last executing test programs:

3.310932854s ago: executing program 1 (id=1419):
r0 = socket$inet6(0xa, 0x5, 0x1a4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
bind$packet(r1, &(0x7f0000000040)={0x11, 0xf8, 0x0, 0x1, 0x6, 0x6, @remote}, 0x14)
connect$inet(0xffffffffffffffff, &(0x7f0000000280)={0x1e, 0x4ea4, @dev={0xac, 0x14, 0x14, 0x2b}}, 0xb1ba61f37d010064)
close(r1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000002400128009000100766c616e0000000014000273873d1ae6e0b0fd83e9fca1b1868006000100020000000600050081000000"], 0x44}}, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
close(r3)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040), 0x9)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000380)={'raw\x00'}, &(0x7f0000003240)=0x54)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet(0x2, 0x802, 0x1)
read(r5, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
getsockname$inet(r5, &(0x7f0000000180)={0x2, 0x0, @initdev}, &(0x7f0000000480)=0x10)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000007040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800b00010065787468647200002c000280080003400000000005000200890000000800064000000001080006400000000208000440000000170900010073797a3000000000090002007308000000000000140000001100010000000000000000000000000a"], 0x94}}, 0x0)
r6 = getpid()
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r7)
sendmsg$DEVLINK_CMD_RELOAD(r7, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r8, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r6}}]}, 0x3c}}, 0x0)
r9 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x34, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x60, 0x0, 0x0, r11, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000010008500000022000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r12, 0x0, 0x8, 0x8, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f00000004c0)=""/8, 0x224e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000100)=0xc)

2.742154746s ago: executing program 1 (id=1429):
r0 = socket$netlink(0x10, 0x3, 0xa)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0x806000)
sendfile(r0, r1, 0x0, 0xf03a0005)

2.59162708s ago: executing program 1 (id=1430):
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
epoll_create1(0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000d, 0x12, r1, 0x0)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r2, &(0x7f0000000400)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1, 0x10}}, 0x12)

1.880584098s ago: executing program 2 (id=1438):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x11, 0xc0}, [@call={0x85, 0x0, 0x0, 0x85}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfe01, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x21)

1.806981919s ago: executing program 2 (id=1447):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x27)
setsockopt$inet_sctp_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000100)=r2, 0x4)

1.719715644s ago: executing program 1 (id=1441):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='hybla\x00', 0x6)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

1.630181016s ago: executing program 1 (id=1443):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x7c}}, 0x0)

1.576582233s ago: executing program 1 (id=1444):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r0}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0900000004000000163c00000100400002"], 0x50)
socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r3=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000005c0)=[{0x0}], 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="2000000000000000840000000200000006000400280100000b008002", @ANYRES32=r3], 0x20, 0x6044}, 0x6)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000340)={r3, 0x9}, &(0x7f0000000300)=0x8)

861.472851ms ago: executing program 2 (id=1445):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f00000059c0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x7, @rand_addr=' \x01\x00', 0x4}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000100)='d', 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000340)={0x0, 0x4}, 0x8)

790.738947ms ago: executing program 2 (id=1446):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001a40)=ANY=[@ANYBLOB="b70200000f000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000010000006a0a00fe00000000850000000d000000bf0000000000000095000000000000005ecefab8f2e85c6c1ca711fc206bb8ad6ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bd04000000000000009c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5f683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891184604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e101d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe151acc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394b9ba1a836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429ba63903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6d6fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f25005798ca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9958fad67ccaba76408da35c9f1534c8bd48bbdf9594e8b4ce73febaefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb3b379e221a5318849b6b0679b5d65ab855fc9f1d10022cc20603480ffb1e3392fad690ce56aaa717e56fd55aec3d9d6671f55d7bc33830a4095497586e8d15c2a32d3176d45b783cb27112a69c14134488b6dd302c3e92a7e659351b610ed5ba022f92d4bf26b0a5c10a3c8eb0fabdf0017995ea0c06b41fe6dda769729328d6ee80ab3b4aeeeee7926575d526431184b2034b5cdacc8eaab03cf45af6ec451f65705d8a4375d559e4c3ad80e942d237616d8f2fdd5afe4fdf21478228d9f6299bf67cf1e62fc11c285e18fb65eeb657bc7375401bb175f6d2625195ce8647945dbdfb7eacc06a24832d155059b0f0c36b9433eff190f4c4c160f0484d4d39f5f92e8bd49ad3df23b961fe7bf9e506c5098ca79deb7906257e4ce9035f3a6b29453ee41640ade8b5916f38d19ab6f2fd51a9fd9a2559411967460952acf5c549e5466ee2d8563397a5f028486220fae69611d9bc0f1a68d31ad1a4e387de687ab1537bd46703e4e5ae0f096f731916628bf743a49ea7b7d22c04d738ca439343aaab682d45dc91187e9ff08005358e1f3d864f36ee590fb0da9c958f15f9105c41add43a7c28874e58c31a7acb0467e0bd97f2ccd78615b5144267772381e7498bb98d9e8a3f98b505e5c9645e19d011dd86a1dc134fa4b21ff8ec2d054ae7e0044b4700cd54ce392c2ee515e86070f2df561c15f331a1babfa60504410fa56a848ba1f501c8eb0bd6856451d150cfaf95d6dc889be27e8915bb3670fc76bcbeb390f3cefb5429c84907a92c6eab2b15758194ece4b1461f622510bcff5c0f8354637856f94d71a0841180e78a3a837ae7847c479f5c9c54859cb85393f190042a5dc31197f2c463be8affe29869d71df330b3466fc79b3488b4a2a3e2aae9af6421cd0902347103f2384bf08e5230b37297b668be11b4428b9a8e8c259afa6c73dd87fcc165b2fea66a180bf048530a5849f849d37aca6874cb1d50defdb90b3da04a575db38825db87f6bb0013a5dabcc0e9783aaac0cbb5d6fc437f1e77bf69cae31a213ca2b90ece8cc70fa320c9ffd05618e7a6e6cf8ada6b3e62557174b6d3516cc0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x185, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f0080047e0ffff00124000633a77fbac141416e000000194029f034d2f87e589ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x6b, 0x60000000}, 0xf)

678.285903ms ago: executing program 2 (id=1450):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {}, {0xfff1, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x88a8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000810}, 0x20084084)

576.930697ms ago: executing program 2 (id=1455):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_wait(r0, &(0x7f0000000040)=[{}], 0x1, 0xc9)

502.071739ms ago: executing program 0 (id=1457):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000000)=0xffffffffffffffff, 0x4)

501.777718ms ago: executing program 0 (id=1458):
r0 = socket(0x11, 0x800000002, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000200)={'ipvlan0\x00', {0x2, 0x0, @loopback=0xac141437}})

301.649233ms ago: executing program 0 (id=1459):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x64, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x34, 0x2, [@TCA_BASIC_EMATCHES={0x30, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_META={0x20, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x1}, {0x5, 0x40}}}, @TCA_EM_META_LVALUE={0x8, 0x2, [@TCF_META_TYPE_INT=0x9]}]}}]}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)

81.365068ms ago: executing program 0 (id=1460):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r0, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20)

314.183µs ago: executing program 0 (id=1461):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, 0x0, &(0x7f0000000300))

