last executing test programs:

929.539755ms ago: executing program 1 (id=2175):
r0 = socket(0x27, 0x80000, 0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000640)={0x54, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0xfffffffffffffd98, 0xb, 0x87}, {0x6, 0x11, 0x4}, {0x8, 0x15, 0x9}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004808}, 0x20008000) (async)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000640)={0x54, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0xfffffffffffffd98, 0xb, 0x87}, {0x6, 0x11, 0x4}, {0x8, 0x15, 0x9}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004808}, 0x20008000)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) (async)
bind$alg(r3, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58)
sendto$unix(r0, &(0x7f0000000000)="ae656293054835483ef9f850bd333fc184836ffe9cc211db98c48964c4bfeeedc080890bde9433e30ad4564e0291af60ed7142512cdbaec503f6597cb18558c7b6ca3136c6b1ae36282580591b158220007ecc24a88a9541c9a1c4497dc004d7c93a41c51aaf1a3872bfbbab2186b04b387c38eef5b8abd458bdc494dd939c5e9ff8526dc3a4a4b7f46fb05a5990cf7d3ab207fa28540f9a1277f2d8e65acd5ef58ed7ec79a3425e389439451b4ce577708f4e5853913efdd16b17788b0ead6829fe0df663f99b6a1813ef4ef14d5dd2508b717fc3406d", 0xd7, 0x24000001, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1808000000000000ffff0000000000008510000003000000180000000000000000000000000000009500e900000040000f000000000000000000000000000000930400799ec619ac78fc12c2c390374de255e3e3682cb1a53f"], 0x0, 0x5}, 0x90)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
connect$unix(r5, &(0x7f0000000100)=@abs={0x27, 0x0, 0x2}, 0x6e)
sendmmsg$alg(r4, &(0x7f0000005dc0)=[{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f00000003c0)="d875153ae2f514ad854e70fff6a1cdca", 0x10}], 0x1}], 0x1, 0x20004000)
recvmmsg(r4, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f00000023c0)=[{&(0x7f0000001d00)=""/10, 0xa}], 0x1}, 0xc}], 0x1, 0x10000, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84) (async)
socket$inet6_sctp(0xa, 0x0, 0x84)

730.5856ms ago: executing program 2 (id=2179):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xf, 0x4, 0x4, 0x22}, 0x50) (async)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000000)=@ethtool_rxnfc={0x31, 0x10, 0xffffffffffffc084, {0x8, @udp_ip6_spec={@dev={0xfe, 0x80, '\x00', 0x3f}, @private1, 0x4e20, 0x4e20, 0x9}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, 0x8, 0xfff7, [0x6, 0x8]}, @esp_ip6_spec={@private0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5, 0x6}, {0x0, @random="0797cc636091", 0x17fd, 0x1, [0x5, 0x1]}, 0x1000, 0x2}}}) (async, rerun: 64)
r4 = socket$inet(0x2, 0x2, 0x0) (rerun: 64)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f00000001c0), &(0x7f00000004c0)=@udp=r4}, 0x20) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r2, &(0x7f0000000280), &(0x7f0000000100)=@tcp=r4, 0x1}, 0x20) (async)
close(r1) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5)
sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r7) (async)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0}) (async, rerun: 64)
ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000240)=<r11=>0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r7, 0x5000943a, &(0x7f00000006c0)={{r2}, r11, 0xc, @inherit={0x98, &(0x7f0000000540)={0x0, 0xa, 0x8, 0x96, {0x1, 0x478, 0x3, 0x1, 0x2}, [0x7, 0x7, 0xf, 0x2, 0x5, 0x3, 0x8, 0x2, 0x100000001, 0x5]}}, @name="ce6f17e2d2757eadd209203de0e75754c5f3cb33d7c452e941742c3dc439423b4674999d8a51ed509f2b1f804a6212ce9218b0fa2e83fae1ef0679c073545aec8c96156c6bdc3e352223eda7c7ee678a01f0a13f708703df1e9cca06ce4bd287f35ecdedd79d4080d2b9754ea27f13bd6c4d250ab30039f376b5a4fb39d79bd1a754022ad8d3efc699b5825b2fa464f58173e3be790daea9e3bed61946c9c30c1e1f1f5b7ed2f07bd20342906b8fd02b287b60133e5d8951a6f51162d787d390682c8988f91c0699a70538c4dad3c4e755ee635f45b25ed5cadeffbdb7edcbd644771a9bf63c26e4d9158ef59ce4fbd42add9139d9a6f06e2c967d476f3b17bbb7b809065aa9b5d8c37249a84f30f48c193b8d5be25f733874095663639c7c8d903c5e2ebc135add4491187e294a55a718719be8114910940eed3974470fbcf0983b0e78f809909771587945ce5940f57c53febc90bd1af46e5e6482fd8d2536de93dcd28641fe738529c90ca57ffe4ea6d03bcecde8278bd07142b58dc7dad697f86ed0a3effd10ef8edb004376c416f86ac5eeb67c451744f6dceb5de3ec85622196f8ea239fce41ae54f733eb708a2ae532993b6187f8c0cc650b8bbca21c8b0e741e0e8525b8d07e79610f6b3b8599c22361db6673cc4f8ef10777c063d1aa5bc3efa7470ec488cc26052b78535e0adef137184c7eac60bf0a43e57ca7b477e0aa383fe0511c52aa876291b0a2845931de18d4617bb915c35cd9075f3246b11822a60614402c568899f5af41b838d9dab1734b2729837702536814df681864fb5b83604f66cb0cb8000a9c3e675dbbe82072979e257ae68d22280800630e659336d1310f6aedfe8e9c446954e2ea2aa9c6b396d92b3fe8b1668d45e8bb45c23f6ec61fba39c7b7f0f28c179f966dee48f29d539dd0ec16694f4e559e6250ad0dd731caf5b1683a329da4dac56eee7504610780ee02be6a0bb42342057263e8f8d20a377be15ab2351b078b9f790f6ab119271e47789c6e747ab238aa3de2da9bedfb35cb2c0c81d2e921abdcb5e5448e1a3cfd55f1f2825ee56ccfee84717e293a700a09c850b0a24f76d3b5a8cf30d8f4e995c832f712640d5ee964400ab1e2bad734dbfa23be4d8736adcb4787351578685864e90a0a554550e37b17fdb0f375a7af720b039805f7ef4d10b492f5f534352a50bd936289ff6f46b3f91f15c4ee7a1c4d76e8ed2f357259fd8c7c49f2ef1830a548dff654f2ffe1e6e1722788d783c7f1b76fd1002f90d89a8fd3b65e287f0f304f47b4f0653a9cd3902ea9fdc0eaa6e434424590ae1da89594dfa4abca68eee4e91fc79eb49b32fffb4c8151d6e8497e6288e733185aa24053183424c69ff25e07b2ccf4eaa8cf65761108d981bc161c57682b4975be28fcc1364c9f89a4787ae271025ebe470598611807db8604609d2332a0d75518583f79af56b0c375d19201881d15addb3376d233dea4f7026fbb8102768bc51cca25eadacdd443953ea8a74ab1b055fff6119cf2e3f8051faf672972d6305b71c936d922dca12b8ef42d1e6cc2a349dc6cf5c42b73a02e74167b6d103de9ec911fe9385351f4ddc3dc97068cac49093dd18c443e946c99f52d71d19e67904aa1419a1eba4cd8fc23abf0742e722469446f40b2f3cf11e289ce76fb5b00b4fb017804314b16ca6f5889cb5f1bcf68b9b61e0ba3f972da7cfb7758d2e8ae63e31eef14ea25f548056dc274be4a394ec15d425e851558a2ebe65a2c26bfa3bf81024765d36459fb76d559e7096ed17a98ca5c8b4d6f4424d154992ae31da4a003980c7386d61c68e307f3625b8d3d55fa981dcaa361a829bafaf0b3ecb3bd381d397aad863ce5f7cb164ae758f077f13efec70707c475bbd079616ab4291c9bd201dbabf6e180fd350374a059abd1bc9d2b604ea8574c16113597bc7ecf0e121a1c9114c5f5036789c33d48737f744a48d6f560f4e9350bcb119ed7bbc4da347fb709191379540cd4f25a177bdbf4ade12e1d5997ceaec280ac95b6f30d346913b75423d3a8e904470cd98c095ee5002441b57223471005448ba6ffb44c4b05da13b4aa87edec61f3ada0bf38c83da063c405d18712aecdcccc5f79e48f4b69de9af8d1313c748121fa16aa73dbaf08f91dd6d8947c621ae51dba8e294eff7f974060f06bf21a0e8cc039834aaabc583b359808bf0828f3512c8555eb43c156af9cd971e3d7866fc9ac59f866b9a8a8e0ed9ef0bf8e1567b4e232a1508339ecb067fb883e5464ff6049f443dcb787dae3d8993dc4febd070295a097d2fa8327d4f56bd9fefe08108be2c799449ce5bced4e936348a499fb6af87fbf4be90b3a6712fbe03ac2be79a10ab946216c752f3376c9a50bf771592c8459838a520c501faa64f77b736fd95174d9b322b5b17e4680ac194f464917795d87469d4748d291442aedc5743bedc82123ac8c61965443ac9ff8e91c5a8657211e715d9f588742a45e238cd3ebaaf077bcd3a856b3b4ad4ddaabc4014e560af07112067490ab0972210723aa46d1736fe919a9f9b6b836b54c03eaddcd970903190b6bf80e9f772b4a832eb5512d6113a143a0249182b4f1fa5f863c79715523d97fb709782aaa2853725518898b3c0dc93b1021fdd1b70cf348f782793654f973d76180588b73f04b1f13e066a00ef5f8fc25104f7dbff2c00e3ba727c20a7c95b44d01d402f567fb19a02d9c6511b4e0d7afc2db49392e1a03a4b07d8ff202746e6f3e0848300e22c0878cf4a75da024b22f5b0ea97b7ff90d4fc88a810fe930588331c7cb9ad794720e52aed3dbb7a5fbc6129290a887a41ed7fa8007ff67f8de716695150c4cc5b3713d292f78b2389a4d524d39b65ffdf5f23a966b56852eb0e1ddc0c76c0171ad54ad069562e47c7b70ec74b4ecbfe5454e34b08b5d196e9d66f4ff91cbeb60d3f1d63fc145aac251d4a89871637cfcd295dd821dfac08d86d3ec8d6f1cacc32c9bfbbd9b6c6cce4d5a671172488000e7eeb7336fa9f79cf28a0fa1951217fd5e3b129005f68d7dbd811dd993c10bf80b273cd4b8cd934be33fe666ff1a9964a3e5c216f16f6474fb6df6a9b5f09458bba7b59550474355305ae9af8bb134b7595808b0ded8e6465126f719eb20c94be6be4493f73cfe38f7acb282e39fe659f80b57d81663d78275f468edb51a2e3bdd16a74d18cc5a76f0e5d14cf9a3a467dfe096742111b9ad1a4be795c88cd6f2d0aae39655b3d136c2ec59a26de41b5679696214e7df30395166925b0648181bc0f49dc57ff3ea2b1ac2b8be06f817adaaba8a2279ac80c6fbfffc49423d6ae349f04b5c97e2631c20f12d30db16c1a088a680887294b79435dc87a03abdf758872eea51c88bdd7ed4c1ea121be56a8824923489a7de921145ec41c7d74a5e1be73c08aa9a081099e9b690bc50bf0c8e27c0786935cb6ed7ec07d1691af115f8eadf5f336c1548e32c05e62054dd4306aed43141d25e107f655257bb6798a47dafdbd13e04d74bbda7d27e828cdb6ce95fc625e5a2ec34fa5d08fc3042d65ff4959f3319e292f98bd077c96be21d1547db0ab30c5fccad3126b3c01a8528bea70c905e25662386271c59532fc6d7ae96795c9f8af4f6d884661efb031dedde28a541f4e324d11089bd822e5ef6dddc8b2913a271a03698e5f12c5549668e9d3584a53b9121e0a55f37619412568f021d5586197ad54a1bfe69723f66e63a14b792c33cebdff8c36775129c4e0d3c2ea5ac35347fb3ac0859efc0369fffdacab0d65942c0e6c04d30773aebd293c2ab320cbe7cc9ef44cb626d914f011fcdbbde2404429664f558f5aad8944086c7b44194e69dfb9fd9e3953e93165968d4de2af46607a0eac9fa030a75f3eccd7e9603b8c16cd6359255093fc4ac124498d477119b9addb23538173a446ffb4adb3a02da57b524884707f5f9c6217e5b7675d0ef91a00354a222de8b0f634cccbadf18ff15403cfd4c69d84d14733f4f8f239454bef096c7f22ecf3119a1dfa20446d633fc190a47fb53857d256fe3782419b9a2d161bb3dfaad89cac2794eec0af67c161b195ca2db8dc0aa1ef75d9e2c81d3c8391d6f2da680deebc215ac4b01918d21f4d824cb103214cd086ea3962657ef994afab3739ed7231ba77f3d971687756b607bbb6d6786482f73842e0ffea6f422581b14ab5360ec539ac22a18e16d4484a58cb52b1b8a8ed13179cffd7d203c707e3765877d58b85629a6313ed35c03bd29efaf7f7dda40f04b3ccb372c9a7e40c06c07df462b3ec0cf80fdd15027fb388a05d0a8210d241e0bad8aec5fd425e2398a223ad02b33fae0e6755c9f7c24a420d3726165228830e3cacae470378ef3d0544514490a11aacc97001bbb79835b79a39283fbec8cd82d49e3b501f9db756716fc9d418624fc469052008e6bf4c455dec087ea2cd33d8bddff77abb2020c7540807f2802aa1afe4dbd344cc2fb3067c41165062be7fce6c633992a2937ce15d8fcf5dc99ef96fc66648173b181023cbc9bea0b83c94f71f1e6cb344c0c1ba6f29d9b12c6beaac385dabd121cfb7b3cd2f05ec651ca5f9301a9652c98ff08c1916baeee82ffa16e80860c2c22cd71a4feeb128fd647788dc9a50b0883335dffe9d66fccad517bdb1ed08ee25ea63cbc895b4caba899d00fd1a0ca8d2f4cff7b206ac60116b8fdb34b3351a1a1680b80342afb1d6669c711394f4a3aca718aacc1be3b5c682cfd24cf98497b74ef5060a789d7695349d556dedb99ef338a1ff65656c8bb1227d0472993bff004d3332b8b9e43a43680ea1ec5ecc9765f5b8664583363aac9b8e3a0d7a9b956c3b2174db13ecde90050be8d3e9d4d58e017b921fd8b0394d65c009dc66837e0005d34e82020f74961171506dfde889a2d535363f8f99597954e8bc8c0ddf0c2b163273502947829d371dca12023073ee6e43599ab0096dfa53c8d74404dabf7b9b9f4e0e65d7be10250080f1217ac631bbc186c587189eab3f2eff7ca60bc937eee94d8bb563df615dcc5ff0a2ecf34d781fe57d035aead97fb33923ae98137d2b4f18c314b85508fe8ea778349b172dd11e742e5bca853d5bc936d427722a63e879a795b403b159c59783aef07c4e3f9b4b0bc6887cf03a813195654b02cc0ea6c1525c6ff77d5e030327ed116f39415e70dbe4dc56f6ed83160d193218b459a047b59d6ba988532f99bae6bbc1af1e4b7826b92c688d7fbab1d558e5959c6db3c915db38086f021ae8a4a817c6a30bc76c44ae4bd617e6d5e5ea558e06df48ff2a8322480e4c26bd2d969c73789a3c4bed868b582bd7bd4ee702a5e5570c939164bf9ab1106c2c6a12353a8d977d52e88cfcddcdb3915d1994c6e73938b5ee51df9d407427d0db30263e0dd9695089f99948676576904b5bf9f4adac740eb3053bdd1472ffc0077f78e353c9f151a37da7583f8df3a085031576afd8f76d43f4fb5e62ef84c7f9a4e4a5c134e80a6da9b87844fcb0de8671734960a7dea228a35713917b432779c7823eaf61e3d5b0ceae7358f8c018e8edde47eb223b794fc216742e948e3d5d89f429921dd5c55b725b03d17121701b22f1d6b46b4378ee035182af56a30db21d002fc3127488d51fa32e8b37c3c9817f1f6b4dd406c6e04efa150e9286198fe587c23922157cc4f15570165872aad7a4e73b012"}) (async)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x5}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r10, {}, {0x2, 0xb}, {0xd, 0x7}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}]}}]}, 0x3c}}, 0x10008844) (async)
ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

