 0x2, 0x614, 0x1, 0x2d, 0x7, 0x4}, 0x9c)
socket$nl_route(0x10, 0x3, 0x0)

520.836036ms ago: executing program 1 (id=527):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r1, 0xc03, 0x70bd25, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000000)

520.373613ms ago: executing program 1 (id=528):
socket$nl_crypto(0x10, 0x3, 0x15)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$unix(0x1, 0x5, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
unshare(0x10000000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r4, 0x4)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r5, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r7, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24000810}, 0x800)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
socketpair(0x2a, 0x1, 0xfffffff8, &(0x7f00000000c0))
accept$packet(r4, 0x0, 0x0)

464.810358ms ago: executing program 0 (id=529):
r0 = socket$igmp6(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x0, 0x101, @ipv4={'\x00', '\xff\xff', @remote}, 0x8}, {0xa, 0x1, 0xfffffffd, @private2, 0x6}, 0x80, {[0x6, 0x200, 0x9, 0xfffffefc, 0x2d, 0x0, 0x0, 0x200003]}}, 0x5c)

420.447735ms ago: executing program 0 (id=530):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000180)=0x1f5, 0x4)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000040)=0x40, 0x4)
recvmmsg(r0, &(0x7f0000001880)=[{{0x0, 0x0, 0x0}, 0xe70}], 0x1, 0x45833af92e4b39ff, 0x0)

227.362486ms ago: executing program 0 (id=531):
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FICLONE(r1, 0x40049409, r0)

227.273961ms ago: executing program 0 (id=532):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003"], 0xec}}, 0x0)

147.3321ms ago: executing program 0 (id=533):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000180)={'ip6gre0\x00', &(0x7f0000000080)={'ip6gre0\x00', 0x0, 0x2f, 0xe8, 0xa8, 0x6, 0x53, @mcast1, @private2, 0x20, 0x8000, 0x0, 0x4}})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004811)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1816238bd568be6027c2960000fc00000000009500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
sendmsg$key(r4, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080fffffffe0000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000007440), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r7, &(0x7f0000007580)={0x0, 0x0, &(0x7f0000007540)={0x0}}, 0x48040)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r8, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xad7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xe6bd}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000000}, 0x80)
r9 = socket(0x10, 0x80003, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "00000f0000000000000f00000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)
recvmsg(r2, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x2000)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0), 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'lo\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r13 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xffe0, 0x10}, {0xd}, {0xe, 0x10}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffed, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0)

69.36546ms ago: executing program 2 (id=534):
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
writev(r0, &(0x7f0000000100)=[{0x0, 0x2}, {&(0x7f0000000440)='Q', 0x1}], 0x2)

69.147057ms ago: executing program 2 (id=535):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x200}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)

0s ago: executing program 2 (id=536):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001900)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x28, 0x0, 0x1, 0x8}, 0x28)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
unshare(0x2a020400)
r2 = socket$netlink(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000000c0)={'wlan1\x00', 0x0})
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={<r6=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x14)
socket(0x1d, 0x2, 0x6)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x3}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000840)={r6, @in={{0x2, 0x4e22, @empty}}, 0x2, 0x2, 0x614, 0x1, 0x2d, 0x7, 0x4}, 0x9c)
socket$nl_route(0x10, 0x3, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:1138' (ED25519) to the list of known hosts.
syzkaller login: [   47.990417][ T5831] cgroup: Unknown subsys name 'net'
[   48.116595][ T5831] cgroup: Unknown subsys name 'cpuset'
[   48.122200][ T5831] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.715711][ T5831] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.523894][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.527816][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.531128][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.535379][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.538974][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.543143][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.546701][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.556325][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.560723][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.564346][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.575787][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.579489][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.582878][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.586143][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.589295][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.812882][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   53.883399][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   53.950791][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   53.986502][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.989694][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.992236][ T5850] bridge_slave_0: entered allmulticast mode
[   53.995687][ T5850] bridge_slave_0: entered promiscuous mode
[   53.999206][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.001543][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.005079][ T5850] bridge_slave_1: entered allmulticast mode
[   54.007842][ T5850] bridge_slave_1: entered promiscuous mode
[   54.033623][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.036021][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.038384][ T5841] bridge_slave_0: entered allmulticast mode
[   54.041037][ T5841] bridge_slave_0: entered promiscuous mode
[   54.059638][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.062753][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.065137][ T5841] bridge_slave_1: entered allmulticast mode
[   54.067821][ T5841] bridge_slave_1: entered promiscuous mode
[   54.092160][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.104624][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.109155][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.135371][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.147724][ T5841] team0: Port device team_slave_0 added
[   54.167775][ T5841] team0: Port device team_slave_1 added
[   54.209375][ T5850] team0: Port device team_slave_0 added
[   54.222764][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.224921][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.234886][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.240566][ T5850] team0: Port device team_slave_1 added
[   54.250945][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.254947][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.258096][ T5845] bridge_slave_0: entered allmulticast mode
[   54.261937][ T5845] bridge_slave_0: entered promiscuous mode
[   54.266587][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.269477][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.280861][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.292850][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.296058][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.298793][ T5845] bridge_slave_1: entered allmulticast mode
[   54.301527][ T5845] bridge_slave_1: entered promiscuous mode
[   54.311055][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.313615][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.323398][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.343364][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.346664][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.348931][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.358021][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.366682][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.410372][ T5841] hsr_slave_0: entered promiscuous mode
[   54.413873][ T5841] hsr_slave_1: entered promiscuous mode
[   54.425956][ T5845] team0: Port device team_slave_0 added
[   54.437300][ T5845] team0: Port device team_slave_1 added
[   54.476579][ T5850] hsr_slave_0: entered promiscuous mode
[   54.478868][ T5850] hsr_slave_1: entered promiscuous mode
[   54.481040][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   54.483824][ T5850] Cannot create hsr debugfs directory
