last executing test programs:

1.279133278s ago: executing program 1 (id=252):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000200)=ANY=[@ANYBLOB='b 122'], 0xa)

1.21242935s ago: executing program 1 (id=254):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv4_getnetconf={0x1c, 0x52, 0x401, 0x0, 0x0, {}, [@NETCONFA_PROXY_NEIGH={0x8}]}, 0x1c}}, 0x0)

1.1229557s ago: executing program 1 (id=256):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@remote, 0x8000000, 0x0, 0xff, 0x1, 0x66}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@local, 0x8000000, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x20)

1.077653622s ago: executing program 0 (id=257):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x20, 0x15, 0xa, 0x201, 0x0, 0x0, {}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0xc0}, 0x240408d8)

1.075866379s ago: executing program 1 (id=258):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0)

955.707131ms ago: executing program 1 (id=259):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x6)
accept4(r0, 0x0, 0x0, 0x80800)
shutdown(r0, 0x0)

955.35193ms ago: executing program 0 (id=260):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x8918, &(0x7f0000000100))

876.813536ms ago: executing program 2 (id=261):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001"], 0xb8}}, 0x0)
r1 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40088a01, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000600)={0x40000008})
sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000006c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="01000300"], 0x28}, 0x1, 0x40030000000000, 0x0, 0x4}, 0x0)

876.407333ms ago: executing program 0 (id=262):
socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={0x0, 0xc0}, 0x1, 0x0, 0x0, 0x1}, 0x40004)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002e80)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r4, {0xffe0}, {}, {0xfff3, 0xfff3}}, [@TCA_CHAIN={0x8, 0xb, 0x4}, @filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0xe8728ce82d5df8ab}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
r9 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0xe, 0x4}, {}, {0xfff2, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x3ff, 0x20000008, 0x6, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x400, 0x1, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0)

876.039233ms ago: executing program 1 (id=263):
socket$netlink(0x10, 0x3, 0x9)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000014000100000080000000000007000080080002"], 0x1c}], 0x1}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x5, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1}, @ldst={0x2, 0x0, 0x3, 0x0, 0x0, 0x2}]}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5}, 0x94)
ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}, @TCA_NETEM_RATE64={0xc, 0x8, 0x4526dd370cbcddac}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r8, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r9 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r9, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r9, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

819.170467ms ago: executing program 2 (id=264):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000c"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

767.018326ms ago: executing program 2 (id=265):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xc8}}, 0x0)

766.813073ms ago: executing program 2 (id=266):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a0904000000000000000002000000580004803c0001800e000100696d6d656469617465000000280002801c0002801800028009000200737996320000000008000180fffffffc0800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a32"], 0xac}}, 0x0)

757.554526ms ago: executing program 0 (id=267):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x60, 0x2, 0x6, 0x101, 0x0, 0x0, {0x1}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x5}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x9}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0xc0d1}, 0x0)

677.553247ms ago: executing program 0 (id=268):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000140)}], 0x2}], 0x1, 0x40800)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000029000000", @ANYRES16=r0], 0x18}, 0x40c0)

676.876695ms ago: executing program 2 (id=269):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000140), 0x12)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000c79c7b19d5808847000000000000000000000002849d58ce7f2e82712ebe7944e60bbda2fa2ce0d411b54ff2e999ac51e1e91c6c01eb27270a1f72b67a7cff6e6021a40aa363d8a748ccb0a47e29d2bbdb14dff5606c8b2371cba2900d15f529e6108df3d0921d9f065e7b6cc722fd5ef2c81296cc96e7e2ee523fb5756a7547e6789476f92c914952a2b3ce1e7fa5b18fc819da184e794dac3584"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000280), &(0x7f0000000000)=""/3, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000100), &(0x7f0000000000), 0x2}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xffffffffffffff7b)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, 0x0, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x480, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
socket(0x2, 0x80805, 0x0)
sendmsg(r0, &(0x7f0000006800)={0x0, 0x0, 0x0}, 0x810)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000006240))
recvmmsg(r0, &(0x7f0000006080), 0x0, 0x10142, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)

656.381189ms ago: executing program 0 (id=270):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r5, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000002c0)=0x14)
bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r6, 0x8914, &(0x7f0000000000))
r7 = syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
setsockopt$ax25_SO_BINDTODEVICE(r7, 0x101, 0x19, 0x0, 0x0)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
r8 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r8, 0x114, 0xa, &(0x7f0000000180), 0x1)
r9 = accept4(r1, 0x0, &(0x7f0000000300), 0x800)
setsockopt$inet6_IPV6_RTHDR(r9, 0x29, 0x39, &(0x7f0000000340)={0x33, 0x12, 0x2, 0x2, 0x0, [@empty, @mcast1, @dev={0xfe, 0x80, '\x00', 0x38}, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x98)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)

