last executing test programs:

954.698879ms ago: executing program 1 (id=671):
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000000c0)=@req={0x5b, 0x9, 0x606, 0x43}, 0x10) (async, rerun: 32)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x1d, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) (rerun: 32)
r0 = socket$netlink(0x10, 0x3, 0x4) (async)
r1 = socket$inet(0x2, 0x80001, 0x84)
listen(r1, 0x3a5) (async)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f00000000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket$inet(0x2, 0x2, 0x1) (async, rerun: 64)
syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) (async, rerun: 64)
r4 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0)
close(r4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000007c0)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r5}]}, 0x28}}, 0x2000c058) (async)
sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x9200000000000000) (async, rerun: 32)
r6 = socket$inet6(0xa, 0x5, 0x0) (rerun: 32)
setsockopt$sock_int(r6, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) (async)
bind$inet6(r6, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r7 = socket$inet6(0xa, 0x5, 0x0) (async)
r8 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'bond0\x00', <r9=>0x0}) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_GET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x18, r11, 0x1, 0x70bd2a, 0x25dfdbff, {0x1b}, [@HEADER={0x4}]}, 0x18}}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x3c, r11, 0x320, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8, 0x9, 0x70}, @ETHTOOL_A_COALESCE_RX_USECS_HIGH={0x8, 0x13, 0xfffffff7}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_TX_USECS={0x8, 0x6, 0xfff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4001}, 0x40)
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x90, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r9, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x60, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x12, [0xc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) (async)
setsockopt$sock_int(r7, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) (async, rerun: 64)
listen(r6, 0x1000) (rerun: 64)
bind$inet6(r7, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000480)=0xffffff69, 0x4)

889.556756ms ago: executing program 1 (id=673):
bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x48)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'sit0\x00', <r2=>0x0}) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='signal_generate\x00', r4, 0x0, 0x3}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) (async)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) (async)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=ANY=[@ANYBLOB="38010000100001000000000000000000ac1e0101000000000000000000000000ac1e0101000000000000000000000000000000002000"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000bb000000006c0000001f0000000000000000000000000000000000000002000000000000000000000007000000000000100000000000000000000000003000000000000000000000000000000000000010000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000002abd7000000000000a000506000000000000000048000300"], 0x138}}, 0x20000000)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
ppoll(&(0x7f0000000500)=[{r6}], 0x1, 0x0, 0x0, 0x0) (async)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300000000000000, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) (async)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x2000300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3ffd, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xb2}]}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) (async)
sendmsg$IPSET_CMD_TEST(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c0000000b0601080000000000000000060000020500010000"], 0x2c}}, 0x4800) (async)
r9 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r10, {0x0, 0x4}, {0xffff, 0xffff}, {0x7, 0xffe5}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x2}}}}]}, 0x40}}, 0x0)

838.931349ms ago: executing program 1 (id=675):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000240), 0x8)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', <r2=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x28, r0, 0x603, 0x70bd2f, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5}, @ETHTOOL_A_LINKINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x28}}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000060095000000000000", @ANYRES64], &(0x7f0000000280)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x32, '\x00', r2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000600)='mctp_key_release\x00', r3, 0x0, 0x5}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000340)={r4})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r5, 0x0, 0x9}, 0x18)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000600)='mctp_key_release\x00', r5, 0x0, 0x5}, 0x18)
close(r7)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$kcm(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e3, &(0x7f0000000180)={r4, r8})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000000)={'team0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x24, 0x10, 0x1, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r10, 0x40810, 0x248a1}, [@IFLA_XDP={0x4}]}, 0x24}}, 0x4000000)
r11 = accept$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @private0}, &(0x7f00000000c0)=0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r11, 0x29, 0x20, &(0x7f0000000100)={@private0, 0x1, 0x2, 0x0, 0xb, 0x9f, 0xd}, 0x20)

749.930081ms ago: executing program 1 (id=677):
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
splice(r0, &(0x7f0000000000)=0x4, r1, &(0x7f0000000080)=0x3, 0x7, 0xe)
socket(0x2, 0xa, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000feffffffffcd7af0f8f38b970cd3f7882e3ef292", @ANYRES32=r2, @ANYBLOB="0c0002000000000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x44008090}, 0x2048044)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r8=>0x0})
r9 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="110000001900010000000000000000001d"], 0x184}, 0x1, 0x0, 0x0, 0x5}, 0x8004)
sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002cbd7000fbdbdf250f00000008000300", @ANYRES32=r8, @ANYBLOB="08002b000200009559e08fcadbbda7e9b0f634476b942a00abe2e221b96dbcaa488fa1fd1c56e7002a0000000000000002000000000059aa6f338c9c7d0591c23439a59bd511d275b8f8ffffffffffffff7c85e010"], 0x3c}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r11, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYRES8=r4, @ANYRES16=r12, @ANYBLOB="05002abd7000fcdb0100170000001c00068015000300bbc109d60947859bc709d0f9223a2e0746000000"], 0x30}, 0x1, 0x0, 0x0, 0x40058}, 0x240408c1)
sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="ffff0000", @ANYRES16=0x0, @ANYBLOB="00042abd7000fcdbdf25030000001400098008000200d30500000800020005000000540007800c000300feffffffffffffff08000200000001000c000400018000000000000008000100018000000c000300020000000000000008000200040000000c000400060000000000000008000200ff0f0000"], 0x7c}, 0x1, 0x0, 0x0, 0x24004011}, 0x108)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r6, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400006}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="ff00ff0e5817efc928c46edc6579c59743af7d8333786a7c5be9833192b573f429aac3e82b93413f2e18bee975f530274c27c59bc55b73f250d42c0c98cd18fab9050000000000000041c24ec75956d7dec0ceec60100619e881d7f3c3dc0f9f41f11dc995d5b9799bfa52f0d6df74d3700015a15825b5193dc5ec73f3679544fb0cf652050829a0cc0864b9213926316ffc07cab071", @ANYRES16=r10, @ANYBLOB="040027bd7000ffdbdf2512000000080009000200000008000800d3000000080006007e080000"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x48000)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="05000000040000000400000001"], 0x50)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x4, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}, [@generic={0x1, 0x6, 0x1, 0x8, 0x40}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3fc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='percpu_alloc_percpu\x00', r13}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fe0000000700000000000000", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$packet(0x11, 0x2, 0x300)
socketpair(0x0, 0x2, 0x9, &(0x7f00000005c0)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
getpeername$packet(r14, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="60000000020603000000000000830000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000000008001240ffffffff12000300686173683a6e65742c706f7274000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x4008801}, 0x0)

687.567239ms ago: executing program 0 (id=679):
socket(0x10, 0x3, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
r1 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
r2 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r9=>0x0})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r11 = socket(0x10, 0x803, 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r13, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x7, 0x6, 0x5, 0x5, 0x7, 0x8}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@delqdisc={0x24, 0x25, 0x1, 0x70bd26, 0x25dfdbfd, {0x0, 0x0, 0x0, r13, {0xe, 0x10}, {0xfff2, 0x9}, {0x8, 0xffe3}}}, 0x24}}, 0x20040054)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c000000100003041b00"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r9, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
close(r2)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x336)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'caif0\x00', 0x400})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000140)={'wlan0\x00', @remote})
socket$kcm(0x10, 0x2, 0x0)

687.12315ms ago: executing program 1 (id=680):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x10, 0x400000002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
syz_emit_ethernet(0x4a, &(0x7f0000000400)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x3, 0x0, 0x3}}}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000040)={@dev={0xac, 0x14, 0x14, 0x19}, @empty, 0x2, "4f6fb4d1af0f724e6118ecfbac0200843af29708e2355d0e7ea0c543011a00", 0xfffffffc, 0x4, 0x81, 0x2}, 0x3c)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010101, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x3, 0x0, 0xb7, 0x1fb, 0xffffffff, 0xfffffff9}}, 0xe8)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002", 0x17}], 0x1}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000007c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', r3, 0x29, 0xf, 0xb, 0x1, 0x10, @private0, @mcast2, 0x10, 0x7, 0x5b, 0x4}})
sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1b0000001a007f029e", 0x9}, {&(0x7f0000000200)="68cabf2dfb58fc0a01008888ffff0200258f", 0x12}], 0x2}, 0x4000000)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

580.119349ms ago: executing program 1 (id=681):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100), &(0x7f0000000200)=0x4) (async)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{0xffffffffffffffff, <r4=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000480)='%pK    \x00'}, 0x20)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x17, 0x0, 0x9, 0x46b8, 0x4, 0xffffffffffffffff, 0x24f, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x1, &(0x7f0000000040)=@raw=[@ldst={0x1, 0x3, 0x2, 0x9, 0x6, 0x40, 0xfffffffffffffffc}], &(0x7f0000000080)='GPL\x00', 0x80, 0x64, &(0x7f0000000180)=""/100, 0x40f00, 0x24, '\x00', r2, 0x25, r3, 0x8, &(0x7f00000003c0)={0x1006, 0x4}, 0x8, 0x10, &(0x7f0000000400)={0x2, 0x3, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000580)=[r4, r5], &(0x7f00000005c0)=[{0x4, 0x1, 0x3, 0x9}], 0x10, 0x8}, 0x94) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x1, &(0x7f0000000040)=@raw=[@ldst={0x1, 0x3, 0x2, 0x9, 0x6, 0x40, 0xfffffffffffffffc}], &(0x7f0000000080)='GPL\x00', 0x80, 0x64, &(0x7f0000000180)=""/100, 0x40f00, 0x24, '\x00', r2, 0x25, r3, 0x8, &(0x7f00000003c0)={0x1006, 0x4}, 0x8, 0x10, &(0x7f0000000400)={0x2, 0x3, 0x9}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000580)=[r4, r5], &(0x7f00000005c0)=[{0x4, 0x1, 0x3, 0x9}], 0x10, 0x8}, 0x94)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
close(0xffffffffffffffff)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) (async)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(r6, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0xfffffffd}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) (async)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
ioctl$int_in(r6, 0x5421, &(0x7f0000000140)=0x1)
writev(r6, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) (async)
writev(r6, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
setsockopt(r1, 0x84, 0x7f, &(0x7f0000000140)="0200000009800089", 0x8) (async)
setsockopt(r1, 0x84, 0x7f, &(0x7f0000000140)="0200000009800089", 0x8)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xc4}}, 0x4008800)