[   54.490702][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.493597][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.501797][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.506182][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.508475][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.517175][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.607207][ T5845] hsr_slave_0: entered promiscuous mode
[   54.609506][ T5845] hsr_slave_1: entered promiscuous mode
[   54.611635][ T5845] debugfs: 'hsr0' already exists in 'hsr'
[   54.613724][ T5845] Cannot create hsr debugfs directory
[   54.754110][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.759969][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.765518][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.777858][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.826977][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   54.833043][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   54.844817][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   54.851344][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   54.910959][ T5845] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   54.923989][ T5845] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   54.933582][ T5845] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   54.951976][ T5845] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   54.975105][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.015945][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   55.034077][ T1206] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.037274][ T1206] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.042145][ T1206] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.045177][ T1206] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.060429][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.087813][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   55.114015][ T1206] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.116391][ T1206] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.136913][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.139715][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.187949][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.192142][ T5841] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   55.199904][ T5841] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.223924][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.234085][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   55.246703][ T1206] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.249780][ T1206] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.275800][ T1206] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.278249][ T1206] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.306950][ T5850] veth0_vlan: entered promiscuous mode
[   55.330878][ T5850] veth1_vlan: entered promiscuous mode
[   55.391129][ T5850] veth0_macvtap: entered promiscuous mode
[   55.405144][ T5850] veth1_macvtap: entered promiscuous mode
[   55.420102][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.440109][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.458510][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.472424][ T5886] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.478423][ T5886] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.499992][ T5872] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.508032][ T5872] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.545568][ T5841] veth0_vlan: entered promiscuous mode
[   55.569510][ T5841] veth1_vlan: entered promiscuous mode
[   55.584879][ T5848] Bluetooth: hci1: command tx timeout
[   55.586954][ T5848] Bluetooth: hci0: command tx timeout
[   55.590844][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.598192][ T5841] veth0_macvtap: entered promiscuous mode
[   55.606317][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.610282][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.611419][ T5841] veth1_macvtap: entered promiscuous mode
[   55.637003][   T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.638744][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.639833][   T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.662787][   T55] Bluetooth: hci2: command tx timeout
[   55.677821][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.689385][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   55.696188][ T5845] veth0_vlan: entered promiscuous mode
[   55.705294][ T5872] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.709732][ T5872] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.718185][ T5845] veth1_vlan: entered promiscuous mode
[   55.721131][ T5872] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.738198][ T5886] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.776347][ T5908] netlink: 'syz.0.1': attribute type 1 has an invalid length.
[   55.840910][ T5845] veth0_macvtap: entered promiscuous mode
[   55.848077][ T5845] veth1_macvtap: entered promiscuous mode
[   55.858648][ T5910] 8021q: VLANs not supported on gre0
[   55.867276][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.870735][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.876105][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.883886][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.895286][ T5691] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.918203][ T5691] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.921247][ T5912] syz.0.4 (5912) used greatest stack depth: 19832 bytes left
[   55.927738][ T5691] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.930781][ T5691] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.949504][ T1206] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.952343][ T1206] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.988641][  T343] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.999870][  T343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.020992][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.030034][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.461179][ T5957] IPVS: set_ctl: invalid protocol: 41 100.1.1.1:20003
[   56.554174][ T5963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.27'.
[   56.557884][ T5963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.27'.
[   56.695320][ T5971] syz.0.31 uses obsolete (PF_INET,SOCK_PACKET)
[   56.698440][ T5971] syzkaller1: entered promiscuous mode
[   56.700308][ T5971] syzkaller1: entered allmulticast mode
[   56.709324][ T5969] tipc: Started in network mode
[   56.711609][ T5969] tipc: Node identity ee314d4525ed, cluster identity 4711
[   56.715018][ T5969] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   56.717856][ T5969] syzkaller0: entered promiscuous mode
[   56.719786][ T5969] syzkaller0: entered allmulticast mode
[   56.748149][ T5969] tipc: Resetting bearer <eth:syzkaller0>
[   56.751275][ T5968] tipc: Resetting bearer <eth:syzkaller0>
[   56.761780][ T5968] tipc: Disabling bearer <eth:syzkaller0>
[   56.832184][ T5975] Illegal XDP return value 4294967274 on prog  (id 6) dev syz_tun, expect packet loss!
[   56.894826][ T5979] gretap0: entered promiscuous mode
[   56.924172][ T5979] gretap0: left promiscuous mode
[   57.156997][ T5986] bridge0: port 3(erspan0) entered blocking state
[   57.162137][ T5986] bridge0: port 3(erspan0) entered disabled state
[   57.169571][ T5986] erspan0: entered allmulticast mode
[   57.173761][ T5986] erspan0: entered promiscuous mode
[   57.180836][ T5986] bridge0: port 3(erspan0) entered blocking state
[   57.183659][ T5986] bridge0: port 3(erspan0) entered forwarding state
[   57.204438][ T5986] erspan0: left allmulticast mode
[   57.208547][ T5986] erspan0: left promiscuous mode
[   57.213715][ T5986] bridge0: port 3(erspan0) entered disabled state
[   57.400094][ T5990] pim6reg: entered allmulticast mode
[   57.422578][ T5990] pim6reg: left allmulticast mode
[   57.663442][   T55] Bluetooth: hci0: command tx timeout
[   57.665295][   T55] Bluetooth: hci1: command tx timeout
[   57.743129][ T5848] Bluetooth: hci2: command tx timeout
[   58.102097][ T6007] Zero length message leads to an empty skb
[   58.160193][ T6009] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   58.163518][ T6009] syzkaller0: entered promiscuous mode
[   58.165279][ T6009] syzkaller0: entered allmulticast mode
[   58.177480][ T6009] tipc: Resetting bearer <eth:syzkaller0>
[   58.180391][ T6008] tipc: Resetting bearer <eth:syzkaller0>
[   58.211124][ T6008] tipc: Disabling bearer <eth:syzkaller0>
[   58.568809][ T6011] tipc: Started in network mode
[   58.570919][ T6011] tipc: Node identity ae9911aff50d, cluster identity 4711
[   58.574158][ T6011] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   58.577239][ T6011] syzkaller0: entered promiscuous mode
[   58.579208][ T6011] syzkaller0: entered allmulticast mode
[   58.640534][ T6011] tipc: Resetting bearer <eth:syzkaller0>
[   58.666138][ T6010] tipc: Resetting bearer <eth:syzkaller0>
[   58.710592][ T6010] tipc: Disabling bearer <eth:syzkaller0>
[   58.940114][ T5973] Set syz1 is full, maxelem 65536 reached
[   59.291172][ T6051] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   59.395568][ T6063] netlink: 8 bytes leftover after parsing attributes in process `syz.0.70'.
