last executing test programs:

34.299983027s ago: executing program 1 (id=519):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet_icmp(0x2, 0x2, 0x1)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000400)=0xc)
sendmsg$netlink(r1, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000380)={0x24, 0x2d, 0x1, 0x0, 0x0, "", [@typed={0x8, 0xc, 0x0, 0x0, @uid=r3}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}]}, 0x24}], 0x1, 0x0, 0x0, 0x2000000}, 0x0)
sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000280)={0x18c, 0x10, 0x509, 0x0, 0x0, "", [@nested={0xb9, 0x9c, 0x0, 0x1, [@nested={0x8, 0x13a, 0x0, 0x1, [@nested={0x4, 0x7d}]}, @typed={0x8, 0xe9, 0x0, 0x0, @uid=r3}, @typed={0x8, 0xb7, 0x0, 0x0, @ipv4=@local}, @generic="46e16f7519cabb74e75f5284a7644ee2669cf260d7ee8a72b1d2136dd2cf8f62ab5e0a5db5c620d94653ffcf494387a7cace4f6db5809d7bfd444c39f08538cf4ab4867900a34e58819453bee4b96fc4da12184791474d35fe57ec181883bcd4803ca788a4adfedaaf47763633fea932df1a5ecc8e402f4288d8b2085e457fcdfcac92fab90e27f24d8a1494fb4e35fe93ff248cd58762e1ca3a5ba1c5"]}, @generic="b7b86d126d136b69478a408c8a3294c0ebf12eb1653e0d0ce38a7973dbf1402bbd1ead61ed55bb641efcc2b6acfe736059f4a4c569c1615b4cbeb079c76fb51ea210b0c65fb642d65472f7e83c0b95c09a5d5b117d1d4fb22e7edf06d7d2a08895ecab5f99e105c5f99b4a057929e21baa5217459a3cc534049033c023a0cc90f3ed876af56bfc32d8fa72e6b8d8c31b88a255ad43853ac796750fc27cf67e738f4aa69974a655d7b30d992d5d0aa6e2c4cc40eabdc6751c3b404610a2597a23"]}, 0x18c}], 0x1}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x9, 0x6, 0x218cd23f074670af, 0x0, 0x0, {0xd, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x10010002}, 0x40010)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r5}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r6}, 0x10)
r7 = socket$caif_stream(0x25, 0x1, 0x3)
setsockopt$CAIFSO_REQ_PARAM(r7, 0x116, 0x80, &(0x7f0000000000)="6e397ace314c9c0a24eb8a94e54f34313e5377b6524c313c79965cba588d03e4fd54976b6eb39eea7ce070770ce0cc31207f184feaf3f5f4ed64372805420fb6208d872484b18439c6a116211f29d0f6871809e266a68126e16ab188784e17b6d5caa3cae7b247917063c56770758306fe493c879e0196417e87bfd3389414a7acc34aca65beaebb129efac992fcd4e1bf631ac07de9c2379a62e4ed39d689d5982e4304bcab5d26e8e8b8bb4fc0061d29972ab2720982bced911f888173d6335c02f008da089892d56e6f1adc4349be7bfb5285464e13fcb5487ee9402809880ca5f1d47dd3bbc14a368f84d86d8c193e83fbf93b", 0x9979)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r9, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}]}, 0x1c}}, 0x0)
sendmsg$FOU_CMD_DEL(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r9, 0x1}, 0x14}}, 0x0)
socket$inet6(0xa, 0x2, 0x3a)

33.994692194s ago: executing program 1 (id=523):
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000100)=[{&(0x7f0000001500)="6e80000000000100000000000000000000000c81", 0x14}], 0x1, 0x0)
r2 = socket$inet(0x2, 0x3, 0x7f)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x3, @multicast1}, 0x10)
splice(r0, 0x0, r2, 0x0, 0x8000, 0x0)

33.679910868s ago: executing program 1 (id=526):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcd)
shutdown(r0, 0x1)

33.656860008s ago: executing program 1 (id=528):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/13], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), 0x0}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000001c0)=0x200000, 0x4)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000240)={0x0, 0x1228000, 0x1000, 0x2, 0x1}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(0xffffffffffffffff, 0x0, 0x0)

33.109668892s ago: executing program 1 (id=541):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bind$rose(r0, &(0x7f00000000c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x40)

32.828209675s ago: executing program 1 (id=554):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, r2, 0x0, 0x0, 0x0}, 0x30)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r3, &(0x7f0000f6f000), 0x0, 0x20000004, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f00000022c0)=ANY=[@ANYBLOB="61158c000000000061134c0000000000bfa00000000000001705000008004ef02d3501000000000095003200000000006916000000000000bf67000000000000350605000fff07206706000002000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b540dcfc7ad0500c4063b3b8754c0686cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d39d25991b085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e5671c888fb126a163f16f920ae2fb494059bba8e3b680324a188090eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb40000000000000000000000000040007abf9c20d89cbc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eb29000000000000003cc3aa39ee4b1386bab561cda886fa64ffffff7f473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59801fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e17417a249a2cd8ff62aa6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d00000000d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38c7f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf73400000000000000cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61d1f5b2a443faa9bda0577383dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea90000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8a10300004d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a122822bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c39e9d8547c666b6764a3c7dd62a94eee45881441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a365b5b11df7216652b5703f31e078ecdefe8e6bfc45a9980a7a8de863e3477dd47d0f11611ca92d89641a183c8f629f17cfc28fde209a793d9c0cdde3bb3f82670d33396982988b9f5207a732908fdf1506f307ccae47a69319ee2242272e4f7ceb7a40e49a21ce6405af3ecb3381bf0668749c81fc6c2d97e68a693e3e622af52e572f4fa7b20d5c72cf5ff8016461130a46803de45029489921a48bd7688dd593e4a3e9803263ecbd8ae8570293508ebe5fabc1842cbc01ae8fabbf41820c31b7bb83a3439d4540f839ed5c23828a33d7645baa1ec32bb7aa8a786bb0997ccf6bba0a2cf6ef2157a63974d5e525a3f3f7f993ea9e82732ccc2e12c6310121ecb9029e7f835420f8f27a7e563684a225dee6ca5f5ff18a89ac6c627ff0e0e4769b6fbcfc847b20960704a4b13e962333bddb966de8bcade6f6bd3915a580ddec2e1bd88fbfdb749789cdc946822212f1cbacb03ba8d3e51e48ccdae20a43bf79ca0131b830620a97877242989e78dfec1d6df5f97ca5cddece50d0cae5d6eabbc1913aa3660e0b00000000000000000000000000bc12b71cb118d93461aa2914d6e454ef05c41beab7382787ba46b68c8d8b35349fb58b259b4447b59c667ddcac0bb2d066eb0579be84bdca8ed5d693411b7e5b21efaceddacef03daa9772f2715b5613ae0d88f8d109e36f8b8871b646d9ebbcc25d527ad3f828c92cb6597f82ed4d496a511007781be0c7cac07fc508a585f415ef81a887475286df80fb6ff9c6524d0e22d50f88ca15545bc688063b04eb8e0248aca60b9983dd5966216499ccfc0551f6e0323859ae64f55e4d496a695f8e6382aa714b92f95dcfd0b456d9ce7a24f736e4009ef64230e8f83f8283a4cc5f178d4698b94ccd8d0e0e3e2e35e1a7ac0cb3ee52013e8c2802d2f89b3f708fb53c17c3e4fbe0326ee510c4317b5f5f1eb34ca8441c23755acfc469909b16fba134de01d484c1b380622d3743a0be77b64961753faba6131c136fb14b1963960f2f7f118bc451a18b216bf26c3cec2575a059da60baede629711a5f11c347fcbca73440d27b1147b44fb15106c00669da23964fd9de079d1a9077848100f6e75d29b2d60016abc6ef1542bd3062f599676bb04e64decb6c843a407f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

32.716683941s ago: executing program 32 (id=554):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, r2, 0x0, 0x0, 0x0}, 0x30)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r3, &(0x7f0000f6f000), 0x0, 0x20000004, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f00000022c0)=ANY=[@ANYBLOB="61158c000000000061134c0000000000bfa00000000000001705000008004ef02d3501000000000095003200000000006916000000000000bf67000000000000350605000fff07206706000002000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b540dcfc7ad0500c4063b3b8754c0686cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d39d25991b085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e5671c888fb126a163f16f920ae2fb494059bba8e3b680324a188090eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb40000000000000000000000000040007abf9c20d89cbc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eb29000000000000003cc3aa39ee4b1386bab561cda886fa64ffffff7f473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59801fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e17417a249a2cd8ff62aa6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d00000000d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38c7f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf73400000000000000cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61d1f5b2a443faa9bda0577383dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea90000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8a10300004d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a122822bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c39e9d8547c666b6764a3c7dd62a94eee45881441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a365b5b11df7216652b5703f31e078ecdefe8e6bfc45a9980a7a8de863e3477dd47d0f11611ca92d89641a183c8f629f17cfc28fde209a793d9c0cdde3bb3f82670d33396982988b9f5207a732908fdf1506f307ccae47a69319ee2242272e4f7ceb7a40e49a21ce6405af3ecb3381bf0668749c81fc6c2d97e68a693e3e622af52e572f4fa7b20d5c72cf5ff8016461130a46803de45029489921a48bd7688dd593e4a3e9803263ecbd8ae8570293508ebe5fabc1842cbc01ae8fabbf41820c31b7bb83a3439d4540f839ed5c23828a33d7645baa1ec32bb7aa8a786bb0997ccf6bba0a2cf6ef2157a63974d5e525a3f3f7f993ea9e82732ccc2e12c6310121ecb9029e7f835420f8f27a7e563684a225dee6ca5f5ff18a89ac6c627ff0e0e4769b6fbcfc847b20960704a4b13e962333bddb966de8bcade6f6bd3915a580ddec2e1bd88fbfdb749789cdc946822212f1cbacb03ba8d3e51e48ccdae20a43bf79ca0131b830620a97877242989e78dfec1d6df5f97ca5cddece50d0cae5d6eabbc1913aa3660e0b00000000000000000000000000bc12b71cb118d93461aa2914d6e454ef05c41beab7382787ba46b68c8d8b35349fb58b259b4447b59c667ddcac0bb2d066eb0579be84bdca8ed5d693411b7e5b21efaceddacef03daa9772f2715b5613ae0d88f8d109e36f8b8871b646d9ebbcc25d527ad3f828c92cb6597f82ed4d496a511007781be0c7cac07fc508a585f415ef81a887475286df80fb6ff9c6524d0e22d50f88ca15545bc688063b04eb8e0248aca60b9983dd5966216499ccfc0551f6e0323859ae64f55e4d496a695f8e6382aa714b92f95dcfd0b456d9ce7a24f736e4009ef64230e8f83f8283a4cc5f178d4698b94ccd8d0e0e3e2e35e1a7ac0cb3ee52013e8c2802d2f89b3f708fb53c17c3e4fbe0326ee510c4317b5f5f1eb34ca8441c23755acfc469909b16fba134de01d484c1b380622d3743a0be77b64961753faba6131c136fb14b1963960f2f7f118bc451a18b216bf26c3cec2575a059da60baede629711a5f11c347fcbca73440d27b1147b44fb15106c00669da23964fd9de079d1a9077848100f6e75d29b2d60016abc6ef1542bd3062f599676bb04e64decb6c843a407f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