459.50276ms ago: executing program 0 (id=684):
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x8528c000)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
r5 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$FS_IOC_SETVERSION(r5, 0x40087602, &(0x7f0000000240)=0x7)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x24, r6, 0x1, 0x50bd26, 0x25dfdbf8, {{}, {@val={0x8, 0x1, 0x4f}, @val={0x8, 0x3, r4}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x20044040}, 0x24008004)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r8, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)={0x24, r7, 0x1, 0x70bd07, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x64}, @val={0x8, 0x3, r9}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000a0}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x28, r10, 0x1, 0x0, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x101, 0xd}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x15}, 0x2004c088)
r12 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r12, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r12, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

296.894915ms ago: executing program 2 (id=687):
syz_emit_ethernet(0xf87, &(0x7f0000000140)=ANY=[@ANYRESDEC=0x0, @ANYRESOCT=0x0], 0x0)
r0 = socket$inet6(0xa, 0x4, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000040)={'syztnl1\x00', r1, 0x2f, 0xa, 0x4, 0xff, 0x50, @dev={0xfe, 0x80, '\x00', 0x1b}, @private1, 0x10, 0x8, 0x6, 0x7fff}})

289.989755ms ago: executing program 0 (id=688):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xf9abc42c15b89df6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0500170005000000020000000400000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000300)={<r0=>0x0, @in={{0x2, 0x4e24, @loopback}}, [0x7, 0x1f, 0x8, 0x4, 0xd206, 0x10, 0x5, 0x40, 0x5, 0x7f5, 0x0, 0x2, 0x0, 0x2f54, 0x6011]}, &(0x7f0000000200)=0x100)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000240)={0x4, 0x800a, 0xffff0001, 0xfffffff9, r0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r2)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)={0x28, r3, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'virt_wifi0\x00'}]}, 0x28}}, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000800)="3504000030000511d25a80648c63940d0324fc60040035400c0002000200002037153e373f04018006041000450055d64a12f76710989a119052acaa1100da3e813fa6ba1eb693d93f699e37af0d43f908fa7d995a8feb85d6a4e1b691276cd9561767309099f86f8e9e71fa51bde29f19b06fb9b3ba96da0e93d5a4024c1747fff68092705b44bb48dd2db4f3127aab13b4af0554957da6c0e03db227b65d459fa5c1232d7b62f12b65354b7e7fd32998da02ae0dc28942ec82d97191d0b68697bac278c34b2972ca8ed35b61ee6831c78af85ccd687694ce3835a98387fcdb8616524ea04449dbedb3250fb366740d6b96307e1d2f0d85dd592ca2d8c2730ad1d16eb4d87cbb48d2f7c4eb7a490aee048c9a8eb2ec9ed353d79ed29ffed1e48bf370bfb8af11085997d38210601155ec361cd6f3577da98c0a528a4d24ce75fbe297cb75f4b36719edd354ee6312c5527de7ea1a4233b96d27f7fb1e098954", 0x160}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd5f5a02673ccc7dbedfd75e34f3f9eb3c7833734a59acada6dd2ff364475e03f2219deedb5d0c941f2177a23167adcc5a15f4e5441ed537f26a1620df057aeb55b2ad3a00a77e23d304ed6034dd5ec9b2cfe777ca21ec4f48abdafa0d66a78d653068ef871b", 0x2d5}], 0x2}, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58)
accept4(r1, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071120d000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r5, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

289.710788ms ago: executing program 2 (id=689):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, 0x0, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000040)={'dummy0\x00', &(0x7f0000000000)=@ethtool_cmd={0x22, 0xff, 0x4, 0x389, 0x8, 0x2, 0x4, 0x2, 0x0, 0x7, 0x4, 0x7fffffff, 0xfffb, 0x8, 0xb0, 0x0, [0x80000e, 0xfb]}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@delchain={0x3c, 0x64, 0xf31, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0x3}, {0xfff3, 0xffff}, {0x0, 0xd}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x44044)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

199.738644ms ago: executing program 0 (id=690):
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1de0e6c4d3a4526427aa00100000000061102000000000009500020008f8fd4a"], &(0x7f0000000480)='syzkaller\x00'}, 0x80)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000080)={0x8000, {{0xa, 0x4e20, 0x9, @remote, 0x8001}}}, 0x88)

199.447434ms ago: executing program 0 (id=691):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000001a979ba4d4dd90a18a1ebd400000100000a44000000090a010400000000000000000a00000409000200737960310000000608000a40fffffffc0900010073797a3100000000080005400000000b08000340000001301400000011000100"], 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

198.59054ms ago: executing program 2 (id=692):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000001000390400000000001b2347ea000000", @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c0002"], 0x5c}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r1, 0x111, 0x2, 0x1, 0x4)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001d008104e00f80ecdb4cb9f207c804a01000000088080efb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

149.922647ms ago: executing program 2 (id=693):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x58, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x5, @loopback}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}]}}}]}, 0x58}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r2, 0x20, &(0x7f0000000180)={&(0x7f0000000000)=""/100, 0x64, <r3=>0x0, &(0x7f0000000200)=""/144, 0x90}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=r3, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x20000002, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r3}, 0x94)
close(r4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0f0000000400000004000000a2"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r6}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000500), 0x4)
close(0x3)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz0\x00', 0x200002, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r8, &(0x7f00000000c0)={0x1f, 0x0, @none}, 0xe)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x10, @none}, 0xe)
openat$cgroup_subtree(r7, &(0x7f00000001c0), 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000304000000000000000006000000", @ANYRES32=0x0, @ANYBLOB="a5ffad8800000000280012800a00010063616e"], 0x48}}, 0x0)

149.110626ms ago: executing program 0 (id=694):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x36, 0x0, &(0x7f0000000380)="f6f4e9a1d78ad62ceef1884386dd78bb3fb7dbfc8180ca8395ccfda2e499b3dcf581", 0x0, 0xffffffff, 0x0, 0x2, 0x0, &(0x7f0000000700)="010a", 0x0}, 0x50)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r5 = openat$cgroup_devices(r4, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB='b ', @ANYRESOCT], 0x9)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r6, @ANYBLOB="24005a8020000180140003000000040020000000010000000000000004000200040001"], 0x40}}, 0x0)

148.39737ms ago: executing program 2 (id=695):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0xa8, 0x24, 0xf0b, 0x70bd2d, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x78, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffc, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x7ff}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x80000000}]}]}]}}]}, 0xa8}}, 0x0)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x4e23, @empty}, {0x0, @local}, 0x0, {0x2, 0x4e23, @broadcast}, 'hsr0\x00'})
socket$inet_sctp(0x2, 0x1, 0x84) (async)
socket$inet(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00'}) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0xa8, 0x24, 0xf0b, 0x70bd2d, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x78, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffc, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x7ff}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x80000000}]}]}]}}]}, 0xa8}}, 0x0) (async)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000000)={{0x2, 0x4e23, @empty}, {0x0, @local}, 0x0, {0x2, 0x4e23, @broadcast}, 'hsr0\x00'}) (async)