602.123827ms ago: executing program 2 (id=2181):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getsockname(r0, 0x0, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f00000004c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07007706000020000000170200000ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000100000009500000000000000db13d5d8b741f2cdaabc8383c8f56b8c2b848b00ea6553f304000000815dcf00c3ee7b042d1937ba52037fdefeb0cff9fc56357d81b2cc1a9e37d7b75c020b070000003eb22062bafaca036d9cc7db6671573e202e0a92ee4ba12b064981cc32d1ac0b9ecc8f604dcac2563e1c1e762400"/300], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x52}, 0x94)

599.433093ms ago: executing program 2 (id=2183):
socket$inet6(0xa, 0x6, 0x99e)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x48, 0x0, &(0x7f00007d0000))
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r1, r1, 0x1, 0x1, &(0x7f00000000c0)='\x00', 0x9, 0x1, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3d}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1}}, @CTA_NAT_PROTO={0x4}]}]}, 0x74}}, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x1000000000000000, 0x0, 0xc000}, 0xc010)

491.367708ms ago: executing program 2 (id=2185):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001800ffe184cb1112b16c04000a000000ff00fd0900000000"], 0x1c}, 0x1, 0xfec0ffff}, 0x0)

491.021159ms ago: executing program 0 (id=2186):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newtaction={0x68, 0x30, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x2, 0x0, 0xfffffffe}, 0x2, r2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x100000000000000)

489.290514ms ago: executing program 2 (id=2187):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES64], 0x48}}, 0x0)

411.922118ms ago: executing program 0 (id=2188):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000180)={0x4, 0x1, 0xfff, 0x9}, 0x10)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
pipe(&(0x7f0000000600)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYRES16=r1], 0x80}, 0x1, 0x7}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000240))
sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c000000", @ANYRESOCT=r2, @ANYBLOB="0108dd0200"/18, @ANYRESDEC=r3, @ANYBLOB="d5f1aba96b0ea3f9d6512d98e0e5031edd62c0ebac6d42a45f18ec165987a5e8898a1fbde239dee2dc1890d6ecb68ab3f7a306554fa980d214b330ce0d83cff69be93041be8b60524e00c91ee12a9c321cf749cc6dac7be3"], 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x8010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
pipe(&(0x7f0000000500)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r2, 0x0, 0xffffffffffff8000, 0x0)
close(r9)
close(r7)
socket$nl_netfilter(0x10, 0x3, 0xc)
splice(r1, 0x0, r7, 0x0, 0x1100000000f336, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f000000040000"], 0x48)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
r11 = socket(0x1, 0x803, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="540000001000110f0000000000dcdf2500000000", @ANYRES32=0x0, @ANYBLOB="04010000000000002400128009000100766c616e000000001400028006000100000000000600050088a8000008000500", @ANYBLOB="1250d3b79b7b248a1edc870f598a485606a3d6d5fd3e63a89c3eba8e8f6614a5ee65b9c4bfabadb225adb6e07655e170733f1975e711aa0cfb4224e89d7d4157aac478efaf0c78dd", @ANYBLOB="08001f00", @ANYRES32=r12], 0x54}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040885)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000008000000dd0100000000000063010400000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc2, &(0x7f0000000080)=""/194, 0x0, 0x40, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffff8000}, 0x94)

411.692476ms ago: executing program 2 (id=2189):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0xfffffff9, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0xfff)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r5, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000010008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)

172.063047ms ago: executing program 0 (id=2190):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000007110ab000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
unshare(0x4040400)
r1 = socket(0x2b, 0x80801, 0x1)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x58) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000380)={<r2=>0x0, 0x80, 0x3, 0x3}, &(0x7f00000003c0)=0x10) (rerun: 64)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000400)={r2, 0xb6, "48baceab92178045830d480bb5194b4b89ab4a4f5d5e8864c882ca25fa0d904e935dcda932c237d58130771c13b393e08692ed9b76e90edf450dbcd57d9c6ece5340e2c9ac2440ca6373a4ba62b45364f8583f67f945c9fce2c893841bdea95aff82957b46f0882014a1b4a157736b02c1d87dddd35f8a701a0fc1e9141b4d000af8d256e9479b8a2473373d8cee97f1ac9f75c391d02bef546b945bf6799567c86523f75fc4ceece99cc79959dceaf5ea9871c4db8a"}, &(0x7f00000004c0)=0xbe) (async, rerun: 64)
r3 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56d41, 0x2000, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xa}, {0xffe9, 0xfff3}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008840}, 0x4000010)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x46100, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={&(0x7f0000000540)="4378045083f0132bb683a127d49f1d6699be21bc39a73dd63fc3ebb80bb45b0bbb7d6f5f43ba34efcd06223c78ac5c4775266b3c3ab1542729f7", &(0x7f00000009c0)=""/4096, &(0x7f0000000580)="0f87ce86c2e9b81525298e1d6a81737aa1a59d35119479f5f337c37488019f8352ee4b5191d6803537298e2bb7fc7283db917645869b9beb95a4bda8176f7b25fc2a4950e97603a6131cacd4e02c4b6d0a5a57db50fa40b467a3d8d1af152c", &(0x7f0000000680)="6d04c1d042a57f47f795a80996dd8d2275895192fa2b9410b21cf1760c98874b9fc9c1688bc7fe23c445c66324c7c5e4ca7f309201414e2f2432d05c2acd26faa19f44a91322656656be41379f5a1cf86d6de58c7639dba03de358269b5df035bcba48c10b1afc0bc985e89e8d23b83b6fde86e87f98d41333d7213f16465864523824f6251a520664d07d8ba7fc84a846e63762e3cae32005acde18db6938464ce8960fd14c0faa4b1cccf396ea73c350baa134d900d3a5f1a20630d9c3888ca1c36d439628cf1c2d6804caced7aeea377e0a6102a45b542bf5fe9f8d4c51b31844a50fcd5a214e28ada3058ee75845247b2e74ede0", 0x4, r6, 0x4}, 0x38)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000340)=@o_path={&(0x7f0000000300)='./file0\x00', r6, 0x4000, r5}, 0x18) (async, rerun: 64)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async, rerun: 64)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="ad43"], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0)
r9 = socket(0x10, 0x80002, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r11 = socket(0x400000000010, 0x3, 0x0) (async, rerun: 64)
r12 = socket$unix(0x1, 0x1, 0x0) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r13, {0xa, 0xfff1}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) (async, rerun: 64)
sendmsg$nl_route_sched(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2c, 0x2, {0x0, 0x0, 0x0, r13, {0xc, 0x1}, {}, {0x10}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_FLOWER_KEY_ENC_IPV4_DST_MASK={0x8}]}}]}, 0x44}}, 0x4014) (async, rerun: 64)
sendmsg$nl_route(r9, 0x0, 0x0)
sendfile(r6, r0, &(0x7f0000000500)=0x5, 0x6) (async, rerun: 32)
close(r6) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff)

171.88137ms ago: executing program 1 (id=2191):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x11, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x70}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x0, 0x64}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@map_val={0x18, 0x6, 0x2, 0x0, r0}], {{0x5, 0x1, 0x4, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000000)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0xa0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

111.601034ms ago: executing program 1 (id=2192):
ioctl$sock_SIOCGIFBR(0xffffffffffffffff, 0x8940, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='pimreg0\x00'})
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={<r1=>0x0, 0x4}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x6, 0x8009, 0x80, 0x3e, r1}, &(0x7f0000000140)=0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xdac5e1094f8d8faf}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, r2, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x52}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x49}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x3d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xb}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5d}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x1d}]}, 0x5c}, 0x1, 0x0, 0x0, 0x50}, 0x4040000)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000340), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_LIST(r3, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xb4, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x64, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6f9f9084}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb3}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x198e93ca}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3bd740f5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3b}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe0}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x74e0879e}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x414c300a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x17}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2fe72370}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0xc, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0xb4}}, 0xc011)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r3, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x88, 0x0, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}, @NLBL_UNLABEL_A_SECCTX={0x25, 0x7, 'system_u:object_r:dbusd_etc_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x20, 0x7, 'system_u:object_r:boot_t:s0\x00'}]}, 0x88}}, 0x0)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x24, r5, 0x400, 0x70bd27, 0x25dfdbfd, {{}, {}, {0x8, 0x2, 0x1}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x841)
socket$alg(0x26, 0x5, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000780), r3)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r6, &(0x7f0000000c40)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000c00)={&(0x7f0000000800)={0x3f0, 0x2, 0x2, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}, @CTA_EXPECT_MASTER={0x1c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_EXPECT_TUPLE={0x98, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x23}}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x2d}}, {0x8, 0x2, @loopback}}}]}, @CTA_EXPECT_NAT={0x2b4, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x40, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_TUPLE={0x54, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @private2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x32}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}, @CTA_EXPECT_NAT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_TUPLE={0x58, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x17}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_TUPLE={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0xbc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_NAT_TUPLE={0x68, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @local}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @loopback}}}}]}]}, @CTA_EXPECT_MASK={0x3c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xf2e16131d260c702}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x2f}}, {0x14, 0x4, @private2}}}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x8001}, @CTA_EXPECT_ZONE={0x6}, @CTA_EXPECT_HELP_NAME={0xa, 0x6, 'H.245\x00'}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x8}]}, 0x3f0}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
ioctl$BTRFS_IOC_SET_FEATURES(r6, 0x40309439, &(0x7f0000000c80)={0x2, 0x0, 0x14})
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000cc0)=0x3, 0x4)
socketpair(0x8, 0x5, 0x1, &(0x7f0000000d00)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$AUDIT_LIST_RULES(r7, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x10, 0x3f5, 0x800, 0x70bd27, 0x25dfdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x804)
r8 = socket$rxrpc(0x21, 0x2, 0x0)
write(r8, &(0x7f0000000e40)="b633d353d2a46635ed00d0f7ba19d03db62ef0f511b7a15ad8d0989d1e380e8e6b2752a8f5ef8ca718f7b08ec1a3868fda904499f768843b3ef78adedfc13f9f2b844827b6294ba15b880048aa4e519e3029c11f8e2a4892c11124eefdecd8f03cc7ddf981e2b9be0e62007ea4e6dcc4587a37741e662a65defa4ff0b5d69fd81f18d83ddf8ddecb9f029d7e7c18badba92e12db2a93dd433d21852c5ba06f5b5d4152d8e3d75eceef6662e468aa7d160eaef93234935c89123e53025f4a3ff230175814503bb85c3ad6dcbaa9d220897817f23be4c0c2b3f704f07ea52fc3409ae3b5a594fecaa78c0ddb088e7e51e9d46e", 0xf2)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = syz_genetlink_get_family_id$smc(&(0x7f0000000f80), r7)
sendmsg$SMC_PNETID_DEL(r9, &(0x7f0000001080)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001040)={&(0x7f0000000fc0)={0x58, r10, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x58}}, 0x1)
syz_emit_ethernet(0x22, &(0x7f00000010c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x6}, @remote, @val={@void, {0x8100, 0x4, 0x0, 0x3}}, {@can={0xc, {{0x3}, 0x3, 0x2, 0x0, 0x0, "6e68e65f6bd31b9a"}}}}, &(0x7f0000001100)={0x0, 0x4, [0x659, 0xb18, 0xe62, 0xe44]})
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r11 = socket$pppoe(0x18, 0x1, 0x0)
pwrite64(r11, &(0x7f0000001140)="adae2f00568cd275dded38226071a98ffb4da5171de2b7d6de01ebdb752590676931841e4fceef27ddca20b2798c1d44e81425318941103222fe09f84bee5a7f5975e5e6b764c32d963bb093b505ed2b12cd9a1e6ed1f8aac72df0a709169815b6d8c038dbd4bcb126a29a5d7639934b03eb2c5bf1b949b67809f9e9ab77f4707c7bd72485af97d090c2294120d751fd8353bef82ab95fceb21f19c86947c2e4a17732c1157d25c806c1a7a9d5e8cb635bddf7e5467474fa47b6596892c32956cd7c8dc7df52245021", 0xc9, 0x3ff)

111.090055ms ago: executing program 0 (id=2193):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010002000020000000002500000008000300", @ANYRES32=r2, @ANYBLOB="080026008a0900000a000600ffffffffffff000008003500002000340001010101010100000c0050800400088004000600000000"], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

51.118326ms ago: executing program 1 (id=2194):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r3, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x2000000, 0x0, 0x4008090}, 0x30)

50.609707ms ago: executing program 0 (id=2195):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="740000008945a30c48d631596b74424e1d473998774f51db92de704101ef38563cc0c51b68e5e6cceb45f4d2f098e3573f13a409482dce99a8257aed32bc73e2a8", @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0400180003030303030300004c005a8048000180050001001d000100011b451230040b03026c0c7c166c36180b1247126c6c0b09180000001c00020053204a42340e313c4e12012825284e2c391f2800232b4421"], 0x74}, 0x1, 0x0, 0x0, 0x4080}, 0x40810)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r3, &(0x7f0000000040)={0xa, 0x0, 0x9, @remote, 0xe, 0x3}, 0x20)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r6 = socket(0x10, 0x3, 0x0)
write(r6, &(0x7f00000000c0)="1800000016005f0214fffffffffffff80700000001000000", 0x18) (async)
write(r6, &(0x7f00000000c0)="1800000016005f0214fffffffffffff80700000001000000", 0x18)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ef, 0x2}, 0xe)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r7, &(0x7f0000000040)={0x2, 0xfffd, @remote}, 0x10) (async)
connect$inet(r7, &(0x7f0000000040)={0x2, 0xfffd, @remote}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@local, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x6, 0x0, 0x0, 0xfffffffffffffffc, 0x400, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x1, 0x1}, {{@in6=@mcast1, 0x2, 0x3c}, 0x2, @in6=@mcast2, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0) (async)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0)
r8 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) (async)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r9, 0x401c5820, &(0x7f00000000c0)={0x5a13, 0x2, 0x2, 0x6, 0x1fd})
ioctl$sock_bt_hidp_HIDPCONNADD(r8, 0x400448c8, &(0x7f0000000340)={r5, r4, 0x7, 0x0, 0x0, 0x9, 0x56, 0x5, 0x8002, 0xe4c9, 0xed, 0xd, 'syz1\x00'})

891.394µs ago: executing program 1 (id=2196):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newlink={0x50, 0x10, 0x437, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x5f501}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x1}, @IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x40004)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000040010010c"], 0x270}, 0x1, 0x0, 0x0, 0x20008015}, 0x4)

302.617µs ago: executing program 0 (id=2197):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={<r1=>r0})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000200)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={r4, 0xa}, 0x8) (async)
setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000080)={r4, 0x28a1, 0x6b4c, 0xffff7b8b}, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
socket$inet_sctp(0x2, 0x5, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x408, 0xcd, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r6, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r7}, 0x10) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r8}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) (async)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x30, r5, 0x501, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [{0x4}, {0x4}, {0x4}, {0x3}]}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008044}, 0x44)