0s ago: executing program 2 (id=271):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e21, 0x7f, @private2, 0x1}, 0x1c)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:56355' (ED25519) to the list of known hosts.
syzkaller login: [   55.487456][ T5837] cgroup: Unknown subsys name 'net'
[   55.572043][ T5837] cgroup: Unknown subsys name 'cpuset'
[   55.576183][ T5837] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   56.911107][ T5837] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   60.642450][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   60.646001][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   60.649241][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   60.653518][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   60.656906][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   60.671638][ T5235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   60.675783][ T5235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   60.699123][ T5860] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   60.702523][ T5860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   60.704303][ T5862] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   60.705297][ T5860] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   60.710729][ T5860] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   60.713190][ T5860] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   60.724276][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   60.727266][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   60.923781][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   61.106130][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.108414][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.111757][ T5854] bridge_slave_0: entered allmulticast mode
[   61.115388][ T5854] bridge_slave_0: entered promiscuous mode
[   61.135026][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.137414][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.139969][ T5854] bridge_slave_1: entered allmulticast mode
[   61.143342][ T5854] bridge_slave_1: entered promiscuous mode
[   61.165480][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   61.201911][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.212506][ T5856] chnl_net:caif_netlink_parms(): no params data found
[   61.222066][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.302160][ T5854] team0: Port device team_slave_0 added
[   61.317762][ T5854] team0: Port device team_slave_1 added
[   61.360318][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.363708][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.366593][ T5851] bridge_slave_0: entered allmulticast mode
[   61.372037][ T5851] bridge_slave_0: entered promiscuous mode
[   61.407988][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.412727][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.415695][ T5851] bridge_slave_1: entered allmulticast mode
[   61.419092][ T5851] bridge_slave_1: entered promiscuous mode
[   61.423260][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.425886][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.436334][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.441582][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.444120][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.446363][ T5856] bridge_slave_0: entered allmulticast mode
[   61.449283][ T5856] bridge_slave_0: entered promiscuous mode
[   61.462194][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.464890][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.474037][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.477730][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.480702][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.483055][ T5856] bridge_slave_1: entered allmulticast mode
[   61.486213][ T5856] bridge_slave_1: entered promiscuous mode
[   61.521816][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.527014][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.533993][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.539357][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.596450][ T5854] hsr_slave_0: entered promiscuous mode
[   61.600651][ T5854] hsr_slave_1: entered promiscuous mode
[   61.616657][ T5851] team0: Port device team_slave_0 added
[   61.620786][ T5856] team0: Port device team_slave_0 added
[   61.625527][ T5856] team0: Port device team_slave_1 added
[   61.642856][ T5851] team0: Port device team_slave_1 added
[   61.686600][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.689359][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.701056][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.712049][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.714818][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.725632][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.731730][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.734596][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.745358][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.751181][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.753884][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.764251][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.869420][ T5851] hsr_slave_0: entered promiscuous mode
[   61.873393][ T5851] hsr_slave_1: entered promiscuous mode
[   61.876217][ T5851] debugfs: 'hsr0' already exists in 'hsr'
[   61.878594][ T5851] Cannot create hsr debugfs directory
[   61.896069][ T5856] hsr_slave_0: entered promiscuous mode
[   61.898347][ T5856] hsr_slave_1: entered promiscuous mode
[   61.901759][ T5856] debugfs: 'hsr0' already exists in 'hsr'
[   61.903851][ T5856] Cannot create hsr debugfs directory