0s ago: executing program 2 (id=696):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="54000000100003052bbd7000249d020000000000", @ANYRES32=0x0, @ANYBLOB="1544010001800000240012800b0001006d616373656300001400028005000c0001000000080005000400000008000500", @ANYRES32=r4], 0x54}}, 0xae14)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0xfffe, @remote}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}], 0x1, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:63727' (ED25519) to the list of known hosts.
syzkaller login: [   49.782461][ T5841] cgroup: Unknown subsys name 'net'
[   49.930647][ T5841] cgroup: Unknown subsys name 'cpuset'
[   49.934706][ T5841] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.341724][ T5841] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.351043][ T5852] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.357521][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.360972][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.365100][ T5852] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.369060][ T5852] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.398465][ T5235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.402454][ T5235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.406013][ T5235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.410132][ T5235] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.413772][ T5235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.499891][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.503424][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.506404][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.509937][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.512615][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.559827][ T5849] chnl_net:caif_netlink_parms(): no params data found
[   55.619490][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   55.666857][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.669577][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.672029][ T5849] bridge_slave_0: entered allmulticast mode
[   55.674679][ T5849] bridge_slave_0: entered promiscuous mode
[   55.679073][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.681377][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.683678][ T5849] bridge_slave_1: entered allmulticast mode
[   55.686254][ T5849] bridge_slave_1: entered promiscuous mode
[   55.712289][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.725106][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.761785][ T5849] team0: Port device team_slave_0 added
[   55.765248][ T5849] team0: Port device team_slave_1 added
[   55.774255][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.777310][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.780896][ T5854] bridge_slave_0: entered allmulticast mode
[   55.783791][ T5854] bridge_slave_0: entered promiscuous mode
[   55.787015][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.790408][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.793345][ T5854] bridge_slave_1: entered allmulticast mode
[   55.797069][ T5854] bridge_slave_1: entered promiscuous mode
[   55.842861][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.845556][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.856488][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.894959][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.899471][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.902024][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.910853][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.920662][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.959018][ T5854] team0: Port device team_slave_0 added
[   55.965525][ T5854] team0: Port device team_slave_1 added
[   55.969561][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   56.021368][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.024219][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.035667][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.043825][ T5849] hsr_slave_0: entered promiscuous mode
[   56.046158][ T5849] hsr_slave_1: entered promiscuous mode
[   56.056556][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.059571][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.070119][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.166946][ T5854] hsr_slave_0: entered promiscuous mode
[   56.170840][ T5854] hsr_slave_1: entered promiscuous mode
[   56.173726][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   56.176296][ T5854] Cannot create hsr debugfs directory
[   56.178941][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.181273][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.183782][ T5859] bridge_slave_0: entered allmulticast mode
[   56.186530][ T5859] bridge_slave_0: entered promiscuous mode
[   56.189958][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.192355][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.194984][ T5859] bridge_slave_1: entered allmulticast mode
[   56.198454][ T5859] bridge_slave_1: entered promiscuous mode
[   56.242038][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.265814][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.342780][ T5859] team0: Port device team_slave_0 added
[   56.353474][ T5859] team0: Port device team_slave_1 added
[   56.384614][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.388036][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.397821][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.415151][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.417724][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.425757][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.471600][ T5859] hsr_slave_0: entered promiscuous mode
[   56.473859][ T5859] hsr_slave_1: entered promiscuous mode
[   56.475927][ T5859] debugfs: 'hsr0' already exists in 'hsr'
[   56.478045][ T5859] Cannot create hsr debugfs directory
[   56.494205][ T5849] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.502688][ T5849] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.522465][ T5849] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.529308][ T5849] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.632907][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.640896][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.648407][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.661910][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.714219][ T5859] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.722517][ T5859] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.739714][ T5859] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.746363][ T5859] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.780899][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.811545][ T5849] 8021q: adding VLAN 0 to HW filter on device team0
[   56.824923][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.827846][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.846683][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.853298][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.855623][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.892622][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   56.909079][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.911398][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.924034][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.926532][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.934662][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.966860][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   56.975002][ T5854] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   56.979872][ T5854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.993496][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.995842][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.001405][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.003891][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.082705][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.156986][ T5849] veth0_vlan: entered promiscuous mode
[   57.173836][ T5849] veth1_vlan: entered promiscuous mode
[   57.225129][ T5849] veth0_macvtap: entered promiscuous mode
[   57.238922][ T5849] veth1_macvtap: entered promiscuous mode
[   57.255561][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.264744][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.270297][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.277101][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.298978][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.302013][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.305096][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.320459][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.386191][ T5854] veth0_vlan: entered promiscuous mode
[   57.396159][ T5859] veth0_vlan: entered promiscuous mode
[   57.401958][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.402760][ T5854] veth1_vlan: entered promiscuous mode
[   57.404969][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.428954][ T5859] veth1_vlan: entered promiscuous mode
[   57.432837][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.435353][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.449273][ T5854] veth0_macvtap: entered promiscuous mode
[   57.452877][ T5854] veth1_macvtap: entered promiscuous mode
[   57.457819][ T5852] Bluetooth: hci1: command tx timeout
[   57.459708][ T5852] Bluetooth: hci0: command tx timeout
[   57.463352][ T5859] veth0_macvtap: entered promiscuous mode
[   57.469143][ T5859] veth1_macvtap: entered promiscuous mode
[   57.476455][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.488425][ T5849] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.490118][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.499721][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.515678][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.520889][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.524721][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.529153][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.537596][ T5235] Bluetooth: hci2: command tx timeout
[   57.540826][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.553603][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.560018][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.563330][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.566207][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.639399][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.644379][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.686447][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.692907][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.714130][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.719474][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.732702][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.738137][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.763729][ T5917] netlink: 'syz.0.4': attribute type 3 has an invalid length.
[   57.839632][ T5919] syzkaller1: entered promiscuous mode
[   57.842962][ T5919] syzkaller1: entered allmulticast mode
[   57.982907][ T5931] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.045068][ T5936] syz.0.5 uses obsolete (PF_INET,SOCK_PACKET)
[   59.423847][ T6005] netlink: 4 bytes leftover after parsing attributes in process `syz.2.13'.
[   59.439216][ T6005] veth1_macvtap: left promiscuous mode
[   59.538231][ T5235] Bluetooth: hci0: command tx timeout
[   59.539461][ T5852] Bluetooth: hci1: command tx timeout
[   59.618134][ T5852] Bluetooth: hci2: command tx timeout
[   59.900232][ T6011] netlink: 8 bytes leftover after parsing attributes in process `syz.0.16'.
[   60.504026][ T6016] netlink: 20 bytes leftover after parsing attributes in process `syz.2.18'.
[   60.676724][ T6021] netlink: 4 bytes leftover after parsing attributes in process `syz.2.20'.
[   60.685181][ T6021] openvswitch: netlink: Missing key (keys=40, expected=80)
[   60.700268][ T6021] netlink: 24 bytes leftover after parsing attributes in process `syz.2.20'.
[   60.707934][ T6021] netlink: 24 bytes leftover after parsing attributes in process `syz.2.20'.
[   60.712637][ T6021] Zero length message leads to an empty skb
[   60.717054][ T6021] netlink: 28 bytes leftover after parsing attributes in process `syz.2.20'.
[   60.764432][ T6025] netlink: 'syz.0.22': attribute type 1 has an invalid length.
[   60.767035][ T6025] netlink: 244 bytes leftover after parsing attributes in process `syz.0.22'.
[   60.772923][ T6025] netlink: 104 bytes leftover after parsing attributes in process `syz.0.22'.
[   60.854627][ T6029] tipc: Started in network mode