1.168530022s ago: executing program 3 (id=1270):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x4, 0x2, 0x1, 0x10}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.069360597s ago: executing program 3 (id=1273):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000005000000090000008b"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x6c, r0, 0x20}, 0x38)

996.535309ms ago: executing program 3 (id=1277):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x49, &(0x7f00000000c0)})
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000040)=ANY=[], 0x6)

870.800354ms ago: executing program 3 (id=1281):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000840)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x9, 0x1000, &(0x7f0000001cc0)=""/4096, 0x41100, 0xd}, 0x94)

820.989369ms ago: executing program 3 (id=1284):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000016000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b4ff010000000000000dd6e4edef3d93452a09004b43370e9703920723f97e46bb5c07540d3b", 0xd8}], 0x1}, 0x0)

820.507144ms ago: executing program 3 (id=1287):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r0, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r0, &(0x7f0000000200)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, 0x6, [@bcast, @null, @null, @default, @null, @bcast]}, 0x40)

760.300666ms ago: executing program 0 (id=1291):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0xa7c, r0, 0x5133c4bf67cd92a7}, 0x38)

701.350619ms ago: executing program 0 (id=1293):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x48}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000072009fb300000000fedbdf2507000000", @ANYRES32, @ANYBLOB='\b'], 0x20}}, 0x0)

700.878779ms ago: executing program 0 (id=1295):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000040)=0x8, 0x4)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000080)={'nat\x00', 0x5, "29ffe68c63"}, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

644.170812ms ago: executing program 0 (id=1299):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000540006803c00040067636d28616573290000000000000000000000000000000000000000000000001c220000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83b23dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c11160fb20b1c581e7b0915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab3aa32f948c06b59b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2abd18cae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e26d0a5752813bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a7237841cef384b22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c74f0e2a9bf62ffec6459db40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced84680900000000000000d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d2782a70cf44ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d767671414c99d4894edff8249dc1e3428d2129369ee1b85af1eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038deb359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491dc6aaee0d40973109644fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f77abb21338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e155f455010b0cb578af7dc7d5e87d4cd376444e2de02f47c61e8e84ff828de453f3489460fd83210e95307e676e1fb4d5865c0ca177a4c7fbb4e62b4450900576b2b5cc7f819abd0f885cc4806f47ffbff01000054f5a2d3875e46000000000000e734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329a18cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481ed51a6359cade91fd645c6d924f36a86bf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf817becd9e5a225d67521d1128eac7d80a6225c3e2f0932223bfbf69ff861f4394836ddf128d6d19079e64336e09000000c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661fdcfa68f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b98a8bf6c747d9a1cc500bb892c3a16ff10feea20bdac89afb758cfa10000000000000000000000000200000000000000ed713df0c59e38928511a64845f1b21ed03369719fa905909d8ce35b42761c46d040e53a0a227e9cecd4d414231baa4894a13763ea5de7a52e61a588babaf5da9a28f477e032400938116cb294447898039724881de3ba3dd5e5e115b58d438b17ad11bf1b1f1ed057d89ec46b2b9bb434e9187a728d1136333958469b22d2126664b5299cc3167ac9a4d501638b978e1c692da5261dae5c9d13065b8ed8b358e7273dfa1e9a8dc1d16aa1edd0c274dedb7cd7e4753c152b4e0e3d124e561420587b9b00ab68c32d6b397c5e7cc4e803e6b6e8ed547e2875372023d111e64cd9ee3635888ecbc7352fd60f348456d74e9e7c09ee202dd09524ecfd3d8c836c0a13a9a45a7e2cec88fa2710ee35c9ed1b824fe4fe68849eee41b5e335aeec0f27053b3a07a001ffe29c5cc3a0ccdcc74330c2a995378d225495c5a543519d952c96da9257f47acc29c48d48b22b1f502b9d743d352de56efbb1b15158c4f0107ba5b3394d4cad4f0a1d31f694d0f559e7f82682775ec7569eeb7ef643dbcbafc4c1c5cbb0ad02dd2a69c5f2b5350049a817b546cf734a746a1cc147a6050bd16598e8e3a5c3515d0edc23e66bbdc6c117559357f49c59208af1162ba1d6667e3ab6bb1696c32dc3bcb2c8ab30d28265ff55c8a80c8e3ce29b2f576ea686d351a8cdb808739ed1a7022fb6e4e834593279c791085e49d1b8124adaf0010790e72ef2035e3da7ebb117c1a032a7378d5c62bb1a4e212618113bbd688091273028a44abfe09067e22fda361d6769d1f44bb06ca0cb9a14a54a8ba0dcb5445c4b368bd1dcce7500"/2356], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f0080047", 0x0, 0x101, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket(0x27, 0xa, 0x4)
getpeername$packet(r4, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdff}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r6}, 0x10)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$netlink(0x10, 0x3, 0x0)
socket$key(0xf, 0x3, 0x2)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x4e23, 0x6, 'nq\x00', 0x1, 0x5, 0x4a}, 0x2c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), 0x0, 0x36)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x10, 0x0, 0x0, 0xfffffbfe, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfc, 0x2, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x25}}}}})

151.245447ms ago: executing program 2 (id=1306):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)='g', 0x1}], 0x1}, 0x0)
close(0x4)

151.004644ms ago: executing program 2 (id=1307):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x1f}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)

61.156136ms ago: executing program 2 (id=1308):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, {0xa, 0x0, 0x0, @empty}, 0x0, {[0xfffffffe]}}, 0x5c)

60.965871ms ago: executing program 2 (id=1309):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000811010000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)

60.273729ms ago: executing program 0 (id=1310):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x28, 0x1, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2404}, @CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000001}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
connect$ax25(r4, &(0x7f0000000000)={{0x3, @null}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x50, r3, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x20040041}, 0x0)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r6, &(0x7f0000000100)={{0x3, @default, 0x1}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}, 0x48)
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000))
syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
r8 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a30000000180a3f6d6f578dbe9c8b000002000000040003800900020073797a30000000000900010073797a300000000014000000020a010100000000000000000000000614000000110001"], 0x6c}}, 0x880)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz0\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r5, 0x8914, &(0x7f0000000000))
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x40080}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000e40)="480000001500190d09004beafd0d36020a8447000b4e230f00034e20a2bc560119d7004f19dfb7f393d7359031033f817f00000000000000000101ff05c00e030002000000ffff01", 0x48}], 0x1)

60.083431ms ago: executing program 2 (id=1311):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x17c, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x2000000000}, 0x0, 0x0, 0x2}, [@tmpl={0xc4, 0x5, [{{@in6=@mcast2, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x40}, {{@in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x3c}, 0x0, @in6=@dev, 0x0, 0x0, 0x1}, {{@in=@remote, 0x0, 0x32}, 0x0, @in6=@private1, 0x0, 0x5}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

679.964µs ago: executing program 2 (id=1312):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r1=>0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000000600)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x2, {0x1, 0x7, 0x9, 0x3}}, 0x7)