[   62.157790][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   62.167131][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   62.174421][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   62.188297][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.230563][ T5851] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   62.240370][ T5851] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   62.261402][ T5851] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   62.289757][ T5851] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   62.342194][ T5856] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   62.350839][ T5856] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   62.357247][ T5856] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   62.374955][ T5856] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.473714][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.507160][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   62.518403][ T1233] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.521317][ T1233] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.545859][ T1233] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.548472][ T1233] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.558099][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.574720][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.608458][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   62.622112][ T5856] 8021q: adding VLAN 0 to HW filter on device team0
[   62.627837][ T1233] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.630489][ T1233] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.643569][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.646593][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.654359][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.657343][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.700140][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.703071][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.750850][ T5855] Bluetooth: hci1: command tx timeout
[   62.753224][ T5860] Bluetooth: hci2: command tx timeout
[   62.755124][ T5858] Bluetooth: hci0: command tx timeout
[   62.764696][ T5856] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   62.768830][ T5856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.810029][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.857062][ T5854] veth0_vlan: entered promiscuous mode
[   62.874029][ T5854] veth1_vlan: entered promiscuous mode
[   62.907515][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.921951][ T5854] veth0_macvtap: entered promiscuous mode
[   62.952112][ T5854] veth1_macvtap: entered promiscuous mode
[   62.976884][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.991164][ T5856] veth0_vlan: entered promiscuous mode
[   62.997272][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.010609][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.016587][ T5856] veth1_vlan: entered promiscuous mode
[   63.033154][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.036699][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.051667][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.066621][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.113168][ T5856] veth0_macvtap: entered promiscuous mode
[   63.122889][ T5856] veth1_macvtap: entered promiscuous mode
[   63.131175][ T5851] veth0_vlan: entered promiscuous mode
[   63.159195][ T5851] veth1_vlan: entered promiscuous mode
[   63.175188][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.185819][ T1233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.188976][ T1233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.208429][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.241138][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.248741][ T1233] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.254351][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.257736][ T1233] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.275221][ T5851] veth0_macvtap: entered promiscuous mode
[   63.278882][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.283194][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.304982][ T5851] veth1_macvtap: entered promiscuous mode
[   63.331424][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   63.357263][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.375866][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.420269][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.424029][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.435642][ T1233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.436136][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.438846][ T1233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.461861][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.523934][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.526575][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.560984][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.566469][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.589256][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.593327][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.967656][ T5945] netlink: 826 bytes leftover after parsing attributes in process `syz.1.11'.
[   64.650477][ T5982] tipc: Started in network mode
[   64.653446][ T5982] tipc: Node identity 468662cc40a3, cluster identity 4711
[   64.657147][ T5982] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   64.672840][ T5982] syzkaller0: entered promiscuous mode
[   64.682290][ T5982] syzkaller0: entered allmulticast mode
[   64.751559][ T5982] tipc: Resetting bearer <eth:syzkaller0>
[   64.793412][ T5981] tipc: Resetting bearer <eth:syzkaller0>