0s ago: executing program 0 (id=1462):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x3}]}, @volatile={0x0, 0x0, 0x0, 0xa, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x3, 0x800}}]}}, 0x0, 0x52}, 0x28)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:3552' (ED25519) to the list of known hosts.
syzkaller login: [   58.928944][ T5832] cgroup: Unknown subsys name 'net'
[   59.035825][ T5832] cgroup: Unknown subsys name 'cpuset'
[   59.042047][ T5832] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   61.294102][ T5832] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   67.153423][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   67.157903][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   67.160747][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   67.164129][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   67.168068][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   67.282441][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   67.285166][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   67.288669][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   67.291635][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   67.294965][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   67.330515][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   67.333758][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   67.337069][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   67.341204][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   67.345080][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   67.384577][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   67.514595][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.518209][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.521166][ T5848] bridge_slave_0: entered allmulticast mode
[   67.524398][ T5848] bridge_slave_0: entered promiscuous mode
[   67.531934][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.534427][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.537459][ T5848] bridge_slave_1: entered allmulticast mode
[   67.540873][ T5848] bridge_slave_1: entered promiscuous mode
[   67.580094][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.589358][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.633013][ T5848] team0: Port device team_slave_0 added
[   67.639117][ T5848] team0: Port device team_slave_1 added
[   67.673235][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.676054][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.686566][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.702812][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.705624][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.716709][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.855638][ T5848] hsr_slave_0: entered promiscuous mode
[   67.860408][ T5848] hsr_slave_1: entered promiscuous mode
[   67.895640][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   67.955437][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   68.161411][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.164417][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.169541][ T5857] bridge_slave_0: entered allmulticast mode
[   68.173458][ T5857] bridge_slave_0: entered promiscuous mode
[   68.179082][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.181959][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.184775][ T5857] bridge_slave_1: entered allmulticast mode
[   68.189672][ T5857] bridge_slave_1: entered promiscuous mode
[   68.206125][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.210866][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.219823][ T5854] bridge_slave_0: entered allmulticast mode
[   68.236720][ T5854] bridge_slave_0: entered promiscuous mode
[   68.245161][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.255072][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.264367][ T5854] bridge_slave_1: entered allmulticast mode
[   68.272657][ T5854] bridge_slave_1: entered promiscuous mode
[   68.336925][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.344028][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.363899][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.383705][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.437433][ T5857] team0: Port device team_slave_0 added
[   68.446774][ T5854] team0: Port device team_slave_0 added
[   68.450981][ T5857] team0: Port device team_slave_1 added
[   68.454746][ T5854] team0: Port device team_slave_1 added
[   68.505110][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.507463][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.519492][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.538689][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   68.545769][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.549119][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.558912][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.564313][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.567070][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.579711][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.583819][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   68.591500][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   68.606612][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.609711][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.620063][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.629207][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   68.695788][ T5857] hsr_slave_0: entered promiscuous mode
[   68.699874][ T5857] hsr_slave_1: entered promiscuous mode
[   68.702615][ T5857] debugfs: 'hsr0' already exists in 'hsr'
[   68.704501][ T5857] Cannot create hsr debugfs directory
[   68.744838][ T5854] hsr_slave_0: entered promiscuous mode
[   68.749557][ T5854] hsr_slave_1: entered promiscuous mode
[   68.752578][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   68.754907][ T5854] Cannot create hsr debugfs directory
[   69.044984][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.055397][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.067228][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.086942][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   69.140625][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.193193][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   69.200743][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   69.209278][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   69.221933][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   69.227969][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   69.253629][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.256767][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.262324][ T5849] Bluetooth: hci0: command tx timeout
[   69.280986][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.283914][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.338243][ T5849] Bluetooth: hci1: command tx timeout
[   69.415006][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.418155][ T5849] Bluetooth: hci2: command tx timeout
[   69.459688][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   69.469800][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.480546][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.483506][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.495631][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.498527][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.551225][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   69.572593][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.575489][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.602889][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.605891][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.644153][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.724899][ T5848] veth0_vlan: entered promiscuous mode
[   69.735550][ T5848] veth1_vlan: entered promiscuous mode
[   69.765148][ T5848] veth0_macvtap: entered promiscuous mode
[   69.773110][ T5848] veth1_macvtap: entered promiscuous mode
[   69.796332][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.823213][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.839610][ T5863] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.854476][ T5863] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.859604][ T5863] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.862503][ T5863] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.897519][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.913400][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.982401][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.989875][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.028222][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.033988][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.054079][ T5854] veth0_vlan: entered promiscuous mode
[   70.068726][ T5857] veth0_vlan: entered promiscuous mode
[   70.075887][ T5854] veth1_vlan: entered promiscuous mode
[   70.100466][ T5857] veth1_vlan: entered promiscuous mode
[   70.111347][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   70.137435][ T5857] veth0_macvtap: entered promiscuous mode
[   70.157005][ T5854] veth0_macvtap: entered promiscuous mode
[   70.182946][ T5854] veth1_macvtap: entered promiscuous mode
[   70.197342][ T5857] veth1_macvtap: entered promiscuous mode
[   70.216419][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   70.230081][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.242385][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   70.252724][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   70.258274][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.275579][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.280219][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.283581][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.313450][ T5866] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.354748][ T5863] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.371835][ T5863] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.395116][ T5863] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.491746][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.494592][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.536324][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.548721][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.576362][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.590894][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.645867][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   70.651299][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.747185][ T5936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8'.
[   71.189341][ T5958] Zero length message leads to an empty skb
[   71.193728][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17'.
[   71.203676][ T5958] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.207511][ T5958] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.341430][ T5849] Bluetooth: hci0: command tx timeout
[   71.419383][ T5849] Bluetooth: hci1: command tx timeout
[   71.511182][ T5849] Bluetooth: hci2: command tx timeout
[   71.672681][ T5983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'.
[   71.760970][ T5989] syz.0.29 uses obsolete (PF_INET,SOCK_PACKET)
[   71.932967][ T6000] netlink: 12 bytes leftover after parsing attributes in process `syz.2.34'.
[   72.117442][ T6012] tipc: Started in network mode
[   72.124528][ T6012] tipc: Node identity da3ca2a566be, cluster identity 4711
[   72.129663][ T6012] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   72.135365][ T6012] syzkaller0: entered promiscuous mode
[   72.142940][ T6012] syzkaller0: entered allmulticast mode
[   72.171799][ T6012] tipc: Resetting bearer <eth:syzkaller0>
[   72.181204][ T6011] tipc: Resetting bearer <eth:syzkaller0>
[   72.204045][ T6011] tipc: Disabling bearer <eth:syzkaller0>
[   72.391963][ T6027] bridge0: port 3(erspan0) entered blocking state
[   72.396879][ T6027] bridge0: port 3(erspan0) entered disabled state
[   72.409643][ T6027] erspan0: entered allmulticast mode
[   72.413509][ T6027] erspan0: entered promiscuous mode