0s ago: executing program 0 (id=1313):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
writev(r0, &(0x7f0000003500)=[{&(0x7f00000035c0)="34325a3ec95335e2316325bc217474e55486f13461aa6d72f8ad90ba36f13758495616c22692c9888acd74c8141f760b360d963b2ea9defa4e0d04a1b08b1e9bca95a6fef2e1e2e3bcdf3fe633f09f44363b28eec64030d7269c6024f118efe0eaeda4ce2ffd74748748ea9e1f264a4efc5eb41bc90831fc6d70a3bb367f094dd21b1165959e0a48e43d1e01976a1b9b430e28acd780f7ea7bb157a161644979b927f6c7109538395a73f29cfbc4b79f775dc80ac55ec12ebf839793e3a665921c15820a20298addeb88eddabce5fcef43cc3e81dd4aa8a5f84a0f9f996f3705c0e88146b1e19b21aee9d4143adf57e60a482507714ac4d52d2d2160cdf2809ec84ec9d77d208fd5f432ec3b99343b90e4acc82033da76f34a63a14afae361533e1fcfa6af0a79632c6c794fc1ec142eac90249a1a805b5ed73226f01b33f95f41fbdc2e25e8dc53cc7ac7ba242d904c7899c839d4c5d9d919e67aa15d9ae4f4da9b080bc0b124af94583cecfb08dcebbe5fe70f2a73d727e5c1e7c402e82497e1596c92fecce9b0f83c7e99bafd08c953529186c98acd728b4885c70664b516100cc7dccbb3b2cb72889564dbe9e8bb4df5ec61b60215a8b0093a47f45be324de9ce13e2cdb02e70945d0bb9931061f0c559b4137e04f6b7d94795a11242565485ca654ccdec9dabfd5a344652dfc9a74fd89fd578408671e2745062713d7fc50486abe3c226b139058f2f9c1cdf0301bbcc388a4ac6ed2ad38f54fe1e4d88e316c15ac1039281b1a74ed890174d4c80a28ce29b05a223e07ad8c4a378a2b44ce349bc74ae73af2852130f7ad525c3853e2328fa12ff7b8444c1ec39a46b1c47ed2d7918d09a70b3d3ea39c16d17f397bccd069b62e231c5d251373de33602641d4220da1f3fb62f55989fbe379f35aa578949a3cdcc638befddd2e24d898d25ef9508467ac6d8952cb2fb9b7a5a9eb5238fb8e1cfc8bd967d2ad877ccbcad2a8f1c41b5e2b779df09ba8596e3faadf8392b8aa465dd76f58ad01073ba37ed93a1dba30df412834a89b9510c42dbd697470087dd4c3c8458b177705a9aea6b5c26ac5999290bd63fa10c441cbdeb24f5918522f1cfd512b9627ecd59f275f0c469dc6e3b12e8a5a5a9a13b134ddd31b5a6feef3f6b9df2165291487f9397a95b18c6e800a4c7bd127dbc2c62a8f70368cf43b0d120fbc681fa781fde92df025871dbab0af3104eceb3187b7f7d5d7957047f30b6b03fdf26ede899d807725bd584a7380732f915089d775d45ff2620db6656e3c8efd52d3951b4aa52fddd9355581a6ba83192f93b285b7025bb524106c2633254a41868770cd6c8c539b9a83875a43bc4040ab1f31a4bfa99059b689318f01ee8e36525c5ed85fab4192d68c39f025b6762f0ed0acd647bb04436cd12bcba484baadb4b47c2e629b757943cf753c4cd330878f3bcd217b52ef916af4abaecb7c9ca7386e6c3458b89cae0391ec3b567e0a1ee45b7167e38507a5466b61e1defec4019a07efd4f524d55a431b7701c3bad1c0939ef7096e7ab4f5d4ee933a89c60413d299f96ce2e9da028cc17ef7b278307e224dc011a043cad95e0ce14aa55e5c1e03b224e081689cd064080286f30344941f17675c688b11544030e6277423da966e99fe1522ad5f8b37314113f8f78c152d18881148e97bd174dfd04951490c7aa3e344b8c02ff14cc3c61369825ed3d5155057c3f9ea645d094545179ddcf17ff75e549da3e28a9848b6e7d4432535ed7b04cd8b61933d68cccd8a056b949c16cbcb7b500c302837067face71a411e65950771ca68cfbb60f70d7aa9f81db96413e56fc92aa714452909158dc7f7478e8623a4e59ddce28e3c08726e1e28857f80891c12be40ec3543a384e5b95194c3b78c7f7f987e9a051fb56e0e17285bab975858d41b56c176ccaabdadadc88d51e5d9d126cf5581a9b975ade73f6b2ae6a4a9a72d568de6795e4d3791b64670ebbf78f17ae9bd24b684417be361c48ce9f1bc55a77e6f55689575c0dc4d3dd0c2c4257d5f3fc8e0300f7f76c3fd26e8b19c4ad239c179ee67bca56788412721a2ebead64f24c42ce4bba250b1e9fa84912d60c3d737297cb4e6e0bb1976903efe355dcc902ba0355d2e64018d0320fe6a43fdab880e7ac3d01a52848d6020b9ac83f1fea19a4db6afa7d3eb383ab6dba2edef4b2d0ba97bdb929bcc233951d44396a3e65e5860fa71a30168c0cf59ced3c776495b5ccdeab23a124f2e72629457aa4c2ea0cc6bf4a1b17105205b33956439f3d853af200ed5d24031c1fda9934f564524d571c38e2fe30103764a5bcb1e3d21305031ee5add1b205832eee5b196478688a6f25727ee6832425c6710898c62c13bac4ba951c2ad8eaff59856997a7c2b451bab9242ef610257a9b64fc99141bbd8f590bdeb2ef12020ba8ed784f492e6ef3195df7da08c9d27cf24118c29a571deda94b8e3434b170adbc33e3ab47755d4e7b1ce9716b2fc03687902c7703f888a86b4f38f0d52f477f98590352c82cc0ff4718a4c37b0ea9bd6d66d9b5c8fc7aabfd08c9a7a75bb3d6e970e8bf1f344b344186f078521d7b26a002bd1cba1ea408941e2f943278bd5abe504474ad89501aaee9935b77fc417bbc20e795f22259c3ad0f5a2fb205e581f617a992a6baabe41226b8005e34de92adfb70da635c60f4e7c8509b739f88eca6e91ea5142e107ce2c147c96e68d8e775a7464321f639846e7de8c6a91ed18fcaefbd44118e240d42ae6af70781c9dc71ef30230d3d50061716d080e9a1faf057243a0af6b12e1a76a1267a5a39e085f25b8bd289e3a140d266b46be7c59dbeec32edd1695fc4ba196ebc797b86e6885c6fb6ba04f282b71ccfc535707362c8b73d850a549c48b95bde8ca4f95249e8cc9b7751f6d42d2765505d06e5ff208dd1772ddfdf81086476516ce83fc70551cc66d27691c9fb951b71ceb6e9424ee66dcf129fa3f2906296e7b6b2a764027a72818d9cce46f8b47841d1024b16a5009045178dc7cbbfc5121c6378887a449cf0c9793d53c1d861ab7d7c9eb9e4713a0b071237cb3faa44a1c2567af77f6acb9a1b95e243c65b1c88b3c639b17c6b6a936bc01d9efcb0e7e4e0465b1dc7f3edb970d733043600d34f135f0f439bb82b1aade9a70b1435976f8aa7125009dec0f9d96fa613d62ddd09c621396c4ef82c5fbd1f745d64e05ae27e1069ee66bc10e301f95eda0215f0cdd423771e97b1cf634bc93c239caa557b7e7a8e599f7973ee31d8e9f6fdb05466eb278883bc315bfac83464ca462d5b966879bafeb007ea505e797ee8921b6f82540aa876740bc6d26a13065a3d0160e269ecdb905aad6eac3ee330fa9055f66b4f4305fb983931c1e229d6a0210f25756788e9a70e91a3aa5da28e677d84ac3fbe097c322011a050d7b2ea1612d10cbcdfcef38f22369eb531a724e4d7f9b8e8aa6664aa8ba1e378e4d9e626b863d46c9352bfdd0cf467bc1f17f0f534fee341b88d55a53d7a09d34b76eeec96dccb8f332585c753e9fd09ad4bd527e58781f854627f72eb8d6e59e68048c4b8ea4bfd76a8f27125bd51054732c6ca9096e69476dc8e52b51fdae262dcd91c2e23a414cb16d1d2159f33993fbda87c46a9e7b58195916eea891b7dee88fd23f1e461728161d8af0e067b4c80ca8fe0acd010fcdad461708c7ee41d4e2fd2cebd5c34de4edd763f6cfc583689141808ecf42e20b79f6d5ef323649c2b9ebb4ef4d4526767e44c58358105cd394410bacd486475c26e7ee8d79c731ad82d820f7fd20b0daca649334771ee07234e44b401a7fc7e7b86a845ce18946dc7c14b17854a80a0af5d0dc8bd0614650681982d2f6cec264da5add6720d84bcd3acefbca4fa00ffb53105cfe9da7ac34c88dab0b50878390bc1ef6a388df4f41be51714d22a29544edf59feedb71789efd8c40f1fd572ffc3b05a7eec9040ccd554c1b37b888bc6dac1fa4656a2c95bc9a5d10f2d0162b773ca6a6d9a30a9e172e6c8cca1de09626ca3e59b4dbb82f4dd949cc341deee27a0800e17a73a56386c0527f4d0f7c28f1d44b2c83cad51f616ad09e4e4ae2a1901b5fc0de12c5f93ffb547b4b3326f9cab45f8fcc8761196751585a8ff493b3d9ef077f899918bde019e0e66e818dedcff7d6d2ee0b1fcc1845716242adf546f08551cbd4f0e44482a39a871c5729a566b5726f2f33cbf28b47a7d661e2e35cfe3a548a5f1eec8069eed21c92c44e253bf275cbc7825b7e26f52145d415139cf09216335e19a3b4276269eed91c1b557f80f4101a0d733269b40d9ef0e9b12d3baa379e5a0c1300c63c5ff8c72f4420652838d6763544c6fd4c65a06a26eda3454206727c0507614c2a88277ebe880a5ecf981be57873a573d481eae5433d65dc4dc16d118bc057975265945bd9ddc64c0a63be3d5083fad6b22cfc89bc78c395b9ba767d8079fc4c2ffc9280888c2f53fd39801ad24b59f51a8318e5e9af7e1223cb4d385e3e4001f6249878d60cbcc9f67af75ff04de1ca8918eab36f915b9a150fdf99dc4df4af16715d3706fbd934c8e8479a99734dd6c32328565e3a351f5c8a61a2657d8dac76fb9623a6095adb4200d8e3707bc015aaf97ff0190caa4b22e102458fb40901fe161943f4c6ed6654264baa7dfa15e80cadaa0959e4030ee90451f1a35350ae7e6686f399f3bb230b87c36ebb536369e0bf32ee95f1a8fbbf05a0f74e801200cc4730ef0b35e9f6559f051023b23b29dad69477064118c67cc63ca3c4c8b564c446ce0d88d98252d2edb04983045e5424935791b208d90152b15287425c514f23ce64b41178e66fb55e1fe0aa153596a940ee6297b4046cf9a413232570638861a74e36c57fd548517d8028f18e8c194bc259b667b886f875d8f46a0554d3a11c0866fa2f988230e54192a96ffbae5f7fb5c0a71aa88bf59389c75a6093b3482a3f6e5c7d5704e97eec57e8037fe4df05d18b8bb75ae249e2c28a71fb2d5cdaf59168007e07dba122f5cf0d645bcd4e736159c6393bb772b820fb3c8fc17cb88393c90233fe4ab880593384bd96de985655c768d6f6f2f67896e7e15b3cbc513bfc52f63cba2c9b708bcc2252cda70822111c4503a7257c0d89fe1eb3d7d99e93c9b0b0935bc198bb8ce04917f73269716337b7bfb5142d8a7147bd5c84ca9bb41c5a86d5d36efc61d0d787cc085a9db5c3388aa2b4bd287627da24e70b62601fd0beaceba112d305148a8c97cae338094c8d92732b5c220abf8e0ce94826de7fe01e32932d05905c341545eeff2a86cd18912272f32e3cea5cbf13236b48de5b1235483449fb892f14a499a6ba89cdcc4224580bfc6a28b5cc25b6274381da039e4961977423d9c3d9217bbfddf7e5f2e044d892daa1f0b1018fac5a590be3bfd0995fc2126f805b00bb95afdd9740dcacea283c681da742e2fb99014b435593ed796e7230d135f65079575d1b51674bbaec6c02e7064f7c72d05bd65ccfa61e3b55110cf00e7aa359347b19c8c0e54c3ed30995966aaa9d0c7e849d68a6b0cff756d0ab7ad920b44de00310c0edaa5ae60bf0787ece2e07da207608de0926e5e5b344bf8bab13c87b38fdd623353c37b448c5ee03678e9941b84f544c2ea87ed759156bf67e2e0fba081210479c4a71d671d03b6d2f5841aebc57a13f4f4d5432cda29b5962e39a093c69285902f11e4a75cdfd38b5f52e4238c90a0942ea741a79ead7e044bca535f51644b35dcc9d5d54b11a1e6c00000000000000", 0x1001}, {&(0x7f0000000080)="4326cf937e13", 0x6}, {0x0, 0x5c}, {&(0x7f0000001240)="d35c", 0x2}], 0x4)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:26839' (ED25519) to the list of known hosts.
syzkaller login: [   49.076289][ T5746] cgroup: Unknown subsys name 'net'
[   49.226786][ T5746] cgroup: Unknown subsys name 'cpuset'
[   49.236771][ T5746] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.835115][ T5746] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.957034][ T5817] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.960936][ T5817] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.964587][ T5817] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.968820][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.972505][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.002641][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.018129][ T5822] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.021368][ T5208] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.025738][ T5208] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.028967][ T5208] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.033646][ T5208] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.039302][ T5208] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.052539][ T5825] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.077045][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.081138][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.237261][ T5814] chnl_net:caif_netlink_parms(): no params data found
[   55.423836][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.427038][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.430502][ T5814] bridge_slave_0: entered allmulticast mode
[   55.434882][ T5814] bridge_slave_0: entered promiscuous mode
[   55.448912][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.452082][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.456361][ T5814] bridge_slave_1: entered allmulticast mode
[   55.460255][ T5814] bridge_slave_1: entered promiscuous mode
[   55.508178][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.515451][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.519427][ T5820] chnl_net:caif_netlink_parms(): no params data found
[   55.545735][ T5818] chnl_net:caif_netlink_parms(): no params data found
[   55.575463][ T5814] team0: Port device team_slave_0 added
[   55.597399][ T5814] team0: Port device team_slave_1 added
[   55.664613][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.667571][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.679215][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.696323][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.699315][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.710707][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.736404][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.739412][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.741861][ T5820] bridge_slave_0: entered allmulticast mode
[   55.745070][ T5820] bridge_slave_0: entered promiscuous mode
[   55.759845][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.763428][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.765813][ T5818] bridge_slave_0: entered allmulticast mode
[   55.768604][ T5818] bridge_slave_0: entered promiscuous mode
[   55.772070][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.777217][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.780352][ T5820] bridge_slave_1: entered allmulticast mode
[   55.784805][ T5820] bridge_slave_1: entered promiscuous mode
[   55.801295][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.804240][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.806867][ T5818] bridge_slave_1: entered allmulticast mode
[   55.810323][ T5818] bridge_slave_1: entered promiscuous mode
[   55.871947][ T5814] hsr_slave_0: entered promiscuous mode
[   55.874775][ T5814] hsr_slave_1: entered promiscuous mode