[   64.827806][ T5981] tipc: Disabling bearer <eth:syzkaller0>
[   64.830411][ T5855] Bluetooth: hci1: command tx timeout
[   64.830451][ T5855] Bluetooth: hci0: command tx timeout
[   64.830475][ T5855] Bluetooth: hci2: command tx timeout
[   65.065788][ T5999] syz.0.36 (5999) used greatest stack depth: 19160 bytes left
[   65.427240][ T6029] netlink: 'syz.2.51': attribute type 10 has an invalid length.
[   65.444782][ T6029] team0: Device ipvlan1 failed to register rx_handler
[   65.619167][ T6042] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   65.903776][ T6064] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   65.907152][ T6064] syzkaller0: entered promiscuous mode
[   65.913619][ T6064] syzkaller0: entered allmulticast mode
[   65.979320][ T6064] tipc: Resetting bearer <eth:syzkaller0>
[   65.996615][ T6062] tipc: Resetting bearer <eth:syzkaller0>
[   66.004746][ T6062] tipc: Disabling bearer <eth:syzkaller0>
[   66.005698][ T6073] sock: sock_timestamping_bind_phc: sock not bind to device
[   66.184192][ T6075] netlink: 4 bytes leftover after parsing attributes in process `syz.2.69'.
[   66.327733][ T6087] netlink: 332 bytes leftover after parsing attributes in process `syz.0.74'.
[   66.332312][ T6087] netlink: 104 bytes leftover after parsing attributes in process `syz.0.74'.
[   66.335935][ T6087] netlink: 32 bytes leftover after parsing attributes in process `syz.0.74'.
[   66.378645][ T6091] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   66.662811][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.86'.
[   66.912402][ T5858] Bluetooth: hci2: command tx timeout
[   66.915571][ T5855] Bluetooth: hci0: command tx timeout
[   66.918369][ T5858] Bluetooth: hci1: command tx timeout
[   67.194823][ T6154] netlink: 'syz.1.108': attribute type 1 has an invalid length.
[   67.198273][ T6154] netlink: 244 bytes leftover after parsing attributes in process `syz.1.108'.
[   67.260872][ T6156] Zero length message leads to an empty skb
[   67.339209][ T6156] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.392179][ T6170] sctp: [Deprecated]: syz.1.114 (pid 6170) Use of int in max_burst socket option.
[   67.392179][ T6170] Use struct sctp_assoc_value instead
[   67.395533][ T6167] syz.0.113 uses obsolete (PF_INET,SOCK_PACKET)
[   67.420761][ T6173] netlink: 'syz.1.115': attribute type 1 has an invalid length.
[   67.445817][ T6156] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.486580][ T6173] 8021q: adding VLAN 0 to HW filter on device bond1
[   67.510882][ T6176] 8021q: adding VLAN 0 to HW filter on device bond1
[   67.514127][ T6176] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[   67.520795][ T6176] bond1: (slave vcan1): Error -95 calling set_mac_address
[   67.547445][ T6156] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.577911][ T6173] gretap1: entered promiscuous mode
[   67.588477][ T6173] bond1: (slave gretap1): making interface the new active one
[   67.594707][ T6173] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   67.611742][ T6156] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.641307][ T6176] macvlan2: entered promiscuous mode
[   67.643759][ T6176] macvlan2: entered allmulticast mode
[   67.646875][ T6176] bond1: entered promiscuous mode
[   67.650662][ T6176] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   67.660405][ T6176] bond1: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1
[   67.666174][ T6176] bond1: left promiscuous mode
[   67.717127][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.739011][ T5865] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.781162][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.801803][ T5865] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.015037][ T6200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.120'.
[   68.034277][ T6200] block nbd0: not configured, cannot reconfigure
[   68.193827][ T6208] netlink: 'syz.0.125': attribute type 4 has an invalid length.
[   68.451365][ T6226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.133'.
[   68.559672][ T6231] netlink: 'syz.0.135': attribute type 4 has an invalid length.
[   68.569152][ T6231] netlink: 17 bytes leftover after parsing attributes in process `syz.0.135'.
[   68.980785][ T6260] __nla_validate_parse: 1 callbacks suppressed
[   68.980799][ T6260] netlink: 8 bytes leftover after parsing attributes in process `syz.0.149'.
[   68.990117][ T5858] Bluetooth: hci1: command tx timeout
[   68.992564][ T5858] Bluetooth: hci0: command tx timeout
[   68.994847][ T5858] Bluetooth: hci2: command tx timeout
[   69.024001][ T6264] netlink: 76 bytes leftover after parsing attributes in process `syz.1.152'.
[   69.038995][ T6260] Driver unsupported XDP return value 0 on prog  (id 20) dev N/A, expect packet loss!
[   69.293671][ T6281] tipc: Started in network mode
[   69.297175][ T6281] tipc: Node identity fe6d0f88910c, cluster identity 4711
[   69.302096][ T6281] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   69.306506][ T6281] syzkaller0: entered promiscuous mode
[   69.309259][ T6281] syzkaller0: entered allmulticast mode
[   69.341702][ T6281] tipc: Resetting bearer <eth:syzkaller0>
[   69.348552][ T6278] tipc: Resetting bearer <eth:syzkaller0>
[   69.358079][ T6278] tipc: Disabling bearer <eth:syzkaller0>
[   69.521676][   T55] block nbd0: Receive control failed (result -32)
[   69.650245][ T6299] "syz.2.167" (6299) uses obsolete ecb(arc4) skcipher
[   69.776128][ T6315] netlink: 'syz.2.172': attribute type 1 has an invalid length.
[   69.779282][ T6315] netlink: 224 bytes leftover after parsing attributes in process `syz.2.172'.
[   69.801670][ T6318] sctp: [Deprecated]: syz.1.174 (pid 6318) Use of int in maxseg socket option.