[   59.401054][ T6063] netlink: 'syz.0.70': attribute type 2 has an invalid length.
[   59.470431][ T6067] 8021q: adding VLAN 0 to HW filter on device bond1
[   59.473987][ T6067] team0: Port device bond1 added
[   59.743290][ T5848] Bluetooth: hci1: command tx timeout
[   59.746124][ T5848] Bluetooth: hci0: command tx timeout
[   59.788157][ T6101] netlink: 8 bytes leftover after parsing attributes in process `syz.2.88'.
[   59.822602][   T55] Bluetooth: hci2: command tx timeout
[   60.027927][ T6127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.99'.
[   60.035839][ T6127] erspan0: entered promiscuous mode
[   60.038919][ T6127] erspan0: left promiscuous mode
[   60.176382][ T6134] netlink: 4 bytes leftover after parsing attributes in process `syz.2.102'.
[   60.180535][ T6134] netlink: 16 bytes leftover after parsing attributes in process `syz.2.102'.
[   60.278792][ T6140] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[   60.291264][ T6140] warning: `syz.0.105' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   60.316786][ T6140] bridge_slave_0: left allmulticast mode
[   60.324506][ T6140] bridge_slave_0: left promiscuous mode
[   60.327102][ T6140] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.335940][ T6140] bridge_slave_1: left allmulticast mode
[   60.338157][ T6140] bridge_slave_1: left promiscuous mode
[   60.340463][ T6140] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.369953][ T6140] bond0: (slave bond_slave_0): Releasing backup interface
[   60.386637][ T6140] bond0: (slave bond_slave_1): Releasing backup interface
[   60.408028][ T6140] team0: Port device team_slave_0 removed
[   60.417601][ T6150] netlink: 'syz.0.105': attribute type 10 has an invalid length.
[   60.418978][ T6140] team0: Port device team_slave_1 removed
[   60.424162][ T6140] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   60.427556][ T6140] batman_adv: batadv0: Removing interface: batadv_slave_0
[   60.433515][ T6140] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   60.436507][ T6140] batman_adv: batadv0: Removing interface: batadv_slave_1
[   60.451256][ T6140] team0: Port device bond1 removed
[   60.492392][ T6150] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[   60.508025][ T6150] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.524633][ T6150] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   60.671406][ T6167] netlink: 'syz.2.114': attribute type 13 has an invalid length.
[   60.676903][ T6167] netlink: 'syz.2.114': attribute type 17 has an invalid length.
[   60.738835][ T6167] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   60.919956][ T6183] netlink: 28 bytes leftover after parsing attributes in process `syz.2.121'.
[   61.099797][ T6187] veth3: entered promiscuous mode
[   61.106396][ T6187] netlink: 120 bytes leftover after parsing attributes in process `syz.1.123'.
[   61.108705][  T793] cfg80211: failed to load regulatory.db
[   61.518142][ T6218] netlink: 'syz.1.138': attribute type 10 has an invalid length.
[   61.530139][ T6218] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.534910][ T6218] team0: Port device bond0 added
[   61.827905][   T55] Bluetooth: hci0: command tx timeout
[   61.829980][   T55] Bluetooth: hci1: command tx timeout
[   61.907220][ T5848] Bluetooth: hci2: command tx timeout
[   62.136327][ T6283] netlink: 12 bytes leftover after parsing attributes in process `syz.1.163'.
[   63.680087][ T6375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.194'.
[   64.648482][ T6423] dummy0: mtu less than device minimum
[   65.106622][ T6462] pimreg: entered allmulticast mode
[   66.128109][ T6538] netlink: 'syz.1.269': attribute type 13 has an invalid length.
[   66.138464][ T6538] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   66.961006][ T6572] netlink: 20 bytes leftover after parsing attributes in process `syz.2.283'.
[   66.964399][ T6572] netlink: 'syz.2.283': attribute type 6 has an invalid length.
[   66.967009][ T6572] netlink: 16 bytes leftover after parsing attributes in process `syz.2.283'.
[   67.022335][ T6576] tipc: Started in network mode
[   67.025872][ T6576] tipc: Node identity , cluster identity 4711
[   67.028067][ T6576] tipc: Failed to obtain node identity
[   67.030022][ T6576] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   67.052030][ T6576] syzkaller0: entered promiscuous mode
[   67.055972][ T6576] syzkaller0: entered allmulticast mode
[   67.615799][ T6587] netlink: 'syz.1.289': attribute type 1 has an invalid length.
[   68.819161][ T6605] Bluetooth: MGMT ver 1.23
[   68.859367][ T6608] netlink: 'syz.2.299': attribute type 49 has an invalid length.