[   72.416502][ T6027] bridge0: port 3(erspan0) entered blocking state
[   72.419688][ T6027] bridge0: port 3(erspan0) entered forwarding state
[   72.504010][ T6034] erspan0: left allmulticast mode
[   72.506080][ T6034] erspan0: left promiscuous mode
[   72.514585][ T6034] bridge0: port 3(erspan0) entered disabled state
[   73.425094][ T5849] Bluetooth: hci0: command tx timeout
[   73.498327][ T5849] Bluetooth: hci1: command tx timeout
[   73.578641][ T5849] Bluetooth: hci2: command tx timeout
[   73.954489][ T6085] netlink: 'syz.1.68': attribute type 2 has an invalid length.
[   74.168675][ T6090] netlink: 'syz.0.70': attribute type 1 has an invalid length.
[   74.172216][ T6090] nbd: error processing sock list
[   74.176405][ T6090] block nbd0: shutting down sockets
[   74.359742][ T6110] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   74.363463][ T6110] syzkaller0: entered promiscuous mode
[   74.366569][ T6110] syzkaller0: entered allmulticast mode
[   74.391175][ T6110] tipc: Resetting bearer <eth:syzkaller0>
[   74.396170][ T6109] tipc: Resetting bearer <eth:syzkaller0>
[   74.419965][ T6109] tipc: Disabling bearer <eth:syzkaller0>
[   74.436043][ T6118] netlink: 'syz.2.82': attribute type 3 has an invalid length.
[   74.585529][ T6133] netlink: 4 bytes leftover after parsing attributes in process `syz.0.84'.
[   74.634846][ T6132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.90'.
[   74.985475][ T6154] netlink: 36 bytes leftover after parsing attributes in process `syz.2.100'.
[   74.990339][ T6154] 8021q: VLANs not supported on ipvlan1
[   75.234796][ T6166] sctp: [Deprecated]: syz.2.105 (pid 6166) Use of struct sctp_assoc_value in delayed_ack socket option.
[   75.234796][ T6166] Use struct sctp_sack_info instead
[   75.498163][ T5849] Bluetooth: hci0: command tx timeout
[   75.530024][ T6179] netlink: 676 bytes leftover after parsing attributes in process `syz.1.111'.
[   75.533027][ T6179] netlink: 676 bytes leftover after parsing attributes in process `syz.1.111'.
[   75.578075][ T5849] Bluetooth: hci1: command tx timeout
[   75.610913][ T6182] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073701165882)
[   75.614998][ T6182] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647
[   75.657881][ T5849] Bluetooth: hci2: command tx timeout
[   75.727921][ T6188] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   76.000876][ T6200] netlink: 40 bytes leftover after parsing attributes in process `syz.0.121'.
[   76.043006][ T5922] IPVS: starting estimator thread 0...
[   76.089854][ T6208] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   76.094327][ T6208] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.097846][ T6208] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.116571][ T6209] tipc: Started in network mode
[   76.124719][ T6209] tipc: Node identity 9eaa71a362fe, cluster identity 4711
[   76.128018][ T6209] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.138701][ T6205] IPVS: using max 34 ests per chain, 81600 per kthread
[   76.143277][ T6209] syzkaller0: MTU too low for tipc bearer
[   76.149248][ T6209] tipc: Disabling bearer <eth:syzkaller0>
[   76.171666][ T6213] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   76.314033][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   76.316810][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   76.450812][ T6229] netlink: 24 bytes leftover after parsing attributes in process `syz.1.135'.
[   76.500082][ T6229] tipc: Cannot configure node identity twice
[   76.564833][ T6236] syzkaller0: entered promiscuous mode
[   76.566965][ T6236] syzkaller0: entered allmulticast mode
[   76.570793][ T6235] netlink: 144 bytes leftover after parsing attributes in process `syz.2.137'.
[   76.995699][ T6252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.144'.
[   77.100652][ T6254] netlink: 36 bytes leftover after parsing attributes in process `syz.0.145'.
[   77.656790][ T6276] netlink: 8 bytes leftover after parsing attributes in process `syz.2.156'.
[   77.741266][ T6283] netlink: 'syz.2.159': attribute type 1 has an invalid length.
[   77.828321][ T6287] netlink: 'syz.2.162': attribute type 16 has an invalid length.
[   77.831413][ T6287] netlink: 'syz.2.162': attribute type 3 has an invalid length.
[   77.834118][ T6287] netlink: 64066 bytes leftover after parsing attributes in process `syz.2.162'.
[   78.025510][ T6308] netlink: 'syz.0.172': attribute type 30 has an invalid length.
[   78.732864][ T6344] netlink: 240 bytes leftover after parsing attributes in process `syz.2.188'.
[   78.796446][ T6353] netlink: 6 bytes leftover after parsing attributes in process `syz.1.192'.
[   79.100323][ T6379] xt_socket: unknown flags 0xfc
[   79.222282][ T6389] netlink: 28 bytes leftover after parsing attributes in process `syz.1.210'.
[   79.256444][ T6393] netem: incorrect gi model size
[   79.258631][ T6393] netem: change failed
[   79.958121][ T6435] openvswitch: netlink: IPv4 tun info is not correct
[   80.127777][ T6442] nbd0: detected capacity change from 0 to 127
[   80.136398][   T57] block nbd0: Receive control failed (result -32)
[   80.143952][ T5851] block nbd0: Dead connection, failed to find a fallback
[   80.564836][ T6485] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   80.668233][ T6491] netlink: 'syz.0.253': attribute type 2 has an invalid length.
[   80.796601][ T6493] syz.1.254 (6493) used greatest stack depth: 17912 bytes left
[   81.353303][ T6548] syzkaller0: entered promiscuous mode
[   81.355321][ T6548] syzkaller0: entered allmulticast mode
[   81.621648][ T6565] netlink: 'syz.2.284': attribute type 29 has an invalid length.
[   81.631019][ T6565] netlink: 'syz.2.284': attribute type 29 has an invalid length.
[   81.641482][ T6565] __nla_validate_parse: 6 callbacks suppressed
[   81.641501][ T6565] netlink: 488 bytes leftover after parsing attributes in process `syz.2.284'.
[   81.711075][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.2.288'.
[   81.793346][ T6581] netlink: 'syz.1.292': attribute type 4 has an invalid length.
[   81.795768][ T6581] netlink: 17 bytes leftover after parsing attributes in process `syz.1.292'.
[   82.045954][ T6602] netlink: 12 bytes leftover after parsing attributes in process `syz.2.301'.
[   82.103132][ T6607] netlink: 28 bytes leftover after parsing attributes in process `syz.0.304'.
[   82.134768][ T6612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.305'.
[   82.205329][ T6616] tipc: New replicast peer: 255.255.255.255
[   82.209186][ T6616] tipc: Enabled bearer <udp:syz2>, priority 10
[   82.268758][ T6621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.310'.
[   82.272272][ T6621] netlink: 4 bytes leftover after parsing attributes in process `syz.0.310'.
[   82.303507][   T12] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   82.306648][ T6621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.310'.
[   82.311479][   T12] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   82.319744][   T12] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   82.323174][   T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   82.332403][ T6621] netlink: 4 bytes leftover after parsing attributes in process `syz.0.310'.
[   82.514187][ T6638] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   82.528498][ T6638] syzkaller0: entered promiscuous mode
[   82.530674][ T6638] syzkaller0: entered allmulticast mode
[   82.578700][ T6638] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   82.600783][ T6638] tipc: Resetting bearer <eth:syzkaller0>
[   82.609441][ T6637] tipc: Resetting bearer <eth:syzkaller0>
[   82.626981][ T6637] tipc: Disabling bearer <eth:syzkaller0>
[   83.598217][  T793] tipc: Node number set to 4233392547
[   84.013575][ T6694] wg1 speed is unknown, defaulting to 1000
[   84.016060][ T6694] wg1 speed is unknown, defaulting to 1000
[   84.027087][ T6694] wg1 speed is unknown, defaulting to 1000
[   84.066242][ T6694] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   84.106221][ T6694] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   84.147326][ T6694] wg1 speed is unknown, defaulting to 1000
[   84.151859][ T6694] wg1 speed is unknown, defaulting to 1000
[   84.155756][ T6694] wg1 speed is unknown, defaulting to 1000
[   84.354259][ T6712] netlink: 'syz.2.350': attribute type 1 has an invalid length.
[   84.569995][ T6728] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   84.682913][ T6735] warning: `syz.0.358' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   84.787305][ T6743] netem: change failed
[   85.706884][ T6766] Bluetooth: MGMT ver 1.23
[   86.273905][ T6798] netlink: 'syz.2.385': attribute type 1 has an invalid length.
[   86.400479][ T6814] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   86.483855][ T6818] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms
[   86.489881][ T6818] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5)
[   86.544052][  T792] cfg80211: failed to load regulatory.db
[   86.602578][ T6822] netlink: 'syz.0.397': attribute type 1 has an invalid length.
[   86.949077][ T6841] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[   87.183144][ T5851] block nbd0: shutting down sockets
[   87.186820][ T5851] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.192182][ T5851] Buffer I/O error on dev nbd0, logical block 0, async page read
[   87.200631][ T5851] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.204207][ T5851] Buffer I/O error on dev nbd0, logical block 1, async page read
[   87.207357][ T5851] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.213271][ T5851] Buffer I/O error on dev nbd0, logical block 2, async page read
[   87.216711][ T5851] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.223665][ T5851] Buffer I/O error on dev nbd0, logical block 3, async page read
[   87.237453][ T5851] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.249890][ T5851] Buffer I/O error on dev nbd0, logical block 0, async page read
[   87.253682][ T5851] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.260622][ T5851] Buffer I/O error on dev nbd0, logical block 1, async page read
[   87.265028][ T5851] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.279694][ T5851] Buffer I/O error on dev nbd0, logical block 2, async page read
[   87.282925][ T5851] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.285799][ T5851] Buffer I/O error on dev nbd0, logical block 3, async page read
[   87.298176][ T5851] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.303512][ T5851] Buffer I/O error on dev nbd0, logical block 0, async page read
[   87.306872][ T5851] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   87.312148][ T5851] Buffer I/O error on dev nbd0, logical block 1, async page read
[   87.330752][ T5851] ldm_validate_partition_table(): Disk read failed.
[   87.336394][ T5851] Dev nbd0: unable to read RDB block 0
[   87.347273][ T5851]  nbd0: unable to read partition table
[   87.356497][ T6858] netlink: 'syz.0.414': attribute type 13 has an invalid length.
[   87.364655][ T5851] ldm_validate_partition_table(): Disk read failed.
[   87.383693][ T5851] Dev nbd0: unable to read RDB block 0
[   87.390439][ T5851]  nbd0: unable to read partition table
[   87.741054][ T6883] netlink: 'syz.0.419': attribute type 1 has an invalid length.
[   87.743629][ T6883] __nla_validate_parse: 4 callbacks suppressed
[   87.743640][ T6883] netlink: 224 bytes leftover after parsing attributes in process `syz.0.419'.
[   87.750251][ T6885] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.780428][ T6888] ieee802154 phy0 wpan0: encryption failed: -22
[   87.880920][ T6891] wg1 speed is unknown, defaulting to 1000
[   88.359396][ T6907] netlink: 4 bytes leftover after parsing attributes in process `syz.2.432'.
[   88.696751][ T6921] netlink: 8 bytes leftover after parsing attributes in process `syz.2.438'.
[   88.702158][ T6921] netlink: 'syz.2.438': attribute type 30 has an invalid length.
[   88.705631][ T6921] netlink: 12 bytes leftover after parsing attributes in process `syz.2.438'.
[   88.750707][ T6919] 8021q: adding VLAN 0 to HW filter on device bond1
[   88.757083][ T6919] bond0: (slave bond1): Enslaving as an active interface with an up link