[   69.801670][ T6318] Use struct sctp_assoc_value instead
[   69.928363][ T6324] netlink: 'syz.0.177': attribute type 1 has an invalid length.
[   69.931822][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.0.177'.
[   70.083840][ T6336] netlink: 'syz.1.182': attribute type 39 has an invalid length.
[   70.101512][ T6336] veth0_macvtap: left promiscuous mode
[   70.138695][ T6339] netlink: 12 bytes leftover after parsing attributes in process `syz.0.184'.
[   70.321985][ T6351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.190'.
[   70.325152][ T6351] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'.
[   70.407176][ T6357] netlink: 28 bytes leftover after parsing attributes in process `syz.1.193'.
[   70.696501][ T6382] netlink: 'syz.0.202': attribute type 2 has an invalid length.
[   70.900687][ T6391] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   70.906971][ T6391] syzkaller0: entered promiscuous mode
[   70.909269][ T6391] syzkaller0: entered allmulticast mode
[   70.942917][ T6391] tipc: Resetting bearer <eth:syzkaller0>
[   70.963276][ T6390] tipc: Resetting bearer <eth:syzkaller0>
[   70.981319][ T6390] tipc: Disabling bearer <eth:syzkaller0>
[   71.119401][ T6407] netlink: 'syz.2.213': attribute type 10 has an invalid length.
[   71.138182][ T6407] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   71.161710][ T6407] batman_adv: batadv0: Removing interface: batadv_slave_0
[   71.173115][ T6407] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[   71.236106][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.238886][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.289921][    T9] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[   71.391648][   T13] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[   71.419638][ T5904] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[   71.540537][ T5904] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[   71.829359][ T6445] openvswitch: netlink: Missing valid actions attribute.
[   71.833113][ T6445] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   71.872965][ T5904] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[   72.354406][ T6483] IPVS: set_ctl: invalid protocol: 137 172.20.20.187:20004
[   72.386735][ T6491] netlink: 24 bytes leftover after parsing attributes in process `syz.2.251'.
[   72.429799][   T13] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[   72.432770][   T13] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[   72.456864][ T6496] netlink: 56 bytes leftover after parsing attributes in process `syz.2.253'.
[   72.461907][ T6483] nbd1: detected capacity change from 0 to 127
[   72.466636][   T56] block nbd1: Receive control failed (result -32)
[   72.468479][ T5852] block nbd1: Send control failed (result -32)
[   72.472971][ T5852] block nbd1: Request send failed, requeueing
[   72.476824][   T60] block nbd1: Dead connection, failed to find a fallback
[   72.480112][   T60] block nbd1: shutting down sockets
[   72.483524][   T60] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.487492][   T60] Buffer I/O error on dev nbd1, logical block 0, async page read
[   72.491869][ T5852] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.495661][ T5852] Buffer I/O error on dev nbd1, logical block 1, async page read
[   72.499102][ T5852] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.503880][ T5852] Buffer I/O error on dev nbd1, logical block 2, async page read
[   72.507613][ T5852] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.514837][ T5852] Buffer I/O error on dev nbd1, logical block 3, async page read
[   72.518397][ T5852] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.529647][ T5852] Buffer I/O error on dev nbd1, logical block 0, async page read
[   72.532941][ T5852] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.536743][ T5852] Buffer I/O error on dev nbd1, logical block 1, async page read
[   72.540488][ T5852] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.549538][ T5852] Buffer I/O error on dev nbd1, logical block 2, async page read
[   72.552933][ T5852] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.556837][ T5852] Buffer I/O error on dev nbd1, logical block 3, async page read
[   72.560807][ T5852] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.565150][ T5852] Buffer I/O error on dev nbd1, logical block 0, async page read
[   72.568494][ T5852] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.572561][ T5852] Buffer I/O error on dev nbd1, logical block 1, async page read
[   72.582558][ T5852] ldm_validate_partition_table(): Disk read failed.
[   72.588559][ T5852] Dev nbd1: unable to read RDB block 0
[   72.593394][ T5852]  nbd1: unable to read partition table
[   72.603194][ T5852] ldm_validate_partition_table(): Disk read failed.
[   72.615403][ T5852] Dev nbd1: unable to read RDB block 0
[   72.628949][ T5852]  nbd1: unable to read partition table
[   72.656314][ T6505] netlink: 'syz.2.255': attribute type 1 has an invalid length.
[   72.694649][ T6505] bond1 (unregistering): Released all slaves
[   72.701471][ T5256] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[   73.734144][ T6524] ==================================================================
[   73.737763][ T6524] BUG: KASAN: slab-use-after-free in rose_transmit_link+0x5c3/0x740
[   73.740941][ T6524] Read of size 1 at addr ffff888027349032 by task syz.1.263/6524
[   73.744925][ T6524] 
[   73.745949][ T6524] CPU: 1 UID: 0 PID: 6524 Comm: syz.1.263 Not tainted syzkaller #0 PREEMPT(full) 
[   73.745966][ T6524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   73.745974][ T6524] Call Trace:
[   73.745980][ T6524]  <TASK>
[   73.745986][ T6524]  dump_stack_lvl+0x189/0x250
[   73.746004][ T6524]  ? __virt_addr_valid+0x1c8/0x5c0