[   69.045101][ T6613] netlink: 14 bytes leftover after parsing attributes in process `syz.0.300'.
[   69.489514][ T6613] bond0 (unregistering): (slave wlan1): Releasing backup interface
[   69.523709][ T6613] bond0 (unregistering): Released all slaves
[   70.879365][ T5848] Bluetooth: hci0: command tx timeout
[   71.031993][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.034281][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   72.419682][ T6670] netlink: 'syz.1.318': attribute type 1 has an invalid length.
[   72.427804][ T6670] netlink: 140 bytes leftover after parsing attributes in process `syz.1.318'.
[   72.434387][ T6670] netlink: 96 bytes leftover after parsing attributes in process `syz.1.318'.
[   73.480038][ T6716] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.339'.
[   74.554868][ T6749] team0: Port device vxlan0 added
[   74.563425][ T5886] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   74.572823][ T5886] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   74.582109][ T5886] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   74.592817][ T5886] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   75.253868][ T6798] netlink: 32 bytes leftover after parsing attributes in process `syz.0.372'.
[   75.278148][ T6799] netlink: 56 bytes leftover after parsing attributes in process `syz.1.371'.
[   75.313110][ T6801] netlink: 36 bytes leftover after parsing attributes in process `syz.0.373'.
[   75.337760][   T33] audit: type=1800 audit(1755481758.634:2): pid=6803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.374" name="blkio.bfq.time_recursive" dev="tmpfs" ino=524 res=0 errno=0
[   75.356413][   T33] audit: type=1800 audit(1755481758.644:3): pid=6803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.374" name="blkio.bfq.time_recursive" dev="tmpfs" ino=524 res=0 errno=0
[   75.995100][ T6818] netlink: 80 bytes leftover after parsing attributes in process `syz.1.381'.
[   76.163616][ T6824] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.166563][ T6824] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.655516][ T6824] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   76.691613][ T6824] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.021055][ T6824] veth3: left promiscuous mode
[   77.035463][ T5886] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.040014][ T5886] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.053362][ T5886] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.069767][ T5886] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.204433][ T6836] netlink: 12 bytes leftover after parsing attributes in process `syz.1.387'.
[   77.208229][ T6836] vlan0: entered promiscuous mode
[   77.722071][ T6852] netdevsim netdevsim1: Firmware load for './file0/../file0' refused, path contains '..' component
[   78.010309][ T6868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.403'.
[   78.018119][ T6868] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   78.021471][ T6868] team0: Device ipvlan2 is already an upper device of the team interface
[   78.166022][ T6874] Set syz0 is full, maxelem 0 reached
[   78.320642][ T6882] netlink: 4 bytes leftover after parsing attributes in process `syz.1.410'.
[   78.533708][ T6891] netlink: 'syz.2.414': attribute type 2 has an invalid length.
[   79.230429][ T6909] netlink: 'syz.1.421': attribute type 3 has an invalid length.
[   79.617435][ T6917] tipc: Enabled bearer <udp:syz2>, priority 10
[   79.814450][ T6925] netlink: 12 bytes leftover after parsing attributes in process `syz.2.428'.
[   80.013033][ T6928] block nbd0: server does not support multiple connections per device.
[   80.017606][ T6928] block nbd0: shutting down sockets
[   80.632831][ T6944] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   80.635680][ T6944] IPv6: NLM_F_CREATE should be set when creating new route
[   80.638207][ T6944] IPv6: NLM_F_CREATE should be set when creating new route
[   80.735098][   T10] tipc: Node number set to 3420212549
[   81.073501][ T6957] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   81.077340][ T6957] syzkaller0: entered promiscuous mode
[   81.079694][ T6957] syzkaller0: entered allmulticast mode
[   81.083962][ T6957] tipc: Resetting bearer <eth:syzkaller0>
[   81.087370][ T6956] tipc: Resetting bearer <eth:syzkaller0>
[   81.102304][ T6956] tipc: Disabling bearer <eth:syzkaller0>
[   81.332355][ T6968] trusted_key: syz.1.446 sent an empty control message without MSG_MORE.
[   81.495724][ T6985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.453'.
[   81.517088][ T6985] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.554722][ T6992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.455'.
[   81.562242][ T6992] bridge0: port 3(macvlan2) entered blocking state
[   81.568368][ T6992] bridge0: port 3(macvlan2) entered disabled state
[   81.570482][ T6992] macvlan2: entered allmulticast mode
[   81.572236][ T6992] bridge0: entered allmulticast mode
[   81.575258][ T6992] macvlan2: left allmulticast mode
[   81.576957][ T6992] bridge0: left allmulticast mode
[   81.658374][ T6994] netlink: 'syz.1.456': attribute type 1 has an invalid length.
[   81.672297][ T5893] IPVS: starting estimator thread 0...
[   81.699051][ T6999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.458'.
[   81.777825][ T6997] IPVS: using max 83 ests per chain, 199200 per kthread
[   81.800221][ T7010] netlink: 60 bytes leftover after parsing attributes in process `syz.1.462'.
[   81.813907][ T7010] netlink: 16 bytes leftover after parsing attributes in process `syz.1.462'.
[   81.964875][ T7022] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   81.997496][ T7022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.467'.
[   82.000634][ T7022] bridge_slave_1: left allmulticast mode
[   82.002832][ T7022] bridge_slave_1: left promiscuous mode
[   82.005034][ T7022] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.009238][ T7022] bridge_slave_0: left allmulticast mode
[   82.011199][ T7022] bridge_slave_0: left promiscuous mode
[   82.013615][ T7022] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.161847][ T7037] netlink: 12 bytes leftover after parsing attributes in process `syz.1.472'.
[   82.167221][ T7037] netlink: 12 bytes leftover after parsing attributes in process `syz.1.472'.