0s ago: executing program 1 (id=2198):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000001040)=[{0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0, 0x80}], 0x1, 0xc8d1)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000040)=<r2=>0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, r2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000480)="c7", 0x1}], 0x1}}], 0x1, 0x20008890)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x9f)
sendmsg$NL80211_CMD_SET_KEY(r4, 0x0, 0x4004)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010067656e65766500000400028008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x2c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r5, 0x500}, [@IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008004}, 0x8000)

kernel console output (not intermixed with test programs):

 netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.506237][ T5876] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.524098][ T5876] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.528866][ T5844] veth0_macvtap: entered promiscuous mode
[   67.542829][ T5844] veth1_macvtap: entered promiscuous mode
[   67.546552][ T5846] veth1_vlan: entered promiscuous mode
[   67.590897][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.612297][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.643623][ T5846] veth0_macvtap: entered promiscuous mode
[   67.643769][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.650683][ T5875] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.656115][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.670280][ T5875] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.687013][ T5875] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.709068][ T5846] veth1_macvtap: entered promiscuous mode
[   67.714769][ T5875] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.744192][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.748676][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.771041][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.797200][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.821563][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.836568][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.867405][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.877773][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.884345][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.905058][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.909406][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.956438][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.963180][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.025645][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.030839][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.079576][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.082249][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.209911][ T5927] Zero length message leads to an empty skb
[   68.247511][ T5925] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.262542][ T5925] netlink: 'syz.2.6': attribute type 10 has an invalid length.
[   68.266037][ T5925] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.269248][ T5925] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.294882][ T5930] netlink: 'syz.0.7': attribute type 2 has an invalid length.
[   68.353927][ T5934] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.381335][ T5935] netlink: 11 bytes leftover after parsing attributes in process `syz.2.10'.
[   68.481156][ T5943] warning: `syz.1.14' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.485136][ T5941] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13'.
[   68.494087][ T5941] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   68.553690][ T5949] netlink: 'syz.1.17': attribute type 1 has an invalid length.
[   68.563838][ T5949] netlink: 'syz.1.17': attribute type 2 has an invalid length.
[   68.566789][ T5949] netlink: 224 bytes leftover after parsing attributes in process `syz.1.17'.
[   68.589700][ T5948] netlink: 60 bytes leftover after parsing attributes in process `syz.0.16'.
[   68.674741][ T5952] netlink: 24 bytes leftover after parsing attributes in process `syz.1.18'.
[   68.726489][ T5959] netlink: 'syz.0.21': attribute type 10 has an invalid length.
[   68.747475][ T5963] netlink: 24 bytes leftover after parsing attributes in process `syz.2.23'.
[   68.762874][ T5962] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   68.768948][ T5959] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   68.774704][ T5959] netlink: 36 bytes leftover after parsing attributes in process `syz.0.21'.
[   68.805113][ T5959] netlink: 'syz.0.21': attribute type 12 has an invalid length.
[   68.807488][ T5959] netlink: 132 bytes leftover after parsing attributes in process `syz.0.21'.
[   68.826517][ T5958] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   68.840119][ T5965] netlink: 152 bytes leftover after parsing attributes in process `syz.2.24'.
[   68.882882][ T5970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.26'.
[   68.928856][ T5852] Bluetooth: hci0: command tx timeout
[   68.931065][ T5852] Bluetooth: hci2: command tx timeout
[   68.933881][   T55] Bluetooth: hci1: command tx timeout
[   68.986897][ T5976] openvswitch: netlink: Tunnel attr 1 has unexpected len 3 expected 4
[   68.995628][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.998326][ T5975] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.002101][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.004347][ T5975] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.020058][ T5975] bridge0: entered promiscuous mode
[   69.157528][ T5986] netlink: 'syz.2.30': attribute type 10 has an invalid length.
[   69.187566][ T5986] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   69.196090][ T5989] tipc: Can't bind to reserved service type 0
[   69.214190][ T5979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   69.446195][ T6004] sctp: failed to load transform for md5: -2
[   69.741310][ T6023] netlink: 'syz.0.42': attribute type 1 has an invalid length.
[   69.744363][ T6023] netlink: 'syz.0.42': attribute type 2 has an invalid length.
[   69.772667][ T6025] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   69.799819][ T6027] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   69.856852][ T6031] IPv6: NLM_F_REPLACE set, but no existing node found!
[   69.935279][ T6035] syz.0.48 uses obsolete (PF_INET,SOCK_PACKET)
[   70.007237][ T6039] netlink: 'syz.2.50': attribute type 33 has an invalid length.
[   70.046662][ T6041] Bluetooth: MGMT ver 1.23
[   70.464465][ T6062] tipc: Started in network mode
[   70.466297][ T6062] tipc: Node identity 9abb4fdbe512, cluster identity 4711
[   70.469384][ T6062] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   70.473554][ T6062] syzkaller0: entered promiscuous mode
[   70.475895][ T6062] syzkaller0: entered allmulticast mode
[   70.505655][ T6062] tipc: Resetting bearer <eth:syzkaller0>
[   70.511049][ T6061] tipc: Resetting bearer <eth:syzkaller0>
[   70.521992][ T6061] tipc: Disabling bearer <eth:syzkaller0>
[   70.915300][ T6075] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   70.935521][ T6074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   70.985991][ T6077] IPv6: NLM_F_REPLACE set, but no existing node found!
[   71.008661][ T5235] Bluetooth: hci2: command tx timeout
[   71.011683][ T5235] Bluetooth: hci1: command tx timeout
[   71.013759][ T5235] Bluetooth: hci0: command tx timeout
[   71.256973][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.627388][ T6105] 8021q: adding VLAN 0 to HW filter on device bond2
[   71.764059][ T6114] bridge0: entered promiscuous mode
[   72.306895][ T6130] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.309993][ T6130] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.316559][ T6130] bridge0: left promiscuous mode
[   72.346394][ T6137] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   72.515811][ T6157] IPv6: Can't replace route, no match found
[   72.812942][ T6183] can: request_module (can-proto-4) failed.
[   72.833593][ T6183] vlan2: entered promiscuous mode
[   72.835361][ T6183] gretap0: entered promiscuous mode
[   72.897259][ T6190] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   72.924471][ T6188] syzkaller0: entered promiscuous mode
[   72.926279][ T6188] syzkaller0: entered allmulticast mode
[   73.090924][ T5235] Bluetooth: hci0: command tx timeout
[   73.091109][ T5852] Bluetooth: hci2: command tx timeout
[   73.095669][   T55] Bluetooth: hci1: command tx timeout
[   73.636282][ T6204] validate_nla: 7 callbacks suppressed
[   73.636311][ T6204] netlink: 'syz.2.109': attribute type 10 has an invalid length.
[   74.098438][ T6204] 8021q: adding VLAN 0 to HW filter on device team0
[   74.105872][ T6204] bond0: (slave team0): Enslaving as an active interface with an up link
[   74.156324][ T6209] nbd: must specify at least one socket
[   74.172273][ T6209] __nla_validate_parse: 28 callbacks suppressed
[   74.172288][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.2.111'.
[   74.185374][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.2.111'.
[   74.189878][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.2.111'.
[   74.244135][ T6212] syzkaller1: entered promiscuous mode
[   74.246489][ T6212] syzkaller1: entered allmulticast mode
[   74.438366][ T6224] netlink: 8 bytes leftover after parsing attributes in process `syz.0.115'.
[   74.696269][ T6244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.120'.
[   74.735655][ T6244] netlink: 36 bytes leftover after parsing attributes in process `syz.0.120'.
[   74.879487][ T6258] netlink: 60 bytes leftover after parsing attributes in process `syz.1.123'.
[   74.882315][ T6258] netlink: 60 bytes leftover after parsing attributes in process `syz.1.123'.
[   74.963415][ T6269] netlink: 24 bytes leftover after parsing attributes in process `syz.1.125'.
[   75.133514][ T6275] netlink: 'syz.1.127': attribute type 10 has an invalid length.
[   75.136957][ T6275] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.140368][ T6275] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.146580][ T6275] bridge0: left promiscuous mode
[   75.408759][ T6286] netlink: 8 bytes leftover after parsing attributes in process `syz.1.132'.
[   75.531969][ T6292] netlink: 'syz.1.136': attribute type 9 has an invalid length.
[   75.571980][ T5892] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[   75.579789][ T5892] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   75.602055][ T6294] openvswitch: netlink: Flow key attr not present in new flow.
[   76.415552][ T6329] netlink: 'syz.1.149': attribute type 1 has an invalid length.
[   76.473666][ T6333] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   76.823211][ T6350] sctp: [Deprecated]: syz.2.157 (pid 6350) Use of int in maxseg socket option.
[   76.823211][ T6350] Use struct sctp_assoc_value instead
[   77.744313][ T6381] syz.0.166: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   77.754484][ T6381] CPU: 0 UID: 0 PID: 6381 Comm: syz.0.166 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[   77.754508][ T6381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   77.754517][ T6381] Call Trace:
[   77.754525][ T6381]  <TASK>
[   77.754532][ T6381]  dump_stack_lvl+0x189/0x250
[   77.754561][ T6381]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.754580][ T6381]  ? __pfx__printk+0x10/0x10
[   77.754602][ T6381]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   77.754620][ T6381]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   77.754637][ T6381]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   77.754655][ T6381]  warn_alloc+0x214/0x310
[   77.754679][ T6381]  ? stack_depot_save_flags+0x40/0x860
[   77.754699][ T6381]  ? __pfx_warn_alloc+0x10/0x10
[   77.754731][ T6381]  ? kasan_save_track+0x4f/0x80
[   77.754751][ T6381]  ? xskq_create+0x56/0x170
[   77.754769][ T6381]  ? xsk_init_queue+0xb0/0x110
[   77.754782][ T6381]  ? xsk_setsockopt+0x4dc/0x8d0
[   77.754796][ T6381]  ? do_sock_setsockopt+0x17c/0x1b0
[   77.754814][ T6381]  ? __x64_sys_setsockopt+0x13f/0x1b0
[   77.754831][ T6381]  ? do_syscall_64+0xfa/0x3b0
[   77.754847][ T6381]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.754868][ T6381]  __vmalloc_node_range_noprof+0x125/0x12f0
[   77.754912][ T6381]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   77.754961][ T6381]  ? __kasan_kmalloc+0x93/0xb0
[   77.754983][ T6381]  vmalloc_user_noprof+0xad/0xf0
[   77.755004][ T6381]  ? xskq_create+0xbf/0x170
[   77.755021][ T6381]  xskq_create+0xbf/0x170
[   77.755039][ T6381]  xsk_init_queue+0xb0/0x110
[   77.755056][ T6381]  xsk_setsockopt+0x4dc/0x8d0
[   77.755073][ T6381]  ? __pfx_xsk_setsockopt+0x10/0x10
[   77.755087][ T6381]  ? __pfx_aa_sk_perm+0x10/0x10
[   77.755111][ T6381]  ? aa_sock_opt_perm+0xff/0x1b0
[   77.755134][ T6381]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[   77.755182][ T6381]  ? __pfx_xsk_setsockopt+0x10/0x10
[   77.755198][ T6381]  do_sock_setsockopt+0x17c/0x1b0
[   77.755222][ T6381]  __x64_sys_setsockopt+0x13f/0x1b0
[   77.755247][ T6381]  do_syscall_64+0xfa/0x3b0
[   77.755264][ T6381]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.755281][ T6381]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.755294][ T6381]  ? exc_page_fault+0x9f/0xf0
[   77.755311][ T6381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.755325][ T6381] RIP: 0033:0x7fec3918ebe9
[   77.755355][ T6381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.755368][ T6381] RSP: 002b:00007fec3a06e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   77.755383][ T6381] RAX: ffffffffffffffda RBX: 00007fec393b6090 RCX: 00007fec3918ebe9
[   77.755394][ T6381] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[   77.755402][ T6381] RBP: 00007fec39211e19 R08: 0000000000000004 R09: 0000000000000000
[   77.755411][ T6381] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.755420][ T6381] R13: 00007fec393b6128 R14: 00007fec393b6090 R15: 00007ffc6125e5f8
[   77.755444][ T6381]  </TASK>
[   77.755587][ T6381] Mem-Info:
[   77.877538][ T6381] active_anon:5581 inactive_anon:0 isolated_anon:0
[   77.877538][ T6381]  active_file:908 inactive_file:38211 isolated_file:0
[   77.877538][ T6381]  unevictable:1768 dirty:1406 writeback:0
[   77.877538][ T6381]  slab_reclaimable:9335 slab_unreclaimable:54092
[   77.877538][ T6381]  mapped:18047 shmem:2452 pagetables:939
[   77.877538][ T6381]  sec_pagetables:0 bounce:0
[   77.877538][ T6381]  kernel_misc_reclaimable:0
[   77.877538][ T6381]  free:299021 free_pcp:21103 free_cma:0
[   77.895099][ T6381] Node 0 active_anon:11056kB inactive_anon:0kB active_file:2864kB inactive_file:22488kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:37564kB dirty:5524kB writeback:0kB shmem:5064kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5304kB pagetables:1888kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   77.907230][ T6381] Node 1 active_anon:11268kB inactive_anon:0kB active_file:768kB inactive_file:130356kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:34624kB dirty:100kB writeback:0kB shmem:4744kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6200kB pagetables:1868kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   77.920081][ T6381] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   77.931737][ T6381] lowmem_reserve[]: 0 811 811 811 811
[   77.934042][ T6381] Node 0 DMA32 free:429916kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11056kB inactive_anon:0kB active_file:2864kB inactive_file:22488kB unevictable:3536kB writepending:5524kB present:1556484kB managed:831000kB mlocked:0kB bounce:0kB free_pcp:35348kB local_pcp:19696kB free_cma:0kB
[   77.953308][ T6381] lowmem_reserve[]: 0 0 0 0 0
[   77.966094][ T6381] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   77.976951][ T6381] lowmem_reserve[]: 0 0 854 854 854
[   77.981962][ T6381] Node 1 Normal free:292192kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11200kB inactive_anon:0kB active_file:768kB inactive_file:130356kB unevictable:3536kB writepending:100kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:49868kB local_pcp:29244kB free_cma:0kB
[   78.001752][ T6381] lowmem_reserve[]: 0 0 0 0 0
[   78.013787][ T6381] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   78.019523][ T6381] Node 0 DMA32: 459*4kB (UME) 82*8kB (UME) 72*16kB (UME) 189*32kB (UME) 22*64kB (UM) 18*128kB (UME) 5*256kB (UM) 1*512kB (E) 7*1024kB (UM) 1*2048kB (M) 99*4096kB (M) = 429916kB
[   78.035778][ T6381] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[   78.041026][ T6381] Node 1 Normal: 247*4kB (UME) 733*8kB (UME) 480*16kB (UME) 46*32kB (UM) 14*64kB (M) 10*128kB (M) 6*256kB (UME) 5*512kB (UM) 6*1024kB (ME) 1*2048kB (M) 60*4096kB (M) = 276228kB
[   78.046298][ T6381] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[   78.049145][ T6381] Node 1 hugepages_total=3 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
[   78.052189][ T6381] 41571 total pagecache pages
[   78.053796][ T6381] 0 pages in swap cache
[   78.055083][ T6381] Free swap  = 124996kB
[   78.056449][ T6381] Total swap = 124996kB
[   78.057759][ T6381] 786301 pages RAM
[   78.059201][ T6381] 0 pages HighMem/MovableOnly
[   78.060674][ T6381] 241319 pages reserved
[   78.061988][ T6381] 0 pages cma reserved
[   78.069730][ T6381] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   78.275276][ T6396] netlink: 'syz.1.172': attribute type 10 has an invalid length.