[   88.835598][ T6926] netlink: 'syz.2.440': attribute type 1 has an invalid length.
[   88.845321][ T6926] netlink: 'syz.2.440': attribute type 4 has an invalid length.
[   88.850735][ T6926] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.440'.
[   88.945619][ T6931] netlink: 12 bytes leftover after parsing attributes in process `syz.1.443'.
[   89.549164][ T6972] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[   90.291495][ T6994] netlink: 16386 bytes leftover after parsing attributes in process `syz.0.467'.
[   90.477087][ T7011] netlink: 'syz.0.475': attribute type 83 has an invalid length.
[   90.714485][ T7024] bond2: entered promiscuous mode
[   91.012418][ T7033] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   91.028743][ T7033] syzkaller0: entered promiscuous mode
[   91.032408][ T7033] syzkaller0: entered allmulticast mode
[   91.073543][ T7033] tipc: Resetting bearer <eth:syzkaller0>
[   91.089361][ T7032] tipc: Resetting bearer <eth:syzkaller0>
[   91.105762][ T7032] tipc: Disabling bearer <eth:syzkaller0>
[   91.335744][ T7049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.490'.
[   91.343352][ T7049] netlink: 32 bytes leftover after parsing attributes in process `syz.2.490'.
[   91.367759][ T7047] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.371521][ T7047] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.437516][ T7047] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   91.445961][ T7047] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   91.562750][ T7047] bond2: left promiscuous mode
[   91.569430][   T12] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   91.572239][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.575657][   T12] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   91.580322][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.583162][ T5849] Bluetooth: hci0: command tx timeout
[   91.590501][   T12] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   91.594076][   T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.599936][   T12] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   91.603555][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.713112][ T7054] nbd2: detected capacity change from 0 to 63
[   91.718059][ T7055] block nbd2: NBD_DISCONNECT
[   91.722698][ T7055] block nbd2: Disconnected due to user request.
[   91.728873][ T7055] block nbd2: shutting down sockets
[   91.761875][ T6702] ldm_validate_partition_table(): Disk read failed.
[   91.766035][ T6702] Dev nbd2: unable to read RDB block 0
[   91.804148][ T6702]  nbd2: unable to read partition table
[   91.826320][ T6702] ldm_validate_partition_table(): Disk read failed.
[   91.832733][ T6702] Dev nbd2: unable to read RDB block 0
[   91.837097][ T6702]  nbd2: unable to read partition table
[   91.922726][ T7061] netlink: 20 bytes leftover after parsing attributes in process `syz.0.496'.
[   92.109966][ T7076] vlan2: entered promiscuous mode
[   92.112238][ T7076] bridge0: entered promiscuous mode
[   92.179647][ T7079] netlink: 'syz.0.502': attribute type 16 has an invalid length.
[   92.193365][ T7079] netlink: 'syz.0.502': attribute type 17 has an invalid length.
[   92.270493][ T7079] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.278882][ T7079] 8021q: adding VLAN 0 to HW filter on device team0
[   92.293204][ T7079] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   93.370561][ T7114] __nla_validate_parse: 1 callbacks suppressed
[   93.370583][ T7114] netlink: 48 bytes leftover after parsing attributes in process `syz.0.518'.
[   93.392302][ T7116] netlink: 36 bytes leftover after parsing attributes in process `syz.1.516'.
[   93.606772][ T7131] netlink: 4 bytes leftover after parsing attributes in process `syz.2.526'.
[   93.910925][ T7147] netlink: 16 bytes leftover after parsing attributes in process `syz.0.531'.
[   93.915167][ T7147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.531'.
[   94.011077][ T7155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.536'.
[   94.056774][ T7157] netlink: 'syz.2.537': attribute type 39 has an invalid length.
[   94.316718][ T7164] bridge: RTM_NEWNEIGH with invalid ether address
[   94.736038][ T7185] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40
[   94.838054][ T7190] tipc: Started in network mode
[   94.840078][ T7190] tipc: Node identity 86717be47e92, cluster identity 4711
[   94.845777][ T7190] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   94.850637][ T7190] syzkaller0: entered promiscuous mode
[   94.853278][ T7190] syzkaller0: entered allmulticast mode
[   94.881113][ T7190] tipc: Resetting bearer <eth:syzkaller0>
[   94.890099][ T7189] tipc: Resetting bearer <eth:syzkaller0>
[   94.923342][ T7189] tipc: Disabling bearer <eth:syzkaller0>
[   94.958852][ T7196] netlink: 'syz.0.556': attribute type 1 has an invalid length.
[   95.110416][ T7208] netlink: 48 bytes leftover after parsing attributes in process `syz.2.561'.
[   95.176387][ T7210] wg1 speed is unknown, defaulting to 1000
[   95.213191][ T7217] netlink: 224 bytes leftover after parsing attributes in process `syz.0.563'.
[   95.216615][ T7217] openvswitch: netlink: Flow key attr not present in new flow.
[   95.249431][ T7217] netlink: 'syz.0.563': attribute type 1 has an invalid length.
[   95.252714][ T7217] netlink: 128 bytes leftover after parsing attributes in process `syz.0.563'.
[   95.256152][ T7217] netlink: 'syz.0.563': attribute type 2 has an invalid length.
[   95.259779][ T7217] netlink: 'syz.0.563': attribute type 1 has an invalid length.
[   95.300539][ T7210] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   95.305991][ T7209] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   95.535040][ T7244] netlink: 148 bytes leftover after parsing attributes in process `syz.2.576'.
[   95.538550][ T7244] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[   95.790908][ T7272] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[   95.914982][ T7278] Unsupported ieee802154 address type: 0
[   96.039730][ T7285] nbd: couldn't find a device at index 65546
[   96.525862][ T7322] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   96.703075][ T7329] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 536
[   97.789856][ T7370] netlink: 'syz.2.631': attribute type 15 has an invalid length.
[   97.930318][ T7377] Driver unsupported XDP return value 0 on prog  (id 117) dev N/A, expect packet loss!
[   98.143137][ T7385] netlink: 'syz.1.637': attribute type 39 has an invalid length.
[   98.578227][ T7413] __nla_validate_parse: 6 callbacks suppressed
[   98.578242][ T7413] netlink: 28 bytes leftover after parsing attributes in process `syz.1.651'.
[   98.708811][ T7421] netlink: 20 bytes leftover after parsing attributes in process `syz.0.655'.
[   98.835270][ T7431] netlink: 'syz.0.659': attribute type 8 has an invalid length.
[   98.880993][ T7436] netlink: 24 bytes leftover after parsing attributes in process `syz.1.662'.
[   98.908392][ T7439] syzkaller1: entered promiscuous mode
[   98.910612][ T7439] syzkaller1: entered allmulticast mode
[   99.082000][ T7451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.669'.
[   99.163486][ T7458] syz_tun: entered allmulticast mode
[   99.175389][ T7458] netlink: 4 bytes leftover after parsing attributes in process `syz.1.673'.
[   99.210798][ T7458] syz_tun (unregistering): left allmulticast mode
[   99.232648][ T7463] netlink: 'syz.2.674': attribute type 1 has an invalid length.
[   99.235672][ T7463] netlink: 'syz.2.674': attribute type 2 has an invalid length.
[   99.341941][ T7471] netlink: 8 bytes leftover after parsing attributes in process `syz.0.679'.
[   99.455926][ T7479] trusted_key: syz.0.683 sent an empty control message without MSG_MORE.
[   99.531274][ T7486] netlink: 20 bytes leftover after parsing attributes in process `syz.1.685'.
[   99.579517][ T7492] netlink: 224 bytes leftover after parsing attributes in process `syz.2.688'.
[   99.601394][ T7494] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.689'.
[  100.030871][ T7532] bond0: Unable to set up delay as MII monitoring is disabled
[  100.292947][ T7555] netlink: 76 bytes leftover after parsing attributes in process `syz.2.716'.
[  101.257693][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  101.962857][ T7648] netlink: 'syz.0.754': attribute type 1 has an invalid length.
[  101.999924][ T7648] bond3: (slave geneve2): making interface the new active one
[  102.003642][ T7648] bond3: (slave geneve2): Enslaving as an active interface with an up link
[  102.008424][ T5863] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0
[  102.015205][ T5863] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0
[  102.021136][ T5863] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0
[  102.025327][ T5863] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0
[  102.290617][ T7668] pim6reg: entered allmulticast mode
[  102.315641][ T7668] pim6reg: left allmulticast mode
[  102.563718][ T7684] netlink: 'syz.2.768': attribute type 11 has an invalid length.
[  103.328608][ T7721] netlink: 'syz.0.785': attribute type 2 has an invalid length.
[  103.800716][ T7737] __nla_validate_parse: 9 callbacks suppressed
[  103.800734][ T7737] netlink: 16 bytes leftover after parsing attributes in process `syz.0.792'.
[  103.806341][ T7737] openvswitch: netlink: EtherType 0 is less than min 600
[  104.213811][ T7759] netlink: 28 bytes leftover after parsing attributes in process `syz.0.803'.
[  104.469665][ T7784] sctp: [Deprecated]: syz.1.814 (pid 7784) Use of int in max_burst socket option.
[  104.469665][ T7784] Use struct sctp_assoc_value instead
[  104.489896][ T7780] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  104.496596][ T7780] syzkaller0: entered promiscuous mode
[  104.501987][ T7780] syzkaller0: entered allmulticast mode
[  104.540817][ T7780] tipc: Resetting bearer <eth:syzkaller0>
[  104.547350][ T7779] tipc: Resetting bearer <eth:syzkaller0>
[  104.579397][ T7779] tipc: Disabling bearer <eth:syzkaller0>
[  104.778433][ T7806] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.825'.
[  105.661347][ T7847] netlink: 'syz.0.844': attribute type 1 has an invalid length.
[  105.844370][ T7859] netlink: 8 bytes leftover after parsing attributes in process `syz.0.851'.
[  105.962140][ T7871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.857'.
[  106.016237][ T7874] netlink: 'syz.0.858': attribute type 1 has an invalid length.
[  106.029224][ T7874] netlink: 'syz.0.858': attribute type 2 has an invalid length.
[  106.031883][ T7874] netlink: 16154 bytes leftover after parsing attributes in process `syz.0.858'.
[  106.245826][ T7888] IPVS: persistence engine module ip_vs_pe_ not found
[  106.255222][   T10] IPVS: starting estimator thread 0...
[  106.358698][ T7892] IPVS: using max 61 ests per chain, 146400 per kthread
[  106.921398][ T7934] netlink: 3 bytes leftover after parsing attributes in process `syz.1.880'.
[  106.926896][ T7934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.880'.
[  106.966364][ T7934] netlink: 3 bytes leftover after parsing attributes in process `syz.1.880'.
[  106.975419][ T7934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.880'.
[  106.985263][ T7939] dummy0: entered allmulticast mode
[  106.988934][ T7937] dummy0: left allmulticast mode
[  107.044627][ T7945] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  107.424758][ T7970] netlink: 'syz.0.891': attribute type 1 has an invalid length.
[  107.715561][ T7997] netlink: 'syz.2.900': attribute type 27 has an invalid length.
[  108.224493][ T8036] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0
[  108.663735][ T8059] netlink: zone id is out of range
[  108.671761][ T8059] netlink: zone id is out of range
[  108.673795][ T8059] netlink: zone id is out of range
[  108.675520][ T8059] netlink: zone id is out of range
[  108.677143][ T8059] netlink: zone id is out of range
[  108.679266][ T8059] netlink: zone id is out of range
[  108.681390][ T8059] netlink: zone id is out of range
[  108.683521][ T8059] netlink: zone id is out of range
[  108.685551][ T8059] netlink: zone id is out of range
[  108.689185][ T8059] netlink: zone id is out of range
[  109.780464][ T8103] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  109.784681][ T8097] tipc: Resetting bearer <eth:syzkaller0>