[   82.451058][ T7061] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   82.519722][ T7065] netlink: 'syz.1.484': attribute type 22 has an invalid length.
[   82.525390][ T7065] netlink: 4 bytes leftover after parsing attributes in process `syz.1.484'.
[   82.539715][ T7065] netlink: 'syz.1.484': attribute type 22 has an invalid length.
[   82.539784][   T13] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   82.547638][ T7065] netlink: 4 bytes leftover after parsing attributes in process `syz.1.484'.
[   82.549543][   T13] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   82.554151][   T13] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   82.556987][   T13] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   82.630327][ T7074] netlink: 'syz.1.488': attribute type 2 has an invalid length.
[   84.000596][ T7116] netlink: 'syz.2.506': attribute type 3 has an invalid length.
[   84.036477][   T33] audit: type=1800 audit(1755481767.334:4): pid=7114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.505" name="memory.events" dev="tmpfs" ino=881 res=0 errno=0
[   84.067943][ T7119] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   84.199360][ T7126] bond0: option xmit_hash_policy: invalid value (8)
[   84.315464][ T7134] netlink: 'syz.2.514': attribute type 7 has an invalid length.
[   84.623012][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[   84.641227][ T7169] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   84.663226][ T7169] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.750397][ T7169] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   84.753975][ T7169] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.818634][ T7169] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   84.825070][ T7169] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.902436][ T7169] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   84.918273][ T7169] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.999778][ T5691] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   85.006376][ T5691] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.014364][ T5691] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   85.017781][ T5691] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.028694][ T5691] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   85.032074][ T5691] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.038890][ T7190] netlink: 'syz.0.533': attribute type 16 has an invalid length.
[   85.041849][ T7190] netlink: 'syz.0.533': attribute type 17 has an invalid length.
[   85.197829][   T13] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   85.200665][   T13] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.206280][ T7196] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   85.209470][ T7196] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.215774][   T13] ==================================================================
[   85.218420][   T13] BUG: KASAN: slab-use-after-free in __mutex_lock+0x147/0x1360
[   85.220874][   T13] Read of size 8 at addr ffff888120a928b0 by task kworker/u8:1/13
[   85.224206][   T13] 
[   85.225025][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.17.0-rc1-syzkaller-00207-g815957293639-dirty #0 PREEMPT(full) 
[   85.225034][   T13] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.225040][   T13] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[   85.225052][   T13] Call Trace:
[   85.225055][   T13]  <TASK>
[   85.225059][   T13]  dump_stack_lvl+0x189/0x250
[   85.225069][   T13]  ? __kasan_check_byte+0x12/0x40
[   85.225079][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.225086][   T13]  ? lock_release+0x4b/0x3e0
[   85.225096][   T13]  ? __virt_addr_valid+0x4a5/0x5c0
[   85.225126][   T13]  print_report+0xca/0x240
[   85.225132][   T13]  ? __mutex_lock+0x147/0x1360
[   85.225141][   T13]  kasan_report+0x118/0x150
[   85.225149][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   85.225157][   T13]  ? __mutex_lock+0x147/0x1360
[   85.225166][   T13]  __mutex_lock+0x147/0x1360
[   85.225175][   T13]  ? __mutex_lock+0x5b6/0x1360
[   85.225184][   T13]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[   85.225192][   T13]  ? __pfx___mutex_lock+0x10/0x10
[   85.225201][   T13]  ? __lock_acquire+0xab9/0xd20
[   85.225212][   T13]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[   85.225221][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[   85.225228][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[   85.225234][   T13]  process_scheduled_works+0xae1/0x17b0
[   85.225244][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.225253][   T13]  worker_thread+0x8a0/0xda0
[   85.225263][   T13]  kthread+0x711/0x8a0
[   85.225271][   T13]  ? __pfx_worker_thread+0x10/0x10
[   85.225277][   T13]  ? __pfx_kthread+0x10/0x10
[   85.225285][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.225292][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.225300][   T13]  ? __pfx_kthread+0x10/0x10
[   85.225308][   T13]  ret_from_fork+0x3fc/0x770
[   85.225315][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[   85.225322][   T13]  ? __switch_to_asm+0x39/0x70