[   55.879348][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.886720][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.893243][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.912675][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.958705][ T5820] team0: Port device team_slave_0 added
[   55.966912][ T5818] team0: Port device team_slave_0 added
[   55.970607][ T5820] team0: Port device team_slave_1 added
[   55.987421][ T5818] team0: Port device team_slave_1 added
[   56.037349][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.040209][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.051230][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.057794][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.060702][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.071545][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.082068][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.085183][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.094307][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.107604][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.110194][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.120198][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.175150][ T5820] hsr_slave_0: entered promiscuous mode
[   56.177555][ T5820] hsr_slave_1: entered promiscuous mode
[   56.180033][ T5820] debugfs: 'hsr0' already exists in 'hsr'
[   56.182062][ T5820] Cannot create hsr debugfs directory
[   56.244591][ T5818] hsr_slave_0: entered promiscuous mode
[   56.247820][ T5818] hsr_slave_1: entered promiscuous mode
[   56.250650][ T5818] debugfs: 'hsr0' already exists in 'hsr'
[   56.255456][ T5818] Cannot create hsr debugfs directory
[   56.405536][ T5814] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.427738][ T5814] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.458028][ T5814] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.480842][ T5814] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.553997][ T5820] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.561069][ T5820] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.570939][ T5820] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.584550][ T5820] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.653135][ T5818] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.658225][ T5818] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.667241][ T5818] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.673963][ T5818] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.724694][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.753255][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[   56.763806][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.767023][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.801584][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.804713][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.847385][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.883043][ T5820] 8021q: adding VLAN 0 to HW filter on device team0
[   56.897633][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.900012][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.906776][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.924896][  T999] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.927964][  T999] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.949495][ T5818] 8021q: adding VLAN 0 to HW filter on device team0
[   56.976297][ T5820] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.991202][  T999] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.993817][  T999] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.011860][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.014884][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.055864][ T5817] Bluetooth: hci0: command tx timeout
[   57.091771][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.141181][ T5817] Bluetooth: hci1: command tx timeout
[   57.143884][ T5822] Bluetooth: hci2: command tx timeout
[   57.158241][ T5814] veth0_vlan: entered promiscuous mode
[   57.166457][ T5814] veth1_vlan: entered promiscuous mode
[   57.185846][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.207868][ T5814] veth0_macvtap: entered promiscuous mode
[   57.214535][ T5814] veth1_macvtap: entered promiscuous mode
[   57.271777][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.296419][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.304312][ T5820] veth0_vlan: entered promiscuous mode
[   57.315903][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.330931][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.335432][ T5820] veth1_vlan: entered promiscuous mode
[   57.338974][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.342871][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.345783][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.431632][ T5820] veth0_macvtap: entered promiscuous mode
[   57.436604][ T5818] veth0_vlan: entered promiscuous mode
[   57.440659][ T5820] veth1_macvtap: entered promiscuous mode
[   57.443327][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.446215][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.470721][ T5818] veth1_vlan: entered promiscuous mode
[   57.490526][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.496168][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.500311][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.501959][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.521563][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.534701][ T5818] veth0_macvtap: entered promiscuous mode
[   57.538290][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.544902][ T5818] veth1_macvtap: entered promiscuous mode
[   57.552539][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.565308][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.574883][ T5814] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.595184][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.614029][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.648479][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.657450][  T989] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.660771][  T989] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.683786][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.687441][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.698749][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.739054][  T999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.746170][  T999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.779892][  T989] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.790059][  T989] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.813960][  T989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.820311][  T989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.225447][ T5916] netlink: 'syz.1.15': attribute type 1 has an invalid length.
[   58.234898][ T5916] sit0: Master is either lo or non-ether device
[   58.358151][ T5923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.18'.
[   58.564542][ T5938] netlink: 'syz.0.25': attribute type 1 has an invalid length.
[   58.568536][ T5938] bridge_slave_0: Device is already in use.
[   59.097485][ T5964] bridge_slave_0: left allmulticast mode
[   59.099644][ T5964] bridge_slave_0: left promiscuous mode
[   59.102291][ T5964] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.110385][ T5964] bridge_slave_1: left allmulticast mode
[   59.113523][ T5964] bridge_slave_1: left promiscuous mode
[   59.115703][ T5964] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.122065][ T5964] bond0: (slave bond_slave_0): Releasing backup interface
[   59.129362][ T5964] bond0: (slave bond_slave_1): Releasing backup interface
[   59.133588][ T5817] Bluetooth: hci0: command tx timeout
[   59.144104][ T5964] team0: Port device team_slave_0 removed
[   59.146353][ T5965] netlink: 'syz.2.36': attribute type 10 has an invalid length.
[   59.156371][ T5964] team0: Port device team_slave_1 removed
[   59.159816][ T5964] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   59.165384][ T5964] batman_adv: batadv0: Removing interface: batadv_slave_0
[   59.170308][ T5964] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   59.174193][ T5964] batman_adv: batadv0: Removing interface: batadv_slave_1
[   59.212769][ T5817] Bluetooth: hci2: command tx timeout
[   59.220299][ T5965] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   59.224769][ T5817] Bluetooth: hci1: command tx timeout
[   59.656722][ T5973] netlink: 136 bytes leftover after parsing attributes in process `syz.1.39'.
[   59.842053][ T5981] netlink: 32 bytes leftover after parsing attributes in process `syz.0.42'.
[   59.852679][ T5866] IPVS: starting estimator thread 0...
[   59.907316][ T5984] netlink: 'syz.0.43': attribute type 1 has an invalid length.
[   59.911288][ T5984] netlink: 'syz.0.43': attribute type 1 has an invalid length.
[   59.942388][ T5982] IPVS: using max 47 ests per chain, 112800 per kthread
[   59.981063][   T24] cfg80211: failed to load regulatory.db
[   60.146878][ T5989] netlink: 12 bytes leftover after parsing attributes in process `syz.0.46'.
[   60.151034][ T5989] netlink: 12 bytes leftover after parsing attributes in process `syz.0.46'.
[   60.178115][ T5990] tipc: Started in network mode
[   60.180513][ T5990] tipc: Node identity 76ac07ae64dd, cluster identity 4711
[   60.185326][ T5990] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   60.189223][ T5990] syzkaller0: entered promiscuous mode
[   60.191458][ T5990] syzkaller0: entered allmulticast mode
[   60.206225][ T5990] sch_tbf: burst 151 is lower than device syzkaller0 mtu (1514) !
[   60.215024][ T5990] tipc: Resetting bearer <eth:syzkaller0>
[   60.220199][ T5987] tipc: Resetting bearer <eth:syzkaller0>
[   60.229361][ T5987] tipc: Disabling bearer <eth:syzkaller0>
[   60.406540][ T5991] Bluetooth: MGMT ver 1.23
[   60.578144][ T6010] syz_tun: entered promiscuous mode
[   60.582549][ T6010] batadv_slave_0: entered promiscuous mode
[   60.586674][ T6010] hsr1: entered allmulticast mode
[   60.588403][ T6010] syz_tun: entered allmulticast mode
[   60.591745][ T6010] batadv_slave_0: entered allmulticast mode
[   60.792026][ T6028] Zero length message leads to an empty skb
[   60.825670][ T6032] tipc: Started in network mode
[   60.835321][ T6032] tipc: Node identity 1a93898556e, cluster identity 4711
[   60.838675][ T6032] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   60.845252][ T6032] syzkaller0: entered promiscuous mode
[   60.847110][ T6032] syzkaller0: entered allmulticast mode
[   60.871598][ T6032] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   60.932879][ T6032] tipc: Resetting bearer <eth:syzkaller0>
[   60.937412][ T6031] tipc: Resetting bearer <eth:syzkaller0>
[   60.946460][ T6031] tipc: Disabling bearer <eth:syzkaller0>
[   61.085730][ T6060] netlink: 4 bytes leftover after parsing attributes in process `syz.2.77'.
[   61.088638][ T6060] netlink: 12 bytes leftover after parsing attributes in process `syz.2.77'.
[   61.190993][ T6071] netlink: 276 bytes leftover after parsing attributes in process `syz.0.81'.
[   61.230186][ T5817] Bluetooth: hci0: command tx timeout
[   61.292383][ T5817] Bluetooth: hci1: command tx timeout
[   61.294263][ T5817] Bluetooth: hci2: command tx timeout
[   61.348368][ T6085] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   62.023232][ T6107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.91'.
[   62.414320][ T6140] netlink: 44 bytes leftover after parsing attributes in process `syz.1.107'.
[   62.446262][ T6142] netlink: 'syz.2.108': attribute type 7 has an invalid length.
[   62.589573][ T6162] Driver unsupported XDP return value 0 on prog  (id 25) dev N/A, expect packet loss!
[   62.941169][ T6194] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.159370][ T6214] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   63.183900][ T6217] netlink: 'syz.2.144': attribute type 14 has an invalid length.
[   63.186599][ T6217] netlink: 'syz.2.144': attribute type 13 has an invalid length.
[   63.293113][ T5822] Bluetooth: hci0: command tx timeout
[   63.382493][ T5822] Bluetooth: hci2: command tx timeout
[   63.383500][ T5817] Bluetooth: hci1: command tx timeout
[   63.399742][ T6246] netlink: 'syz.2.157': attribute type 2 has an invalid length.