[   78.284965][ T6395] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   78.550043][ T6380] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[   78.595195][ T6402] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.602673][ T6402] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.857313][ T6402] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   78.875869][ T6402] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   79.012990][ T6405] netlink: 'syz.1.175': attribute type 41 has an invalid length.
[   79.031157][ T5876] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   79.037730][ T5876] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   79.044308][ T5876] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   79.052656][ T5876] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   79.176603][ T6412] 8021q: adding VLAN 0 to HW filter on device bond3
[   79.177140][ T6418] IPv6: NLM_F_REPLACE set, but no existing node found!
[   79.185635][ T6412] macvlan2: entered promiscuous mode
[   79.187678][ T6412] macvlan2: entered allmulticast mode
[   79.191305][ T6412] bond3: entered promiscuous mode
[   79.193597][ T6412] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   79.200778][ T6412] bond3: left promiscuous mode
[   79.221161][ T6420] __nla_validate_parse: 19 callbacks suppressed
[   79.221174][ T6420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.180'.
[   79.290374][ T6424] netlink: 'syz.1.182': attribute type 1 has an invalid length.
[   79.292676][ T6425] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[   79.305201][ T6424] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[   79.331365][ T6422] netlink: 12 bytes leftover after parsing attributes in process `syz.2.181'.
[   79.510656][ T6434] syz.1.183 (6434) used greatest stack depth: 20040 bytes left
[   79.535491][ T6445] netlink: 'syz.2.188': attribute type 10 has an invalid length.
[   79.541827][ T6445] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.544818][ T6445] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.547745][ T6445] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.551100][ T6445] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.557529][ T6445] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   79.663653][ T6456] netlink: 40 bytes leftover after parsing attributes in process `syz.2.192'.
[   79.744599][ T6459] netlink: 12 bytes leftover after parsing attributes in process `syz.1.194'.
[   79.760873][ T6459] vlan3: entered promiscuous mode
[   79.762601][ T6459] bond0: entered promiscuous mode
[   79.768005][ T6459] bond_slave_0: entered promiscuous mode
[   79.772358][ T6459] bond_slave_1: entered promiscuous mode
[   79.776240][ T6459] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[   79.914098][ T6473] netlink: 'syz.1.199': attribute type 10 has an invalid length.
[   79.917629][ T6473] netlink: 36 bytes leftover after parsing attributes in process `syz.1.199'.
[   79.942095][ T6473] netlink: 'syz.1.199': attribute type 12 has an invalid length.
[   79.944926][ T6473] netlink: 132 bytes leftover after parsing attributes in process `syz.1.199'.
[   79.950661][ T6472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   80.034192][ T6483] netlink: 36 bytes leftover after parsing attributes in process `syz.0.203'.
[   80.535381][ T6507] IPv6: NLM_F_REPLACE set, but no existing node found!
[   80.591787][ T6509] netlink: 32 bytes leftover after parsing attributes in process `syz.0.212'.
[   80.769283][ T6521] netlink: 112 bytes leftover after parsing attributes in process `syz.0.217'.
[   80.779091][ T6521] netlink: 12 bytes leftover after parsing attributes in process `syz.0.217'.
[   81.062971][   T24] hid-generic 0005:16BF:5505.0002: unknown main item tag 0x0
[   81.071198][   T24] hid-generic 0005:16BF:5505.0002: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   81.080527][ T6535] openvswitch: netlink: Flow key attr not present in new flow.
[   81.553276][ T6554] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   81.662047][ T6559] tipc: Started in network mode
[   81.664042][ T6559] tipc: Node identity 7263b063af8f, cluster identity 4711
[   81.667167][ T6559] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   81.671906][ T6559] syzkaller0: entered promiscuous mode
[   81.674097][ T6559] syzkaller0: entered allmulticast mode
[   81.693795][ T6559] tipc: Resetting bearer <eth:syzkaller0>
[   81.706199][ T6558] tipc: Resetting bearer <eth:syzkaller0>
[   81.717578][ T6558] tipc: Disabling bearer <eth:syzkaller0>
[   81.985581][ T6572] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   82.534587][ T5883] hid-generic 0005:16BF:5505.0003: unknown main item tag 0x0
[   82.540547][ T5883] hid-generic 0005:16BF:5505.0003: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   82.551887][ T6579] openvswitch: netlink: Message has 8 unknown bytes.
[   83.308967][ T6599] geneve3: entered promiscuous mode
[   83.311241][ T6599] geneve3: entered allmulticast mode
[   83.314684][   T13] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 35848 - 0
[   83.321216][   T13] netdevsim netdevsim1 netdevsim0: set [1, 2] type 2 family 0 port 60008 - 0
[   83.324948][   T13] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 35848 - 0
[   83.328995][   T13] netdevsim netdevsim1 netdevsim1: set [1, 2] type 2 family 0 port 60008 - 0
[   83.333024][   T13] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 35848 - 0
[   83.336643][   T13] netdevsim netdevsim1 netdevsim2: set [1, 2] type 2 family 0 port 60008 - 0
[   83.340321][   T13] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 35848 - 0
[   83.344850][   T13] netdevsim netdevsim1 netdevsim3: set [1, 2] type 2 family 0 port 60008 - 0
[   83.376528][ T6601] netlink: 'syz.1.250': attribute type 4 has an invalid length.
[   83.600316][ T6608] netlink: 'syz.2.253': attribute type 10 has an invalid length.
[   83.681620][ T6611] netlink: 'syz.2.253': attribute type 12 has an invalid length.
[   83.690942][ T6607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   84.103798][ T6627] netlink: 'syz.0.259': attribute type 10 has an invalid length.
[   84.120037][ T6627] netlink: 'syz.0.259': attribute type 12 has an invalid length.
[   84.125351][ T6626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   84.640743][ T6645] netlink: 'syz.2.266': attribute type 10 has an invalid length.
[   84.644274][ T6645] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.648049][ T6645] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.685758][ T6648] __nla_validate_parse: 17 callbacks suppressed
[   84.685773][ T6648] netlink: 16 bytes leftover after parsing attributes in process `syz.0.267'.
[   84.780897][ T6660] netlink: 'syz.1.269': attribute type 1 has an invalid length.
[   84.803586][ T6660] 8021q: adding VLAN 0 to HW filter on device bond4
[   84.821688][ T6660] vlan3: entered promiscuous mode
[   84.823372][ T6660] bond4: entered promiscuous mode
[   84.825132][ T6660] vlan3: entered allmulticast mode
[   84.826835][ T6660] bond4: entered allmulticast mode
[   84.835955][ T6660] netlink: 60 bytes leftover after parsing attributes in process `syz.1.269'.
[   84.863784][ T6669] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   84.890688][ T6671] IPVS: length: 178 != 24
[   85.014304][ T6684] netlink: 8 bytes leftover after parsing attributes in process `syz.2.281'.
[   85.017613][ T6684] netlink: 8 bytes leftover after parsing attributes in process `syz.2.281'.
[   85.021230][ T6684] netlink: 8 bytes leftover after parsing attributes in process `syz.2.281'.
[   85.133614][ T6693] netlink: 'syz.0.284': attribute type 1 has an invalid length.
[   85.136604][ T6693] netlink: 'syz.0.284': attribute type 2 has an invalid length.
[   85.140042][ T6693] netlink: 'syz.0.284': attribute type 2 has an invalid length.
[   85.142687][ T6693] netlink: 'syz.0.284': attribute type 2 has an invalid length.
[   85.145177][ T6693] netlink: 'syz.0.284': attribute type 1 has an invalid length.
[   85.147733][ T6693] netlink: 'syz.0.284': attribute type 1 has an invalid length.
[   85.319037][ T6707] vlan1: entered promiscuous mode
[   85.321148][ T6707] dummy0: entered promiscuous mode
[   85.369320][ T6708] netlink: 12 bytes leftover after parsing attributes in process `syz.2.291'.
[   85.433735][ T6713] netlink: 36 bytes leftover after parsing attributes in process `syz.0.292'.
[   85.448275][ T6713] netlink: 144 bytes leftover after parsing attributes in process `syz.0.292'.
[   85.456384][ T6713] netlink: 132 bytes leftover after parsing attributes in process `syz.0.292'.
[   85.462833][ T6712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.551823][ T6716] netlink: 76 bytes leftover after parsing attributes in process `syz.2.293'.
[   86.215655][ T6731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.499047][ T6403] hid-generic 0005:16BF:5505.0004: unknown main item tag 0x0
[   86.503357][ T6403] hid-generic 0005:16BF:5505.0004: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   86.513342][ T6736] openvswitch: netlink: Message has 8 unknown bytes.
[   86.534707][ T6740] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   86.620267][  T791] cfg80211: failed to load regulatory.db
[   86.673911][ T6742] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[   86.931149][ T6760] IPv6: NLM_F_REPLACE set, but no existing node found!
[   86.951156][ T6758] batman_adv: batadv0: Removing interface: batadv_slave_1
[   86.990306][ T6762] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   86.994681][ T6762] syzkaller0: entered promiscuous mode
[   86.997061][ T6762] syzkaller0: entered allmulticast mode
[   87.006990][ T6762] syzkaller0: left promiscuous mode
[   87.009541][ T6762] syzkaller0: left allmulticast mode
[   87.015582][ T6762] tipc: Resetting bearer <eth:syzkaller0>
[   88.009021][ T5883] tipc: Node number set to 3723276387
[   88.014380][ T6761] tipc: Resetting bearer <eth:syzkaller0>
[   88.025335][ T6761] tipc: Disabling bearer <eth:syzkaller0>
[   88.244723][ T6784] IPv6: Can't replace route, no match found
[   88.571050][ T6811] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   88.571345][ T6403] hid-generic 0005:16BF:5505.0005: unknown main item tag 0x0
[   88.577417][ T6403] hid-generic 0005:16BF:5505.0005: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   88.584805][ T6808] openvswitch: netlink: Message has 8 unknown bytes.
[   89.103352][ T6819] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   89.495843][ T6826] IPv6: NLM_F_REPLACE set, but no existing node found!
[   89.695273][ T6844] bridge_slave_0: left allmulticast mode
[   89.697216][ T6844] bridge_slave_0: left promiscuous mode
[   89.702834][ T6844] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.708447][ T6844] bridge_slave_1: left allmulticast mode
[   89.711594][ T6844] bridge_slave_1: left promiscuous mode
[   89.714229][ T6844] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.722565][ T6844] bond0: (slave bond_slave_0): Releasing backup interface
[   89.725743][ T6844] bond_slave_0: left promiscuous mode
[   89.733585][ T6844] bond0: (slave bond_slave_1): Releasing backup interface
[   89.740745][ T6844] bond_slave_1: left promiscuous mode
[   89.751264][ T6844] team0: Port device team_slave_0 removed
[   89.762509][ T6844] team0: Port device team_slave_1 removed
[   89.765187][ T6844] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.770702][ T6844] batman_adv: batadv0: Removing interface: batadv_slave_0
[   89.775849][ T6844] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.777766][ T6853] __nla_validate_parse: 16 callbacks suppressed
[   89.777777][ T6853] netlink: 84 bytes leftover after parsing attributes in process `syz.0.345'.
[   89.780108][ T6844] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.813029][ T6844] bond0: (slave wlan1): Releasing backup interface
[   89.820311][ T6844] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[   89.880389][ T6858] validate_nla: 7 callbacks suppressed
[   89.880410][ T6858] netlink: 'syz.0.347': attribute type 4 has an invalid length.
[   89.890926][ T6858] netlink: 'syz.0.347': attribute type 4 has an invalid length.
[   90.433498][ T5883] hid-generic 0005:16BF:5505.0006: unknown main item tag 0x0
[   90.442096][ T5883] hid-generic 0005:16BF:5505.0006: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[   90.457026][ T6875] netlink: 8 bytes leftover after parsing attributes in process `syz.0.352'.
[   90.469417][ T6875] openvswitch: netlink: Message has 8 unknown bytes.
[   90.557534][ T6890] netlink: 20 bytes leftover after parsing attributes in process `syz.2.356'.
[   90.670057][ T6901] IPv6: NLM_F_REPLACE set, but no existing node found!
[   90.682678][ T6902] Unsupported ieee802154 address type: 0
[   90.717661][ T6906] netlink: 'syz.2.364': attribute type 10 has an invalid length.
[   90.726963][ T6906] netlink: 36 bytes leftover after parsing attributes in process `syz.2.364'.
[   90.752377][ T6906] netlink: 144 bytes leftover after parsing attributes in process `syz.2.364'.
[   90.769426][ T6906] netlink: 'syz.2.364': attribute type 12 has an invalid length.
[   90.772490][ T6906] netlink: 132 bytes leftover after parsing attributes in process `syz.2.364'.
[   90.777660][ T6905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   90.806023][ T6912] syzkaller1: entered promiscuous mode
[   90.809705][ T6912] syzkaller1: entered allmulticast mode
[   90.876985][ T6917] IPv6: Can't replace route, no match found
[   90.971051][ T6923] netlink: 84 bytes leftover after parsing attributes in process `syz.1.372'.
[   91.277217][ T6949] netlink: 'syz.0.381': attribute type 1 has an invalid length.
[   91.308206][ T6949] netlink: 52 bytes leftover after parsing attributes in process `syz.0.381'.
[   91.516896][ T6955] netlink: 24 bytes leftover after parsing attributes in process `syz.2.383'.
[   91.693494][ T6963] netlink: 'syz.0.387': attribute type 10 has an invalid length.
[   91.782958][ T6967] geneve2: entered promiscuous mode
[   91.784633][ T6967] geneve2: entered allmulticast mode
[   91.916575][ T6974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.391'.
[   92.080726][ T6984] syzkaller1: entered promiscuous mode
[   92.083156][ T6984] syzkaller1: entered allmulticast mode
[   92.169584][ T6989] netlink: 'syz.2.396': attribute type 1 has an invalid length.
[   92.219604][ T6994] batman_adv: batadv0: Adding interface: dummy0
[   92.221896][ T6994] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.236610][ T6994] batman_adv: batadv0: Interface activated: dummy0
[   92.251832][ T6994] batadv0: mtu less than device minimum
[   92.254798][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.258988][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.263254][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.267271][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.271336][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.275423][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.279516][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.284087][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.288046][ T6994] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   92.525782][ T7016] netlink: 'syz.2.406': attribute type 10 has an invalid length.
[   92.563218][ T7018] netlink: 'syz.1.407': attribute type 21 has an invalid length.
[   92.572765][ T7016] netlink: 'syz.2.406': attribute type 12 has an invalid length.
[   92.578035][ T7015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   94.528714][ T7123] batman_adv: batadv0: Removing interface: batadv_slave_0
[   95.290918][ T7128] syzkaller0: entered promiscuous mode
[   95.292654][ T7128] syzkaller0: entered allmulticast mode
[   95.396299][ T7135] __nla_validate_parse: 17 callbacks suppressed
[   95.396311][ T7135] netlink: 64 bytes leftover after parsing attributes in process `syz.2.440'.
[   96.152677][ T7147] validate_nla: 5 callbacks suppressed
[   96.152697][ T7147] netlink: 'syz.2.446': attribute type 1 has an invalid length.
[   96.157233][ T7147] netlink: 'syz.2.446': attribute type 2 has an invalid length.
[   96.160782][ T7147] netlink: 224 bytes leftover after parsing attributes in process `syz.2.446'.
[   96.342816][ T7155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.448'.
[   96.407958][ T7155] batman_adv: batadv0: Interface deactivated: dummy0
[   96.410759][ T7155] batman_adv: batadv0: Removing interface: dummy0
[   97.084887][ T7157] netlink: 16 bytes leftover after parsing attributes in process `syz.2.451'.
[   97.091917][ T7159] Unsupported ieee802154 address type: 0
[   97.095832][ T7157] bond0: (slave bridge0): Releasing backup interface
[   97.108216][ T7157] bond0: (slave team0): Releasing backup interface
[   97.115125][ T7157] bridge_slave_0: left allmulticast mode
[   97.116919][ T7157] bridge_slave_0: left promiscuous mode
[   97.125969][ T7157] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.131540][ T7157] bridge_slave_1: left allmulticast mode
[   97.133265][ T7157] bridge_slave_1: left promiscuous mode
[   97.135043][ T7157] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.142280][ T7157] bond0: (slave bond_slave_0): Releasing backup interface
[   97.149687][ T7157] bond0: (slave bond_slave_1): Releasing backup interface
[   97.158633][ T7157] team0: Port device team_slave_0 removed
[   97.165523][ T7157] team0: Port device team_slave_1 removed
[   97.167689][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.172381][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.175413][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.177756][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.186146][ T7157] bond0: (slave wlan1): Releasing backup interface
[   97.191502][ T7163] bridge: RTM_NEWNEIGH with invalid ether address