[  109.806155][ T8097] tipc: Disabling bearer <eth:syzkaller0>
[  110.399494][ T8136] syzkaller0: entered promiscuous mode
[  110.401445][ T8136] syzkaller0: entered allmulticast mode
[  111.410692][ T8151] __nla_validate_parse: 5 callbacks suppressed
[  111.410704][ T8151] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.966'.
[  111.425344][ T8150] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.966'.
[  111.441989][ T8153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.967'.
[  111.449390][ T8153] netlink: 4 bytes leftover after parsing attributes in process `syz.0.967'.
[  111.649079][ T8171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.976'.
[  111.681043][ T8173] netlink: 24 bytes leftover after parsing attributes in process `syz.2.977'.
[  111.732867][ T8173] netlink: 16 bytes leftover after parsing attributes in process `syz.2.977'.
[  111.875379][ T8189] netlink: 16 bytes leftover after parsing attributes in process `syz.1.985'.
[  112.562901][ T8221] netlink: 8 bytes leftover after parsing attributes in process `syz.0.998'.
[  113.001575][ T8242] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.155546][ T8242] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.172174][ T8261] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  113.176417][ T8259] IPVS: stopping backup sync thread 8261 ...
[  113.247131][ T8242] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.301354][ T8242] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.409202][ T5863] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.444459][ T5863] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.448755][ T5863] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.464075][ T5863] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.893398][ T8276] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1017'.
[  114.134101][ T8288] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  114.137338][ T8288] syzkaller0: entered promiscuous mode
[  114.139335][ T8288] syzkaller0: entered allmulticast mode
[  114.154124][ T8288] tipc: Resetting bearer <eth:syzkaller0>
[  114.160618][ T8287] tipc: Resetting bearer <eth:syzkaller0>
[  114.169082][ T8287] tipc: Disabling bearer <eth:syzkaller0>
[  114.316023][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802bcab800: rx timeout, send abort
[  114.819906][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802bcab800: abort rx timeout. Force session deactivation
[  115.532907][ T8314] wireguard0: entered promiscuous mode
[  115.535166][ T8314] wireguard0: entered allmulticast mode
[  116.838506][ T8335] netlink: 'syz.0.1043': attribute type 1 has an invalid length.
[  116.841438][ T8335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'.
[  117.251882][ T8361] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1052'.
[  117.258574][ T8361] netlink: 'syz.0.1052': attribute type 4 has an invalid length.
[  117.832305][ T8408] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.901694][ T8408] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.961619][ T8408] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.013166][ T8408] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.111630][ T5863] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.134954][ T5863] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.155975][ T5866] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.159316][ T5866] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  119.111636][ T8466] netlink: 504 bytes leftover after parsing attributes in process `syz.1.1096'.
[  119.509641][ T8501] netlink: 'syz.1.1114': attribute type 21 has an invalid length.
[  119.512110][ T8501] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1114'.
[  119.514940][ T8501] netlink: 'syz.1.1114': attribute type 5 has an invalid length.
[  119.519539][ T8501] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1114'.
[  119.791320][ T8524] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  120.226017][ T8564] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  120.297159][ T8569] IPVS: Error connecting to the multicast addr
[  120.309966][ T8569] netlink: 'syz.0.1141': attribute type 16 has an invalid length.
[  120.312993][ T8569] netlink: 'syz.0.1141': attribute type 17 has an invalid length.
[  120.354477][ T5866] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 20004 - 0
[  120.361086][ T5866] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 20004 - 0
[  120.365274][ T5866] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 20004 - 0
[  120.369536][ T5866] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 20004 - 0
[  120.429392][ T8575] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1144'.
[  120.433613][ T8575] netem: unknown loss type 0
[  120.435459][ T8575] netem: change failed
[  120.565835][ T8579] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  120.569722][ T8579] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  120.851819][ T8594] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1152'.
[  120.855542][ T8594] ip6gretap0: entered promiscuous mode
[  120.858688][ T8594] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1152'.
[  121.301945][ T8618] delete_channel: no stack
[  121.465353][ T8631] netlink: 'syz.2.1170': attribute type 1 has an invalid length.
[  121.473631][ T8631] netlink: 'syz.2.1170': attribute type 1 has an invalid length.
[  121.823788][ T8655] syzkaller1: entered allmulticast mode
[  121.996113][ T8664] wg1 speed is unknown, defaulting to 1000
[  122.033923][ T8666] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1184'.
[  122.036679][ T8666] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1184'.
[  122.105884][ T8664] netlink: 'syz.0.1184': attribute type 2 has an invalid length.
[  122.127030][ T8671] netlink: 'syz.1.1186': attribute type 2 has an invalid length.
[  122.223300][ T8674] 8021q: adding VLAN 0 to HW filter on device bond4
[  122.229803][ T8674] bridge0: port 3(bond4) entered blocking state
[  122.233364][ T8674] bridge0: port 3(bond4) entered disabled state
[  122.235476][ T8674] bond4: entered allmulticast mode
[  122.240432][ T8674] bond4: entered promiscuous mode
[  122.312699][ T8682] netlink: 'syz.0.1191': attribute type 11 has an invalid length.
[  122.317786][ T8682] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1191'.
[  122.970814][ T8721] netlink: 'syz.2.1210': attribute type 13 has an invalid length.
[  122.973380][ T8721] netlink: 'syz.2.1210': attribute type 17 has an invalid length.
[  123.046483][ T8721] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.048977][ T8721] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.052396][ T8721] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.054684][ T8721] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.082002][ T8721] net_ratelimit: 336 callbacks suppressed
[  123.082007][ T8721] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  123.112548][ T8728] wg1 speed is unknown, defaulting to 1000
[  123.134145][ T8721] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  123.159209][ T8739] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1215'.
[  123.202914][ T8721] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  123.203155][ T8742] netlink: 'syz.1.1216': attribute type 12 has an invalid length.
[  123.211091][ T8742] netlink: 'syz.1.1216': attribute type 29 has an invalid length.
[  123.213868][ T8742] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1216'.
[  123.217117][ T8742] netlink: 59 bytes leftover after parsing attributes in process `syz.1.1216'.
[  123.513557][ T8755] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1222'.
[  123.613234][ T8756] netlink: 'syz.1.1222': attribute type 1 has an invalid length.
[  123.815994][ T8764] openvswitch: netlink: Tunnel attr 227 out of range max 16
[  123.967274][ T8782] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1236'.
[  124.046007][ T8788] geneve2: entered allmulticast mode
[  124.050236][   T12] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[  124.053447][   T12] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[  124.063280][   T12] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[  124.065930][   T12] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[  124.145525][ T8796] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[  124.446108][ T8826] syzkaller0: entered promiscuous mode
[  124.450763][ T8826] syzkaller0: entered allmulticast mode
[  124.482617][ T8830] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1257'.
[  124.510444][ T8832] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  124.515938][ T8832] bridge_slave_0: left allmulticast mode
[  124.519592][ T8832] bridge_slave_0: left promiscuous mode
[  124.527975][ T8832] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.540380][ T8832] bridge_slave_1: left allmulticast mode
[  124.542531][ T8832] bridge_slave_1: left promiscuous mode
[  124.550437][ T8832] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.561670][ T8832] bond0: (slave bond_slave_0): Releasing backup interface
[  124.571786][ T8832] bond0: (slave bond_slave_1): Releasing backup interface
[  124.597160][ T8832] team0: Port device team_slave_0 removed
[  124.606344][ T8832] team0: Port device team_slave_1 removed
[  124.608790][ T8832] batman_adv: batadv0: Removing interface: batadv_slave_0
[  124.612448][ T8832] batman_adv: batadv0: Removing interface: batadv_slave_1
[  124.619007][ T8832] bond3: (slave geneve2): Releasing active interface
[  124.629959][ T8832] bond4: left allmulticast mode
[  124.640507][ T8832] bond4: left promiscuous mode
[  124.642163][ T8832] bridge0: port 3(bond4) entered disabled state
[  124.654461][ T8832] netlink: 'syz.0.1258': attribute type 10 has an invalid length.
[  124.661438][ T8832] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  124.668731][ T8832] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  124.676117][ T8832] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  124.681567][ T8832] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  124.741775][ T8848] veth7: entered promiscuous mode
[  125.315889][ T8894] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1288'.
[  125.607163][ T8913] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  125.616286][ T8913] syzkaller0: entered promiscuous mode
[  125.622152][ T8913] syzkaller0: entered allmulticast mode
[  125.631813][ T8913] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  125.649449][ T8913] tipc: Resetting bearer <eth:syzkaller0>
[  125.653602][ T8911] tipc: Resetting bearer <eth:syzkaller0>
[  125.665828][ T8911] tipc: Disabling bearer <eth:syzkaller0>
[  126.076723][ T8945] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  126.082314][ T8945] syzkaller0: entered promiscuous mode
[  126.083999][ T8945] syzkaller0: entered allmulticast mode
[  126.103227][ T8945] tipc: Resetting bearer <eth:syzkaller0>
[  126.106505][ T8944] tipc: Resetting bearer <eth:syzkaller0>
[  126.123161][ T8944] tipc: Disabling bearer <eth:syzkaller0>
[  126.279648][ T8955] delete_channel: no stack
[  126.303951][ T8957] bond0: option mode: unable to set because the bond device has slaves
[  126.692039][ T8991] tipc: Can't bind to reserved service type 2
[  126.772936][ T8995] team0: Port device team_slave_0 removed
[  127.376192][ T9029] netlink: 'syz.2.1351': attribute type 1 has an invalid length.
[  127.998824][ T9075] syz.2.1375: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  128.011982][ T9075] CPU: 1 UID: 0 PID: 9075 Comm: syz.2.1375 Not tainted syzkaller #0 PREEMPT(full) 
[  128.012033][ T9075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  128.012045][ T9075] Call Trace:
[  128.012052][ T9075]  <TASK>
[  128.012081][ T9075]  dump_stack_lvl+0x189/0x250
[  128.012113][ T9075]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.012131][ T9075]  ? __pfx__printk+0x10/0x10
[  128.012153][ T9075]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  128.012171][ T9075]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  128.012191][ T9075]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  128.012212][ T9075]  warn_alloc+0x214/0x310
[  128.012237][ T9075]  ? stack_depot_save_flags+0x436/0x860
[  128.012259][ T9075]  ? __pfx_warn_alloc+0x10/0x10
[  128.012282][ T9075]  ? kasan_save_track+0x4f/0x80