[   63.706493][ T6267] netlink: 'syz.2.161': attribute type 7 has an invalid length.
[   63.709835][ T6267] __nla_validate_parse: 4 callbacks suppressed
[   63.709847][ T6267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.161'.
[   63.911871][ T6281] netlink: 24 bytes leftover after parsing attributes in process `syz.2.168'.
[   64.078285][   T33] audit: type=1804 audit(1755165723.132:2): pid=6294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.174" name="/newroot/72/cgroup.controllers" dev="tmpfs" ino=379 res=1 errno=0
[   64.088556][   T33] audit: type=1800 audit(1755165723.132:3): pid=6294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.174" name="cgroup.controllers" dev="tmpfs" ino=379 res=0 errno=0
[   64.097941][   T33] audit: type=1800 audit(1755165723.142:4): pid=6294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.174" name="cgroup.controllers" dev="tmpfs" ino=379 res=0 errno=0
[   64.319641][ T5846] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   64.617731][ T6346] netlink: 'syz.0.198': attribute type 9 has an invalid length.
[   65.256807][ T6380] syzkaller1: entered promiscuous mode
[   65.259216][ T6380] syzkaller1: entered allmulticast mode
[   65.488632][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.222'.
[   65.607899][ T6419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.227'.
[   65.610962][ T6419] netlink: 4 bytes leftover after parsing attributes in process `syz.2.227'.
[   65.678756][ T6431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.232'.
[   65.681776][ T6431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.232'.
[   66.051440][ T6472] bond0 (unregistering): (slave wlan1): Releasing backup interface
[   66.058526][ T6472] bond0 (unregistering): Released all slaves
[   66.826309][ T6480] warning: `syz.2.247' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   66.941269][ T6490] netlink: 'syz.2.252': attribute type 1 has an invalid length.
[   66.950043][ T6490] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'.
[   66.970828][ T6490] bridge1: the hash_elasticity option has been deprecated and is always 16
[   67.017587][ T6496] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   67.246522][ T6511] tipc: New replicast peer: 0.0.0.0
[   67.250376][ T6511] tipc: Enabled bearer <udp:syz2>, priority 10
[   67.254269][ T6511] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa
[   67.268309][ T6505] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[   67.330715][ T6515] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   67.335846][ T6515] syzkaller0: entered promiscuous mode
[   67.338365][ T6515] syzkaller0: entered allmulticast mode
[   67.345415][ T6517] netlink: 24 bytes leftover after parsing attributes in process `syz.0.265'.
[   67.366962][ T6515] tipc: Resetting bearer <eth:syzkaller0>
[   67.371702][ T6514] tipc: Resetting bearer <eth:syzkaller0>
[   67.380901][ T6514] tipc: Disabling bearer <eth:syzkaller0>
[   67.481907][ T6521] pimreg: entered allmulticast mode
[   67.529535][ T6521] pimreg: left allmulticast mode
[   67.779394][ T6536] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.273'.
[   67.824060][ T6538] syz.2.274 uses obsolete (PF_INET,SOCK_PACKET)
[   68.309565][ T6584] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   68.393005][ T5882] tipc: Node number set to 309397422
[   68.932342][ T6630] __nla_validate_parse: 4 callbacks suppressed
[   68.932357][ T6630] netlink: 16 bytes leftover after parsing attributes in process `syz.0.319'.
[   68.938786][ T6630] netlink: 16 bytes leftover after parsing attributes in process `syz.0.319'.
[   69.135680][ T6637] netlink: 84 bytes leftover after parsing attributes in process `syz.0.322'.
[   69.139013][ T6637] netem: invalid attributes len -16
[   69.140894][ T6637] netem: change failed
[   69.219637][ T6641] ieee802154 phy0 wpan0: encryption failed: -22
[   69.230027][ T6641] netlink: 196 bytes leftover after parsing attributes in process `syz.0.324'.
[   69.304113][ T6641] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.308406][ T6641] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.396455][ T6641] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.406478][ T6641] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   69.500470][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.507741][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.511037][   T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.518996][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   69.755462][ T6656] netlink: 64 bytes leftover after parsing attributes in process `syz.1.331'.
[   69.758482][ T6656] nbd: must specify at least one socket
[   69.915193][ T6673] ip6tnl1: entered promiscuous mode
[   69.916969][ T6673] ip6tnl1: entered allmulticast mode
[   70.020274][ T6680] syzkaller0: entered promiscuous mode
[   70.022778][ T6680] syzkaller0: entered allmulticast mode
[   70.301629][ T6689] netlink: 8 bytes leftover after parsing attributes in process `syz.0.345'.
[   70.983190][ T6706] syzkaller0: entered promiscuous mode
[   70.985572][ T6706] syzkaller0: entered allmulticast mode
[   71.304778][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.307516][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.524775][ T6746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[   71.552965][ T6746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[   71.798865][ T6763] IPVS: length: 49 != 24
[   71.840484][ T6773] netlink: 'syz.0.384': attribute type 1 has an invalid length.
[   71.873673][ T6773] 8021q: adding VLAN 0 to HW filter on device bond2
[   71.877508][ T6773] bond1: (slave bond2): making interface the new active one
[   71.881214][ T6773] bond1: (slave bond2): Enslaving as an active interface with an up link
[   71.899248][ T6773] bond1: (slave gretap1): Enslaving as a backup interface with an up link
[   71.905772][ T6773] netlink: 28 bytes leftover after parsing attributes in process `syz.0.384'.
[   71.910271][ T6773] 8021q: adding VLAN 0 to HW filter on device bond1
[   72.218394][ T6801] netlink: 36 bytes leftover after parsing attributes in process `syz.2.392'.
[   72.274857][ T6809] netlink: 'syz.2.396': attribute type 15 has an invalid length.
[   72.866867][ T6833] netlink: 'syz.0.401': attribute type 6 has an invalid length.
[   74.113069][ T6915] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (6)
[   74.580270][ T6931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.436'.
[   74.618097][ T6931] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.273277][ T6960] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[   75.278275][ T6960] tipc: Enabled bearer <udp:syz1>, priority 10
[   75.371668][ T6966] nbd: couldn't find device at index 536870912
[   75.382470][ T6966] netlink: 20 bytes leftover after parsing attributes in process `syz.0.451'.
[   75.598835][ T6981] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   75.621310][ T6979] macvlan2: entered allmulticast mode
[   75.624590][ T6979] veth1_vlan: entered allmulticast mode
[   75.633493][ T6979] veth1_vlan: left allmulticast mode
[   75.905936][ T7007] netlink: 36 bytes leftover after parsing attributes in process `syz.1.469'.
[   75.956436][ T7004] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.999459][ T7012] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   76.083940][ T7004] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.163047][ T7004] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.210908][ T7004] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.272066][ T5648] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.281686][ T5648] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.297237][ T5648] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.308712][ T5648] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.676709][ T7081] netlink: 'syz.2.499': attribute type 21 has an invalid length.
[   76.681490][ T7081] netlink: 'syz.2.499': attribute type 1 has an invalid length.
[   76.692103][ T7081] netlink: 132 bytes leftover after parsing attributes in process `syz.2.499'.
[   76.871104][ T7111] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   76.875078][ T7111] netlink: 16 bytes leftover after parsing attributes in process `syz.2.508'.
[   76.962553][ T7122] Bluetooth: MGMT ver 1.23
[   77.143294][ T7144] netlink: 172 bytes leftover after parsing attributes in process `syz.1.519'.
[   77.855356][ T7208] bridge0: port 3(erspan0) entered blocking state
[   77.858910][ T7208] bridge0: port 3(erspan0) entered disabled state
[   77.861989][ T7208] erspan0: entered allmulticast mode
[   77.882893][ T7208] erspan0: entered promiscuous mode
[   77.906960][ T7208] erspan0: left allmulticast mode
[   77.908947][ T7208] erspan0: left promiscuous mode
[   77.911805][ T7208] bridge0: port 3(erspan0) entered disabled state
[   77.952378][ T7208] netlink: 'syz.0.531': attribute type 21 has an invalid length.
[   77.955075][ T7208] netlink: 156 bytes leftover after parsing attributes in process `syz.0.531'.
[   78.254085][ T7228] netlink: 'syz.0.538': attribute type 8 has an invalid length.
[   78.256675][ T7228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.538'.
[   78.407910][ T7234] syz_tun (unregistering): left promiscuous mode
[   78.471635][ T7252] vxcan3: entered allmulticast mode
[   78.674586][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.749690][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.865271][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.937150][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   78.977513][ T5822] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   78.980809][ T5822] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   78.984715][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   78.989284][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   78.993845][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   79.043960][   T12] bridge_slave_1: left allmulticast mode
[   79.048467][   T12] bridge_slave_1: left promiscuous mode
[   79.054936][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.061126][   T12] bridge_slave_0: left allmulticast mode
[   79.065503][   T12] bridge_slave_0: left promiscuous mode
[   79.067498][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.097305][ T7282] netlink: 24 bytes leftover after parsing attributes in process `syz.0.565'.
[   79.420638][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   79.426810][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   79.430562][   T12] bond0 (unregistering): Released all slaves
[   79.661162][ T7308] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[   79.726895][ T7276] chnl_net:caif_netlink_parms(): no params data found
[   79.771976][   T12] batadv_slave_0: left promiscuous mode
[   79.793617][   T12] hsr_slave_0: left promiscuous mode
[   79.798111][   T12] hsr_slave_1: left promiscuous mode
[   79.807663][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   79.816598][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   79.843084][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   79.845796][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   79.865621][   T12] veth1_macvtap: left promiscuous mode
[   79.867771][   T12] veth0_macvtap: left promiscuous mode
[   79.869786][   T12] veth1_vlan: left promiscuous mode
[   79.872491][   T12] veth0_vlan: left promiscuous mode
[   80.076547][ T7315] netlink: 'syz.2.575': attribute type 1 has an invalid length.
[   80.079215][ T7315] netlink: 'syz.2.575': attribute type 1 has an invalid length.
[   80.081977][ T7315] netlink: 224 bytes leftover after parsing attributes in process `syz.2.575'.
[   80.325740][   T12] team0 (unregistering): Port device team_slave_1 removed
[   80.351787][   T12] team0 (unregistering): Port device team_slave_0 removed
[   80.611614][ T7326] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615)
[   80.615345][ T7326] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647
[   80.760471][ T7276] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.769750][ T7276] bridge0: port 1(bridge_slave_0) entered disabled state
[   80.776608][ T7276] bridge_slave_0: entered allmulticast mode
[   80.787848][ T7276] bridge_slave_0: entered promiscuous mode
[   80.799659][ T7276] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.808316][ T7276] bridge0: port 2(bridge_slave_1) entered disabled state