[   73.746020][ T6524]  ? rcu_is_watching+0x15/0xb0
[   73.746032][ T6524]  ? __kasan_check_byte+0x12/0x40
[   73.746059][ T6524]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.746074][ T6524]  ? rcu_is_watching+0x15/0xb0
[   73.746085][ T6524]  ? lock_release+0x4b/0x3e0
[   73.746102][ T6524]  ? __virt_addr_valid+0x1c8/0x5c0
[   73.746115][ T6524]  ? __virt_addr_valid+0x4a5/0x5c0
[   73.746128][ T6524]  print_report+0xca/0x240
[   73.746138][ T6524]  ? rose_transmit_link+0x5c3/0x740
[   73.746150][ T6524]  kasan_report+0x118/0x150
[   73.746166][ T6524]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[   73.746183][ T6524]  ? rose_transmit_link+0x5c3/0x740
[   73.746197][ T6524]  rose_transmit_link+0x5c3/0x740
[   73.746209][ T6524]  ? skb_put+0x11b/0x210
[   73.746221][ T6524]  rose_write_internal+0x11dc/0x1ac0
[   73.746240][ T6524]  ? __pfx_rose_write_internal+0x10/0x10
[   73.746254][ T6524]  ? __timer_delete+0x5d/0x390
[   73.746272][ T6524]  rose_release+0x24e/0x520
[   73.746283][ T6524]  sock_close+0xc3/0x240
[   73.746299][ T6524]  ? __pfx_sock_close+0x10/0x10
[   73.746310][ T6524]  __fput+0x44c/0xa70
[   73.746325][ T6524]  task_work_run+0x1d4/0x260
[   73.746341][ T6524]  ? __pfx_task_work_run+0x10/0x10
[   73.746356][ T6524]  ? task_work_add+0x377/0x420
[   73.746371][ T6524]  ? __pfx_task_work_add+0x10/0x10
[   73.746387][ T6524]  get_signal+0x11ed/0x1340
[   73.746403][ T6524]  arch_do_signal_or_restart+0x9a/0x750
[   73.746422][ T6524]  ? __pfx___sys_connect+0x10/0x10
[   73.746438][ T6524]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   73.746488][ T6524]  ? exit_to_user_mode_loop+0x40/0x110
[   73.746506][ T6524]  exit_to_user_mode_loop+0x75/0x110
[   73.746523][ T6524]  do_syscall_64+0x2bd/0x3b0
[   73.746539][ T6524]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.746552][ T6524]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.746564][ T6524]  ? exc_page_fault+0x9f/0xf0
[   73.746579][ T6524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.746590][ T6524] RIP: 0033:0x7f4acaf8ebe9
[   73.746601][ T6524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.746611][ T6524] RSP: 002b:00007f4acbec1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   73.746625][ T6524] RAX: fffffffffffffe00 RBX: 00007f4acb1b5fa0 RCX: 00007f4acaf8ebe9
[   73.746635][ T6524] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 000000000000000e
[   73.746643][ T6524] RBP: 00007f4acb011e19 R08: 0000000000000000 R09: 0000000000000000
[   73.746650][ T6524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.746658][ T6524] R13: 00007f4acb1b6038 R14: 00007f4acb1b5fa0 R15: 00007ffef3c900b8
[   73.746670][ T6524]  </TASK>
[   73.746675][ T6524] 
[   73.867258][ T6524] Allocated by task 6524:
[   73.868989][ T6524]  kasan_save_track+0x3e/0x80
[   73.870966][ T6524]  __kasan_kmalloc+0x93/0xb0
[   73.872872][ T6524]  __kmalloc_cache_noprof+0x230/0x3d0
[   73.875144][ T6524]  rose_add_node+0x23a/0xde0
[   73.877079][ T6524]  rose_rt_ioctl+0xa48/0xfb0
[   73.879008][ T6524]  rose_ioctl+0x3ce/0x8b0
[   73.880587][ T6524]  sock_do_ioctl+0xdc/0x300
[   73.882231][ T6524]  sock_ioctl+0x576/0x790
[   73.883978][ T6524]  __se_sys_ioctl+0xfc/0x170
[   73.885565][ T6524]  do_syscall_64+0xfa/0x3b0
[   73.887300][ T6524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.889340][ T6524] 
[   73.890262][ T6524] Freed by task 6538:
[   73.891867][ T6524]  kasan_save_track+0x3e/0x80
[   73.893781][ T6524]  kasan_save_free_info+0x46/0x50
[   73.895913][ T6524]  __kasan_slab_free+0x5b/0x80
[   73.897900][ T6524]  kfree+0x18e/0x440
[   73.899637][ T6524]  rose_rt_device_down+0x473/0x4c0
[   73.901806][ T6524]  rose_device_event+0x603/0x6a0
[   73.903887][ T6524]  notifier_call_chain+0x1b6/0x3e0
[   73.906081][ T6524]  __dev_notify_flags+0x18d/0x2e0
[   73.908225][ T6524]  netif_change_flags+0xe8/0x1a0
[   73.910354][ T6524]  dev_change_flags+0x130/0x260
[   73.912383][ T6524]  dev_ioctl+0x7b4/0x1150
[   73.914099][ T6524]  sock_do_ioctl+0x22c/0x300
[   73.916081][ T6524]  sock_ioctl+0x576/0x790
[   73.917914][ T6524]  __se_sys_ioctl+0xfc/0x170
[   73.919904][ T6524]  do_syscall_64+0xfa/0x3b0
[   73.921769][ T6524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.924263][ T6524] 
[   73.925305][ T6524] The buggy address belongs to the object at ffff888027349000
[   73.925305][ T6524]  which belongs to the cache kmalloc-512 of size 512
[   73.931080][ T6524] The buggy address is located 50 bytes inside of
[   73.931080][ T6524]  freed 512-byte region [ffff888027349000, ffff888027349200)
[   73.936647][ T6524] 
[   73.937390][ T6524] The buggy address belongs to the physical page:
[   73.939792][ T6524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27348
[   73.942693][ T6524] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   73.945269][ T6524] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   73.947603][ T6524] page_type: f5(slab)
[   73.948872][ T6524] raw: 00fff00000000040 ffff88801a441c80 ffffea00008d5f00 dead000000000002
[   73.952927][ T6524] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   73.955690][ T6524] head: 00fff00000000040 ffff88801a441c80 ffffea00008d5f00 dead000000000002
[   73.959263][ T6524] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   73.962092][ T6524] head: 00fff00000000002 ffffea00009cd201 00000000ffffffff 00000000ffffffff
[   73.964926][ T6524] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   73.967937][ T6524] page dumped because: kasan: bad access detected
[   73.970521][ T6524] page_owner tracks the page as allocated
[   73.972688][ T6524] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5856, tgid 5856 (syz-executor), ts 62458296843, free_ts 62451751703