[   60.857632][ T6029] tipc: Node identity 4aa583fbd443, cluster identity 4711
[   60.860688][ T6029] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   60.866345][ T6029] syzkaller0: entered promiscuous mode
[   60.881067][ T6029] syzkaller0: entered allmulticast mode
[   60.915423][ T6028] tipc: Resetting bearer <eth:syzkaller0>
[   60.952380][ T6028] tipc: Disabling bearer <eth:syzkaller0>
[   61.060090][ T6041] netlink: 12 bytes leftover after parsing attributes in process `syz.1.28'.
[   61.143051][ T6048] tipc: Started in network mode
[   61.145219][ T6048] tipc: Node identity 8eadbd06fd2a, cluster identity 4711
[   61.157478][ T6048] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   61.173332][ T6048] syzkaller0: entered promiscuous mode
[   61.175161][ T6048] syzkaller0: entered allmulticast mode
[   61.195577][ T6048] ip6gretap0: entered promiscuous mode
[   61.208916][ T6047] tipc: Resetting bearer <eth:syzkaller0>
[   61.240736][ T6047] tipc: Disabling bearer <eth:syzkaller0>
[   61.345034][ T5313] IPVS: starting estimator thread 0...
[   61.438093][ T6071] IPVS: using max 80 ests per chain, 192000 per kthread
[   61.461003][ T6092] tipc: Started in network mode
[   61.463129][ T6092] tipc: Node identity ee2b0e6ae58d, cluster identity 4711
[   61.466205][ T6092] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   61.470882][ T6092] syzkaller0: entered promiscuous mode
[   61.472778][ T6092] syzkaller0: entered allmulticast mode
[   61.495572][ T6093] tipc: Resetting bearer <eth:syzkaller0>
[   61.521675][ T6089] tipc: Resetting bearer <eth:syzkaller0>
[   61.538389][ T6089] tipc: Disabling bearer <eth:syzkaller0>
[   61.591768][ T6106] netlink: 'syz.2.50': attribute type 4 has an invalid length.
[   61.600659][ T6106] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[   61.619707][ T6108] netlink: 'syz.0.51': attribute type 12 has an invalid length.
[   61.620028][ T5235] Bluetooth: hci1: command tx timeout
[   61.624713][ T5852] Bluetooth: hci0: command tx timeout
[   61.660921][ T6111] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   61.663350][ T6111] syzkaller0: entered promiscuous mode
[   61.665072][ T6111] syzkaller0: entered allmulticast mode
[   61.669872][ T6110] tipc: Resetting bearer <eth:syzkaller0>
[   61.697569][ T5852] Bluetooth: hci2: command tx timeout
[   61.703035][ T6110] tipc: Disabling bearer <eth:syzkaller0>
[   61.846419][ T6130] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.846724][ T6134] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   61.876004][ T6134] syzkaller0: entered promiscuous mode
[   61.881537][ T6134] syzkaller0: entered allmulticast mode
[   61.901932][ T6134] ip6gretap0: entered promiscuous mode
[   61.929249][ T6133] tipc: Resetting bearer <eth:syzkaller0>
[   61.971606][ T6133] tipc: Disabling bearer <eth:syzkaller0>
[   62.011144][ T6136] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   62.058121][ T6135] tipc: Disabling bearer <eth:syzkaller0>
[   62.159921][ T6141] netlink: 'syz.2.62': attribute type 11 has an invalid length.
[   62.575840][ T6155] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   62.588373][ T6155] syzkaller0: entered promiscuous mode
[   62.593229][ T6155] syzkaller0: entered allmulticast mode
[   62.691019][ T6154] tipc: Resetting bearer <eth:syzkaller0>
[   62.706191][ T6154] tipc: Disabling bearer <eth:syzkaller0>
[   62.805345][ T6174] netlink: 'syz.1.68': attribute type 10 has an invalid length.
[   62.808159][ T6172] TCP: TCP_TX_DELAY enabled
[   62.811410][ T6174] bond0: (slave wlan1): Opening slave failed
[   62.935988][ T6185] sctp: [Deprecated]: syz.2.74 (pid 6185) Use of int in max_burst socket option.
[   62.935988][ T6185] Use struct sctp_assoc_value instead
[   63.142383][ T6195] netlink: 'syz.0.79': attribute type 10 has an invalid length.
[   63.147105][ T6195] team0: Device ipvlan1 failed to register rx_handler
[   63.195250][ T6200] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   63.198470][ T6200] IPv6: NLM_F_CREATE should be set when creating new route
[   63.200815][ T6200] IPv6: NLM_F_CREATE should be set when creating new route
[   63.203241][ T6200] IPv6: NLM_F_CREATE should be set when creating new route
[   63.205627][ T6201] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   63.307025][ T6205] veth3: entered promiscuous mode
[   63.335848][ T6204] veth3: entered promiscuous mode
[   63.466521][   T12] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   63.520221][ T6220] netlink: 'syz.0.86': attribute type 5 has an invalid length.
[   63.590322][ T6224] bridge_slave_0: left allmulticast mode
[   63.592271][ T6224] bridge_slave_0: left promiscuous mode
[   63.594618][ T6224] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.600533][ T6224] bridge_slave_1: left allmulticast mode
[   63.602627][ T6224] bridge_slave_1: left promiscuous mode
[   63.604744][ T6224] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.610767][ T6224] bond0: (slave bond_slave_0): Releasing backup interface
[   63.615025][ T6224] bond0: (slave bond_slave_1): Releasing backup interface
[   63.624499][ T6224] team0: Port device team_slave_0 removed
[   63.630020][ T6224] team0: Port device team_slave_1 removed
[   63.632374][ T6224] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   63.634808][ T6224] batman_adv: batadv0: Removing interface: batadv_slave_0
[   63.639600][ T6224] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   63.642862][ T6224] batman_adv: batadv0: Removing interface: batadv_slave_1
[   63.697864][ T5852] Bluetooth: hci0: command tx timeout
[   63.698890][ T5235] Bluetooth: hci1: command tx timeout
[   63.740540][ T6224] ieee802154 phy0 wpan0: encryption failed: -22
[   63.777797][ T5235] Bluetooth: hci2: command tx timeout
[   64.309867][ T6231] netlink: 'syz.0.89': attribute type 1 has an invalid length.
[   64.333320][ T6235] trusted_key: syz.2.91 sent an empty control message without MSG_MORE.
[   64.361946][ T6235] netlink: 'syz.2.91': attribute type 4 has an invalid length.
[   64.507824][ T6249] warning: `syz.1.96' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   64.559303][ T6254] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   64.600149][ T6258] __nla_validate_parse: 63 callbacks suppressed
[   64.600162][ T6258] netlink: 8 bytes leftover after parsing attributes in process `syz.0.100'.
[   64.651024][ T6269] nbd: illegal input index -1
[   64.722250][ T6277] macvlan2: entered allmulticast mode
[   64.724224][ T6277] veth1_vlan: entered allmulticast mode
[   64.728242][ T6277] veth1_vlan: left allmulticast mode
[   64.785002][ T6280] netlink: 'syz.0.104': attribute type 10 has an invalid length.
[   64.827038][ T6280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.104'.
[   64.831027][ T6280] netlink: 68 bytes leftover after parsing attributes in process `syz.0.104'.
[   64.834854][ T6280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.104'.
[   64.839740][ T6280] netlink: 68 bytes leftover after parsing attributes in process `syz.0.104'.
[   64.982490][ T6286] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   64.985182][ T6286] syzkaller0: entered promiscuous mode
[   64.987116][ T6286] syzkaller0: entered allmulticast mode
[   64.991529][ T6286] netlink: 8 bytes leftover after parsing attributes in process `syz.0.106'.
[   65.042632][ T6285] tipc: Resetting bearer <eth:syzkaller0>
[   65.051763][ T6285] tipc: Disabling bearer <eth:syzkaller0>
[   65.123077][ T6288] netlink: 'syz.0.107': attribute type 1 has an invalid length.
[   65.313906][   T10] cfg80211: failed to load regulatory.db
[   65.341835][ T6298] netlink: 8 bytes leftover after parsing attributes in process `syz.2.110'.
[   65.358713][ T6298] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   65.362003][ T6298] syzkaller0: entered promiscuous mode
[   65.364344][ T6298] syzkaller0: entered allmulticast mode
[   65.381003][ T6298] tipc: Resetting bearer <eth:syzkaller0>
[   65.390237][ T6297] tipc: Resetting bearer <eth:syzkaller0>
[   65.408775][ T6297] tipc: Disabling bearer <eth:syzkaller0>
[   65.451582][ T6312] netlink: 'syz.0.114': attribute type 29 has an invalid length.
[   65.455642][ T6312] netlink: 'syz.0.114': attribute type 29 has an invalid length.
[   65.460597][ T6312] netlink: 500 bytes leftover after parsing attributes in process `syz.0.114'.
[   65.469618][ T6312] netlink: 8 bytes leftover after parsing attributes in process `syz.0.114'.
[   65.505829][ T6317] netlink: 'syz.2.116': attribute type 9 has an invalid length.
[   65.532266][ T6319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.118'.
[   65.916323][ T6369] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   66.445407][ T6385] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   66.881550][ T6431] 8021q: adding VLAN 0 to HW filter on device bond1
[   67.134138][ T6451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   67.144836][ T6450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   67.206386][ T6450] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   67.815628][ T6470] sctp: [Deprecated]: syz.0.166 (pid 6470) Use of struct sctp_assoc_value in delayed_ack socket option.
[   67.815628][ T6470] Use struct sctp_sack_info instead
[   68.068392][ T6477] syzkaller1: entered promiscuous mode
[   68.070896][ T6477] syzkaller1: entered allmulticast mode
[   68.074800][ T6477] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[   68.484750][ T6497] validate_nla: 3 callbacks suppressed
[   68.484764][ T6497] netlink: 'syz.2.175': attribute type 5 has an invalid length.
[   68.508021][ T6498] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   68.649218][ T6507] netlink: 'syz.0.177': attribute type 11 has an invalid length.
[   68.926452][ T6526] team0: Device ipip0 is of different type
[   68.982070][ T6527] bridge_slave_0: left allmulticast mode
[   68.984643][ T6527] bridge_slave_0: left promiscuous mode
[   68.991631][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.002359][ T6527] bridge_slave_1: left allmulticast mode
[   69.004802][ T6527] bridge_slave_1: left promiscuous mode
[   69.008558][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.016946][ T6527] bond0: (slave bond_slave_0): Releasing backup interface
[   69.038499][ T6527] bond0: (slave bond_slave_1): Releasing backup interface
[   69.069176][ T6527] team0: Port device team_slave_0 removed
[   69.100295][ T6527] team0: Port device team_slave_1 removed
[   69.113548][ T6527] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.117129][ T6527] batman_adv: batadv0: Removing interface: batadv_slave_0
[   69.125773][ T6527] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   69.130952][ T6527] batman_adv: batadv0: Removing interface: batadv_slave_1
[   69.319029][ T6532] vti0: entered promiscuous mode
[   69.320962][ T6532] vti0: entered allmulticast mode
[   69.334428][ T6532] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   69.338318][ T6532] syzkaller0: entered promiscuous mode
[   69.340149][ T6532] syzkaller0: entered allmulticast mode
[   69.345007][ T6532] 8021q: VLANs not supported on ip6_vti0
[   69.348066][ T6532] syzkaller0: mtu less than device minimum
[   69.353872][ T6531] tipc: Resetting bearer <eth:syzkaller0>
[   69.363679][ T6531] tipc: Disabling bearer <eth:syzkaller0>
[   69.621482][ T6548] __nla_validate_parse: 19 callbacks suppressed
[   69.621492][ T6548] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.192'.
[   69.671755][ T6554] netlink: 20 bytes leftover after parsing attributes in process `syz.0.193'.
[   69.730062][ T6562] netlink: 'syz.0.198': attribute type 1 has an invalid length.
[   69.732888][ T6562] netlink: 16 bytes leftover after parsing attributes in process `syz.0.198'.
[   69.751893][ T6568] netlink: 8 bytes leftover after parsing attributes in process `syz.2.197'.
[   69.753292][ T6567] netlink: 8 bytes leftover after parsing attributes in process `syz.2.197'.
[   69.757819][ T6568] openvswitch: netlink: nsh attr 2560 is out of range max 3
[   69.760832][ T6567] openvswitch: netlink: nsh attr 2560 is out of range max 3
[   69.761193][ T6568] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   69.764335][ T6567] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   69.991801][ T6604] netlink: 32 bytes leftover after parsing attributes in process `syz.1.209'.
[   69.998763][ T6605] netlink: 32 bytes leftover after parsing attributes in process `syz.1.209'.
[   70.123226][ T6621] netlink: 'syz.1.216': attribute type 1 has an invalid length.
[   70.125843][ T6621] netlink: 'syz.1.216': attribute type 3 has an invalid length.
[   70.135179][ T6621] netlink: 564 bytes leftover after parsing attributes in process `syz.1.216'.
[   70.200942][ T6627] netlink: 60 bytes leftover after parsing attributes in process `syz.2.217'.