[   80.817219][ T7276] bridge_slave_1: entered allmulticast mode
[   80.821920][ T7276] bridge_slave_1: entered promiscuous mode
[   80.927258][ T7276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.931933][ T7276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   80.946200][ T7337] netlink: 4 bytes leftover after parsing attributes in process `syz.2.581'.
[   80.974473][ T7339] netlink: 12 bytes leftover after parsing attributes in process `syz.0.582'.
[   81.035941][ T7346] netlink: 16 bytes leftover after parsing attributes in process `syz.0.583'.
[   81.045106][ T7343] IPv6: Can't replace route, no match found
[   81.053492][ T5822] Bluetooth: hci1: command tx timeout
[   81.110655][ T7276] team0: Port device team_slave_0 added
[   81.114751][ T7276] team0: Port device team_slave_1 added
[   81.178742][ T7276] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.182469][ T7276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.191459][ T7276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.198427][ T7276] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.201034][ T7276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   81.210913][ T7276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.226833][ T7352] netlink: 16 bytes leftover after parsing attributes in process `syz.0.585'.
[   81.264519][ T7276] hsr_slave_0: entered promiscuous mode
[   81.266905][ T7276] hsr_slave_1: entered promiscuous mode
[   81.269424][ T7276] debugfs: 'hsr0' already exists in 'hsr'
[   81.271751][ T7276] Cannot create hsr debugfs directory
[   81.530198][ T7276] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   81.556667][ T7276] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   81.583717][ T7276] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   81.589817][ T7276] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   81.667141][ T7276] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.669615][ T7276] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.672154][ T7276] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.674642][ T7276] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.701871][ T1091] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.709104][ T1091] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.740696][ T7276] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.755690][ T7276] 8021q: adding VLAN 0 to HW filter on device team0
[   81.768789][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.771192][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.794859][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.797325][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.987013][ T7276] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.019409][ T7276] veth0_vlan: entered promiscuous mode
[   82.040681][ T7276] veth1_vlan: entered promiscuous mode
[   82.066166][ T7276] veth0_macvtap: entered promiscuous mode
[   82.072313][ T7276] veth1_macvtap: entered promiscuous mode
[   82.125586][ T7276] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.140432][ T7276] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.155383][ T5648] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.163164][ T5648] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.166188][ T5648] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.169053][ T5648] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.299405][ T7177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.306353][ T7177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.358798][ T7173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.366414][ T7173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.404813][ T7455] netlink: 72 bytes leftover after parsing attributes in process `syz.0.622'.
[   82.409276][ T7455] netlink: 72 bytes leftover after parsing attributes in process `syz.0.622'.
[   82.447056][ T7457] netlink: 12 bytes leftover after parsing attributes in process `syz.2.623'.
[   82.544501][ T7469] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.627'.
[   82.908648][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802453d800: rx timeout, send abort
[   82.942906][ T7511] netlink: 12 bytes leftover after parsing attributes in process `syz.0.636'.
[   82.979873][ T7512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   83.133534][ T5822] Bluetooth: hci1: command tx timeout
[   83.412271][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802453d800: abort rx timeout. Force session deactivation
[   83.448654][ T7549] netlink: 'syz.0.645': attribute type 1 has an invalid length.
[   83.727772][ T7562] netlink: 'syz.0.647': attribute type 5 has an invalid length.
[   84.193769][ T7585] netlink: 'syz.3.659': attribute type 11 has an invalid length.
[   84.532036][ T7611] netlink: 'syz.0.672': attribute type 4 has an invalid length.
[   84.895416][ T7640] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input4
[   85.116060][ T7655] syzkaller0: entered promiscuous mode
[   85.118263][ T7655] syzkaller0: entered allmulticast mode
[   85.222333][ T5822] Bluetooth: hci1: command tx timeout
[   86.299881][ T7710] netlink: 'syz.3.707': attribute type 13 has an invalid length.
[   86.302432][ T7707] __nla_validate_parse: 6 callbacks suppressed
[   86.302448][ T7707] netlink: 8 bytes leftover after parsing attributes in process `syz.0.711'.
[   86.309539][ T7710] netlink: 'syz.3.707': attribute type 17 has an invalid length.
[   86.393934][ T7710] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   86.454663][ T7694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.514890][ T7703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.536886][ T7720] team0 (unregistering): Port device team_slave_0 removed
[   86.540365][ T7720] team0 (unregistering): Port device team_slave_1 removed
[   86.576271][ T7703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.745865][ T7732] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[   86.747520][   T24] IPVS: starting estimator thread 0...
[   86.832437][ T7735] IPVS: using max 79 ests per chain, 189600 per kthread
[   87.051888][ T7755] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[   87.249779][ T7772] netlink: 4 bytes leftover after parsing attributes in process `syz.3.739'.
[   87.292613][ T5822] Bluetooth: hci1: command tx timeout
[   87.346526][ T7777] netlink: 24 bytes leftover after parsing attributes in process `syz.2.741'.
[   87.371040][ T7772] netlink: 132 bytes leftover after parsing attributes in process `syz.3.739'.
[   87.480103][ T7785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.745'.
[   87.483884][ T7785] netlink: 120 bytes leftover after parsing attributes in process `syz.3.745'.
[   87.487470][ T7785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.745'.
[   87.630404][ T7799] netlink: 20 bytes leftover after parsing attributes in process `syz.3.751'.
[   87.695449][ T7805] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[   87.829523][ T7815] netlink: 28 bytes leftover after parsing attributes in process `syz.3.760'.
[   87.895116][ T7821] netlink: 56 bytes leftover after parsing attributes in process `syz.0.763'.
[   88.685192][ T7884] tipc: Started in network mode
[   88.687960][ T7884] tipc: Node identity 16c25789b52d, cluster identity 4711
[   88.692835][ T7884] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.698696][ T7884] syzkaller0: entered promiscuous mode
[   88.701169][ T7884] syzkaller0: entered allmulticast mode
[   88.709720][ T7884] tipc: Resetting bearer <eth:syzkaller0>
[   88.713740][ T7883] tipc: Resetting bearer <eth:syzkaller0>
[   88.734099][ T7883] tipc: Disabling bearer <eth:syzkaller0>
[   88.893391][ T7891] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[   88.937291][ T7896] netlink: 'syz.0.794': attribute type 1 has an invalid length.
[   89.111781][ T7904] netlink: 'syz.3.797': attribute type 10 has an invalid length.
[   89.135762][ T7904] team0: Port device dummy0 added
[   89.147572][ T7904] netlink: 'syz.3.797': attribute type 10 has an invalid length.
[   89.169514][ T7904] team0: Port device dummy0 removed
[   89.188516][ T7904] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   89.482922][ T7911] netlink: 'syz.2.799': attribute type 10 has an invalid length.
[   90.046278][ T7930] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.049100][ T7930] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.092542][ T5817] Bluetooth: hci1: command 0x0405 tx timeout
[   90.100166][ T7930] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.107142][ T7930] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.224270][ T5648] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.227859][ T5648] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20001 - 0
[   90.231804][ T5648] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.239568][ T5648] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20001 - 0
[   90.246037][ T5648] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.250491][ T5648] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20001 - 0
[   90.258536][ T5648] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.266985][ T5648] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20001 - 0
[   90.844366][ T8001] netlink: 'syz.3.841': attribute type 26 has an invalid length.
[   90.896035][ T8007] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.898829][ T8007] syzkaller0: entered promiscuous mode
[   90.901200][ T8007] syzkaller0: entered allmulticast mode
[   90.979999][ T8007] tipc: Resetting bearer <eth:syzkaller0>
[   90.984787][ T8006] tipc: Resetting bearer <eth:syzkaller0>
[   91.005990][ T8006] tipc: Disabling bearer <eth:syzkaller0>
[   91.843866][ T8063] syzkaller1: entered promiscuous mode
[   91.846108][ T8063] syzkaller1: entered allmulticast mode
[   92.237933][ T8090] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   92.247157][ T8090] syzkaller0: entered promiscuous mode
[   92.249181][ T8090] syzkaller0: entered allmulticast mode
[   92.291518][ T8090] tipc: Resetting bearer <eth:syzkaller0>
[   92.297959][ T8090] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[   92.308179][ T8086] tipc: Resetting bearer <eth:syzkaller0>
[   92.336868][ T8086] tipc: Disabling bearer <eth:syzkaller0>
[   92.698622][ T8137] __nla_validate_parse: 3 callbacks suppressed
[   92.698641][ T8137] netlink: 12 bytes leftover after parsing attributes in process `syz.3.900'.
[   92.730234][ T8139] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[   92.898254][ T8150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.906'.
[   92.999652][ T8157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.909'.
[   93.028883][ T8157] dummy0: entered promiscuous mode
[   93.032082][ T8157] macvtap1: entered promiscuous mode
[   93.036279][ T8157] macvtap1: entered allmulticast mode
[   93.038719][ T8157] dummy0: entered allmulticast mode
[   93.060014][ T8157] dummy0: left allmulticast mode
[   93.064765][ T8157] dummy0: left promiscuous mode
[   93.246627][ T8166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.913'.
[   93.288392][ T8168] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   93.332941][ T8168] syzkaller0: entered promiscuous mode
[   93.335142][ T8168] syzkaller0: entered allmulticast mode
[   93.338814][ T8168] tipc: Resetting bearer <eth:syzkaller0>
[   93.370802][   T36] tipc: Resetting bearer <eth:syzkaller0>
[   93.378988][ T8167] tipc: Resetting bearer <eth:syzkaller0>
[   94.263550][ T8167] tipc: Disabling bearer <eth:syzkaller0>
[   94.651346][ T8208] netlink: 212924 bytes leftover after parsing attributes in process `syz.2.926'.
[   94.686361][ T8211] netlink: 'syz.0.927': attribute type 1 has an invalid length.
[   94.717922][ T8215] netlink: 24 bytes leftover after parsing attributes in process `syz.2.929'.
[   94.722710][ T8215] netlink: 24 bytes leftover after parsing attributes in process `syz.2.929'.
[   94.910325][ T8230] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.977733][ T8237] netlink: 'syz.2.930': attribute type 5 has an invalid length.