[   73.980138][ T6524]  post_alloc_hook+0x240/0x2a0
[   73.981804][ T6524]  get_page_from_freelist+0x21e4/0x22c0
[   73.983844][ T6524]  __alloc_frozen_pages_noprof+0x181/0x370
[   73.985880][ T6524]  alloc_pages_mpol+0x232/0x4a0
[   73.987349][ T6524]  allocate_slab+0x8a/0x370
[   73.988894][ T6524]  ___slab_alloc+0xbeb/0x1410
[   73.990458][ T6524]  __kmalloc_noprof+0x305/0x4f0
[   73.992034][ T6524]  fib6_info_alloc+0x30/0xf0
[   73.993533][ T6524]  ip6_route_info_create+0x142/0x860
[   73.995726][ T6524]  addrconf_f6i_alloc+0x1d2/0x450
[   73.997800][ T6524]  ipv6_add_addr+0x56e/0x1090
[   73.999735][ T6524]  add_addr+0x8b/0x2d0
[   74.001414][ T6524]  add_v4_addrs+0x70c/0xbd0
[   74.003253][ T6524]  addrconf_init_auto_addrs+0x6da/0xa30
[   74.005520][ T6524]  addrconf_notify+0xacc/0x1010
[   74.007227][ T6524]  notifier_call_chain+0x1b6/0x3e0
[   74.008961][ T6524] page last free pid 5856 tgid 5856 stack trace:
[   74.011538][ T6524]  __free_frozen_pages+0xbc4/0xd30
[   74.013636][ T6524]  __slab_free+0x303/0x3c0
[   74.015463][ T6524]  qlist_free_all+0x97/0x140
[   74.017346][ T6524]  kasan_quarantine_reduce+0x148/0x160
[   74.019054][ T6524]  __kasan_slab_alloc+0x22/0x80
[   74.020905][ T6524]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[   74.022866][ T6524]  __alloc_skb+0x112/0x2d0
[   74.024255][ T6524]  netlink_sendmsg+0x5c6/0xb30
[   74.025896][ T6524]  __sock_sendmsg+0x21c/0x270
[   74.027318][ T6524]  __sys_sendto+0x3bd/0x520
[   74.029545][ T6524]  __x64_sys_sendto+0xde/0x100
[   74.031498][ T6524]  do_syscall_64+0xfa/0x3b0
[   74.033308][ T6524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.035708][ T6524] 
[   74.036680][ T6524] Memory state around the buggy address:
[   74.038941][ T6524]  ffff888027348f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.042135][ T6524]  ffff888027348f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.045298][ T6524] >ffff888027349000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.048473][ T6524]                                      ^
[   74.050713][ T6524]  ffff888027349080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.053413][ T6524]  ffff888027349100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.056906][ T6524] ==================================================================
[   74.065354][ T6524] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   74.068264][ T6524] CPU: 1 UID: 0 PID: 6524 Comm: syz.1.263 Not tainted syzkaller #0 PREEMPT(full) 
[   74.072076][ T6524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   74.076166][ T6524] Call Trace:
[   74.077550][ T6524]  <TASK>
[   74.078756][ T6524]  dump_stack_lvl+0x99/0x250
[   74.080660][ T6524]  ? __asan_memcpy+0x40/0x70
[   74.082304][ T6524]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.084139][ T6524]  ? __pfx__printk+0x10/0x10
[   74.086006][ T6524]  vpanic+0x281/0x750
[   74.087711][ T6524]  ? __pfx_print_hex_dump+0x10/0x10
[   74.089883][ T6524]  ? __pfx_vpanic+0x10/0x10
[   74.091744][ T6524]  ? preempt_schedule_common+0x83/0xd0
[   74.093943][ T6524]  ? preempt_schedule+0xae/0xc0
[   74.095782][ T6524]  panic+0xb9/0xc0
[   74.097321][ T6524]  ? __pfx_panic+0x10/0x10
[   74.099135][ T6524]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   74.101435][ T6524]  ? rose_transmit_link+0x5c3/0x740
[   74.103107][ T6524]  check_panic_on_warn+0x89/0xb0
[   74.104725][ T6524]  ? rose_transmit_link+0x5c3/0x740
[   74.106273][ T6524]  end_report+0x78/0x160
[   74.107917][ T6524]  kasan_report+0x129/0x150
[   74.109336][ T6524]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[   74.111361][ T6524]  ? rose_transmit_link+0x5c3/0x740
[   74.113121][ T6524]  rose_transmit_link+0x5c3/0x740
[   74.115157][ T6524]  ? skb_put+0x11b/0x210
[   74.116887][ T6524]  rose_write_internal+0x11dc/0x1ac0
[   74.119062][ T6524]  ? __pfx_rose_write_internal+0x10/0x10
[   74.121366][ T6524]  ? __timer_delete+0x5d/0x390
[   74.123165][ T6524]  rose_release+0x24e/0x520
[   74.125019][ T6524]  sock_close+0xc3/0x240
[   74.126741][ T6524]  ? __pfx_sock_close+0x10/0x10
[   74.128739][ T6524]  __fput+0x44c/0xa70
[   74.130263][ T6524]  task_work_run+0x1d4/0x260
[   74.131814][ T6524]  ? __pfx_task_work_run+0x10/0x10
[   74.133581][ T6524]  ? task_work_add+0x377/0x420
[   74.135459][ T6524]  ? __pfx_task_work_add+0x10/0x10
[   74.137161][ T6524]  get_signal+0x11ed/0x1340
[   74.138729][ T6524]  arch_do_signal_or_restart+0x9a/0x750
[   74.140722][ T6524]  ? __pfx___sys_connect+0x10/0x10
[   74.142376][ T6524]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   74.144718][ T6524]  ? exit_to_user_mode_loop+0x40/0x110
[   74.146749][ T6524]  exit_to_user_mode_loop+0x75/0x110
[   74.148523][ T6524]  do_syscall_64+0x2bd/0x3b0
[   74.150103][ T6524]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.152177][ T6524]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.154017][ T6524]  ? exc_page_fault+0x9f/0xf0
[   74.155436][ T6524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.158032][ T6524] RIP: 0033:0x7f4acaf8ebe9
[   74.159810][ T6524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.167092][ T6524] RSP: 002b:00007f4acbec1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   74.170463][ T6524] RAX: fffffffffffffe00 RBX: 00007f4acb1b5fa0 RCX: 00007f4acaf8ebe9
[   74.173666][ T6524] RDX: 0000000000000040 RSI: 0000200000000100 RDI: 000000000000000e
[   74.176315][ T6524] RBP: 00007f4acb011e19 R08: 0000000000000000 R09: 0000000000000000
[   74.178848][ T6524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.182018][ T6524] R13: 00007f4acb1b6038 R14: 00007f4acb1b5fa0 R15: 00007ffef3c900b8
[   74.184831][ T6524]  </TASK>
[   74.186529][ T6524] Kernel Offset: disabled
[   74.187955][ T6524] Rebooting in 86400 seconds..