[   70.220963][ T6629] netlink: 64 bytes leftover after parsing attributes in process `syz.0.219'.
[   70.246156][ T6631] geneve2: entered promiscuous mode
[   70.248540][ T6631] geneve2: entered allmulticast mode
[   70.384484][ T6648] ip6gre0: entered allmulticast mode
[   70.390584][ T6648] dvmrp8: entered allmulticast mode
[   70.472854][ T6655] netlink: 'syz.1.229': attribute type 1 has an invalid length.
[   70.496872][ T6655] 8021q: adding VLAN 0 to HW filter on device bond1
[   70.501902][ T6648] ip6gre0: left allmulticast mode
[   70.507828][ T6648] dvmrp8: left allmulticast mode
[   70.581201][ T6660] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   70.584676][ T6660] syzkaller0: entered promiscuous mode
[   70.594057][ T6660] syzkaller0: entered allmulticast mode
[   70.605612][ T6660] tipc: Resetting bearer <eth:syzkaller0>
[   70.612943][ T6659] tipc: Resetting bearer <eth:syzkaller0>
[   70.626298][ T6659] tipc: Disabling bearer <eth:syzkaller0>
[   70.634483][ T6664] sctp: [Deprecated]: syz.0.232 (pid 6664) Use of struct sctp_assoc_value in delayed_ack socket option.
[   70.634483][ T6664] Use struct sctp_sack_info instead
[   70.683242][ T6668] Bluetooth: MGMT ver 1.23
[   70.691106][ T6666] openvswitch: netlink: Key type 251 is out of range max 32
[   70.703666][ T6671] veth2: entered allmulticast mode
[   71.014393][ T6697] netlink: 'syz.0.242': attribute type 3 has an invalid length.
[   71.310537][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.314175][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   72.012533][ T6737] IPVS: set_ctl: invalid protocol: 59 224.0.0.1:19490
[   72.187735][ T6745] block nbd0: server does not support multiple connections per device.
[   72.191643][ T6745] block nbd0: shutting down sockets
[   72.195913][ T6758] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   72.198912][ T6758] syzkaller0: entered promiscuous mode
[   72.200726][ T6758] syzkaller0: entered allmulticast mode
[   72.209316][ T6758] ip6gretap0: entered promiscuous mode
[   72.214719][ T6757] tipc: Resetting bearer <eth:syzkaller0>
[   72.222467][ T6757] tipc: Disabling bearer <eth:syzkaller0>
[   72.495816][ T6778] vti0: entered promiscuous mode
[   72.502474][ T6778] vti0: entered allmulticast mode
[   72.602699][ T6799] .70: renamed from hsr0 (while UP)
[   72.606854][ T6799] .70: entered allmulticast mode
[   72.615591][ T6799] hsr_slave_0: entered allmulticast mode
[   72.620506][ T6799] hsr_slave_1: entered allmulticast mode
[   72.624319][ T6799] A link change request failed with some changes committed already. Interface .70 may have been left with an inconsistent configuration, please check.
[   72.729640][ T6808] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[   72.745309][ T6810] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   72.748901][ T6810] syzkaller0: entered promiscuous mode
[   72.750674][ T6810] syzkaller0: entered allmulticast mode
[   72.760006][ T6810] tipc: Resetting bearer <eth:syzkaller0>
[   72.762705][ T6809] tipc: Resetting bearer <eth:syzkaller0>
[   72.770845][ T6809] tipc: Disabling bearer <eth:syzkaller0>
[   73.027063][ T6833] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) !
[   73.234793][ T6862] netlink: 'syz.1.292': attribute type 5 has an invalid length.
[   73.769610][ T6893] netlink: 'syz.0.302': attribute type 4 has an invalid length.
[   73.777194][ T6893] netlink: 'syz.0.302': attribute type 4 has an invalid length.
[   73.900344][ T6908] netlink: 'syz.0.306': attribute type 1 has an invalid length.
[   73.919187][ T6908] 8021q: adding VLAN 0 to HW filter on device bond2
[   73.938184][ T6908] veth3: entered promiscuous mode
[   73.942704][ T6908] bond2: (slave veth3): Enslaving as an active interface with a down link
[   74.323802][ T6970] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   74.326973][ T6970] syzkaller0: entered promiscuous mode
[   74.330627][ T6970] syzkaller0: entered allmulticast mode
[   74.358215][ T6972] netlink: 'syz.1.324': attribute type 23 has an invalid length.
[   74.393998][ T6969] tipc: Resetting bearer <eth:syzkaller0>
[   74.405913][ T6969] tipc: Disabling bearer <eth:syzkaller0>
[   74.466834][ T6980] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   74.469623][ T6980] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   74.529884][ T6990] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   74.538112][ T6990] syzkaller0: entered promiscuous mode
[   74.540277][ T6990] syzkaller0: entered allmulticast mode
[   74.559011][ T6990] tipc: Resetting bearer <eth:syzkaller0>
[   74.564378][ T6988] tipc: Resetting bearer <eth:syzkaller0>
[   74.573642][ T6988] tipc: Disabling bearer <eth:syzkaller0>
[   75.822069][ T7020] netlink: 'syz.1.340': attribute type 7 has an invalid length.
[   75.832704][ T7020] : entered promiscuous mode
[   76.640395][ T7032] syzkaller0: entered promiscuous mode
[   76.642454][ T7032] syzkaller0: entered allmulticast mode
[   76.752340][ T7039] TCP: tcp_parse_options: Illegal window scaling value 128 > 14 received
[   76.756584][ T7040] netlink: 'syz.2.345': attribute type 1 has an invalid length.
[   76.829857][ T7047] __nla_validate_parse: 35 callbacks suppressed
[   76.829866][ T7047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'.
[   77.314607][ T7081] netlink: 'syz.2.356': attribute type 10 has an invalid length.
[   77.317865][ T7081] netlink: 2 bytes leftover after parsing attributes in process `syz.2.356'.
[   77.321047][ T7081] team0: entered promiscuous mode
[   77.323580][ T7081] 8021q: adding VLAN 0 to HW filter on device team0
[   77.326135][ T7081] bridge0: port 1(team0) entered blocking state
[   77.328655][ T7081] bridge0: port 1(team0) entered disabled state
[   77.331289][ T7081] team0: entered allmulticast mode
[   77.954343][ T7109] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   77.958300][ T7109] syzkaller0: entered promiscuous mode
[   77.960088][ T7109] syzkaller0: entered allmulticast mode
[   77.965861][ T7109] netlink: 8 bytes leftover after parsing attributes in process `syz.0.365'.
[   78.021576][ T7108] tipc: Resetting bearer <eth:syzkaller0>
[   78.033328][ T7108] tipc: Disabling bearer <eth:syzkaller0>
[   78.101053][ T7112] netlink: 844 bytes leftover after parsing attributes in process `syz.0.366'.
[   78.229692][ T7116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.369'.
[   78.551650][ T7123] netlink: 252 bytes leftover after parsing attributes in process `syz.0.370'.
[   78.891731][ T7150] netlink: 24 bytes leftover after parsing attributes in process `syz.1.377'.
[   78.925069][ T7150] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.377'.
[   79.160769][ T5313] IPVS: starting estimator thread 0...
[   79.257438][ T7176] IPVS: using max 81 ests per chain, 194400 per kthread
[   79.266993][ T7182] netlink: 12 bytes leftover after parsing attributes in process `syz.0.386'.
[   79.315428][ T7187] netlink: 12 bytes leftover after parsing attributes in process `syz.0.388'.
[   79.360077][ T7192] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   79.366929][ T7192] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   79.955509][ T7236] netlink: 'syz.1.407': attribute type 1 has an invalid length.
[   80.018483][ T7238] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   80.021470][ T7238] syzkaller0: entered promiscuous mode
[   80.023362][ T7238] syzkaller0: entered allmulticast mode
[   80.045854][ T7237] tipc: Resetting bearer <eth:syzkaller0>
[   80.057524][ T7237] tipc: Disabling bearer <eth:syzkaller0>
[   80.373741][ T7261] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[   80.614663][ T7289] pimreg: entered allmulticast mode
[   80.759757][   T33] audit: type=1107 audit(1756946886.126:2): pid=7301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='QB<di['gtC"3)I-#ʔW@[~jaIWnB\^/w_ɔrk̭pTяHB*/($ɳw}Y]'L/@`0nT=O	+6Q[٨JxPܽ<?hya^樠<'Md=?,=])lx{Kc-J@k'
[   80.818906][   T10] IPVS: starting estimator thread 0...
[   80.902652][ T7320] netlink: 'syz.1.433': attribute type 5 has an invalid length.
[   80.905269][ T7321] netlink: 'syz.1.433': attribute type 5 has an invalid length.
[   80.917450][ T7313] IPVS: using max 80 ests per chain, 192000 per kthread
[   81.211131][ T7342] netlink: 'syz.2.440': attribute type 5 has an invalid length.
[   81.829537][ T7362] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[   81.832949][ T7362] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   81.899648][ T7366] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   81.942962][ T7367] tipc: Disabling bearer <eth:syzkaller0>
[   82.004932][ T7371] netlink: 'syz.1.450': attribute type 1 has an invalid length.
[   82.026354][ T7371] 8021q: adding VLAN 0 to HW filter on device bond3
[   82.030350][ T7371] bond2: (slave bond3): making interface the new active one
[   82.033228][ T7371] bond2: (slave bond3): Enslaving as an active interface with an up link
[   82.044821][ T7371] bond2: (slave gretap1): Enslaving as a backup interface with an up link
[   82.049056][ T7371] __nla_validate_parse: 16 callbacks suppressed
[   82.049064][ T7371] netlink: 28 bytes leftover after parsing attributes in process `syz.1.450'.
[   82.055996][ T7371] 8021q: adding VLAN 0 to HW filter on device bond2
[   82.147092][   T24] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[   82.152931][   T24] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   82.265141][ T5863] nci: nci_ntf_packet: unsupported ntf opcode 0xf3d
[   82.586514][ T7388] netlink: 44 bytes leftover after parsing attributes in process `syz.0.454'.
[   82.590702][ T7388] netlink: 43 bytes leftover after parsing attributes in process `syz.0.454'.
[   82.595087][ T7388] netlink: 'syz.0.454': attribute type 6 has an invalid length.
[   82.598905][ T7388] netlink: 'syz.0.454': attribute type 5 has an invalid length.
[   82.602456][ T7388] netlink: 43 bytes leftover after parsing attributes in process `syz.0.454'.
[   83.177032][ T7420] netlink: 12 bytes leftover after parsing attributes in process `syz.1.464'.
[   83.224690][ T7430] tun0: tun_chr_ioctl cmd 1074812118
[   83.226630][ T7430] tun0: tun_chr_ioctl cmd 2148045848
[   83.234267][ T7430] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[   83.257863][ T7427] netlink: 24 bytes leftover after parsing attributes in process `syz.0.465'.
[   83.266147][ T7431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.465'.
[   83.444566][ T7438] netlink: 16 bytes leftover after parsing attributes in process `syz.1.468'.
[   83.452656][ T7446] netlink: 16 bytes leftover after parsing attributes in process `syz.1.468'.
[   83.462479][ T7442] netlink: 12 bytes leftover after parsing attributes in process `syz.0.470'.
[   83.635685][ T7461] team0: Port device team_slave_0 removed
[   83.651908][ T7473] netlink: 'syz.2.479': attribute type 1 has an invalid length.
[   83.655080][ T7473] netlink: 'syz.2.479': attribute type 1 has an invalid length.
[   83.682493][ T7479] netlink: 'syz.2.480': attribute type 1 has an invalid length.
[   83.696875][ T7479] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[   83.744668][ T7487] openvswitch: netlink: Duplicate or invalid key (type 0).
[   83.750064][ T7487] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   83.783536][ T5873] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   83.787306][ T5873] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   83.795997][ T5873] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   83.800195][ T5873] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   83.820404][ T7495] IPv6: sit1: Disabled Multicast RS
[   83.955017][ T7505] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   85.064369][ T7541] netlink: 'syz.0.499': attribute type 10 has an invalid length.
[   85.580601][ T7600] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   85.587593][ T7600] syzkaller0: entered promiscuous mode
[   85.589465][ T7600] syzkaller0: entered allmulticast mode
[   85.599478][ T7599] tipc: Resetting bearer <eth:syzkaller0>
[   85.612708][ T7599] tipc: Disabling bearer <eth:syzkaller0>
[   86.206645][ T7648] gtp0: entered promiscuous mode
[   86.297291][ T7662] IPv6: addrconf: prefix option has invalid lifetime
[   86.366262][ T7673] 8021q: adding VLAN 0 to HW filter on device bond4
[   86.370667][ T7673] bond0: (slave bond4): Enslaving as an active interface with an up link
[   86.731290][ T7711] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[   86.740676][ T7711] openvswitch: netlink: Missing key (keys=40, expected=200000)
[   86.775218][ T7713] nftables ruleset with unbound chain
[   87.104168][ T7725] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   87.217034][ T7727] syzkaller0: entered promiscuous mode
[   87.220007][ T7727] syzkaller0: entered allmulticast mode