[   94.987216][ T8230] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.061426][ T8230] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.130654][ T8230] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.230975][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.239783][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.254821][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.257546][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.286249][ T8255] netlink: 'syz.0.938': attribute type 13 has an invalid length.
[   95.612141][ T8212] syz.3.928 (8212) used greatest stack depth: 20040 bytes left
[   95.793958][ T8297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.950'.
[   95.810463][ T8297] macvlan2: entered promiscuous mode
[   95.812572][ T8297] bond0: entered promiscuous mode
[   95.814439][ T8297] bond_slave_0: entered promiscuous mode
[   95.816686][ T8297] bond_slave_1: entered promiscuous mode
[   95.818761][ T8297] dummy0: entered promiscuous mode
[   95.831559][ T8297] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   95.914558][ T8310] Unsupported ieee802154 address type: 0
[   95.964015][ T8315] syzkaller1: entered promiscuous mode
[   95.965929][ T8315] syzkaller1: entered allmulticast mode
[   96.262140][ T8347] netlink: 'syz.3.971': attribute type 4 has an invalid length.
[   96.452890][ T8355] block nbd0: server does not support multiple connections per device.
[   96.461329][ T8355] block nbd0: shutting down sockets
[   97.810498][ T8386] netlink: 'syz.3.984': attribute type 13 has an invalid length.
[   97.899228][ T8386] bond0: left promiscuous mode
[   97.901607][ T8386] bond_slave_0: left promiscuous mode
[   97.905037][ T8386] bond_slave_1: left promiscuous mode
[   97.907786][ T8386] dummy0: left promiscuous mode
[   97.913519][ T5846] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20001 - 0
[   97.918688][ T5846] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20001 - 0
[   97.926651][ T5846] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20001 - 0
[   97.933749][ T5846] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20001 - 0
[   98.228615][ T8400] netlink: 96 bytes leftover after parsing attributes in process `syz.3.990'.
[   98.233040][ T8400] netlink: 80 bytes leftover after parsing attributes in process `syz.3.990'.
[   99.176073][ T8439] geneve3: entered promiscuous mode
[   99.178317][ T8439] geneve3: entered allmulticast mode
[   99.183942][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 40204 - 0
[   99.191383][   T12] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 46705 - 0
[   99.196487][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 40204 - 0
[   99.200097][   T12] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 46705 - 0
[   99.205637][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 40204 - 0
[   99.229043][   T12] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 46705 - 0
[   99.235303][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 40204 - 0
[   99.238901][   T12] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 46705 - 0
[   99.294995][ T8448] netlink: 'syz.3.1010': attribute type 8 has an invalid length.
[   99.703789][ T8476] netlink: 'syz.0.1019': attribute type 4 has an invalid length.
[   99.720993][ T8478] pim6reg: entered allmulticast mode
[   99.967061][ T8491] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1026'.
[  100.170202][ T8503] netlink: 22 bytes leftover after parsing attributes in process `syz.3.1032'.
[  100.184059][ T8505] netlink: 'syz.0.1033': attribute type 29 has an invalid length.
[  100.188351][ T8505] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1033'.
[  100.198094][ T8505] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  100.489422][ T8526] syzkaller1: tun_chr_ioctl cmd 1074025677
[  100.494551][ T8526] syzkaller1: linktype set to 6
[  100.578235][ T8533] netlink: 'syz.2.1045': attribute type 10 has an invalid length.
[  100.592960][ T8533] team0: Cannot enslave team device to itself
[  100.635672][ T8537] wg1: entered promiscuous mode
[  100.637820][ T8537] wg1: entered allmulticast mode
[  100.951294][ T8561] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1055'.
[  102.095730][ T8584] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1066'.
[  102.232012][ T8595] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1071'.
[  102.427675][ T8607] netlink: 'syz.0.1077': attribute type 9 has an invalid length.
[  102.455353][ T8607] netlink: 212260 bytes leftover after parsing attributes in process `syz.0.1077'.
[  102.684902][ T8620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1083'.
[  102.731520][ T8620] bridge_slave_1 (unregistering): left allmulticast mode
[  102.734484][ T8620] bridge_slave_1 (unregistering): left promiscuous mode
[  102.738721][ T8620] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.949279][ T8639] tls_set_device_offload: netdev not found
[  104.744008][ T8711] __nla_validate_parse: 2 callbacks suppressed
[  104.744020][ T8711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1125'.
[  104.750035][ T8711] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1125'.
[  104.803819][ T8715] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1126'.
[  105.308538][ T8750] openvswitch: netlink: IPv4 tun info is not correct
[  105.636303][ T8773] netlink: 'syz.2.1155': attribute type 1 has an invalid length.
[  105.688785][ T8777] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  105.692155][ T8777] syzkaller0: entered promiscuous mode
[  105.698784][ T8777] syzkaller0: entered allmulticast mode
[  105.710759][ T8777] tipc: Resetting bearer <eth:syzkaller0>
[  105.716545][ T8776] tipc: Resetting bearer <eth:syzkaller0>
[  105.728743][ T8776] tipc: Disabling bearer <eth:syzkaller0>
[  105.864351][ T8787] netlink: 'syz.2.1160': attribute type 21 has an invalid length.
[  105.867612][ T8787] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1160'.
[  106.460576][ T8805] syzkaller1: entered promiscuous mode
[  106.469024][ T8805] syzkaller1: entered allmulticast mode
[  106.964535][   T33] audit: type=1800 audit(1755165766.022:5): pid=8834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1183" name="memory.events" dev="tmpfs" ino=2087 res=0 errno=0
[  106.987308][   T33] audit: type=1804 audit(1755165766.032:6): pid=8834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1183" name="memory.events" dev="tmpfs" ino=2087 res=1 errno=0
[  107.023298][ T8836] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1184'.
[  107.065113][ T8838] batadv_slave_1: entered promiscuous mode
[  107.069139][ T8837] batadv_slave_1: left promiscuous mode
[  107.157103][ T8842] netlink: 'syz.0.1187': attribute type 1 has an invalid length.
[  107.181562][ T8842] 8021q: adding VLAN 0 to HW filter on device bond3
[  107.205822][ T8842] bond3: (slave geneve3): making interface the new active one
[  107.209914][ T8842] bond3: (slave geneve3): Enslaving as an active interface with an up link
[  107.215214][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.221598][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.232129][   T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.243502][   T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.393087][ T8851] netlink: 'syz.0.1191': attribute type 7 has an invalid length.
[  107.396381][ T8851] netlink: 'syz.0.1191': attribute type 8 has an invalid length.
[  107.538108][ T8858] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  107.541946][ T8858] syzkaller0: entered promiscuous mode
[  107.545961][ T8858] syzkaller0: entered allmulticast mode
[  107.565210][ T8858] tipc: Resetting bearer <eth:syzkaller0>
[  107.569837][ T8857] tipc: Resetting bearer <eth:syzkaller0>
[  107.580759][ T8857] tipc: Disabling bearer <eth:syzkaller0>
[  107.665715][ T8860] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1195'.
[  107.893576][ T8880] netlink: 'syz.3.1204': attribute type 1 has an invalid length.
[  107.896955][ T8880] netlink: 'syz.3.1204': attribute type 2 has an invalid length.
[  107.977787][ T8888] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1209'.
[  108.463896][ T8908] netlink: 'syz.0.1218': attribute type 1 has an invalid length.
[  108.466547][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1218'.
[  108.472146][ T8908] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1218'.
[  108.654555][ T8922] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1223'.
[  110.000847][ T9010] tipc: Enabled bearer <eth:ipvlan1>, priority 14
[  110.065925][ T9014] __nla_validate_parse: 2 callbacks suppressed
[  110.065939][ T9014] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1265'.
[  110.077737][ T9014] netlink: 'syz.0.1265': attribute type 19 has an invalid length.
[  110.080913][ T9016] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1264'.
[  110.092170][ T9014] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1265'.
[  110.098036][   T12] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  110.098665][ T9014] netlink: 'syz.0.1265': attribute type 19 has an invalid length.
[  110.101749][   T12] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  110.181427][   T12] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  110.187938][   T12] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  110.242052][ T9031] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1269'.
[  110.246126][ T9031] netlink: zone id is out of range
[  110.247871][ T9031] netlink: zone id is out of range
[  110.249634][ T9031] netlink: zone id is out of range
[  110.251406][ T9031] netlink: zone id is out of range
[  110.253383][ T9031] netlink: zone id is out of range
[  110.257366][ T9031] netlink: zone id is out of range
[  110.259103][ T9031] netlink: zone id is out of range
[  110.260825][ T9031] netlink: zone id is out of range
[  110.263878][ T9031] netlink: zone id is out of range
[  110.633671][ T9077] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1289'.
[  110.636789][ T9077] net_ratelimit: 29 callbacks suppressed
[  110.636798][ T9077] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  110.641553][ T9077] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  110.795059][ T9098] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1298'.
[  110.806652][ T7181] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.810447][ T7181] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.818086][ T9096] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  111.371068][ T9120] bpq0: entered promiscuous mode
[  111.374837][ T9120] bpq0: entered allmulticast mode
[  111.381190][ T9120] bpq0: left promiscuous mode
[  111.383377][ T9120] bpq0: left allmulticast mode
[  111.434580][ T9073] ==================================================================
[  111.437332][ T9073] BUG: KASAN: slab-use-after-free in rose_transmit_link+0x5c3/0x740
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  111.439985][ T9073] Read of size 1 at addr ffff888110bda832 by task syz.3.1287/9073
[  111.444267][ T9073] 
[  111.445341][ T9073] CPU: 0 UID: 0 PID: 9073 Comm: syz.3.1287 Not tainted 6.16.0-syzkaller-06620-gae633388cae3-dirty #0 PREEMPT(full) 
[  111.445358][ T9073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  111.445365][ T9073] Call Trace:
[  111.445372][ T9073]  <TASK>
[  111.445377][ T9073]  dump_stack_lvl+0x189/0x250
[  111.445395][ T9073]  ? __virt_addr_valid+0x1c8/0x5c0
[  111.445411][ T9073]  ? rcu_is_watching+0x15/0xb0
[  111.445429][ T9073]  ? __kasan_check_byte+0x12/0x40
[  111.445449][ T9073]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.445461][ T9073]  ? rcu_is_watching+0x15/0xb0
[  111.445478][ T9073]  ? lock_release+0x4b/0x3e0
[  111.445497][ T9073]  ? __virt_addr_valid+0x1c8/0x5c0
[  111.445510][ T9073]  ? __virt_addr_valid+0x4a5/0x5c0
[  111.445524][ T9073]  print_report+0xca/0x240
[  111.445541][ T9073]  ? rose_transmit_link+0x5c3/0x740
[  111.445554][ T9073]  kasan_report+0x118/0x150
[  111.445570][ T9073]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  111.445590][ T9073]  ? rose_transmit_link+0x5c3/0x740
[  111.445604][ T9073]  rose_transmit_link+0x5c3/0x740
[  111.445618][ T9073]  ? skb_put+0x11b/0x210
[  111.445629][ T9073]  rose_write_internal+0x11dc/0x1ac0
[  111.445650][ T9073]  ? __pfx_rose_write_internal+0x10/0x10
[  111.445665][ T9073]  ? __timer_delete+0x5d/0x390
[  111.445682][ T9073]  rose_release+0x24e/0x520
[  111.445702][ T9073]  sock_close+0xc3/0x240
[  111.445717][ T9073]  ? __pfx_sock_close+0x10/0x10
[  111.445730][ T9073]  __fput+0x44c/0xa70