VM DIAGNOSIS:
03:15:21  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff3365501 RBX=ffffffffffffffff RCX=ffffffff822e474b RDX=0000000000000000
RSI=0000000000000004 RDI=ffff888101a51018 RBP=ffff888101a50fd0 RSP=ffffc90006417558
R8 =ffff888101a5101b R9 =1ffff1102034a203 R10=dffffc0000000000 R11=ffffed102034a203
R12=0000000000000001 R13=0000000000000001 R14=ffffed102034a204 R15=1ffff1102034a203
RIP=ffffffff822301bf RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555565238500 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000240 CR3=000000002879e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0100000000000000 0000000000000120
XMM02=00007fd2f0b87498 00007fd2f0b87470 XMM03=00007fd2f0b874a8 00007fd2f0b874a0
XMM04=00007fd2f16ed100 00007fd2f0b87460 XMM05=00007fd2f0b87478 00007fd2f0b874c0
XMM06=00007fd2f0b874b8 00007fd2f0b874b0 XMM07=00007fd2f0b874a8 00007fd2f0b874a0
XMM08=0000000000000000 00007fd2f0a12ee7 XMM09=0000000000000000 00007fd2f0a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002e RBX=000000000000002e RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000127e RDI=000000000000127f RBP=00000000000003f8 RSP=ffffc90006447210
R8 =ffff8880201c8237 R9 =1ffff11004039046 R10=dffffc0000000000 R11=ffffffff854f3380
R12=dffffc0000000000 R13=ffffffff99afa90b R14=ffffffff99def420 R15=0000000000000000
RIP=ffffffff854f33fc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4acbec16c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32c09ff8 CR3=0000000115d72000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