[   85.225330][   T13]  ? __switch_to_asm+0x33/0x70
[   85.225337][   T13]  ? __pfx_kthread+0x10/0x10
[   85.225344][   T13]  ret_from_fork_asm+0x1a/0x30
[   85.225355][   T13]  </TASK>
[   85.225357][   T13] 
[   85.296768][   T13] Allocated by task 7169:
[   85.298659][   T13]  kasan_save_track+0x3e/0x80
[   85.300725][   T13]  __kasan_kmalloc+0x93/0xb0
[   85.302752][   T13]  __kmalloc_noprof+0x27a/0x4f0
[   85.304875][   T13]  udp_tunnel_nic_netdevice_event+0x854/0x19f0
[   85.307506][   T13]  notifier_call_chain+0x1b6/0x3e0
[   85.309717][   T13]  register_netdevice+0x1608/0x1ae0
[   85.311939][   T13]  nsim_create+0xae8/0xf10
[   85.313831][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[   85.316042][   T13]  nsim_dev_port_add_all+0x37/0xf0
[   85.318244][   T13]  nsim_dev_reload_up+0x451/0x780
[   85.320386][   T13]  devlink_reload+0x4ec/0x8d0
[   85.322441][   T13]  devlink_nl_reload_doit+0xb35/0xd50
[   85.324739][   T13]  genl_family_rcv_msg_doit+0x215/0x300
[   85.327151][   T13]  genl_rcv_msg+0x60e/0x790
[   85.329125][   T13]  netlink_rcv_skb+0x208/0x470
[   85.330911][   T13]  genl_rcv+0x28/0x40
[   85.332607][   T13]  netlink_unicast+0x82f/0x9e0
[   85.334467][   T13]  netlink_sendmsg+0x805/0xb30
[   85.336147][   T13]  __sock_sendmsg+0x21c/0x270
[   85.337720][   T13]  ____sys_sendmsg+0x505/0x830
[   85.339341][   T13]  ___sys_sendmsg+0x21f/0x2a0
[   85.341219][   T13]  __x64_sys_sendmsg+0x19b/0x260
[   85.343086][   T13]  do_syscall_64+0xfa/0x3b0
[   85.344616][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.346594][   T13] 
[   85.347414][   T13] Freed by task 7196:
[   85.348752][   T13]  kasan_save_track+0x3e/0x80
[   85.350333][   T13]  kasan_save_free_info+0x46/0x50
[   85.352004][   T13]  __kasan_slab_free+0x5b/0x80
[   85.353595][   T13]  kfree+0x18e/0x440
[   85.354955][   T13]  udp_tunnel_nic_netdevice_event+0x1332/0x19f0
[   85.357217][   T13]  notifier_call_chain+0x1b6/0x3e0
[   85.358937][   T13]  unregister_netdevice_many_notify+0x14d7/0x1ff0
[   85.361061][   T13]  unregister_netdevice_queue+0x33c/0x380
[   85.362998][   T13]  nsim_destroy+0x1dd/0x670
[   85.364538][   T13]  __nsim_dev_port_del+0x14d/0x1b0
[   85.366287][   T13]  nsim_dev_reload_destroy+0x288/0x490
[   85.368093][   T13]  nsim_dev_reload_down+0x8a/0xc0
[   85.369811][   T13]  devlink_reload+0x1b6/0x8d0
[   85.371442][   T13]  devlink_nl_reload_doit+0xb35/0xd50
[   85.373525][   T13]  genl_family_rcv_msg_doit+0x215/0x300
[   85.375396][   T13]  genl_rcv_msg+0x60e/0x790
[   85.376953][   T13]  netlink_rcv_skb+0x208/0x470
[   85.378568][   T13]  genl_rcv+0x28/0x40
[   85.379895][   T13]  netlink_unicast+0x82f/0x9e0
[   85.381851][   T13]  netlink_sendmsg+0x805/0xb30
[   85.383593][   T13]  __sock_sendmsg+0x21c/0x270
[   85.385305][   T13]  ____sys_sendmsg+0x505/0x830
[   85.387355][   T13]  ___sys_sendmsg+0x21f/0x2a0
[   85.389407][   T13]  __x64_sys_sendmsg+0x19b/0x260
[   85.391563][   T13]  do_syscall_64+0xfa/0x3b0
[   85.393399][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.395390][   T13] 
[   85.396215][   T13] Last potentially related work creation:
[   85.398016][   T13]  kasan_save_stack+0x3e/0x60
[   85.399607][   T13]  kasan_record_aux_stack+0xbd/0xd0
[   85.401770][   T13]  insert_work+0x3d/0x330
[   85.403606][   T13]  __queue_work+0xbaf/0xfb0
[   85.405586][   T13]  queue_work_on+0x181/0x270
[   85.407590][   T13]  __udp_tunnel_nic_add_port+0xb71/0xd60
[   85.409918][   T13]  udp_tunnel_push_rx_port+0x180/0x200
[   85.411843][   T13]  geneve_offload_rx_ports+0xd7/0x160
[   85.413815][   T13]  geneve_netdevice_event+0x6a/0x80
[   85.415634][   T13]  notifier_call_chain+0x1b6/0x3e0
[   85.417341][   T13]  call_netdevice_notifiers+0x88/0xc0
[   85.419094][   T13]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[   85.421549][   T13]  notifier_call_chain+0x1b6/0x3e0
[   85.423242][   T13]  register_netdevice+0x1608/0x1ae0
[   85.425053][   T13]  nsim_create+0xae8/0xf10
[   85.426548][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[   85.428259][   T13]  nsim_dev_port_add_all+0x37/0xf0
[   85.429953][   T13]  nsim_dev_reload_up+0x451/0x780
[   85.431692][   T13]  devlink_reload+0x4ec/0x8d0
[   85.433398][   T13]  devlink_nl_reload_doit+0xb35/0xd50
[   85.435189][   T13]  genl_family_rcv_msg_doit+0x215/0x300
[   85.437130][   T13]  genl_rcv_msg+0x60e/0x790
[   85.438991][   T13]  netlink_rcv_skb+0x208/0x470
[   85.440947][   T13]  genl_rcv+0x28/0x40
[   85.442635][   T13]  netlink_unicast+0x82f/0x9e0
[   85.444440][   T13]  netlink_sendmsg+0x805/0xb30
[   85.446055][   T13]  __sock_sendmsg+0x21c/0x270
[   85.447671][   T13]  ____sys_sendmsg+0x505/0x830
[   85.449352][   T13]  ___sys_sendmsg+0x21f/0x2a0
[   85.451121][   T13]  __x64_sys_sendmsg+0x19b/0x260
[   85.453252][   T13]  do_syscall_64+0xfa/0x3b0
[   85.455217][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.457756][   T13] 
[   85.458813][   T13] Second to last potentially related work creation:
[   85.461635][   T13]  kasan_save_stack+0x3e/0x60
[   85.463677][   T13]  kasan_record_aux_stack+0xbd/0xd0
[   85.465651][   T13]  insert_work+0x3d/0x330