[  128.012302][ T9075]  ? xskq_create+0x56/0x170
[  128.012321][ T9075]  ? xsk_init_queue+0xb0/0x110
[  128.012335][ T9075]  ? xsk_setsockopt+0x4dc/0x8d0
[  128.012350][ T9075]  ? do_sock_setsockopt+0x17c/0x1b0
[  128.012371][ T9075]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  128.012384][ T9075]  ? do_syscall_64+0xfa/0x3b0
[  128.012404][ T9075]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.012426][ T9075]  __vmalloc_node_range_noprof+0x125/0x12f0
[  128.012473][ T9075]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  128.012499][ T9075]  ? __kasan_kmalloc+0x93/0xb0
[  128.012521][ T9075]  vmalloc_user_noprof+0xad/0xf0
[  128.012542][ T9075]  ? xskq_create+0xbf/0x170
[  128.012562][ T9075]  xskq_create+0xbf/0x170
[  128.012583][ T9075]  xsk_init_queue+0xb0/0x110
[  128.012603][ T9075]  xsk_setsockopt+0x4dc/0x8d0
[  128.012624][ T9075]  ? __pfx_xsk_setsockopt+0x10/0x10
[  128.012642][ T9075]  ? __pfx_aa_sk_perm+0x10/0x10
[  128.012674][ T9075]  ? aa_sock_opt_perm+0xff/0x1b0
[  128.012691][ T9075]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  128.012708][ T9075]  ? __pfx_xsk_setsockopt+0x10/0x10
[  128.012727][ T9075]  do_sock_setsockopt+0x17c/0x1b0
[  128.012754][ T9075]  __x64_sys_setsockopt+0x13f/0x1b0
[  128.012773][ T9075]  do_syscall_64+0xfa/0x3b0
[  128.012793][ T9075]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.012812][ T9075]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.012827][ T9075]  ? exc_page_fault+0x9f/0xf0
[  128.012848][ T9075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.012861][ T9075] RIP: 0033:0x7f8f6558ebe9
[  128.012878][ T9075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.012893][ T9075] RSP: 002b:00007f8f6641c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  128.012910][ T9075] RAX: ffffffffffffffda RBX: 00007f8f657b5fa0 RCX: 00007f8f6558ebe9
[  128.012922][ T9075] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  128.012932][ T9075] RBP: 00007f8f65611e19 R08: 0000000000000004 R09: 0000000000000000
[  128.012941][ T9075] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  128.012952][ T9075] R13: 00007f8f657b6038 R14: 00007f8f657b5fa0 R15: 00007ffc09a5b8f8
[  128.012977][ T9075]  </TASK>
[  128.012985][ T9075] Mem-Info:
[  128.126877][ T9075] active_anon:12458 inactive_anon:0 isolated_anon:0
[  128.126877][ T9075]  active_file:1357 inactive_file:38233 isolated_file:0
[  128.126877][ T9075]  unevictable:1768 dirty:211 writeback:0
[  128.126877][ T9075]  slab_reclaimable:9349 slab_unreclaimable:65977
[  128.126877][ T9075]  mapped:18131 shmem:2437 pagetables:1040
[  128.126877][ T9075]  sec_pagetables:0 bounce:0
[  128.126877][ T9075]  kernel_misc_reclaimable:0
[  128.126877][ T9075]  free:277555 free_pcp:21412 free_cma:0
[  128.149578][ T9075] Node 0 active_anon:11352kB inactive_anon:0kB active_file:4388kB inactive_file:144840kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:43392kB dirty:728kB writeback:0kB shmem:4740kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5724kB pagetables:2252kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  128.161006][ T9075] Node 1 active_anon:38548kB inactive_anon:0kB active_file:1040kB inactive_file:8092kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:29200kB dirty:116kB writeback:0kB shmem:5008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5604kB pagetables:2044kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  128.171604][ T9075] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  128.181399][ T9075] lowmem_reserve[]: 0 811 811 811 811
[  128.183466][ T9075] Node 0 DMA32 free:227568kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11284kB inactive_anon:0kB active_file:4388kB inactive_file:144840kB unevictable:3536kB writepending:728kB present:1556484kB managed:830956kB mlocked:0kB bounce:0kB free_pcp:21780kB local_pcp:14716kB free_cma:0kB
[  128.196306][ T9075] lowmem_reserve[]: 0 0 0 0 0
[  128.201128][ T9075] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  128.216066][ T9075] lowmem_reserve[]: 0 0 854 854 854
[  128.220665][ T9075] Node 1 Normal free:408676kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:38548kB inactive_anon:0kB active_file:1040kB inactive_file:8092kB unevictable:3536kB writepending:116kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:64604kB local_pcp:42168kB free_cma:0kB
[  128.232208][ T9075] lowmem_reserve[]: 0 0 0 0 0
[  128.234305][ T9075] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  128.239812][ T9075] Node 0 DMA32: 1202*4kB (UME) 856*8kB (UME) 438*16kB (UME) 347*32kB (UME) 141*64kB (UM) 63*128kB (UM) 62*256kB (UME) 46*512kB (UM) 30*1024kB (UME) 6*2048kB (UM) 24*4096kB (UM) = 227592kB
[  128.245859][ T9075] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  128.251023][ T9075] Node 1 Normal: 95*4kB (UE) 107*8kB (UE) 225*16kB (UE) 416*32kB (UE) 54*64kB (U) 32*128kB (UM) 26*256kB (UE) 11*512kB (UM) 4*1024kB (UME) 5*2048kB (UME) 87*4096kB (M) = 408676kB
[  128.256483][ T9075] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  128.262441][ T9075] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  128.266233][ T9075] 42027 total pagecache pages
[  128.268061][ T9075] 0 pages in swap cache
[  128.269461][ T9075] Free swap  = 124996kB
[  128.270858][ T9075] Total swap = 124996kB
[  128.272257][ T9075] 786301 pages RAM
[  128.273521][ T9075] 0 pages HighMem/MovableOnly
[  128.275081][ T9075] 241330 pages reserved
[  128.276823][ T9075] 0 pages cma reserved
[  128.531274][ T9116] __nla_validate_parse: 7 callbacks suppressed
[  128.531285][ T9116] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1394'.
[  128.656991][ T9127] ksmbd: Unknown IPC event: 3, ignore.
[  128.679495][ T9131] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1401'.
[  128.711115][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.715667][ T9136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1404'.
[  128.723122][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.725849][ T9136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1404'.
[  128.735161][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.741305][ T9136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1404'.
[  128.748600][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.752230][ T9136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1404'.
[  128.755888][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.760832][ T9136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1404'.
[  128.764970][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.767498][ T9136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1404'.
[  128.773246][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.776403][ T9136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1404'.
[  128.781331][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.784505][ T9136] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1404'.
[  128.790433][ T9136] netlink: 'syz.2.1404': attribute type 1 has an invalid length.
[  128.839231][ T5883] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  128.944847][ T9145] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  128.947692][ T9148] bridge_slave_1: left allmulticast mode
[  128.949517][ T9148] bridge_slave_1: left promiscuous mode
[  128.951575][ T9148] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.955514][ T9148] bridge_slave_0: left allmulticast mode
[  128.957283][ T9148] bridge_slave_0: left promiscuous mode
[  128.961731][ T9148] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.190995][ T5883] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  129.249727][ T9162] wireguard0: entered promiscuous mode
[  129.251885][ T9162] wireguard0: entered allmulticast mode
[  129.656693][ T9167] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  129.965515][ T9175] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.019124][ T9175] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.103278][ T9175] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.135921][ T9186] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  130.178401][ T9175] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  130.316384][ T5866] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.340665][ T5866] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.343239][ T5866] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.354141][ T5866] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  131.202279][ T9216] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  132.606253][ T9261] xt_time: invalid argument - start or stop time greater than 23:59:59
[  133.286538][    C1] ==================================================================
[  133.289381][    C1] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x696/0xca0
[  133.292042][    C1] Write of size 8 at addr ffff8881064f8030 by task syz.1.1444/9239
[  133.296109][    C1] 
[  133.296908][    C1] CPU: 1 UID: 0 PID: 9239 Comm: syz.1.1444 Not tainted syzkaller #0 PREEMPT(full) 
[  133.296919][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  133.296926][    C1] Call Trace:
[  133.296932][    C1]  <IRQ>
[  133.296936][    C1]  dump_stack_lvl+0x189/0x250
[  133.296951][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  133.296963][    C1]  ? rcu_is_watching+0x15/0xb0
[  133.296972][    C1]  ? __kasan_check_byte+0x12/0x40
[  133.296984][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.296993][    C1]  ? rcu_is_watching+0x15/0xb0
[  133.297001][    C1]  ? lock_release+0x4b/0x3e0
[  133.297014][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  133.297024][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[  133.297034][    C1]  print_report+0xca/0x240
[  133.297043][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  133.297056][    C1]  kasan_report+0x118/0x150
[  133.297068][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  133.297080][    C1]  __xfrm_state_delete+0x696/0xca0
[  133.297094][    C1]  xfrm_timer_handler+0x18f/0xa00
[  133.297107][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  133.297117][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  133.297130][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.297142][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  133.297152][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  133.297163][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  133.297174][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  133.297184][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  133.297197][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  133.297205][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  133.297215][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  133.297225][    C1]  handle_softirqs+0x286/0x870
[  133.297234][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  133.297243][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  133.297252][    C1]  __irq_exit_rcu+0xca/0x1f0
[  133.297265][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  133.297274][    C1]  irq_exit_rcu+0x9/0x30
[  133.297281][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  133.297292][    C1]  </IRQ>
[  133.297294][    C1]  <TASK>
[  133.297297][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  133.297308][    C1] RIP: 0010:lock_release+0x2b5/0x3e0
[  133.297320][    C1] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 db d0 02 11 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e
[  133.297328][    C1] RSP: 0018:ffffc900061d7a90 EFLAGS: 00000206
[  133.297337][    C1] RAX: 4bdadb0598141800 RBX: 0000000000000202 RCX: 4bdadb0598141800
[  133.297343][    C1] RDX: 0000000000000000 RSI: ffffffff8dba5bba RDI: ffffffff8be33300
[  133.297349][    C1] RBP: ffff8881068f4470 R08: 0000000000000000 R09: ffffffff822bc9f9
[  133.297354][    C1] R10: dffffc0000000000 R11: ffffed10036de131 R12: 0000000000000000
[  133.297360][    C1] R13: 0000000000000000 R14: ffffffff8e139ea0 R15: ffff8881068f3980
[  133.297367][    C1]  ? percpu_ref_put+0x19/0x180
[  133.297383][    C1]  ? percpu_ref_put+0x19/0x180
[  133.297393][    C1]  ? percpu_ref_put+0x19/0x180
[  133.297404][    C1]  percpu_ref_put+0xf9/0x180
[  133.297415][    C1]  __memcg_kmem_uncharge_page+0xea/0x170
[  133.297426][    C1]  __free_frozen_pages+0x17b/0xd30