[   97.265083][ T7171] netlink: 20 bytes leftover after parsing attributes in process `syz.2.454'.
[   97.451414][ T7189] netlink: 24 bytes leftover after parsing attributes in process `syz.1.460'.
[   97.505335][ T7194] netlink: 12 bytes leftover after parsing attributes in process `syz.0.462'.
[   97.538984][ T7198] netlink: 84 bytes leftover after parsing attributes in process `syz.1.463'.
[   97.618287][ T7202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.465'.
[   97.628548][ T7202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.465'.
[   97.653355][ T7204] ip6gre1: entered allmulticast mode
[   97.780466][ T7218] IPv6: NLM_F_REPLACE set, but no existing node found!
[   97.807646][ T7220] net_ratelimit: 10 callbacks suppressed
[   97.807676][ T7220] openvswitch: netlink: Flow key attr not present in new flow.
[   97.892158][ T7224] bridge_slave_0: left allmulticast mode
[   97.894163][ T7224] bridge_slave_0: left promiscuous mode
[   97.896295][ T7224] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.901983][ T7224] bridge_slave_1: left allmulticast mode
[   97.903885][ T7224] bridge_slave_1: left promiscuous mode
[   97.905767][ T7224] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.912473][ T7224] bond0: (slave bond_slave_0): Releasing backup interface
[   97.916357][ T7224] bond0: (slave bond_slave_1): Releasing backup interface
[   97.920464][ T7224] team0: Port device team_slave_0 removed
[   97.923586][ T7224] team0: Port device team_slave_1 removed
[   97.926367][ T7224] bond0: (slave wlan1): Releasing backup interface
[   97.944571][ T7224] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check.
[   98.010257][ T7228] openvswitch: netlink: nsh attribute has 2338 unknown bytes.
[   98.012828][ T7228] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   98.384354][ T7241] A link change request failed with some changes committed already. Interface team_slave_1 may have been left with an inconsistent configuration, please check.
[   98.771245][ T7251] netlink: 'syz.1.484': attribute type 1 has an invalid length.
[  100.768675][ T7308] netlink: 'syz.0.500': attribute type 1 has an invalid length.
[  100.807457][ T7308] 8021q: adding VLAN 0 to HW filter on device bond3
[  100.851261][ T7308] 8021q: adding VLAN 0 to HW filter on device bond3
[  100.853631][ T7308] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[  100.858147][ T7308] bond3: (slave vxcan3): Error -95 calling set_mac_address
[  100.863962][ T7318] __nla_validate_parse: 12 callbacks suppressed
[  100.863980][ T7318] netlink: 104 bytes leftover after parsing attributes in process `syz.2.504'.
[  100.875547][ T7318] netlink: 'syz.2.504': attribute type 1 has an invalid length.
[  100.879783][ T7318] netlink: 228 bytes leftover after parsing attributes in process `syz.2.504'.
[  100.886919][ T7318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.504'.
[  100.887007][ T7319] veth3: entered promiscuous mode
[  100.896220][ T7319] bond3: (slave veth3): Enslaving as an active interface with a down link
[  101.117013][ T7338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.510'.
[  101.121725][ T7338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.510'.
[  101.124796][ T7338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.510'.
[  101.421430][ T7354] IPVS: length: 41 != 24600
[  101.499321][ T7359] netlink: 36 bytes leftover after parsing attributes in process `syz.2.516'.
[  101.836815][ T7384] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  101.955818][ T7396] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  101.961550][ T7396] syzkaller0: entered promiscuous mode
[  101.963329][ T7396] syzkaller0: entered allmulticast mode
[  101.972130][ T7396] tipc: Resetting bearer <eth:syzkaller0>
[  101.979215][ T7394] tipc: Resetting bearer <eth:syzkaller0>
[  101.993927][ T7394] tipc: Disabling bearer <eth:syzkaller0>
[  102.003623][ T7389] netlink: 12 bytes leftover after parsing attributes in process `syz.1.525'.
[  102.097041][ T7407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.532'.
[  102.104700][ T7407] netlink: 'syz.1.532': attribute type 5 has an invalid length.
[  102.108053][ T7407] netlink: 20 bytes leftover after parsing attributes in process `syz.1.532'.
[  102.121729][ T7407] geneve4: entered promiscuous mode
[  102.124034][ T7407] geneve4: entered allmulticast mode
[  102.128425][ T5875] netdevsim netdevsim1 netdevsim0: set [1, 3] type 2 family 0 port 256 - 0
[  102.131954][ T5875] netdevsim netdevsim1 netdevsim1: set [1, 3] type 2 family 0 port 256 - 0
[  102.135440][ T5875] netdevsim netdevsim1 netdevsim2: set [1, 3] type 2 family 0 port 256 - 0
[  102.141001][ T5875] netdevsim netdevsim1 netdevsim3: set [1, 3] type 2 family 0 port 256 - 0
[  102.152425][ T7409] netlink: 'syz.2.534': attribute type 21 has an invalid length.
[  102.155515][ T7409] netlink: 'syz.2.534': attribute type 22 has an invalid length.
[  102.158705][ T7409] netlink: 'syz.2.534': attribute type 23 has an invalid length.
[  102.161888][ T7409] netlink: 'syz.2.534': attribute type 25 has an invalid length.
[  102.164973][ T7409] netlink: 'syz.2.534': attribute type 26 has an invalid length.
[  102.221052][ T7415] netlink: 'syz.1.536': attribute type 10 has an invalid length.
[  102.230580][ T7415] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  102.239440][ T7415] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  102.267069][ T7415] netlink: 'syz.1.536': attribute type 12 has an invalid length.
[  102.272595][ T7414] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  102.401373][ T7426] pimreg3: entered allmulticast mode
[  102.431881][ T7430] netlink: 'syz.0.541': attribute type 1 has an invalid length.
[  102.449654][ T7430] 8021q: adding VLAN 0 to HW filter on device bond4
[  102.462421][ T7434] gretap1: entered promiscuous mode
[  102.467708][ T7434] bond4: (slave gretap1): making interface the new active one
[  102.471036][ T7434] bond4: (slave gretap1): Enslaving as an active interface with an up link
[  102.521822][ T7439] openvswitch: netlink: IPv4 tunnel dst address is zero
[  102.545857][ T7441] pimreg3: entered allmulticast mode
[  102.557558][ T7441] sctp: [Deprecated]: syz.2.545 (pid 7441) Use of int in maxseg socket option.
[  102.557558][ T7441] Use struct sctp_assoc_value instead
[  102.600429][ T7446] nbd: illegal input index -1
[  102.892814][ T7470] syzkaller1: entered promiscuous mode
[  102.895121][ T7470] syzkaller1: entered allmulticast mode
[  102.933326][ T5883] hid-generic 0005:16BF:5505.0007: unknown main item tag 0x0
[  102.937397][ T5883] hid-generic 0005:16BF:5505.0007: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  102.943431][ T7474] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  102.986465][ T7484] bridge0: entered promiscuous mode
[  103.059365][ T7493] xt_socket: unknown flags 0xd0
[  103.066525][ T7494] xt_socket: unknown flags 0xd0
[  103.088434][ T5852] Bluetooth: hci2: command 0x0405 tx timeout
[  103.417548][ T7531] IPv6: Can't replace route, no match found
[  103.738186][ T7542] netlink: 'syz.2.578': attribute type 10 has an invalid length.
[  103.744517][ T7542] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  103.761571][ T7541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  104.265219][ T7558] bridge0: entered promiscuous mode
[  104.371513][ T7565] IPv6: Can't replace route, no match found
[  104.688308][ T7589] syzkaller1: entered promiscuous mode
[  104.690570][ T7589] syzkaller1: entered allmulticast mode
[  104.916557][ T7603] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  105.076664][ T7607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  105.430522][ T7611] syzkaller1: entered promiscuous mode
[  105.432952][ T7611] syzkaller1: entered allmulticast mode
[  105.793764][ T7631] Illegal XDP return value 4294967289 on prog  (id 120) dev N/A, expect packet loss!
[  106.477199][ T7636] delete_channel: no stack
[  106.560067][ T7644] __nla_validate_parse: 28 callbacks suppressed
[  106.560081][ T7644] netlink: 48 bytes leftover after parsing attributes in process `syz.1.616'.
[  106.656517][ T7652] netlink: 4 bytes leftover after parsing attributes in process `syz.2.619'.
[  106.729477][ T7657] netlink: 36 bytes leftover after parsing attributes in process `syz.2.621'.
[  106.771490][ T7657] netlink: 144 bytes leftover after parsing attributes in process `syz.2.621'.
[  106.775951][ T7657] netlink: 132 bytes leftover after parsing attributes in process `syz.2.621'.
[  106.780016][ T7655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  107.479856][ T7669] netlink: 4 bytes leftover after parsing attributes in process `syz.2.624'.
[  107.756944][ T7687] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  107.914326][ T7695] bond_slave_0: entered promiscuous mode
[  107.916588][ T7695] bond_slave_0: entered allmulticast mode
[  107.994529][ T7700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.633'.
[  107.997462][ T7700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.633'.
[  108.000490][ T7700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.633'.
[  108.408205][ T7708] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  108.411048][ T7708] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  108.529407][ T7711] netlink: 132 bytes leftover after parsing attributes in process `syz.1.637'.
[  108.545075][ T7711] validate_nla: 8 callbacks suppressed
[  108.545089][ T7711] netlink: 'syz.1.637': attribute type 1 has an invalid length.
[  108.759341][ T7725] netlink: 'syz.0.643': attribute type 10 has an invalid length.
[  108.794641][ T7725] netlink: 'syz.0.643': attribute type 12 has an invalid length.
[  108.801153][ T7724] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  108.807773][ T7726] netlink: 'syz.1.641': attribute type 1 has an invalid length.
[  109.086911][ T7735] IPv6: NLM_F_REPLACE set, but no existing node found!
[  109.298554][ T7745] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  109.941161][ T7791] syzkaller1: entered promiscuous mode
[  109.944151][ T7791] syzkaller1: entered allmulticast mode
[  110.128589][ T7798] syzkaller1: entered promiscuous mode
[  110.130505][ T7798] syzkaller1: entered allmulticast mode
[  110.452709][ T7812] IPv6: NLM_F_REPLACE set, but no existing node found!
[  110.497176][ T7815] syzkaller0: entered promiscuous mode
[  110.505602][ T7815] syzkaller0: entered allmulticast mode
[  110.511269][ T7814] tipc: Started in network mode
[  110.513489][ T7814] tipc: Node identity , cluster identity 4711
[  110.515965][ T7814] tipc: Failed to obtain node identity
[  110.518817][ T7814] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  111.420190][ T7831] sctp: [Deprecated]: syz.1.678 (pid 7831) Use of int in max_burst socket option deprecated.
[  111.420190][ T7831] Use struct sctp_assoc_value instead
[  111.460164][ T7830] netlink: 'syz.0.680': attribute type 10 has an invalid length.
[  111.492435][ T7830] netlink: 'syz.0.680': attribute type 12 has an invalid length.
[  111.495924][ T7827] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  111.551624][ T7840] netlink: 'syz.2.685': attribute type 6 has an invalid length.
[  111.738078][ T7846] IPv6: Can't replace route, no match found
[  112.265034][ T7869] __nla_validate_parse: 22 callbacks suppressed
[  112.265048][ T7869] netlink: 92 bytes leftover after parsing attributes in process `syz.0.695'.
[  112.477799][ T7875] netlink: 4 bytes leftover after parsing attributes in process `syz.0.696'.
[  113.160582][ T7879] netlink: 8 bytes leftover after parsing attributes in process `syz.2.697'.
[  113.163568][ T7879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.697'.
[  113.166286][ T7879] netlink: 'syz.2.697': attribute type 15 has an invalid length.
[  113.173048][ T7879] netlink: 'syz.2.697': attribute type 18 has an invalid length.
[  113.239502][ T7887] netlink: 8 bytes leftover after parsing attributes in process `syz.2.701'.
[  113.242641][ T7887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.701'.
[  113.246945][ T7887] netlink: 8 bytes leftover after parsing attributes in process `syz.2.701'.
[  113.253756][ T7887] netlink: 'syz.2.701': attribute type 5 has an invalid length.
[  113.256944][ T7887] netlink: 20 bytes leftover after parsing attributes in process `syz.2.701'.
[  113.264747][ T7887] geneve2: entered promiscuous mode
[  113.266431][ T7887] geneve2: entered allmulticast mode
[  113.270307][ T5876] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  113.277614][ T5876] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  113.282831][ T5876] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  113.287367][ T5876] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  113.303024][ T7891] netlink: 24 bytes leftover after parsing attributes in process `syz.2.703'.
[  113.308399][ T7883] vlan1: entered promiscuous mode
[  113.310584][ T7883] veth0: entered promiscuous mode
[  113.359958][ T7896] netlink: 8 bytes leftover after parsing attributes in process `syz.1.702'.
[  113.525036][ T7907] !: renamed from dummy0
[  113.574229][ T7909] IPv6: Can't replace route, no match found
[  113.692880][   T55] Bluetooth: hci2: link tx timeout
[  113.695616][   T55] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  113.745889][ T7917] IPv6: addrconf: prefix option has invalid lifetime
[  114.238385][ T7931] netlink: 'syz.0.717': attribute type 10 has an invalid length.
[  114.242800][ T7931] bridge0: left promiscuous mode
[  114.677099][ T7959] IPv6: Can't replace route, no match found
[  114.745863][ T7963] netlink: 'syz.0.728': attribute type 21 has an invalid length.
[  115.214304][ T7980] IPv6: NLM_F_REPLACE set, but no existing node found!
[  115.263743][ T7982] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  115.266680][ T7982] syzkaller0: entered promiscuous mode
[  115.278031][ T7982] syzkaller0: entered allmulticast mode
[  115.311856][ T7982] tipc: Resetting bearer <eth:syzkaller0>
[  115.320316][ T7981] tipc: Resetting bearer <eth:syzkaller0>
[  115.332408][ T7981] tipc: Disabling bearer <eth:syzkaller0>
[  115.533422][ T7988] netlink: 'syz.1.736': attribute type 1 has an invalid length.
[  115.728114][ T5852] Bluetooth: hci2: command 0x0405 tx timeout
[  115.761048][ T8005] bond0: option resend_igmp: invalid value (18446744072065384451)
[  115.763486][ T8005] bond0: option resend_igmp: allowed values 0 - 255
[  116.015697][ T8027] gretap1: entered promiscuous mode
[  116.019191][ T8027] gretap1: entered allmulticast mode
[  116.242074][ T8052] netlink: 'syz.0.758': attribute type 1 has an invalid length.
[  116.265579][ T8052] 8021q: adding VLAN 0 to HW filter on device bond5
[  116.370415][ T8069] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  116.732877][ T8097] IPv6: NLM_F_REPLACE set, but no existing node found!
[  116.804696][ T8104] tipc: Started in network mode
[  116.806230][ T8104] tipc: Node identity 8edf9a1fdfa1, cluster identity 4711
[  116.810516][ T8104] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  116.812697][ T8105] syzkaller0: entered promiscuous mode
[  116.814536][ T8105] syzkaller0: entered allmulticast mode
[  116.825840][ T8106] tipc: Resetting bearer <eth:syzkaller0>
[  116.836887][ T8106] tipc: Disabling bearer <eth:syzkaller0>
[  117.111322][ T8127] netlink: 'syz.2.783': attribute type 29 has an invalid length.
[  117.114665][ T8127] netlink: 'syz.2.783': attribute type 29 has an invalid length.
[  117.157674][ T8130] netlink: 'syz.0.784': attribute type 29 has an invalid length.
[  118.040993][ T8149] __nla_validate_parse: 19 callbacks suppressed
[  118.041005][ T8149] netlink: 84 bytes leftover after parsing attributes in process `syz.0.788'.
[  118.141395][ T8164] netlink: 830 bytes leftover after parsing attributes in process `syz.0.793'.
[  118.153165][ T8166] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  118.190248][ T8169] rose0: entered allmulticast mode
[  118.194170][ T8170] netlink: 'syz.2.796': attribute type 10 has an invalid length.
[  118.199394][ T8170] netlink: 36 bytes leftover after parsing attributes in process `syz.2.796'.
[  118.206546][ T8170] netlink: 144 bytes leftover after parsing attributes in process `syz.2.796'.
[  118.211823][ T8170] netlink: 'syz.2.796': attribute type 12 has an invalid length.
[  118.214374][ T8170] netlink: 132 bytes leftover after parsing attributes in process `syz.2.796'.
[  118.218418][ T8168] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  118.860986][ T8197] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  118.958685][ T8201] syzkaller0: entered promiscuous mode
[  118.960739][ T8201] syzkaller0: entered allmulticast mode
[  119.359520][ T8229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.820'.
[  119.363097][ T8229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.820'.
[  119.366701][ T8229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.820'.
[  119.478713][   T56] block nbd0: Receive control failed (result -32)
[  119.680779][ T8242] netlink: 'syz.0.826': attribute type 10 has an invalid length.
[  119.694183][ T8242] netlink: 36 bytes leftover after parsing attributes in process `syz.0.826'.
[  119.703477][ T8242] netlink: 144 bytes leftover after parsing attributes in process `syz.0.826'.
[  119.709578][ T8242] netlink: 'syz.0.826': attribute type 12 has an invalid length.
[  119.715015][ T8241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  120.666258][ T8274] sctp: [Deprecated]: syz.1.837 (pid 8274) Use of struct sctp_assoc_value in delayed_ack socket option.
[  120.666258][ T8274] Use struct sctp_sack_info instead
[  120.717152][ T8281] syzkaller0: entered promiscuous mode
[  120.719671][ T8281] syzkaller0: entered allmulticast mode