[   85.467204][   T13]  __queue_work+0xcd2/0xfb0
[   85.469199][   T13]  queue_work_on+0x181/0x270
[   85.470783][   T13]  __udp_tunnel_nic_add_port+0xb71/0xd60
[   85.472844][   T13]  udp_tunnel_push_rx_port+0x180/0x200
[   85.474676][   T13]  vxlan_offload_rx_ports+0x139/0x200
[   85.476477][   T13]  vxlan_netdevice_event+0x111/0x470
[   85.478238][   T13]  notifier_call_chain+0x1b6/0x3e0
[   85.480121][   T13]  call_netdevice_notifiers+0x88/0xc0
[   85.482332][   T13]  udp_tunnel_nic_netdevice_event+0x134d/0x19f0
[   85.484924][   T13]  notifier_call_chain+0x1b6/0x3e0
[   85.487030][   T13]  register_netdevice+0x1608/0x1ae0
[   85.489202][   T13]  nsim_create+0xae8/0xf10
[   85.490896][   T13]  __nsim_dev_port_add+0x6b6/0xb10
[   85.492592][   T13]  nsim_dev_port_add_all+0x37/0xf0
[   85.494291][   T13]  nsim_dev_reload_up+0x451/0x780
[   85.496030][   T13]  devlink_reload+0x4ec/0x8d0
[   85.497626][   T13]  devlink_nl_reload_doit+0xb35/0xd50
[   85.499426][   T13]  genl_family_rcv_msg_doit+0x215/0x300
[   85.501276][   T13]  genl_rcv_msg+0x60e/0x790
[   85.502895][   T13]  netlink_rcv_skb+0x208/0x470
[   85.504718][   T13]  genl_rcv+0x28/0x40
[   85.506192][   T13]  netlink_unicast+0x82f/0x9e0
[   85.508086][   T13]  netlink_sendmsg+0x805/0xb30
[   85.510135][   T13]  __sock_sendmsg+0x21c/0x270
[   85.512179][   T13]  ____sys_sendmsg+0x505/0x830
[   85.514273][   T13]  ___sys_sendmsg+0x21f/0x2a0
[   85.516297][   T13]  __x64_sys_sendmsg+0x19b/0x260
[   85.518449][   T13]  do_syscall_64+0xfa/0x3b0
[   85.520375][   T13]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.522513][   T13] 
[   85.523358][   T13] The buggy address belongs to the object at ffff888120a92800
[   85.523358][   T13]  which belongs to the cache kmalloc-256 of size 256
[   85.528249][   T13] The buggy address is located 176 bytes inside of
[   85.528249][   T13]  freed 256-byte region [ffff888120a92800, ffff888120a92900)
[   85.533240][   T13] 
[   85.534254][   T13] The buggy address belongs to the physical page:
[   85.536831][   T13] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120a92
[   85.540392][   T13] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   85.543739][   T13] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   85.546791][   T13] page_type: f5(slab)
[   85.548458][   T13] raw: 057ff00000000040 ffff88801a441b40 dead000000000100 dead000000000122
[   85.551945][   T13] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   85.555532][   T13] head: 057ff00000000040 ffff88801a441b40 dead000000000100 dead000000000122
[   85.559014][   T13] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   85.562022][   T13] head: 057ff00000000001 ffffea000482a481 00000000ffffffff 00000000ffffffff
[   85.564950][   T13] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   85.567920][   T13] page dumped because: kasan: bad access detected
[   85.570241][   T13] page_owner tracks the page as allocated
[   85.572522][   T13] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5841, tgid 5841 (syz-executor), ts 54959090114, free_ts 54916892169
[   85.580921][   T13]  post_alloc_hook+0x240/0x2a0
[   85.582537][   T13]  get_page_from_freelist+0x21e4/0x22c0
[   85.584572][   T13]  __alloc_frozen_pages_noprof+0x181/0x370
[   85.587017][   T13]  alloc_pages_mpol+0x232/0x4a0
[   85.588976][   T13]  allocate_slab+0x8a/0x370
[   85.590493][   T13]  ___slab_alloc+0xbeb/0x1410
[   85.592054][   T13]  __kmalloc_noprof+0x305/0x4f0
[   85.593658][   T13]  fib_create_info+0x1728/0x3210
[   85.595310][   T13]  fib_table_insert+0xc6/0x1b50
[   85.596921][   T13]  fib_magic+0x2c4/0x390
[   85.598336][   T13]  fib_add_ifaddr+0x144/0x5f0
[   85.599894][   T13]  fib_inetaddr_event+0x12e/0x190
[   85.601657][   T13]  notifier_call_chain+0x1b6/0x3e0
[   85.603778][   T13]  blocking_notifier_call_chain+0x6a/0x90
[   85.606175][   T13]  __inet_insert_ifa+0xa13/0xbf0
[   85.608224][   T13]  inet_rtm_newaddr+0xf3a/0x18b0
[   85.610057][   T13] page last free pid 5845 tgid 5845 stack trace:
[   85.612185][   T13]  __free_frozen_pages+0xbc4/0xd30
[   85.613879][   T13]  __put_partials+0x156/0x1a0
[   85.615455][   T13]  put_cpu_partial+0x17c/0x250
[   85.617051][   T13]  __slab_free+0x2d5/0x3c0
[   85.618540][   T13]  qlist_free_all+0x97/0x140
[   85.620073][   T13]  kasan_quarantine_reduce+0x148/0x160
[   85.621873][   T13]  __kasan_slab_alloc+0x22/0x80
[   85.623547][   T13]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[   85.625534][   T13]  __alloc_skb+0x112/0x2d0
[   85.627030][   T13]  inet6_netconf_notify_devconf+0x10f/0x1d0
[   85.628985][   T13]  addrconf_notify+0x321/0x1010
[   85.630600][   T13]  notifier_call_chain+0x1b6/0x3e0
[   85.632357][   T13]  netif_change_name+0x5e9/0x960
[   85.634028][   T13]  do_setlink+0x9f6/0x41c0
[   85.635514][   T13]  rtnl_newlink+0x160b/0x1c70
[   85.637077][   T13]  rtnetlink_rcv_msg+0x7cf/0xb70
[   85.638743][   T13] 
[   85.639664][   T13] Memory state around the buggy address:
[   85.641529][   T13]  ffff888120a92780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   85.644206][   T13]  ffff888120a92800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.647004][   T13] >ffff888120a92880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.649971][   T13]                                      ^