[   87.225566][ T7727] tipc: Resetting bearer <eth:syzkaller0>
[   87.269496][ T7729] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   87.272336][ T7729] syzkaller0: entered promiscuous mode
[   87.274127][ T7729] syzkaller0: entered allmulticast mode
[   87.283158][ T7729] __nla_validate_parse: 26 callbacks suppressed
[   87.283165][ T7729] netlink: 8 bytes leftover after parsing attributes in process `syz.1.554'.
[   87.353598][ T7728] tipc: Resetting bearer <eth:syzkaller0>
[   87.362877][ T7728] tipc: Disabling bearer <eth:syzkaller0>
[   87.874036][ T7742] netlink: 28 bytes leftover after parsing attributes in process `syz.2.558'.
[   87.900062][ T7724] tipc: Resetting bearer <eth:syzkaller0>
[   87.918491][ T7724] tipc: Disabling bearer <eth:syzkaller0>
[   88.051596][ T7753] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.054994][ T7753] syzkaller0: entered promiscuous mode
[   88.056975][ T7753] syzkaller0: entered allmulticast mode
[   88.065942][ T7753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.563'.
[   88.152307][ T7752] tipc: Resetting bearer <eth:syzkaller0>
[   88.168860][ T7752] tipc: Disabling bearer <eth:syzkaller0>
[   88.175589][ T7759] netlink: 'syz.0.565': attribute type 2 has an invalid length.
[   88.251690][ T7768] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma?
[   88.255772][ T7768] netlink: 14 bytes leftover after parsing attributes in process `syz.2.567'.
[   88.313954][ T7768] bond0 (unregistering): Released all slaves
[   88.336642][ T7770] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.340584][ T7770] syzkaller0: entered promiscuous mode
[   88.342497][ T7770] syzkaller0: entered allmulticast mode
[   88.352280][ T7770] tipc: Resetting bearer <eth:syzkaller0>
[   88.355726][ T7769] tipc: Resetting bearer <eth:syzkaller0>
[   88.364822][ T7769] tipc: Disabling bearer <eth:syzkaller0>
[   88.470594][ T7777] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   88.477040][ T7778] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   88.521927][ T7781] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.526263][ T7781] syzkaller0: entered promiscuous mode
[   88.530433][ T7781] syzkaller0: entered allmulticast mode
[   88.536675][ T7781] netlink: 8 bytes leftover after parsing attributes in process `syz.2.574'.
[   88.550237][ T7784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.572'.
[   88.560384][ T7784] netlink: 8 bytes leftover after parsing attributes in process `syz.0.572'.
[   88.605265][ T7780] tipc: Resetting bearer <eth:syzkaller0>
[   88.640575][ T7780] tipc: Disabling bearer <eth:syzkaller0>
[   88.713417][ T7807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.578'.
[   88.821563][ T7827] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   88.869425][ T7836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.583'.
[   88.872475][ T7836] netlink: 4 bytes leftover after parsing attributes in process `syz.2.583'.
[   89.853656][ T7857] geneve2: entered promiscuous mode
[   89.874576][ T7865] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   89.877152][ T7865] syzkaller0: entered promiscuous mode
[   89.880483][ T7865] syzkaller0: entered allmulticast mode
[   89.894423][ T7861] tipc: Resetting bearer <eth:syzkaller0>
[   89.927281][ T7861] tipc: Disabling bearer <eth:syzkaller0>
[   89.961592][ T7876] ieee802154 phy0 wpan0: encryption failed: -22
[   89.964856][ T7876] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   90.047647][   T33] audit: type=1800 audit(1756946895.406:3): pid=7888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.597" name=CB dev="tmpfs" ino=1157 res=0 errno=0
[   90.271305][ T7913] syzkaller0: entered promiscuous mode
[   90.273133][ T7913] syzkaller0: entered allmulticast mode
[   90.277806][ T7912] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.298201][ T7916] tipc: Resetting bearer <eth:syzkaller0>
[   90.317147][ T7916] tipc: Disabling bearer <eth:syzkaller0>
[   90.482679][ T7948] lo speed is unknown, defaulting to 1000
[   90.484782][ T7948] lo speed is unknown, defaulting to 1000
[   90.492166][ T7948] lo speed is unknown, defaulting to 1000
[   90.498522][ T7948] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   90.505390][ T7948] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   90.531008][ T7948] lo speed is unknown, defaulting to 1000
[   90.534200][ T7948] lo speed is unknown, defaulting to 1000
[   90.542782][ T7948] lo speed is unknown, defaulting to 1000
[   90.621058][ T7956] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.623846][ T7956] syzkaller0: entered promiscuous mode
[   90.625665][ T7956] syzkaller0: entered allmulticast mode
[   90.635515][ T7955] tipc: Resetting bearer <eth:syzkaller0>
[   90.653845][ T7955] tipc: Disabling bearer <eth:syzkaller0>
[   90.670299][ T7957] team0: invalid flags given to default FDB implementation
[   90.690494][ T7963] netlink: 'syz.2.620': attribute type 2 has an invalid length.
[   90.697281][ T7963] k*]: entered promiscuous mode
[   90.771897][ T7978] netlink: 'syz.0.625': attribute type 1 has an invalid length.
[   91.054165][ T8011] sctp: [Deprecated]: syz.2.636 (pid 8011) Use of struct sctp_assoc_value in delayed_ack socket option.
[   91.054165][ T8011] Use struct sctp_sack_info instead
[   91.062739][ T8011] sctp: [Deprecated]: syz.2.636 (pid 8011) Use of struct sctp_assoc_value in delayed_ack socket option.
[   91.062739][ T8011] Use struct sctp_sack_info instead
[   91.179994][ T8021] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   91.182876][ T8021] syzkaller0: entered promiscuous mode
[   91.184915][ T8021] syzkaller0: entered allmulticast mode
[   91.190807][ T8021] tipc: Resetting bearer <eth:syzkaller0>
[   91.227258][ T8020] tipc: Resetting bearer <eth:syzkaller0>
[   91.239908][ T8020] tipc: Disabling bearer <eth:syzkaller0>
[   91.445567][ T8048] lo speed is unknown, defaulting to 1000
[   91.809434][ T8083] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   91.818981][ T8083] syzkaller0: entered promiscuous mode
[   91.821228][ T8083] syzkaller0: entered allmulticast mode
[   91.836244][ T8082] tipc: Resetting bearer <eth:syzkaller0>
[   91.880291][ T8082] tipc: Disabling bearer <eth:syzkaller0>
[   92.168388][ T8113] tun0: tun_chr_ioctl cmd 1074025672
[   92.170299][ T8113] tun0: ignored: set checksum disabled
[   92.172744][ T8113] netlink: 'syz.1.658': attribute type 6 has an invalid length.
[   92.411874][ T8132] __nla_validate_parse: 29 callbacks suppressed
[   92.411891][ T8132] netlink: 56 bytes leftover after parsing attributes in process `syz.0.661'.
[   92.419339][ T8132] netlink: 56 bytes leftover after parsing attributes in process `syz.0.661'.
[   92.489736][ T8132] team0: Device ipip0 is of different type
[   92.737646][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout
[   92.738150][ T5235] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   93.130906][ T8188] netlink: 60 bytes leftover after parsing attributes in process `syz.2.665'.
[   93.392841][ T8215] netlink: 'syz.2.674': attribute type 12 has an invalid length.
[   93.395924][ T8215] netlink: 211856 bytes leftover after parsing attributes in process `syz.2.674'.
[   93.399730][ T8215] netlink: 'syz.2.674': attribute type 12 has an invalid length.
[   93.402708][ T8215] netlink: 211856 bytes leftover after parsing attributes in process `syz.2.674'.
[   93.406222][ T8215] netlink: 'syz.2.674': attribute type 12 has an invalid length.
[   93.409134][ T8215] netlink: 211856 bytes leftover after parsing attributes in process `syz.2.674'.
[   93.412860][ T8215] netlink: 'syz.2.674': attribute type 12 has an invalid length.
[   93.415854][ T8215] netlink: 211856 bytes leftover after parsing attributes in process `syz.2.674'.
[   93.435424][ T8215] netlink: 'syz.2.674': attribute type 12 has an invalid length.
[   93.438945][ T8215] netlink: 211856 bytes leftover after parsing attributes in process `syz.2.674'.
[   93.442385][ T8215] netlink: 'syz.2.674': attribute type 12 has an invalid length.
[   93.445577][ T8215] netlink: 211856 bytes leftover after parsing attributes in process `syz.2.674'.
[   93.509222][ T8226] netlink: 24 bytes leftover after parsing attributes in process `syz.1.677'.
[   93.610295][ T8235] netlink: 'syz.1.680': attribute type 10 has an invalid length.
[   93.616610][ T8235] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[   93.634963][ T8236] vlan2: entered allmulticast mode
[   93.636735][ T8236] bridge0: entered allmulticast mode
[   93.638919][ T8236] bridge2: port 1(vlan2) entered blocking state
[   93.641001][ T8236] bridge2: port 1(vlan2) entered disabled state
[   93.645833][ T8236] vlan2: entered promiscuous mode
[   93.649499][ T8236] bridge0: entered promiscuous mode
[   93.716143][ T8245] gretap0: entered allmulticast mode
[   93.722196][ T8243] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   93.740346][ T8243] tipc: Disabling bearer <eth:syzkaller0>
[   94.245775][ T8295] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   94.249077][ T8295] syzkaller0: entered promiscuous mode
[   94.251142][ T8295] syzkaller0: entered allmulticast mode
[   94.370856][    C1] ==================================================================
[   94.373532][    C1] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x696/0xca0
[   94.376192][    C1] Write of size 8 at addr ffff8881228e0030 by task syz.0.694/8280
[   94.379852][    C1] 
[   94.380696][    C1] CPU: 1 UID: 0 PID: 8280 Comm: syz.0.694 Not tainted syzkaller #0 PREEMPT(full) 
[   94.380706][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   94.380711][    C1] Call Trace:
[   94.380715][    C1]  <IRQ>
[   94.380719][    C1]  dump_stack_lvl+0x189/0x250
[   94.380732][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[   94.380741][    C1]  ? rcu_is_watching+0x15/0xb0
[   94.380748][    C1]  ? __kasan_check_byte+0x12/0x40
[   94.380758][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.380765][    C1]  ? rcu_is_watching+0x15/0xb0
[   94.380771][    C1]  ? lock_release+0x4b/0x3e0
[   94.380781][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[   94.380794][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[   94.380802][    C1]  print_report+0xca/0x240
[   94.380809][    C1]  ? __xfrm_state_delete+0x696/0xca0
[   94.380815][    C1]  kasan_report+0x118/0x150
[   94.380824][    C1]  ? __xfrm_state_delete+0x696/0xca0
[   94.380830][    C1]  __xfrm_state_delete+0x696/0xca0
[   94.380838][    C1]  xfrm_timer_handler+0x18f/0xa00
[   94.380849][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[   94.380858][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   94.380868][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.380878][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   94.380885][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.380894][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[   94.380902][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[   94.380910][    C1]  __hrtimer_run_queues+0x52c/0xc60
[   94.380921][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   94.380927][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   94.380934][    C1]  hrtimer_run_softirq+0x187/0x2b0
[   94.380942][    C1]  handle_softirqs+0x286/0x870
[   94.380948][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[   94.380955][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   94.380962][    C1]  __irq_exit_rcu+0xca/0x1f0
[   94.380967][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   94.380974][    C1]  irq_exit_rcu+0x9/0x30
[   94.380979][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   94.380988][    C1]  </IRQ>
[   94.380990][    C1]  <TASK>
[   94.380992][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   94.381000][    C1] RIP: 0010:__local_bh_enable_ip+0x135/0x1c0
[   94.381007][    C1] Code: 8b e8 9f fa f4 09 65 66 8b 05 4f 98 1b 11 66 85 c0 75 5a bf 01 00 00 00 e8 78 15 0b 00 e8 63 6d 42 00 fb 65 8b 05 2b 98 1b 11 <85> c0 75 05 e8 e2 de ae ff 48 c7 04 24 0e 36 e0 45 4b c7 04 37 00
[   94.381013][    C1] RSP: 0018:ffffc90004f278a0 EFLAGS: 00000286
[   94.381020][    C1] RAX: 0000000080000000 RBX: 0000000000000200 RCX: fcd8c95dde851900
[   94.381025][    C1] RDX: 0000000000000000 RSI: ffffffff8d9b803f RDI: ffffffff8be33800
[   94.381030][    C1] RBP: ffffc90004f27930 R08: ffffffff8fa38f37 R09: 1ffffffff1f471e6
[   94.381034][    C1] R10: dffffc0000000000 R11: fffffbfff1f471e7 R12: ffffffff89a2d717
[   94.381038][    C1] R13: ffffc90004fdd030 R14: dffffc0000000000 R15: 1ffff920009e4f14
[   94.381043][    C1]  ? bpf_test_run+0x197/0x7b0
[   94.381056][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   94.381062][    C1]  ? 0xffffffffa0000818
[   94.381068][    C1]  ? bpf_test_timer_continue+0x136/0x350