[  121.615194][ T8314] IPv6: NLM_F_REPLACE set, but no existing node found!
[  121.853295][ T8329] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  122.697142][ T8349] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.701587][ T8349] syzkaller0: entered promiscuous mode
[  122.703578][ T8349] syzkaller0: entered allmulticast mode
[  122.720279][ T8349] tipc: Resetting bearer <eth:syzkaller0>
[  122.727134][ T8347] tipc: Resetting bearer <eth:syzkaller0>
[  122.739841][ T8347] tipc: Disabling bearer <eth:syzkaller0>
[  122.878148][ T8360] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  122.881037][ T8360] syzkaller0: entered promiscuous mode
[  122.882895][ T8360] syzkaller0: entered allmulticast mode
[  122.899934][ T8360] tipc: Resetting bearer <eth:syzkaller0>
[  122.903185][ T8359] tipc: Resetting bearer <eth:syzkaller0>
[  122.912508][ T8359] tipc: Disabling bearer <eth:syzkaller0>
[  123.331461][ T8384] syzkaller1: entered promiscuous mode
[  123.333561][ T8384] syzkaller1: entered allmulticast mode
[  123.696497][ T8399] __nla_validate_parse: 9 callbacks suppressed
[  123.696517][ T8399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.881'.
[  123.701526][ T8399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.881'.
[  123.704408][ T8399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.881'.
[  124.523290][ T8412] RDS: rds_bind could not find a transport for fe88::3, load rds_tcp or rds_rdma?
[  124.533025][ T8412] ieee802154 phy0 wpan0: encryption failed: -22
[  124.828195][ T8432] netlink: 24 bytes leftover after parsing attributes in process `syz.0.894'.
[  124.831186][ T8432] netlink: 'syz.0.894': attribute type 1 has an invalid length.
[  124.833805][ T8432] netlink: 32 bytes leftover after parsing attributes in process `syz.0.894'.
[  125.196314][ T8453] netlink: 20 bytes leftover after parsing attributes in process `syz.0.902'.
[  125.242297][ T8455] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  125.379917][ T8461] netlink: 40 bytes leftover after parsing attributes in process `syz.0.907'.
[  125.556653][ T8474] netlink: 24 bytes leftover after parsing attributes in process `syz.0.910'.
[  125.557586][ T8473] netlink: 'syz.2.911': attribute type 10 has an invalid length.
[  125.573298][ T8473] netlink: 36 bytes leftover after parsing attributes in process `syz.2.911'.
[  125.581692][ T8473] netlink: 144 bytes leftover after parsing attributes in process `syz.2.911'.
[  125.585880][ T8473] netlink: 'syz.2.911': attribute type 12 has an invalid length.
[  125.590064][ T8471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  126.144383][ T8493] syzkaller0: entered promiscuous mode
[  126.146547][ T8493] syzkaller0: entered allmulticast mode
[  126.150582][ T8492] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  126.157288][ T8492] tipc: Resetting bearer <eth:syzkaller0>
[  126.176947][ T8491] tipc: Resetting bearer <eth:syzkaller0>
[  126.195930][ T8491] tipc: Disabling bearer <eth:syzkaller0>
[  126.432588][ T8512] netlink: 'syz.2.923': attribute type 10 has an invalid length.
[  126.438597][ T8512] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  126.574064][ T8517] netlink: 'syz.0.924': attribute type 46 has an invalid length.
[  126.625065][ T8525] IPv6: Can't replace route, no match found
[  127.030520][ T8564] wg1: entered promiscuous mode
[  127.032434][ T8564] wg1: entered allmulticast mode
[  127.190218][ T8584] netlink: 'syz.2.947': attribute type 1 has an invalid length.
[  127.264133][ T8588] syzkaller1: entered promiscuous mode
[  127.266451][ T8588] syzkaller1: entered allmulticast mode
[  127.501210][ T8612] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  127.504166][ T8612] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  127.506947][ T8612] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  127.514827][ T8612] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  127.522943][ T8612] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  127.525693][ T8612] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  127.986090][ T8644] openvswitch: netlink: Message has 5 unknown bytes.
[  128.003287][ T8644] syzkaller1: entered promiscuous mode
[  128.005524][ T8644] syzkaller1: entered allmulticast mode
[  128.164169][ T8656] netlink: 'syz.1.970': attribute type 10 has an invalid length.
[  128.186078][ T8656] netlink: 'syz.1.970': attribute type 12 has an invalid length.
[  128.192745][ T8655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  128.315165][ T8661] bond0: (slave bridge0): Releasing backup interface
[  128.343656][ T8661] bond0: (slave wlan1): Releasing backup interface
[  128.356894][ T8661] vlan0: entered promiscuous mode
[  128.375608][ T8661] team0: Port device vlan0 added
[  128.380170][ T8661] netlink: 'syz.2.972': attribute type 2 has an invalid length.
[  128.383527][ T8661] tipc: Enabled bearer <eth:team0>, priority 0
[  128.542743][ T8669] bridge0: entered promiscuous mode
[  128.561567][ T8672] netlink: 'syz.2.977': attribute type 39 has an invalid length.
[  128.565444][ T8671] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[  128.732201][ T8681] __nla_validate_parse: 19 callbacks suppressed
[  128.732214][ T8681] netlink: 40 bytes leftover after parsing attributes in process `syz.2.979'.
[  128.866787][ T8684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.981'.
[  128.892059][ T8684] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  128.896595][ T8684] bond5: (slave vxcan3): Error -95 calling set_mac_address
[  128.941335][ T8686] macvlan2: entered promiscuous mode
[  128.943477][ T8686] macvlan2: entered allmulticast mode
[  128.946060][ T8686] bond5: (slave macvlan2): Error -98 calling set_mac_address
[  128.994819][ T8684] dvmrp1: entered allmulticast mode
[  128.997776][ T8684] dvmrp1: left allmulticast mode
[  129.221825][ T8688] bridge0: left promiscuous mode
[  129.229207][ T8688] bridge0: entered promiscuous mode
[  129.231420][ T8688] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  129.394690][ T8697] netlink: 8 bytes leftover after parsing attributes in process `syz.1.986'.
[  129.398391][ T8697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.986'.
[  129.560829][ T8704] bond6: entered promiscuous mode
[  129.566234][ T8704] 8021q: adding VLAN 0 to HW filter on device bond6
[  129.595237][ T8704] bond6: (slave bridge1): making interface the new active one
[  129.599968][ T8704] bridge1: entered promiscuous mode
[  129.602677][ T8704] bond6: (slave bridge1): Enslaving as an active interface with an up link
[  129.607731][ T8712] IPv6: NLM_F_REPLACE set, but no existing node found!
[  129.631988][ T8715] netlink: 28 bytes leftover after parsing attributes in process `syz.1.990'.
[  129.660525][ T8721] pimreg: entered allmulticast mode
[  129.665309][ T8721] pimreg: left allmulticast mode
[  129.939030][ T8741] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1001'.
[  129.944247][ T8741] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1001'.
[  130.076774][ T8752] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1005'.
[  130.261380][ T8762] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1007'.
[  130.733079][ T8780] delete_channel: no stack
[  130.922235][ T8801] IPv6: Can't replace route, no match found
[  131.132366][ T8816] syzkaller1: entered promiscuous mode
[  131.134379][ T8816] syzkaller1: entered allmulticast mode
[  131.140106][ T8816] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 324
[  131.407602][ T8829] IPv6: NLM_F_REPLACE set, but no existing node found!
[  131.437317][ T8831] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1034'.
[  131.514351][ T8835] validate_nla: 35 callbacks suppressed
[  131.514370][ T8835] netlink: 'syz.1.1036': attribute type 10 has an invalid length.
[  131.649710][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[  131.857127][ T8842] macvtap1: entered allmulticast mode
[  131.862238][ T8842] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  131.867714][ T8842] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[  131.942750][ T8850] IPv6: Can't replace route, no match found
[  132.092380][ T8860] netlink: 'syz.2.1046': attribute type 10 has an invalid length.
[  132.097807][ T8860] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  132.342072][ T8892] IPv6: NLM_F_REPLACE set, but no existing node found!
[  132.608425][ T8914] netlink: 'syz.1.1065': attribute type 12 has an invalid length.
[  132.617981][ T8914] netlink: 'syz.1.1065': attribute type 11 has an invalid length.
[  132.655665][ T8918] IPVS: set_ctl: invalid protocol: 115 255.255.255.255:20004
[  132.701092][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.809231][ T8939] syzkaller0: entered promiscuous mode
[  132.811018][ T8939] syzkaller0: entered allmulticast mode
[  132.814189][ T8938] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  132.846441][ T8938] tipc: Resetting bearer <eth:syzkaller0>
[  132.861928][ T8938] tipc: Disabling bearer <eth:syzkaller0>
[  133.061312][ T8959] netlink: 'syz.0.1079': attribute type 16 has an invalid length.
[  133.853614][ T8975] __nla_validate_parse: 15 callbacks suppressed
[  133.853628][ T8975] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1083'.
[  133.897774][ T8968] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.1081'.
[  134.047385][ T8989] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1087'.
[  134.058053][ T8991] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  134.150356][ T9000] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1092'.
[  134.253731][ T8997] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1090'.
[  134.410701][ T9015] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1096'.
[  134.417322][ T9015] netlink: 'syz.0.1096': attribute type 6 has an invalid length.
[  134.485709][ T9022] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1099'.
[  134.537968][ T9026] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1100'.
[  134.692275][ T9038] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1104'.
[  134.711907][ T9038] netlink: 'syz.0.1104': attribute type 1 has an invalid length.
[  134.716085][ T9038] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1104'.
[  134.935312][ T9049] netlink: 'syz.2.1109': attribute type 10 has an invalid length.
[  135.131775][ T7165] hid-generic 0005:16BF:5505.0008: unknown main item tag 0x0
[  135.152830][ T7165] hid-generic 0005:16BF:5505.0008: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  135.168472][ T9067] openvswitch: netlink: Missing key (keys=40, expected=100)
[  135.244711][ T9072] netlink: 'syz.1.1117': attribute type 3 has an invalid length.
[  135.259670][ T9072] netlink: 'syz.1.1117': attribute type 7 has an invalid length.
[  135.486601][ T9095] netlink: zone id is out of range
[  135.582119][ T9107] IPv6: NLM_F_REPLACE set, but no existing node found!
[  136.395886][ T9147] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  136.410457][ T9150] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  136.414816][ T9150] syzkaller0: entered promiscuous mode
[  136.417023][ T9150] syzkaller0: entered allmulticast mode
[  136.435764][ T9150] tipc: Resetting bearer <eth:syzkaller0>
[  136.440518][ T9149] tipc: Resetting bearer <eth:syzkaller0>
[  136.450870][ T9149] tipc: Disabling bearer <eth:syzkaller0>
[  136.531240][ T9152] IPv6: NLM_F_REPLACE set, but no existing node found!
[  136.590768][ T9158] IPVS: set_ctl: invalid protocol: 51 172.20.20.187:20004
[  136.753579][ T9175] syzkaller1: entered promiscuous mode
[  136.755753][ T9175] syzkaller1: entered allmulticast mode
[  137.203802][ T9201] syzkaller1: entered promiscuous mode
[  137.205804][ T9201] syzkaller1: entered allmulticast mode
[  137.719583][ T9214] validate_nla: 2 callbacks suppressed
[  137.719597][ T9214] netlink: 'syz.2.1168': attribute type 10 has an invalid length.
[  138.267307][ T5883] hid-generic 0005:16BF:5505.0009: unknown main item tag 0x0
[  138.274785][ T5883] hid-generic 0005:16BF:5505.0009: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  138.283215][ T9240] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  138.286134][ T9240] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  138.812433][ T9281] bridge0: entered promiscuous mode
[  138.993962][ T9299] __nla_validate_parse: 25 callbacks suppressed
[  138.993979][ T9299] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1198'.
[  139.134690][ T5883] hid-generic 0005:16BF:5505.000A: unknown main item tag 0x0
[  139.139312][ T5883] hid-generic 0005:16BF:5505.000A: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  139.147770][ T9305] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1199'.
[  139.154230][ T9305] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  139.157320][ T9305] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  139.397527][ T9321] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1203'.
[  139.456379][ T9324] syzkaller1: entered promiscuous mode
[  139.460726][ T9324] syzkaller1: entered allmulticast mode
[  139.652817][ T9330] netlink: 'syz.0.1206': attribute type 1 has an invalid length.
[  139.655940][ T9330] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1206'.
[  139.720578][ T9332] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1207'.
[  139.796161][ T9336] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (71)
[  139.803225][ T9336] Bluetooth: MGMT ver 1.23
[  139.807409][ T9336] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1209'.
[  139.810305][ T9336] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1209'.
[  139.987287][ T9342] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1212'.
[  139.993597][ T9342] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  140.037465][ T5892] hid-generic 0005:16BF:5505.000B: unknown main item tag 0x0
[  140.047456][ T5892] hid-generic 0005:16BF:5505.000B: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  140.057445][ T9346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1213'.
[  140.061444][ T9346] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  140.063959][ T9349] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  140.064335][ T9346] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  140.133847][ T9352] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5
[  140.329369][ T9365] 8021q: adding VLAN 0 to HW filter on device team0
[  140.333280][ T9365] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  140.359233][ T5892] IPVS: starting estimator thread 0...
[  140.449354][ T9376] netlink: 'syz.1.1222': attribute type 10 has an invalid length.
[  140.454192][ T9376] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1222'.
[  140.469059][ T9369] IPVS: using max 62 ests per chain, 148800 per kthread
[  140.473806][ T9376] netlink: 'syz.1.1222': attribute type 12 has an invalid length.
[  140.478502][ T9375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  140.577741][ T9382] netlink: 'syz.2.1224': attribute type 1 has an invalid length.
[  140.643780][ T9388] IPv6: Can't replace route, no match found
[  140.683112][ T9390] bridge0: entered allmulticast mode
[  140.812653][ T9396] bond0: (slave bridge0): Releasing backup interface
[  140.817042][ T9396] bridge0 (unregistering): left allmulticast mode
[  141.311482][ T9426] IPv6: NLM_F_REPLACE set, but no existing node found!
[  141.324973][ T9428] IPv6: Can't replace route, no match found
[  141.550042][ T9443] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  141.808094][ T5852] Bluetooth: hci2: command 0x0405 tx timeout
[  141.810705][   T55] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  142.211730][ T9492] netlink: 'syz.2.1261': attribute type 5 has an invalid length.
[  142.214988][ T9492] netlink: 'syz.2.1261': attribute type 6 has an invalid length.
[  142.241790][ T9492] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  142.606929][ T9516] IPv6: Can't replace route, no match found
[  142.655216][ T9521] IPv6: NLM_F_REPLACE set, but no existing node found!
[  142.660883][ T9519] netlink: 'syz.0.1271': attribute type 10 has an invalid length.
[  142.666767][ T9519] team0: Port device 0! added
[  142.707663][ T9523] netlink: 'syz.1.1273': attribute type 29 has an invalid length.
[  143.202048][ T9555] netlink: 'syz.0.1285': attribute type 10 has an invalid length.
[  143.225495][ T9553] syzkaller1: entered promiscuous mode
[  143.227549][ T9553] syzkaller1: entered allmulticast mode
[  143.236884][ T9555] netlink: 'syz.0.1285': attribute type 12 has an invalid length.
[  143.240635][ T9554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.281407][ T9557] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  143.406152][ T9568] netlink: 'syz.2.1290': attribute type 1 has an invalid length.
[  143.559389][ T9580] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  143.730537][ T9593] syzkaller1: entered promiscuous mode
[  143.732832][ T9593] syzkaller1: entered allmulticast mode
[  144.018622][ T9619] __nla_validate_parse: 32 callbacks suppressed
[  144.018642][ T9619] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1307'.
[  144.158228][ T9631] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1314'.
[  144.161767][ T9631] openvswitch: netlink: Flow actions attr not present in new flow.
[  144.238551][ T9640] bridge0: left promiscuous mode
[  144.253345][ T9640] veth3: left promiscuous mode
[  144.266695][ T9640] gretap1: left promiscuous mode
[  144.279947][ T9640] bond6: left promiscuous mode
[  144.282039][ T9640] bridge1: left promiscuous mode
[  144.290615][ T9642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1318'.
[  144.294226][ T9642] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1318'.