[  133.297441][    C1]  vfree+0x25a/0x400
[  133.297453][    C1]  htab_map_alloc+0x7ad/0xc70
[  133.297466][    C1]  map_create+0xaa3/0x14d0
[  133.297479][    C1]  ? security_bpf+0x7e/0x300
[  133.297492][    C1]  __sys_bpf+0x60f/0x870
[  133.297502][    C1]  ? __pfx___sys_bpf+0x10/0x10
[  133.297513][    C1]  ? bpf_trace_run2+0x322/0x4b0
[  133.297583][    C1]  ? rcu_is_watching+0x15/0xb0
[  133.297611][    C1]  __x64_sys_bpf+0x7c/0x90
[  133.297620][    C1]  do_syscall_64+0xfa/0x3b0
[  133.297632][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.297642][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.297650][    C1]  ? exc_page_fault+0x9f/0xf0
[  133.297660][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.297668][    C1] RIP: 0033:0x7f89c218ebe9
[  133.297677][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.297683][    C1] RSP: 002b:00007f89c2f37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  133.297692][    C1] RAX: ffffffffffffffda RBX: 00007f89c23b5fa0 RCX: 00007f89c218ebe9
[  133.297698][    C1] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 0000000000000000
[  133.297703][    C1] RBP: 00007f89c2211e19 R08: 0000000000000000 R09: 0000000000000000
[  133.297708][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  133.297713][    C1] R13: 00007f89c23b6038 R14: 00007f89c23b5fa0 R15: 00007ffd57044968
[  133.297722][    C1]  </TASK>
[  133.297725][    C1] 
[  133.456244][    C1] Allocated by task 7232:
[  133.457611][    C1]  kasan_save_track+0x3e/0x80
[  133.459204][    C1]  __kasan_slab_alloc+0x6c/0x80
[  133.460939][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  133.462600][    C1]  xfrm_state_alloc+0x24/0x2f0
[  133.464095][    C1]  __find_acq_core+0x8a7/0x1c00
[  133.465947][    C1]  xfrm_find_acq+0x78/0xa0
[  133.467506][    C1]  xfrm_alloc_userspi+0x6b3/0xc90
[  133.469117][    C1]  xfrm_user_rcv_msg+0x7a3/0xab0
[  133.470518][    C1]  netlink_rcv_skb+0x208/0x470
[  133.472130][    C1]  xfrm_netlink_rcv+0x79/0x90
[  133.473691][    C1]  netlink_unicast+0x82f/0x9e0
[  133.475461][    C1]  netlink_sendmsg+0x805/0xb30
[  133.477155][    C1]  __sock_sendmsg+0x21c/0x270
[  133.478726][    C1]  ____sys_sendmsg+0x505/0x830
[  133.480462][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  133.482208][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  133.483664][    C1]  do_syscall_64+0xfa/0x3b0
[  133.485252][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.487230][    C1] 
[  133.488032][    C1] Freed by task 5883:
[  133.489233][    C1]  kasan_save_track+0x3e/0x80
[  133.490763][    C1]  kasan_save_free_info+0x46/0x50
[  133.492276][    C1]  __kasan_slab_free+0x5b/0x80
[  133.493963][    C1]  kmem_cache_free+0x18f/0x400
[  133.495903][    C1]  xfrm_state_gc_task+0x52d/0x6b0
[  133.497815][    C1]  process_scheduled_works+0xae1/0x17b0
[  133.499505][    C1]  worker_thread+0x8a0/0xda0
[  133.501115][    C1]  kthread+0x711/0x8a0
[  133.502353][    C1]  ret_from_fork+0x3fc/0x770
[  133.503788][    C1]  ret_from_fork_asm+0x1a/0x30
[  133.505386][    C1] 
[  133.506124][    C1] The buggy address belongs to the object at ffff8881064f8000
[  133.506124][    C1]  which belongs to the cache xfrm_state of size 928
[  133.510294][    C1] The buggy address is located 48 bytes inside of
[  133.510294][    C1]  freed 928-byte region [ffff8881064f8000, ffff8881064f83a0)
[  133.514984][    C1] 
[  133.515740][    C1] The buggy address belongs to the physical page:
[  133.517667][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881064f8000 pfn:0x1064f8
[  133.520819][    C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  133.523696][    C1] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  133.526307][    C1] page_type: f5(slab)
[  133.527539][    C1] raw: 057ff00000000040 ffff88801db5f280 dead000000000122 0000000000000000
[  133.530144][    C1] raw: ffff8881064f8000 00000000800e000c 00000000f5000000 0000000000000000
[  133.532754][    C1] head: 057ff00000000040 ffff88801db5f280 dead000000000122 0000000000000000
[  133.535737][    C1] head: ffff8881064f8000 00000000800e000c 00000000f5000000 0000000000000000
[  133.538936][    C1] head: 057ff00000000002 ffffea0004193e01 00000000ffffffff 00000000ffffffff
[  133.542179][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  133.545234][    C1] page dumped because: kasan: bad access detected
[  133.547551][    C1] page_owner tracks the page as allocated
[  133.549272][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5919, tgid 5918 (syz.1.6), ts 70433687613, free_ts 70392554389
[  133.555448][    C1]  post_alloc_hook+0x240/0x2a0
[  133.557209][    C1]  get_page_from_freelist+0x21e4/0x22c0
[  133.559255][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  133.561478][    C1]  alloc_pages_mpol+0x232/0x4a0
[  133.563350][    C1]  allocate_slab+0x8a/0x370
[  133.564950][    C1]  ___slab_alloc+0xbeb/0x1410
[  133.566307][    C1]  kmem_cache_alloc_noprof+0x283/0x3c0
[  133.568001][    C1]  xfrm_state_alloc+0x24/0x2f0
[  133.569422][    C1]  xfrm_add_sa+0x17d1/0x4070
[  133.570831][    C1]  xfrm_user_rcv_msg+0x7a3/0xab0
[  133.572317][    C1]  netlink_rcv_skb+0x208/0x470
[  133.573819][    C1]  xfrm_netlink_rcv+0x79/0x90
[  133.575225][    C1]  netlink_unicast+0x82f/0x9e0
[  133.576692][    C1]  netlink_sendmsg+0x805/0xb30
[  133.578137][    C1]  __sock_sendmsg+0x21c/0x270
[  133.579593][    C1]  ____sys_sendmsg+0x505/0x830
[  133.581124][    C1] page last free pid 5294 tgid 5294 stack trace:
[  133.583034][    C1]  __free_frozen_pages+0xbc4/0xd30
[  133.584602][    C1]  __put_partials+0x156/0x1a0
[  133.586331][    C1]  put_cpu_partial+0x17c/0x250
[  133.588052][    C1]  __slab_free+0x2d5/0x3c0
[  133.589569][    C1]  qlist_free_all+0x97/0x140
[  133.591194][    C1]  kasan_quarantine_reduce+0x148/0x160
[  133.592907][    C1]  __kasan_slab_alloc+0x22/0x80
[  133.594406][    C1]  __kmalloc_noprof+0x224/0x4f0
[  133.596036][    C1]  tomoyo_realpath_from_path+0xe3/0x5d0
[  133.598028][    C1]  tomoyo_path_perm+0x213/0x4b0
[  133.599808][    C1]  security_inode_getattr+0x12f/0x330
[  133.601556][    C1]  vfs_fstatat+0xb1/0x170
[  133.603118][    C1]  __x64_sys_newfstatat+0x116/0x190
[  133.604716][    C1]  do_syscall_64+0xfa/0x3b0
[  133.606192][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.608400][    C1] 
[  133.609230][    C1] Memory state around the buggy address:
[  133.610974][    C1]  ffff8881064f7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  133.613715][    C1]  ffff8881064f7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  133.616684][    C1] >ffff8881064f8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  133.619260][    C1]                                      ^
[  133.621133][    C1]  ffff8881064f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  133.623888][    C1]  ffff8881064f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  133.626976][    C1] ==================================================================
[  133.630297][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  133.632452][    C1] CPU: 1 UID: 0 PID: 9239 Comm: syz.1.1444 Not tainted syzkaller #0 PREEMPT(full) 
[  133.635275][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  133.638465][    C1] Call Trace:
[  133.639507][    C1]  <IRQ>
[  133.640394][    C1]  dump_stack_lvl+0x99/0x250
[  133.641814][    C1]  ? __asan_memcpy+0x40/0x70
[  133.643304][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.645248][    C1]  ? __pfx__printk+0x10/0x10
[  133.647015][    C1]  vpanic+0x281/0x750
[  133.648292][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  133.649884][    C1]  ? __pfx_vpanic+0x10/0x10
[  133.651285][    C1]  ? irqentry_exit+0x74/0x90
[  133.653022][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.654988][    C1]  panic+0xb9/0xc0
[  133.656377][    C1]  ? __pfx_panic+0x10/0x10
[  133.658117][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  133.660181][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  133.662343][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  133.664060][    C1]  check_panic_on_warn+0x89/0xb0
[  133.665633][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  133.667408][    C1]  end_report+0x78/0x160
[  133.668928][    C1]  kasan_report+0x129/0x150
[  133.670582][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  133.672392][    C1]  __xfrm_state_delete+0x696/0xca0
[  133.673916][    C1]  xfrm_timer_handler+0x18f/0xa00
[  133.675544][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  133.677312][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  133.679338][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.680991][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  133.682961][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  133.684971][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  133.686876][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  133.688693][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  133.690287][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  133.692112][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  133.693896][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  133.695700][    C1]  handle_softirqs+0x286/0x870
[  133.697541][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  133.699106][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  133.700767][    C1]  __irq_exit_rcu+0xca/0x1f0
[  133.702116][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  133.703750][    C1]  irq_exit_rcu+0x9/0x30
[  133.705341][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  133.707039][    C1]  </IRQ>
[  133.707914][    C1]  <TASK>
[  133.708900][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  133.710929][    C1] RIP: 0010:lock_release+0x2b5/0x3e0
[  133.712806][    C1] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 db d0 02 11 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e
[  133.718597][    C1] RSP: 0018:ffffc900061d7a90 EFLAGS: 00000206
[  133.720611][    C1] RAX: 4bdadb0598141800 RBX: 0000000000000202 RCX: 4bdadb0598141800
[  133.723000][    C1] RDX: 0000000000000000 RSI: ffffffff8dba5bba RDI: ffffffff8be33300
[  133.725414][    C1] RBP: ffff8881068f4470 R08: 0000000000000000 R09: ffffffff822bc9f9
[  133.727817][    C1] R10: dffffc0000000000 R11: ffffed10036de131 R12: 0000000000000000
[  133.730219][    C1] R13: 0000000000000000 R14: ffffffff8e139ea0 R15: ffff8881068f3980
[  133.732828][    C1]  ? percpu_ref_put+0x19/0x180
[  133.734735][    C1]  ? percpu_ref_put+0x19/0x180
[  133.736660][    C1]  ? percpu_ref_put+0x19/0x180
[  133.738217][    C1]  percpu_ref_put+0xf9/0x180
[  133.739603][    C1]  __memcg_kmem_uncharge_page+0xea/0x170
[  133.741247][    C1]  __free_frozen_pages+0x17b/0xd30
[  133.742833][    C1]  vfree+0x25a/0x400
[  133.744007][    C1]  htab_map_alloc+0x7ad/0xc70
[  133.745496][    C1]  map_create+0xaa3/0x14d0
[  133.746892][    C1]  ? security_bpf+0x7e/0x300
[  133.748327][    C1]  __sys_bpf+0x60f/0x870
[  133.749653][    C1]  ? __pfx___sys_bpf+0x10/0x10
[  133.751160][    C1]  ? bpf_trace_run2+0x322/0x4b0
[  133.752645][    C1]  ? rcu_is_watching+0x15/0xb0
[  133.754141][    C1]  __x64_sys_bpf+0x7c/0x90
[  133.755537][    C1]  do_syscall_64+0xfa/0x3b0
[  133.756979][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.758730][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.760612][    C1]  ? exc_page_fault+0x9f/0xf0
[  133.762013][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.764007][    C1] RIP: 0033:0x7f89c218ebe9
[  133.765706][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.772994][    C1] RSP: 002b:00007f89c2f37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  133.776111][    C1] RAX: ffffffffffffffda RBX: 00007f89c23b5fa0 RCX: 00007f89c218ebe9
[  133.779143][    C1] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 0000000000000000
[  133.782132][    C1] RBP: 00007f89c2211e19 R08: 0000000000000000 R09: 0000000000000000
[  133.784632][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  133.786914][    C1] R13: 00007f89c23b6038 R14: 00007f89c23b5fa0 R15: 00007ffd57044968
[  133.789222][    C1]  </TASK>
[  133.790738][    C1] Kernel Offset: disabled
[  133.792036][    C1] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:49:52  Registers:
info registers vcpu 0