[   85.652256][   T13]  ffff888120a92900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   85.655676][   T13]  ffff888120a92980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   85.659127][   T13] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   85.692032][   T13] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   85.694522][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.17.0-rc1-syzkaller-00207-g815957293639-dirty #0 PREEMPT(full) 
[   85.699201][   T13] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   85.703628][   T13] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work
[   85.706157][   T13] Call Trace:
[   85.707476][   T13]  <TASK>
[   85.708672][   T13]  dump_stack_lvl+0x99/0x250
[   85.710281][   T13]  ? __asan_memcpy+0x40/0x70
[   85.711855][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.713680][   T13]  ? __pfx__printk+0x10/0x10
[   85.715517][   T13]  vpanic+0x281/0x750
[   85.717268][   T13]  ? preempt_schedule+0xae/0xc0
[   85.719707][   T13]  ? __pfx_vpanic+0x10/0x10
[   85.721626][   T13]  ? preempt_schedule_common+0x83/0xd0
[   85.723969][   T13]  ? preempt_schedule+0xae/0xc0
[   85.726092][   T13]  ? __pfx_preempt_schedule+0x10/0x10
[   85.728421][   T13]  panic+0xb9/0xc0
[   85.730079][   T13]  ? __pfx_panic+0x10/0x10
[   85.732035][   T13]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   85.734579][   T13]  ? __mutex_lock+0x147/0x1360
[   85.736638][   T13]  check_panic_on_warn+0x89/0xb0
[   85.738779][   T13]  ? __mutex_lock+0x147/0x1360
[   85.740838][   T13]  end_report+0x78/0x160
[   85.742613][   T13]  kasan_report+0x129/0x150
[   85.744492][   T13]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   85.746821][   T13]  ? __mutex_lock+0x147/0x1360
[   85.748783][   T13]  __mutex_lock+0x147/0x1360
[   85.750805][   T13]  ? __mutex_lock+0x5b6/0x1360
[   85.752885][   T13]  ? udp_tunnel_nic_device_sync_work+0x39/0xa50
[   85.755609][   T13]  ? __pfx___mutex_lock+0x10/0x10
[   85.757760][   T13]  ? __lock_acquire+0xab9/0xd20
[   85.759886][   T13]  udp_tunnel_nic_device_sync_work+0x39/0xa50
[   85.762508][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[   85.764956][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[   85.767402][   T13]  process_scheduled_works+0xae1/0x17b0
[   85.769794][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[   85.772431][   T13]  worker_thread+0x8a0/0xda0
[   85.774472][   T13]  kthread+0x711/0x8a0
[   85.776265][   T13]  ? __pfx_worker_thread+0x10/0x10
[   85.778472][   T13]  ? __pfx_kthread+0x10/0x10
[   85.780460][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.782699][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.784971][   T13]  ? __pfx_kthread+0x10/0x10
[   85.786983][   T13]  ret_from_fork+0x3fc/0x770
[   85.788979][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[   85.791184][   T13]  ? __switch_to_asm+0x39/0x70
[   85.793236][   T13]  ? __switch_to_asm+0x33/0x70
[   85.795314][   T13]  ? __pfx_kthread+0x10/0x10
[   85.797323][   T13]  ret_from_fork_asm+0x1a/0x30
[   85.799396][   T13]  </TASK>
[   85.801526][   T13] Kernel Offset: disabled
[   85.803408][   T13] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:49:28  Registers:
info registers vcpu 0

CPU#0
RAX=00007fdac72cf640 RBX=00007fdac72ceae8 RCX=ffffffff854eff05 RDX=ffffffff85520c29
RSI=ffffffff854eff05 RDI=00007fdac72cf770 RBP=00007fdac72ce4d0 RSP=00007ffcd70b1d90
R8 =00007fdac72cee18 R9 =00007fdac79a2000 R10=00007fdac71ff008 R11=000000000000001c
R12=00007fdac72ce4c8 R13=0000000000000018 R14=00007ffcd70b1fa8 R15=00007fdac71ff008
RIP=00007fdac7668004 RFL=00000297 [--S-APC] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055558f6cf500 ffffffff 00c00000
GS =0000 0000000000000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b3200aff8 CR3=0000000032c4b000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffff85520c69 ffffffff854eff05 XMM01=ffffffff854eff05 ffffffff85520c69
XMM02=ffffffff823c7a0d ffffffff85520c69 XMM03=ffffffff823c6ffd ffffffff823c6d62
XMM04=000300081208eca6 c7c8aeef321ec06c XMM05=0000000000000000 00ff7ff20fa2560b
XMM06=4f514723f98afa8a 53339eb4e27e940a XMM07=8fd7090813f212df dc858298e3467abc
XMM08=9b6b44adbd000001 06000300081208ec XMM09=0000000000000000 00007fdac7812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000006b RBX=000000000000006b RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90000107130
R8 =ffff8881075d8237 R9 =1ffff11020ebb046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af9906 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc491774c40 CR3=000000003389e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f35d4587498 00007f35d4587470 XMM03=00007f35d45874a8 00007f35d45874a0
XMM04=00007f35d50ed100 00007f35d4587460 XMM05=00007f35d4587478 00007f35d45874c0
XMM06=00007f35d45874b8 00007f35d45874b0 XMM07=00007f35d45874a8 00007f35d45874a0
XMM08=0000000000000000 00007f35d4412ee7 XMM09=0000000000000000 00007f35d4412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