[  144.301943][ T9643] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1317'.
[  144.400109][ T5858] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  144.405531][ T5858] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  144.415961][ T5858] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  144.421317][ T5858] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  144.785073][ T9682] syzkaller1: entered promiscuous mode
[  144.787469][ T9682] syzkaller1: entered allmulticast mode
[  144.849179][ T9687] trusted_key: syz.2.1329 sent an empty control message without MSG_MORE.
[  144.972821][ T9697] netlink: del zone limit has 4 unknown bytes
[  145.094423][ T9708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1338'.
[  145.098919][ T9708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1338'.
[  145.106375][ T9708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1338'.
[  145.225819][ T9713] netlink: 'syz.0.1342': attribute type 10 has an invalid length.
[  145.417759][ T9723] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  145.486055][ T9723] syzkaller1: entered promiscuous mode
[  145.490231][ T9723] syzkaller1: entered allmulticast mode
[  145.596830][ T9727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1346'.
[  145.601375][ T9727] netlink: 208 bytes leftover after parsing attributes in process `syz.0.1346'.
[  145.750453][ T9737] IPv6: NLM_F_REPLACE set, but no existing node found!
[  145.797664][ T9735] tipc: Resetting bearer <eth:team0>
[  145.822403][ T9735] wg1: left promiscuous mode
[  145.824393][ T9735] wg1: left allmulticast mode
[  145.859095][ T9735] bond_slave_0: left promiscuous mode
[  145.861255][ T9735] bond_slave_0: left allmulticast mode
[  145.993733][ T9735] vlan0: left promiscuous mode
[  146.028729][ T9735] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  146.031539][ T9735] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  146.074088][ T9735] geneve2: left promiscuous mode
[  146.076104][ T9735] geneve2: left allmulticast mode
[  146.093719][ T9744] syzkaller1: entered promiscuous mode
[  146.095548][ T9744] syzkaller1: entered allmulticast mode
[  146.105981][   T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  146.110612][   T12] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 256 - 0
[  146.116797][ T9740] 8021q: VLANs not supported on syzkaller1
[  146.121916][   T12] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  146.126964][   T12] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 256 - 0
[  146.130862][ T9751] syzkaller1: left promiscuous mode
[  146.133157][ T9751] syzkaller1: left allmulticast mode
[  146.136125][   T12] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  146.140151][   T12] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 256 - 0
[  146.169005][   T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  146.172579][   T12] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 256 - 0
[  146.901943][   T47] hid-generic 0005:16BF:5505.000C: unknown main item tag 0x0
[  146.906410][   T47] hid-generic 0005:16BF:5505.000C: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  146.915834][ T9799] openvswitch: netlink: Flow actions attr not present in new flow.
[  147.465070][ T9813] syzkaller1: entered promiscuous mode
[  147.467149][ T9813] syzkaller1: entered allmulticast mode
[  147.582360][ T9820] syzkaller1: entered promiscuous mode
[  147.584128][ T9820] syzkaller1: entered allmulticast mode
[  147.751790][ T9822] netlink: 'syz.2.1379': attribute type 10 has an invalid length.
[  148.316736][ T9852] netlink: 'syz.0.1387': attribute type 10 has an invalid length.
[  148.320831][ T9852] netlink: 'syz.0.1387': attribute type 10 has an invalid length.
[  148.325200][ T9852] team0: Port device 0! removed
[  148.593632][ T9872] syzkaller1: entered promiscuous mode
[  148.595419][ T9872] syzkaller1: entered allmulticast mode
[  148.694709][ T9876] netlink: 'syz.0.1395': attribute type 21 has an invalid length.
[  148.950968][ T9898] netlink: 'syz.0.1403': attribute type 3 has an invalid length.
[  149.095509][ T9900] __nla_validate_parse: 22 callbacks suppressed
[  149.095524][ T9900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1404'.
[  149.204044][ T9911] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  149.214920][ T9911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1406'.
[  149.218762][ T9911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1406'.
[  149.222512][ T9911] netlink: 'syz.0.1406': attribute type 14 has an invalid length.
[  149.225734][ T9911] netlink: 'syz.0.1406': attribute type 13 has an invalid length.
[  149.672970][ T9919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1409'.
[  149.741999][ T9924] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1411'.
[  149.771377][ T9926] netlink: 'syz.0.1412': attribute type 10 has an invalid length.
[  149.773863][ T9926] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  149.783552][ T9927] netlink: 'syz.0.1412': attribute type 10 has an invalid length.
[  149.786919][ T9927] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  149.830776][ T9932] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1413'.
[  149.844674][ T9934] netlink: 212364 bytes leftover after parsing attributes in process `syz.2.1414'.
[  149.850793][ T9934] openvswitch: netlink: Message has 5 unknown bytes.
[  150.005161][ T9950] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1420'.
[  150.197788][ T9966] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1428'.
[  150.868052][ T9990] netlink: 'syz.1.1434': attribute type 10 has an invalid length.
[  150.873533][ T9990] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1434'.
[  150.890641][ T9990] netlink: 'syz.1.1434': attribute type 12 has an invalid length.
[  150.897403][ T9989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  151.215428][ T9998] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  151.462534][ T5883] hid-generic 0005:16BF:5505.000D: unknown main item tag 0x0
[  151.467430][ T5883] hid-generic 0005:16BF:5505.000D: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  151.495003][T10007] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  151.499953][T10007] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  151.921423][T10038] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  151.924747][T10040] syzkaller0: entered promiscuous mode
[  151.926943][T10040] syzkaller0: entered allmulticast mode
[  151.944017][T10040] tipc: Resetting bearer <eth:syzkaller0>
[  151.953017][T10040] tipc: Disabling bearer <eth:syzkaller0>
[  152.035673][   T47] hid-generic 0005:16BF:5505.000E: unknown main item tag 0x0
[  152.039584][   T47] hid-generic 0005:16BF:5505.000E: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  152.047668][T10043] openvswitch: netlink: Flow actions attr not present in new flow.
[  152.091101][T10046] openvswitch: netlink: nsh attr 2560 is out of range max 3
[  152.094126][T10046] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  152.331879][T10067] af_packet: tpacket_rcv: packet too big, clamped from 64993 to 3952. macoff=96
[  153.737506][T10098] syzkaller1: entered promiscuous mode
[  153.745748][T10098] syzkaller1: entered allmulticast mode
[  153.751862][T10104] IPv6: Can't replace route, no match found
[  153.773606][T10106] sctp: [Deprecated]: syz.1.1475 (pid 10106) Use of struct sctp_assoc_value in delayed_ack socket option.
[  153.773606][T10106] Use struct sctp_sack_info instead
[  153.849171][T10109] validate_nla: 1 callbacks suppressed
[  153.849186][T10109] netlink: 'syz.1.1475': attribute type 4 has an invalid length.
[  153.867736][T10109] netlink: 'syz.1.1475': attribute type 4 has an invalid length.
[  153.903322][T10116] IPv6: NLM_F_REPLACE set, but no existing node found!
[  154.014517][T10117] netlink: 'syz.0.1479': attribute type 5 has an invalid length.
[  154.113076][T10127] syzkaller1: entered promiscuous mode
[  154.115271][T10127] syzkaller1: entered allmulticast mode
[  154.372083][T10135] __nla_validate_parse: 18 callbacks suppressed
[  154.372100][T10135] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'.
[  154.383239][   T47] hid-generic 0005:16BF:5505.000F: unknown main item tag 0x0
[  154.386723][T10135] netlink: 'syz.2.1487': attribute type 1 has an invalid length.
[  154.395270][   T47] hid-generic 0005:16BF:5505.000F: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  154.418271][T10137] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1488'.
[  154.424407][T10137] openvswitch: netlink: Flow actions attr not present in new flow.
[  154.515576][T10141] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1489'.
[  154.574041][T10150] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1492'.
[  154.676087][T10158] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1491'.
[  154.680162][T10158] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1491'.
[  154.884359][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1495'.
[  155.588274][T10168] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1496'.
[  155.655684][T10180] IPv6: Can't replace route, no match found
[  155.978709][T10201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1509'.
[  156.291309][T10215] openvswitch: netlink: Missing valid actions attribute.
[  156.298027][T10215] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  156.508608][T10220] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1516'.
[  156.750040][T10238] C: renamed from lo
[  156.753718][T10238] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  156.815497][T10233] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  156.831317][T10233] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  156.859247][T10233] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  156.953803][T10246] netlink: 'syz.0.1526': attribute type 1 has an invalid length.
[  157.002080][T10250] IPv6: Can't replace route, no match found
[  157.127494][ T5883] hid-generic 0005:16BF:5505.0010: unknown main item tag 0x0
[  157.133329][ T5883] hid-generic 0005:16BF:5505.0010: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  157.144927][T10259] openvswitch: netlink: Flow actions attr not present in new flow.
[  157.483882][T10269] macvtap1: entered allmulticast mode
[  157.485762][T10269] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  157.497585][T10269] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[  157.688879][T10286] lo speed is unknown, defaulting to 1000
[  157.692052][T10286] lo speed is unknown, defaulting to 1000
[  157.695028][T10286] lo speed is unknown, defaulting to 1000
[  157.811809][T10290] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  158.037025][ T5892] lo speed is unknown, defaulting to 1000
[  158.048492][T10286] infiniband syz0: set active
[  158.055609][T10286] infiniband syz0: added lo
[  158.150080][T10286] RDS/IB: syz0: added
[  158.319791][T10286] smc: adding ib device syz0 with port count 1
[  158.322246][T10286] smc:    ib device syz0 port 1 has pnetid SYZ0 (user defined)
[  158.327540][ T5892] lo speed is unknown, defaulting to 1000
[  158.338169][T10286] lo speed is unknown, defaulting to 1000
[  158.556604][T10301] netlink: 'syz.0.1542': attribute type 21 has an invalid length.
[  158.578312][T10302] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.581374][T10302] 8021q: adding VLAN 0 to HW filter on device team0
[  158.583626][T10302] tipc: Resetting bearer <eth:team0>
[  158.585385][T10302] tipc: Resetting bearer <eth:team0>
[  158.588443][T10302] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  158.600306][T10286] lo speed is unknown, defaulting to 1000
[  158.735792][T10286] lo speed is unknown, defaulting to 1000
[  158.757102][T10309] syzkaller1: entered promiscuous mode
[  158.761886][T10309] syzkaller1: entered allmulticast mode
[  158.869856][T10297] rdma_rxe: rxe_newlink: failed to add lo
[  159.142977][T10324] IPv6: Can't replace route, no match found
[  159.323234][T10328] netlink: 'syz.2.1552': attribute type 83 has an invalid length.
[  159.475996][T10336] __nla_validate_parse: 15 callbacks suppressed
[  159.476015][T10336] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1555'.
[  159.526194][T10338] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1556'.
[  159.798783][T10344] IPv6: NLM_F_REPLACE set, but no existing node found!
[  159.908196][T10349] netlink: 'syz.0.1560': attribute type 10 has an invalid length.
[  159.911593][T10349] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1560'.
[  159.919475][T10349] team0: Port device geneve0 added
[  159.922550][ T5858] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  159.925415][ T5858] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  159.928433][ T5858] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  159.931117][ T5858] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  160.159685][T10353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1562'.
[  160.163550][T10353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1562'.
[  160.167321][T10353] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1562'.
[  160.886771][T10366] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1567'.
[  160.890705][T10366] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1567'.
[  160.894770][T10366] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1567'.
[  161.075064][T10382] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1575'.
[  161.437077][T10428] netlink: 'syz.2.1589': attribute type 1 has an invalid length.
[  161.437347][T10425] netlink: 'syz.0.1588': attribute type 29 has an invalid length.
[  161.445477][T10425] netlink: 'syz.0.1588': attribute type 29 has an invalid length.
[  161.458836][T10428] netlink: 'syz.2.1589': attribute type 10 has an invalid length.
[  161.524464][T10433] netlink: 'syz.2.1591': attribute type 6 has an invalid length.
[  161.527557][T10433] netlink: 'syz.2.1591': attribute type 6 has an invalid length.
[  161.777287][T10456] syzkaller1: entered promiscuous mode
[  161.780337][T10456] syzkaller1: entered allmulticast mode
[  161.978024][ T5892] hid-generic 0005:16BF:5505.0011: unknown main item tag 0x0
[  161.982828][ T5892] hid-generic 0005:16BF:5505.0011: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  161.995100][T10473] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  162.151705][T10483] ieee802154 phy0 wpan0: encryption failed: -22
[  162.567571][T10452] netlink: 'syz.0.1597': attribute type 1 has an invalid length.
[  162.726626][T10493] team0: Device C is loopback device. Loopback devices can't be added as a team port
[  162.730904][T10493] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  162.843986][T10500] IPv6: Can't replace route, no match found
[  162.919900][T10507] openvswitch: netlink: Unknown VXLAN extension attribute 0
[  162.935678][T10507] syzkaller1: entered promiscuous mode
[  162.938984][T10507] syzkaller1: entered allmulticast mode
[  163.000622][T10517] sctp: [Deprecated]: syz.1.1615 (pid 10517) Use of int in maxseg socket option.
[  163.000622][T10517] Use struct sctp_assoc_value instead
[  163.123480][T10527] lo speed is unknown, defaulting to 1000
[  163.696324][T10551] syzkaller1: entered promiscuous mode
[  163.698845][T10551] syzkaller1: entered allmulticast mode
[  163.982085][T10562] lo speed is unknown, defaulting to 1000
[  164.186282][T10568] lo speed is unknown, defaulting to 1000
[  164.210093][   T47] IPVS: starting estimator thread 0...
[  164.325983][T10571] IPVS: using max 62 ests per chain, 148800 per kthread
[  164.461692][T10580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  164.705476][T10583] netlink: 'syz.0.1635': attribute type 10 has an invalid length.
[  164.722816][T10583] __nla_validate_parse: 11 callbacks suppressed
[  164.722830][T10583] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1635'.
[  164.732411][T10583] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1635'.
[  164.737722][T10583] netlink: 'syz.0.1635': attribute type 12 has an invalid length.
[  164.740451][T10583] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1635'.
[  164.745307][T10582] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.134724][T10587] netlink: ct family unspecified
[  165.136572][T10587] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  165.180935][T10589] IPv6: Can't replace route, no match found
[  165.210192][T10591] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  165.222959][T10591] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1639'.
[  165.234112][T10591] tipc: Resetting bearer <eth:syzkaller0>
[  165.256678][T10590] tipc: Disabling bearer <eth:syzkaller0>
[  165.275691][T10593] syzkaller1: entered promiscuous mode
[  165.278247][T10593] syzkaller1: entered allmulticast mode
[  165.452448][T10609] ip6tnl3: entered promiscuous mode
[  165.454063][T10609] ip6tnl3: entered allmulticast mode
[  165.736821][T10635] lo speed is unknown, defaulting to 1000
[  166.516878][T10650] IPv6: Can't replace route, no match found
[  167.074810][ T5883] hid-generic 0005:16BF:5505.0012: unknown main item tag 0x0
[  167.081033][ T5883] hid-generic 0005:16BF:5505.0012: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  167.086603][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1670'.
[  167.091930][T10681] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  167.122973][T10684] netlink: 'syz.1.1671': attribute type 10 has an invalid length.
[  167.126562][T10685] netlink: 'syz.1.1671': attribute type 10 has an invalid length.
[  167.136673][T10684] team0: Port device dummy0 added
[  167.150793][T10685] team0: Port device dummy0 removed
[  167.156100][T10685] dummy0: entered promiscuous mode