[   94.381077][    C1]  ? bpf_test_run+0x197/0x7b0
[   94.381084][    C1]  bpf_test_run+0x376/0x7b0
[   94.381096][    C1]  ? __pfx_bpf_test_run+0x10/0x10
[   94.381107][    C1]  ? slab_build_skb+0x273/0x3e0
[   94.381117][    C1]  ? verify_and_copy_hook_state+0x1f5/0x340
[   94.381123][    C1]  bpf_prog_test_run_nf+0x461/0x830
[   94.381130][    C1]  ? __pfx_bpf_prog_test_run_nf+0x10/0x10
[   94.381136][    C1]  ? __fget_files+0x2a/0x420
[   94.381146][    C1]  ? __fget_files+0x2a/0x420
[   94.381155][    C1]  ? __pfx_bpf_prog_test_run_nf+0x10/0x10
[   94.381183][    C1]  bpf_prog_test_run+0x2c7/0x340
[   94.381194][    C1]  __sys_bpf+0x581/0x870
[   94.381202][    C1]  ? __pfx___sys_bpf+0x10/0x10
[   94.381212][    C1]  ? exc_page_fault+0x76/0xf0
[   94.381219][    C1]  ? __pfx___se_sys_futex+0x10/0x10
[   94.381230][    C1]  __x64_sys_bpf+0x7c/0x90
[   94.381237][    C1]  do_syscall_64+0xfa/0x3b0
[   94.381243][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.381251][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.381257][    C1]  ? exc_page_fault+0x9f/0xf0
[   94.381265][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.381271][    C1] RIP: 0033:0x7f555cb8ebe9
[   94.381276][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.381281][    C1] RSP: 002b:00007f555adf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   94.381288][    C1] RAX: ffffffffffffffda RBX: 00007f555cdc5fa0 RCX: 00007f555cb8ebe9
[   94.381292][    C1] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[   94.381296][    C1] RBP: 00007f555cc11e19 R08: 0000000000000000 R09: 0000000000000000
[   94.381300][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.381304][    C1] R13: 00007f555cdc6038 R14: 00007f555cdc5fa0 R15: 00007ffd192ae768
[   94.381310][    C1]  </TASK>
[   94.381313][    C1] 
[   94.563407][    C1] Allocated by task 6063:
[   94.564984][    C1]  kasan_save_track+0x3e/0x80
[   94.566861][    C1]  __kasan_slab_alloc+0x6c/0x80
[   94.568675][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   94.570622][    C1]  xfrm_state_alloc+0x24/0x2f0
[   94.572473][    C1]  __find_acq_core+0x8a7/0x1c00
[   94.574075][    C1]  xfrm_find_acq+0x78/0xa0
[   94.575730][    C1]  xfrm_alloc_userspi+0x6b3/0xc90
[   94.577445][    C1]  xfrm_user_rcv_msg+0x7a3/0xab0
[   94.579031][    C1]  netlink_rcv_skb+0x208/0x470
[   94.580598][    C1]  xfrm_netlink_rcv+0x79/0x90
[   94.582135][    C1]  netlink_unicast+0x82f/0x9e0
[   94.583825][    C1]  netlink_sendmsg+0x805/0xb30
[   94.585611][    C1]  __sock_sendmsg+0x21c/0x270
[   94.587349][    C1]  ____sys_sendmsg+0x505/0x830
[   94.589107][    C1]  ___sys_sendmsg+0x21f/0x2a0
[   94.590895][    C1]  __x64_sys_sendmsg+0x19b/0x260
[   94.592468][    C1]  do_syscall_64+0xfa/0x3b0
[   94.593995][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.595831][    C1] 
[   94.596600][    C1] Freed by task 5885:
[   94.597883][    C1]  kasan_save_track+0x3e/0x80
[   94.599506][    C1]  kasan_save_free_info+0x46/0x50
[   94.601144][    C1]  __kasan_slab_free+0x5b/0x80
[   94.602716][    C1]  kmem_cache_free+0x18f/0x400
[   94.604277][    C1]  xfrm_state_gc_task+0x52d/0x6b0
[   94.605936][    C1]  process_scheduled_works+0xae1/0x17b0
[   94.607739][    C1]  worker_thread+0x8a0/0xda0
[   94.609240][    C1]  kthread+0x711/0x8a0
[   94.610625][    C1]  ret_from_fork+0x3fc/0x770
[   94.612277][    C1]  ret_from_fork_asm+0x1a/0x30
[   94.613830][    C1] 
[   94.614615][    C1] The buggy address belongs to the object at ffff8881228e0000
[   94.614615][    C1]  which belongs to the cache xfrm_state of size 928
[   94.618974][    C1] The buggy address is located 48 bytes inside of
[   94.618974][    C1]  freed 928-byte region [ffff8881228e0000, ffff8881228e03a0)
[   94.623757][    C1] 
[   94.624635][    C1] The buggy address belongs to the physical page:
[   94.626816][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881228e0480 pfn:0x1228e0
[   94.630190][    C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   94.633097][    C1] anon flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   94.636525][    C1] page_type: f5(slab)
[   94.638045][    C1] raw: 057ff00000000040 ffff888104f23640 0000000000000000 0000000000000001
[   94.641350][    C1] raw: ffff8881228e0480 00000000000e000c 00000000f5000000 0000000000000000
[   94.644541][    C1] head: 057ff00000000040 ffff888104f23640 0000000000000000 0000000000000001
[   94.647657][    C1] head: ffff8881228e0480 00000000000e000c 00000000f5000000 0000000000000000
[   94.650744][    C1] head: 057ff00000000002 ffffea00048a3801 00000000ffffffff 00000000ffffffff
[   94.653803][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   94.657080][    C1] page dumped because: kasan: bad access detected
[   94.659220][    C1] page_owner tracks the page as allocated
[   94.661529][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6063, tgid 6062 (syz.0.34), ts 61262161603, free_ts 57673626567
[   94.667799][    C1]  post_alloc_hook+0x240/0x2a0
[   94.669435][    C1]  get_page_from_freelist+0x21e4/0x22c0
[   94.671284][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[   94.673220][    C1]  alloc_pages_mpol+0x232/0x4a0
[   94.674811][    C1]  allocate_slab+0x8a/0x370
[   94.676387][    C1]  ___slab_alloc+0xbeb/0x1410
[   94.677950][    C1]  kmem_cache_alloc_noprof+0x283/0x3c0
[   94.679859][    C1]  xfrm_state_alloc+0x24/0x2f0
[   94.681821][    C1]  __find_acq_core+0x8a7/0x1c00
[   94.683594][    C1]  xfrm_find_acq+0x78/0xa0
[   94.685107][    C1]  xfrm_alloc_userspi+0x6b3/0xc90
[   94.686805][    C1]  xfrm_user_rcv_msg+0x7a3/0xab0
[   94.688698][    C1]  netlink_rcv_skb+0x208/0x470
[   94.690592][    C1]  xfrm_netlink_rcv+0x79/0x90
[   94.692177][    C1]  netlink_unicast+0x82f/0x9e0
[   94.693977][    C1]  netlink_sendmsg+0x805/0xb30
[   94.695689][    C1] page last free pid 5850 tgid 5850 stack trace:
[   94.698032][    C1]  __free_frozen_pages+0xbc4/0xd30
[   94.699844][    C1]  __put_partials+0x156/0x1a0
[   94.701499][    C1]  put_cpu_partial+0x17c/0x250
[   94.703193][    C1]  __slab_free+0x2d5/0x3c0
[   94.704841][    C1]  qlist_free_all+0x97/0x140
[   94.706446][    C1]  kasan_quarantine_reduce+0x148/0x160
[   94.708469][    C1]  __kasan_slab_alloc+0x22/0x80
[   94.710326][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   94.712371][    C1]  getname_flags+0xb8/0x540
[   94.714041][    C1]  do_sys_openat2+0xbc/0x1c0
[   94.715680][    C1]  __x64_sys_openat+0x138/0x170
[   94.717239][    C1]  do_syscall_64+0xfa/0x3b0
[   94.718742][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.720900][    C1] 
[   94.721913][    C1] Memory state around the buggy address:
[   94.724190][    C1]  ffff8881228dff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   94.727701][    C1]  ffff8881228dff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   94.731050][    C1] >ffff8881228e0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.734330][    C1]                                      ^
[   94.736592][    C1]  ffff8881228e0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.739899][    C1]  ffff8881228e0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.743241][    C1] ==================================================================
[   94.746855][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   94.749843][    C1] CPU: 1 UID: 0 PID: 8280 Comm: syz.0.694 Not tainted syzkaller #0 PREEMPT(full) 
[   94.753226][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   94.756769][    C1] Call Trace:
[   94.758051][    C1]  <IRQ>
[   94.759248][    C1]  dump_stack_lvl+0x99/0x250
[   94.761219][    C1]  ? __asan_memcpy+0x40/0x70
[   94.763188][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.765368][    C1]  ? __pfx__printk+0x10/0x10
[   94.767332][    C1]  vpanic+0x281/0x750
[   94.769017][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   94.771153][    C1]  ? __pfx_vpanic+0x10/0x10
[   94.773057][    C1]  ? irqentry_exit+0x74/0x90
[   94.775003][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.777139][    C1]  panic+0xb9/0xc0
[   94.778712][    C1]  ? __pfx_panic+0x10/0x10
[   94.780536][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   94.782952][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.785531][    C1]  ? __xfrm_state_delete+0x696/0xca0
[   94.787753][    C1]  check_panic_on_warn+0x89/0xb0
[   94.789828][    C1]  ? __xfrm_state_delete+0x696/0xca0
[   94.792039][    C1]  end_report+0x78/0x160
[   94.793852][    C1]  kasan_report+0x129/0x150
[   94.795740][    C1]  ? __xfrm_state_delete+0x696/0xca0
[   94.797899][    C1]  __xfrm_state_delete+0x696/0xca0
[   94.800106][    C1]  xfrm_timer_handler+0x18f/0xa00
[   94.802279][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[   94.804665][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   94.807117][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.809259][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   94.811701][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.814368][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[   94.816729][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[   94.819057][    C1]  __hrtimer_run_queues+0x52c/0xc60
[   94.821138][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   94.823017][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   94.824999][    C1]  hrtimer_run_softirq+0x187/0x2b0
[   94.826677][    C1]  handle_softirqs+0x286/0x870
[   94.828434][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[   94.830282][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   94.832503][    C1]  __irq_exit_rcu+0xca/0x1f0
[   94.834329][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[   94.836361][    C1]  irq_exit_rcu+0x9/0x30
[   94.838076][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   94.840372][    C1]  </IRQ>
[   94.841631][    C1]  <TASK>
[   94.842915][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   94.845357][    C1] RIP: 0010:__local_bh_enable_ip+0x135/0x1c0
[   94.847890][    C1] Code: 8b e8 9f fa f4 09 65 66 8b 05 4f 98 1b 11 66 85 c0 75 5a bf 01 00 00 00 e8 78 15 0b 00 e8 63 6d 42 00 fb 65 8b 05 2b 98 1b 11 <85> c0 75 05 e8 e2 de ae ff 48 c7 04 24 0e 36 e0 45 4b c7 04 37 00
[   94.855925][    C1] RSP: 0018:ffffc90004f278a0 EFLAGS: 00000286
[   94.858445][    C1] RAX: 0000000080000000 RBX: 0000000000000200 RCX: fcd8c95dde851900
[   94.861714][    C1] RDX: 0000000000000000 RSI: ffffffff8d9b803f RDI: ffffffff8be33800
[   94.865054][    C1] RBP: ffffc90004f27930 R08: ffffffff8fa38f37 R09: 1ffffffff1f471e6
[   94.868269][    C1] R10: dffffc0000000000 R11: fffffbfff1f471e7 R12: ffffffff89a2d717
[   94.871553][    C1] R13: ffffc90004fdd030 R14: dffffc0000000000 R15: 1ffff920009e4f14
[   94.874824][    C1]  ? bpf_test_run+0x197/0x7b0
[   94.876862][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   94.879245][    C1]  ? 0xffffffffa0000818
[   94.880994][    C1]  ? bpf_test_timer_continue+0x136/0x350
[   94.883370][    C1]  ? bpf_test_run+0x197/0x7b0
[   94.885370][    C1]  bpf_test_run+0x376/0x7b0
[   94.887322][    C1]  ? __pfx_bpf_test_run+0x10/0x10
[   94.889450][    C1]  ? slab_build_skb+0x273/0x3e0
[   94.891474][    C1]  ? verify_and_copy_hook_state+0x1f5/0x340
[   94.893967][    C1]  bpf_prog_test_run_nf+0x461/0x830
[   94.896148][    C1]  ? __pfx_bpf_prog_test_run_nf+0x10/0x10
[   94.898524][    C1]  ? __fget_files+0x2a/0x420
[   94.900473][    C1]  ? __fget_files+0x2a/0x420
[   94.902447][    C1]  ? __pfx_bpf_prog_test_run_nf+0x10/0x10
[   94.904809][    C1]  bpf_prog_test_run+0x2c7/0x340
[   94.906902][    C1]  __sys_bpf+0x581/0x870
[   94.908672][    C1]  ? __pfx___sys_bpf+0x10/0x10
[   94.910714][    C1]  ? exc_page_fault+0x76/0xf0
[   94.912507][    C1]  ? __pfx___se_sys_futex+0x10/0x10
[   94.914416][    C1]  __x64_sys_bpf+0x7c/0x90
[   94.915859][    C1]  do_syscall_64+0xfa/0x3b0
[   94.917585][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.919753][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.922379][    C1]  ? exc_page_fault+0x9f/0xf0
[   94.924463][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.926947][    C1] RIP: 0033:0x7f555cb8ebe9
[   94.928815][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.936718][    C1] RSP: 002b:00007f555adf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   94.940151][    C1] RAX: ffffffffffffffda RBX: 00007f555cdc5fa0 RCX: 00007f555cb8ebe9
[   94.943365][    C1] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[   94.946628][    C1] RBP: 00007f555cc11e19 R08: 0000000000000000 R09: 0000000000000000
[   94.949811][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.952978][    C1] R13: 00007f555cdc6038 R14: 00007f555cdc5fa0 R15: 00007ffd192ae768
[   94.956275][    C1]  </TASK>
[   94.958352][    C1] Kernel Offset: disabled
[   94.960126][    C1] Rebooting in 86400 seconds..