[  111.445750][ T9073]  task_work_run+0x1d4/0x260
[  111.445769][ T9073]  ? __pfx_task_work_run+0x10/0x10
[  111.445784][ T9073]  ? task_work_add+0x377/0x420
[  111.445799][ T9073]  ? __pfx_task_work_add+0x10/0x10
[  111.445815][ T9073]  get_signal+0x11ed/0x1340
[  111.445837][ T9073]  arch_do_signal_or_restart+0x9a/0x750
[  111.445856][ T9073]  ? __pfx___sys_connect+0x10/0x10
[  111.445873][ T9073]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  111.445894][ T9073]  ? exit_to_user_mode_loop+0x40/0x110
[  111.445911][ T9073]  exit_to_user_mode_loop+0x75/0x110
[  111.445928][ T9073]  do_syscall_64+0x2bd/0x3b0
[  111.445946][ T9073]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.445962][ T9073]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.445972][ T9073]  ? exc_page_fault+0x9f/0xf0
[  111.445989][ T9073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.446000][ T9073] RIP: 0033:0x7f42ddf8ebe9
[  111.446012][ T9073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.446023][ T9073] RSP: 002b:00007f42ded3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  111.446036][ T9073] RAX: fffffffffffffe00 RBX: 00007f42de1b5fa0 RCX: 00007f42ddf8ebe9
[  111.446045][ T9073] RDX: 0000000000000040 RSI: 0000200000000200 RDI: 0000000000000004
[  111.446053][ T9073] RBP: 00007f42de011e19 R08: 0000000000000000 R09: 0000000000000000
[  111.446060][ T9073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  111.446068][ T9073] R13: 00007f42de1b6038 R14: 00007f42de1b5fa0 R15: 00007ffd50207af8
[  111.446081][ T9073]  </TASK>
[  111.446086][ T9073] 
[  111.573375][ T9073] Allocated by task 8212:
[  111.575285][ T9073]  kasan_save_track+0x3e/0x80
[  111.577372][ T9073]  __kasan_kmalloc+0x93/0xb0
[  111.579398][ T9073]  __kmalloc_cache_noprof+0x230/0x3d0
[  111.581742][ T9073]  rose_add_node+0x23a/0xde0
[  111.583696][ T9073]  rose_rt_ioctl+0xa48/0xfb0
[  111.585643][ T9073]  rose_ioctl+0x3ce/0x8b0
[  111.587502][ T9073]  sock_do_ioctl+0xdc/0x300
[  111.589424][ T9073]  sock_ioctl+0x576/0x790
[  111.591246][ T9073]  __se_sys_ioctl+0xfc/0x170
[  111.593297][ T9073]  do_syscall_64+0xfa/0x3b0
[  111.595260][ T9073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.597681][ T9073] 
[  111.598713][ T9073] Freed by task 9120:
[  111.600369][ T9073]  kasan_save_track+0x3e/0x80
[  111.602364][ T9073]  kasan_save_free_info+0x46/0x50
[  111.604476][ T9073]  __kasan_slab_free+0x62/0x70
[  111.606471][ T9073]  kfree+0x18e/0x440
[  111.608111][ T9073]  rose_rt_device_down+0x473/0x4c0
[  111.610316][ T9073]  rose_device_event+0x603/0x6a0
[  111.612417][ T9073]  notifier_call_chain+0x1b6/0x3e0
[  111.614600][ T9073]  __dev_notify_flags+0x18d/0x2e0
[  111.616809][ T9073]  netif_change_flags+0xe8/0x1a0
[  111.618964][ T9073]  dev_change_flags+0x130/0x260
[  111.621075][ T9073]  dev_ioctl+0x7b4/0x1150
[  111.622927][ T9073]  sock_do_ioctl+0x22c/0x300
[  111.624905][ T9073]  sock_ioctl+0x576/0x790
[  111.626787][ T9073]  __se_sys_ioctl+0xfc/0x170
[  111.628738][ T9073]  do_syscall_64+0xfa/0x3b0
[  111.630657][ T9073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.633273][ T9073] 
[  111.634317][ T9073] The buggy address belongs to the object at ffff888110bda800
[  111.634317][ T9073]  which belongs to the cache kmalloc-512 of size 512
[  111.639986][ T9073] The buggy address is located 50 bytes inside of
[  111.639986][ T9073]  freed 512-byte region [ffff888110bda800, ffff888110bdaa00)
[  111.645630][ T9073] 
[  111.646686][ T9073] The buggy address belongs to the physical page:
[  111.649400][ T9073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888110bdac00 pfn:0x110bd8
[  111.653644][ T9073] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  111.657143][ T9073] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff)
[  111.660756][ T9073] page_type: f5(slab)
[  111.662462][ T9073] raw: 057ff00000000240 ffff88801a441c80 ffffea0004903910 ffffea0004485310
[  111.666052][ T9073] raw: ffff888110bdac00 0000000000100009 00000000f5000000 0000000000000000
[  111.669629][ T9073] head: 057ff00000000240 ffff88801a441c80 ffffea0004903910 ffffea0004485310
[  111.673336][ T9073] head: ffff888110bdac00 0000000000100009 00000000f5000000 0000000000000000
[  111.677073][ T9073] head: 057ff00000000002 ffffea000442f601 00000000ffffffff 00000000ffffffff
[  111.680734][ T9073] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  111.684442][ T9073] page dumped because: kasan: bad access detected
[  111.687233][ T9073] page_owner tracks the page as allocated
[  111.689676][ T9073] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5814, tgid 5814 (syz-executor), ts 57329368835, free_ts 57315318281
[  111.697625][ T9073]  post_alloc_hook+0x240/0x2a0
[  111.699699][ T9073]  get_page_from_freelist+0x21e4/0x22c0
[  111.702054][ T9073]  __alloc_frozen_pages_noprof+0x181/0x370
[  111.704586][ T9073]  alloc_pages_mpol+0x232/0x4a0
[  111.706689][ T9073]  allocate_slab+0x8a/0x3b0
[  111.708650][ T9073]  ___slab_alloc+0xbfc/0x1480
[  111.710678][ T9073]  __kmalloc_noprof+0x305/0x4f0
[  111.712771][ T9073]  fib6_info_alloc+0x30/0xf0
[  111.714749][ T9073]  ip6_route_info_create+0x142/0x860
[  111.716946][ T9073]  addrconf_f6i_alloc+0x1d2/0x450
[  111.719102][ T9073]  addrconf_permanent_addr+0x274/0x9d0
[  111.721427][ T9073]  addrconf_notify+0x887/0x1010
[  111.723502][ T9073]  notifier_call_chain+0x1b6/0x3e0
[  111.725691][ T9073]  __dev_notify_flags+0x18d/0x2e0
[  111.727845][ T9073]  netif_change_flags+0xe8/0x1a0
[  111.730007][ T9073]  do_setlink+0xc55/0x41c0
[  111.731903][ T9073] page last free pid 5831 tgid 5831 stack trace:
[  111.734585][ T9073]  __free_frozen_pages+0xc71/0xe70
[  111.736765][ T9073]  __put_partials+0x161/0x1c0
[  111.738804][ T9073]  put_cpu_partial+0x17c/0x250
[  111.741033][ T9073]  __slab_free+0x2f7/0x400
[  111.742937][ T9073]  qlist_free_all+0x97/0x140
[  111.744867][ T9073]  kasan_quarantine_reduce+0x148/0x160
[  111.747143][ T9073]  __kasan_slab_alloc+0x22/0x80
[  111.749258][ T9073]  __kmalloc_cache_noprof+0x1be/0x3d0
[  111.751533][ T9073]  __ipv6_dev_mc_inc+0x44f/0xa50
[  111.753690][ T9073]  addrconf_dad_work+0x3d0/0x14b0
[  111.755817][ T9073]  process_scheduled_works+0xae1/0x17b0
[  111.758085][ T9073]  worker_thread+0x8a0/0xda0
[  111.759994][ T9073]  kthread+0x711/0x8a0
[  111.761722][ T9073]  ret_from_fork+0x3fc/0x770
[  111.763631][ T9073]  ret_from_fork_asm+0x1a/0x30
[  111.765608][ T9073] 
[  111.766627][ T9073] Memory state around the buggy address:
[  111.768923][ T9073]  ffff888110bda700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  111.772155][ T9073]  ffff888110bda780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  111.775503][ T9073] >ffff888110bda800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.778809][ T9073]                                      ^
[  111.781172][ T9073]  ffff888110bda880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.784606][ T9073]  ffff888110bda900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  111.787943][ T9073] ==================================================================
[  111.802417][ T9073] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  111.804850][ T9073] CPU: 1 UID: 0 PID: 9073 Comm: syz.3.1287 Not tainted 6.16.0-syzkaller-06620-gae633388cae3-dirty #0 PREEMPT(full) 
[  111.808727][ T9073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  111.812462][ T9073] Call Trace:
[  111.813809][ T9073]  <TASK>
[  111.815031][ T9073]  dump_stack_lvl+0x99/0x250
[  111.816980][ T9073]  ? __asan_memcpy+0x40/0x70
[  111.818864][ T9073]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.820999][ T9073]  ? __pfx__printk+0x10/0x10
[  111.822908][ T9073]  panic+0x2db/0x790
[  111.824579][ T9073]  ? __pfx_preempt_schedule+0x10/0x10
[  111.826725][ T9073]  ? __pfx_panic+0x10/0x10
[  111.828594][ T9073]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  111.830877][ T9073]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  111.832851][ T9073]  ? rose_transmit_link+0x5c3/0x740
[  111.834531][ T9073]  check_panic_on_warn+0x89/0xb0
[  111.836124][ T9073]  ? rose_transmit_link+0x5c3/0x740
[  111.837773][ T9073]  end_report+0x78/0x160
[  111.839181][ T9073]  kasan_report+0x129/0x150
[  111.840762][ T9073]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  111.843056][ T9073]  ? rose_transmit_link+0x5c3/0x740
[  111.844730][ T9073]  rose_transmit_link+0x5c3/0x740
[  111.846352][ T9073]  ? skb_put+0x11b/0x210
[  111.847694][ T9073]  rose_write_internal+0x11dc/0x1ac0
[  111.849376][ T9073]  ? __pfx_rose_write_internal+0x10/0x10
[  111.851255][ T9073]  ? __timer_delete+0x5d/0x390
[  111.852819][ T9073]  rose_release+0x24e/0x520
[  111.854339][ T9073]  sock_close+0xc3/0x240
[  111.855758][ T9073]  ? __pfx_sock_close+0x10/0x10
[  111.857381][ T9073]  __fput+0x44c/0xa70
[  111.858708][ T9073]  task_work_run+0x1d4/0x260
[  111.860240][ T9073]  ? __pfx_task_work_run+0x10/0x10
[  111.862364][ T9073]  ? task_work_add+0x377/0x420
[  111.864367][ T9073]  ? __pfx_task_work_add+0x10/0x10
[  111.866505][ T9073]  get_signal+0x11ed/0x1340
[  111.868473][ T9073]  arch_do_signal_or_restart+0x9a/0x750
[  111.871337][ T9073]  ? __pfx___sys_connect+0x10/0x10
[  111.873594][ T9073]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  111.876175][ T9073]  ? exit_to_user_mode_loop+0x40/0x110
[  111.878335][ T9073]  exit_to_user_mode_loop+0x75/0x110
[  111.880429][ T9073]  do_syscall_64+0x2bd/0x3b0
[  111.882247][ T9073]  ? lockdep_hardirqs_on+0x9c/0x150
[  111.884142][ T9073]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.886567][ T9073]  ? exc_page_fault+0x9f/0xf0
[  111.888455][ T9073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.890856][ T9073] RIP: 0033:0x7f42ddf8ebe9
[  111.892696][ T9073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.898987][ T9073] RSP: 002b:00007f42ded3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  111.902032][ T9073] RAX: fffffffffffffe00 RBX: 00007f42de1b5fa0 RCX: 00007f42ddf8ebe9
[  111.904551][ T9073] RDX: 0000000000000040 RSI: 0000200000000200 RDI: 0000000000000004
[  111.907109][ T9073] RBP: 00007f42de011e19 R08: 0000000000000000 R09: 0000000000000000
[  111.909663][ T9073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  111.912475][ T9073] R13: 00007f42de1b6038 R14: 00007f42de1b5fa0 R15: 00007ffd50207af8
[  111.915002][ T9073]  </TASK>
[  111.916675][ T9073] Kernel Offset: disabled
[  111.918086][ T9073] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:02:50  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000061 RBX=0000000000000061 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000122f RDI=0000000000001230 RBP=00000000000003f8 RSP=ffffc900060d7210
R8 =ffff888108c08237 R9 =1ffff11021181046 R10=dffffc0000000000 R11=ffffffff854c1d90
R12=dffffc0000000000 R13=ffffffff99a9590a R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1e0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f42ded3b6c0 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32f1fff8 CR3=0000000034f54000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff81679d7b ffffffff8133b53e
XMM02=00007f42de187498 ffffffff8133b53e XMM03=00007f42de1874a8 00007f42de1874a0
XMM04=00007f42deced100 00007f42de187460 XMM05=00007f42de187478 00007f42de1874c0
XMM06=00007f42de1874b8 00007f42de1874b0 XMM07=00007f42de1874a8 00007f42de1874a0
XMM08=0000000000000000 00007f42de012ee7 XMM09=0000000000000000 00007f42de012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000007105 RBX=0000000000007105 RCX=bd5dadaf6dabb100 RDX=0000000000010000
RSI=ffffffff8db6604c RDI=ffffffff8be30a00 RBP=ffff88801fa33980 RSP=ffffc900001e0c78
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=fffff5200003c17c
R12=0000000000000004 R13=0000000000000046 R14=ffff888136639f58 R15=ffff88801fa34510
RIP=ffffffff819d87ba RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555585fd8500 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f830cae7d60 CR3=00000000221c6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00007f830bf876c3 00007f830bf876c3 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000ff0000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000555585fedb16 0000555585feda10
XMM06=0000555585fefd74 0000555585fefd70 XMM07=49800401d4e00301 b8100001d4d0030f
XMM08=ffffffffffff0401 d4c0030c100001d4 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