CPU#0
RAX=8c957c0e6011b400 RBX=ffffffff819683a8 RCX=8c957c0e6011b400 RDX=0000000000000001
RSI=ffffffff8d9b6935 RDI=ffffffff8be33300 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa37e30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7943f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005555702ab5c8 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8167991b ffffffff8167991b
XMM02=00007f8f65787498 ffffffff8167991b XMM03=00007f8f657874a8 00007f8f657874a0
XMM04=00007f8f662ed100 00007f8f65787460 XMM05=00007f8f65787478 00007f8f657874c0
XMM06=00007f8f657874b8 00007f8f657874b0 XMM07=00007f8f657874a8 00007f8f657874a0
XMM08=0000000000000000 00007f8f65612ee7 XMM09=0000000000000000 00007f8f65612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002f RBX=000000000000002f RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001e03b0
R8 =ffff888021358237 R9 =1ffff1100426b046 R10=dffffc0000000000 R11=ffffffff854eff70
R12=dffffc0000000000 R13=ffffffff99af9913 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854effec RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f89c2f376c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd4c4196fc8 CR3=000000010f044000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff8167991b ffffffff8167991b
XMM02=00007f8f65787498 ffffffff8167991b XMM03=00007f8f657874a8 00007f8f657874a0
XMM04=00007f8f662ed100 00007f8f65787460 XMM05=00007f8f65787478 00007f8f657874c0
XMM06=00007f8f657874b8 00007f8f657874b0 XMM07=00007f8f657874a8 00007f8f657874a0
XMM08=0000000000000000 00007f8f65612ee7 XMM09=0000000000000000 00007f8f65612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