VM DIAGNOSIS:
00:48:19  Registers:
info registers vcpu 0

CPU#0
RAX=f64c43b2d9c7e400 RBX=ffffffff819683c8 RCX=f64c43b2d9c7e400 RDX=0000000000000001
RSI=ffffffff8d9b803f RDI=ffffffff8be33800 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa38f30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b79c3f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8618000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f90583a4fc8 CR3=00000000220d0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f555cd97498 00007f555cd97470 XMM03=00007f555cd974a8 00007f555cd974a0
XMM04=00007f555d8fd100 00007f555cd97460 XMM05=00007f555cd97478 00007f555cd974c0
XMM06=00007f555cd974b8 00007f555cd974b0 XMM07=00007f555cd974a8 00007f555cd974a0
XMM08=0000000000000000 00007f555cc12ee7 XMM09=0000000000000000 00007f555cc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000038 RBX=0000000000000038 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001e03b0
R8 =ffff88801f6b8237 R9 =1ffff11003ed7046 R10=dffffc0000000000 R11=ffffffff854f38c0
R12=dffffc0000000000 R13=ffffffff99afd8f6 R14=ffffffff99df2420 R15=0000000000000000
RIP=ffffffff854f393c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f555adf66c0 ffffffff 00c00000
GS =0000 ffff8881a3c18000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f90583a5d58 CR3=00000000220d0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007f9057612e53
XMM06=0000000000000000 00007f9057612e4d XMM07=0000000000000000 00007f9057612e61
XMM08=0000000000000000 00007f9057612ee7 XMM09=0000000000000000 00007f9057612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