[  167.159198][T10685] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  167.192488][T10689] netlink: 'syz.0.1673': attribute type 3 has an invalid length.
[  167.195214][T10689] netlink: 'syz.0.1673': attribute type 3 has an invalid length.
[  167.258318][T10697] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1675'.
[  167.424923][T10708] netlink: 'syz.0.1680': attribute type 1 has an invalid length.
[  167.428108][T10708] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1680'.
[  167.434877][T10708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1680'.
[  167.440665][T10709] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1676'.
[  167.444751][T10709] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  167.689079][T10724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1688'.
[  167.745023][T10727] lo speed is unknown, defaulting to 1000
[  167.947685][ T5883] hid-generic 0005:16BF:5505.0013: unknown main item tag 0x0
[  167.951924][ T5883] hid-generic 0005:16BF:5505.0013: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  167.961768][T10744] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  168.019400][T10747] lo speed is unknown, defaulting to 1000
[  168.697588][ T6403] hid-generic 0005:16BF:5505.0014: unknown main item tag 0x0
[  168.707160][ T6403] hid-generic 0005:16BF:5505.0014: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  168.721435][T10774] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  168.765781][T10777] gretap0: entered promiscuous mode
[  168.772662][T10777] gretap0: left promiscuous mode
[  169.359148][T10808] IPv6: NLM_F_REPLACE set, but no existing node found!
[  169.742119][T10821] __nla_validate_parse: 8 callbacks suppressed
[  169.742130][T10821] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1720'.
[  169.746809][T10821] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1720'.
[  169.831684][T10830] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1724'.
[  169.960898][T10843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1726'.
[  169.967647][T10843] netdevsim0: mtu less than device minimum
[  169.993048][T10845] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1727'.
[  170.093159][T10855] IPv6: Can't replace route, no match found
[  170.181383][T10859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1732'.
[  170.185044][T10859] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1732'.
[  170.274911][T10866] syzkaller1: entered promiscuous mode
[  170.277075][T10866] syzkaller1: entered allmulticast mode
[  170.340919][ T5883] hid-generic 0005:16BF:5505.0015: unknown main item tag 0x0
[  170.345410][ T5883] hid-generic 0005:16BF:5505.0015: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  170.351858][T10868] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1723'.
[  170.354888][T10868] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  170.396816][T10871] netlink: 'syz.1.1735': attribute type 2 has an invalid length.
[  170.400050][T10871] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1735'.
[  170.485140][T10878] lo speed is unknown, defaulting to 1000
[  170.698913][T10892] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1742'.
[  171.053386][T10900] netlink: 'syz.2.1745': attribute type 1 has an invalid length.
[  171.089369][T10900] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  171.093951][T10900] bond1: (slave ip6gre1): Error -95 calling set_mac_address
[  171.215466][T10909] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6
[  171.278551][T10919] veth2: entered allmulticast mode
[  171.344301][T10921] lo speed is unknown, defaulting to 1000
[  171.917996][T10954] netlink: 'syz.0.1764': attribute type 1 has an invalid length.
[  171.921213][T10954] netlink: 'syz.0.1764': attribute type 2 has an invalid length.
[  172.384579][T10978] bond0: (slave rose0): Error: Device can not be enslaved while up
[  172.463736][T10985] syzkaller1: entered promiscuous mode
[  172.466223][T10985] syzkaller1: entered allmulticast mode
[  172.551366][T10989] IPv6: Can't replace route, no match found
[  172.577061][T10991] netlink: 'syz.2.1779': attribute type 1 has an invalid length.
[  172.944986][T11023] lo speed is unknown, defaulting to 1000
[  172.947291][T11025] IPv6: NLM_F_REPLACE set, but no existing node found!
[  173.664468][T11050] vlan2: left promiscuous mode
[  173.667287][T11050] gretap0: left promiscuous mode
[  173.673690][T11050] geneve3: left promiscuous mode
[  173.675668][T11050] geneve3: left allmulticast mode
[  173.687579][T11050] vlan3: left promiscuous mode
[  173.691267][T11050] bond4: left promiscuous mode
[  173.693694][T11050] vlan3: left allmulticast mode
[  173.695843][T11050] bond4: left allmulticast mode
[  173.698386][T11050] ip6gre1: left allmulticast mode
[  173.706352][T11050] geneve4: left promiscuous mode
[  173.709386][T11050] geneve4: left allmulticast mode
[  173.722322][T11050] gretap1: left promiscuous mode
[  173.725455][T11050] gretap1: left allmulticast mode
[  173.741105][ T5883] lo speed is unknown, defaulting to 1000
[  173.743632][ T5883] syz0: Port: 1 Link DOWN
[  173.747083][ T5883] lo speed is unknown, defaulting to 1000
[  173.750519][ T5858] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.760193][ T5858] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 35848 - 0
[  173.768390][ T5858] netdevsim netdevsim1 netdevsim0: unset [1, 2] type 2 family 0 port 60008 - 0
[  173.776279][ T5858] netdevsim netdevsim1 netdevsim0: unset [1, 3] type 2 family 0 port 256 - 0
[  173.784994][ T5858] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.792456][ T5858] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 35848 - 0
[  173.808567][ T5858] netdevsim netdevsim1 netdevsim1: unset [1, 2] type 2 family 0 port 60008 - 0
[  173.813225][ T5858] netdevsim netdevsim1 netdevsim1: unset [1, 3] type 2 family 0 port 256 - 0
[  173.817596][ T5858] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.825983][ T5858] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 35848 - 0
[  173.834354][ T5858] netdevsim netdevsim1 netdevsim2: unset [1, 2] type 2 family 0 port 60008 - 0
[  173.839157][ T5858] netdevsim netdevsim1 netdevsim2: unset [1, 3] type 2 family 0 port 256 - 0
[  173.885014][T11063] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  173.905996][ T5858] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  173.919466][ T5858] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 35848 - 0
[  173.929288][ T5858] netdevsim netdevsim1 netdevsim3: unset [1, 2] type 2 family 0 port 60008 - 0
[  173.938511][ T5858] netdevsim netdevsim1 netdevsim3: unset [1, 3] type 2 family 0 port 256 - 0
[  174.099880][T11076] netlink: 'syz.1.1806': attribute type 1 has an invalid length.
[  174.255451][T11090] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  174.258407][T11090] syzkaller0: entered promiscuous mode
[  174.260414][T11090] syzkaller0: entered allmulticast mode
[  174.279554][T11090] tipc: Resetting bearer <eth:syzkaller0>
[  174.291099][T11088] tipc: Resetting bearer <eth:syzkaller0>
[  174.303468][T11088] tipc: Disabling bearer <eth:syzkaller0>
[  174.310837][T11091] lo speed is unknown, defaulting to 1000
[  174.677749][T11123] IPv6: NLM_F_REPLACE set, but no existing node found!
[  174.693031][T11117] lo speed is unknown, defaulting to 1000
[  175.170144][T11137] lo speed is unknown, defaulting to 1000
[  175.522569][T11156] __nla_validate_parse: 17 callbacks suppressed
[  175.522618][T11156] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1831'.
[  175.687191][  T791] hid-generic 0005:16BF:5505.0016: unknown main item tag 0x0
[  175.699148][  T791] hid-generic 0005:16BF:5505.0016: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  175.713344][T11164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1834'.
[  175.716742][T11164] openvswitch: netlink: Missing valid actions attribute.
[  175.720078][T11164] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  175.791304][T11169] IPv6: NLM_F_REPLACE set, but no existing node found!
[  175.825026][T11171] lo speed is unknown, defaulting to 1000
[  175.844467][T11173] netlink: 'syz.0.1838': attribute type 83 has an invalid length.
[  176.065094][T11177] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.121705][T11187] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1842'.
[  176.364234][T11196] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1845'.
[  176.581138][T11210] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1851'.
[  176.720123][T11219] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1853'.
[  176.873831][ T6403] hid-generic 0005:16BF:5505.0017: unknown main item tag 0x0
[  176.924131][T11233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1857'.
[  176.928388][T11233] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  176.937689][ T6403] hid-generic 0005:16BF:5505.0017: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  177.040786][T11235] dvmrp1: entered allmulticast mode
[  177.056750][T11235] dvmrp1: left allmulticast mode
[  177.087482][T11242] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  177.090331][T11242] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  177.164145][T11242] lo speed is unknown, defaulting to 1000
[  177.178694][T11247] netlink: 'syz.0.1863': attribute type 21 has an invalid length.
[  177.189142][T11247] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1863'.
[  177.192898][T11247] netlink: 'syz.0.1863': attribute type 4 has an invalid length.
[  177.196172][T11247] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1863'.
[  177.223645][T11251] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1866'.
[  177.300452][T11255] pim6reg1: entered promiscuous mode
[  177.308244][T11255] pim6reg1: entered allmulticast mode
[  177.624528][T11284] IPv6: Can't replace route, no match found
[  177.672725][ T5883] hid-generic 0005:16BF:5505.0018: unknown main item tag 0x0
[  177.682886][ T5883] hid-generic 0005:16BF:5505.0018: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  177.699162][T11293] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  177.701383][T11293] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  177.840128][T11313] IPv6: NLM_F_REPLACE set, but no existing node found!
[  178.025790][T11324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  178.027805][T11334] netlink: 'syz.2.1893': attribute type 10 has an invalid length.
[  178.038894][T11334] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  178.058207][T11334] netlink: 'syz.2.1893': attribute type 12 has an invalid length.
[  178.061956][T11331] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  178.176291][T11341] syz.0.1894: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  178.184281][T11341] CPU: 1 UID: 0 PID: 11341 Comm: syz.0.1894 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  178.184299][T11341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  178.184306][T11341] Call Trace:
[  178.184344][T11341]  <TASK>
[  178.184353][T11341]  dump_stack_lvl+0x189/0x250
[  178.184376][T11341]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.184390][T11341]  ? __pfx__printk+0x10/0x10
[  178.184406][T11341]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  178.184420][T11341]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  178.184434][T11341]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  178.184450][T11341]  warn_alloc+0x214/0x310
[  178.184473][T11341]  ? __pfx_warn_alloc+0x10/0x10
[  178.184499][T11341]  ? __get_vm_area_node+0x28f/0x300
[  178.184518][T11341]  ? hash_netportnet_create+0x354/0xf90
[  178.184543][T11341]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  178.184584][T11341]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  178.184607][T11341]  ? rcu_is_watching+0x15/0xb0
[  178.184624][T11341]  ? hash_netportnet_create+0x354/0xf90
[  178.184639][T11341]  ? hash_netportnet_create+0x354/0xf90
[  178.184654][T11341]  __kvmalloc_node_noprof+0x3b8/0x5f0
[  178.184674][T11341]  ? hash_netportnet_create+0x354/0xf90
[  178.184692][T11341]  ? hash_netportnet_create+0x2fa/0xf90
[  178.184712][T11341]  hash_netportnet_create+0x354/0xf90
[  178.184736][T11341]  ? __nla_parse+0x40/0x60
[  178.184755][T11341]  ? __pfx_hash_netportnet_create+0x10/0x10
[  178.184774][T11341]  ip_set_create+0xa97/0x1940
[  178.184789][T11341]  ? ip_set_create+0x4a2/0x1940
[  178.184811][T11341]  ? __pfx_ip_set_create+0x10/0x10
[  178.184822][T11341]  ? __mutex_lock+0x5b6/0x1360
[  178.184867][T11341]  nfnetlink_rcv_msg+0xb4d/0x1130
[  178.184886][T11341]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  178.184913][T11341]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  178.184947][T11341]  ? __lock_acquire+0xab9/0xd20
[  178.184983][T11341]  netlink_rcv_skb+0x208/0x470
[  178.185000][T11341]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  178.185016][T11341]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  178.185041][T11341]  ? bpf_lsm_capable+0x9/0x20
[  178.185058][T11341]  ? security_capable+0x7e/0x2e0
[  178.185082][T11341]  nfnetlink_rcv+0x26a/0x2520
[  178.185104][T11341]  ? is_bpf_text_address+0x26/0x2b0
[  178.185126][T11341]  ? kernel_text_address+0xa5/0xe0
[  178.185144][T11341]  ? __kernel_text_address+0xd/0x40
[  178.185163][T11341]  ? unwind_get_return_address+0x4d/0x90
[  178.185179][T11341]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  178.185196][T11341]  ? arch_stack_walk+0xfc/0x150
[  178.185221][T11341]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  178.185234][T11341]  ? stack_depot_save_flags+0x40/0x860
[  178.185251][T11341]  ? __lock_acquire+0xab9/0xd20
[  178.185283][T11341]  ? __lock_acquire+0xab9/0xd20
[  178.185310][T11341]  ? netlink_deliver_tap+0x2e/0x1b0
[  178.185365][T11341]  ? netlink_deliver_tap+0x2e/0x1b0
[  178.185387][T11341]  netlink_unicast+0x82f/0x9e0
[  178.185410][T11341]  ? __pfx_netlink_unicast+0x10/0x10
[  178.185427][T11341]  ? netlink_sendmsg+0x642/0xb30
[  178.185442][T11341]  ? skb_put+0x11b/0x210
[  178.185464][T11341]  netlink_sendmsg+0x805/0xb30
[  178.185488][T11341]  ? __pfx_netlink_sendmsg+0x10/0x10
[  178.185506][T11341]  ? aa_sock_msg_perm+0xf1/0x1d0
[  178.185524][T11341]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  178.185539][T11341]  ? __pfx_netlink_sendmsg+0x10/0x10
[  178.185556][T11341]  __sock_sendmsg+0x21c/0x270
[  178.185572][T11341]  ____sys_sendmsg+0x505/0x830
[  178.185597][T11341]  ? __pfx_____sys_sendmsg+0x10/0x10
[  178.185620][T11341]  ? import_iovec+0x74/0xa0
[  178.185637][T11341]  ___sys_sendmsg+0x21f/0x2a0
[  178.185656][T11341]  ? __pfx____sys_sendmsg+0x10/0x10
[  178.185694][T11341]  ? __fget_files+0x2a/0x420
[  178.185714][T11341]  ? __fget_files+0x3a0/0x420
[  178.185745][T11341]  __x64_sys_sendmsg+0x19b/0x260
[  178.185764][T11341]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  178.185792][T11341]  ? do_user_addr_fault+0xc8a/0x1390
[  178.185815][T11341]  ? do_syscall_64+0xbe/0x3b0
[  178.185833][T11341]  do_syscall_64+0xfa/0x3b0
[  178.185847][T11341]  ? lockdep_hardirqs_on+0x9c/0x150
[  178.185861][T11341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.185872][T11341]  ? exc_page_fault+0x9f/0xf0
[  178.185886][T11341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.185898][T11341] RIP: 0033:0x7fec3918ebe9
[  178.185911][T11341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.185921][T11341] RSP: 002b:00007fec3a06e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  178.185933][T11341] RAX: ffffffffffffffda RBX: 00007fec393b6090 RCX: 00007fec3918ebe9
[  178.185941][T11341] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  178.185948][T11341] RBP: 00007fec39211e19 R08: 0000000000000000 R09: 0000000000000000
[  178.185955][T11341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  178.185963][T11341] R13: 00007fec393b6128 R14: 00007fec393b6090 R15: 00007ffc6125e5f8
[  178.185984][T11341]  </TASK>
[  178.185990][T11341] Mem-Info:
[  178.377998][T11341] active_anon:4459 inactive_anon:0 isolated_anon:0
[  178.377998][T11341]  active_file:1452 inactive_file:38256 isolated_file:0
[  178.377998][T11341]  unevictable:1768 dirty:128 writeback:0
[  178.377998][T11341]  slab_reclaimable:10070 slab_unreclaimable:55781
[  178.377998][T11341]  mapped:18429 shmem:2435 pagetables:919
[  178.377998][T11341]  sec_pagetables:0 bounce:0
[  178.377998][T11341]  kernel_misc_reclaimable:0
[  178.377998][T11341]  free:293032 free_pcp:20940 free_cma:0
[  178.392586][T11341] Node 0 active_anon:9568kB inactive_anon:0kB active_file:4248kB inactive_file:22620kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38840kB dirty:400kB writeback:0kB shmem:5032kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5268kB pagetables:1876kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  178.402182][T11341] Node 1 active_anon:8268kB inactive_anon:0kB active_file:1560kB inactive_file:130404kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:34876kB dirty:112kB writeback:0kB shmem:4708kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6560kB pagetables:1800kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  178.412351][T11341] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  178.424001][T11341] lowmem_reserve[]: 0 811 811 811 811
[  178.426178][T11341] Node 0 DMA32 free:395200kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:9568kB inactive_anon:0kB active_file:4248kB inactive_file:22620kB unevictable:3536kB writepending:400kB present:1556484kB managed:831000kB mlocked:0kB bounce:0kB free_pcp:44948kB local_pcp:26064kB free_cma:0kB
[  178.438820][T11341] lowmem_reserve[]: 0 0 0 0 0
[  178.440791][T11341] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  178.452790][T11341] lowmem_reserve[]: 0 0 854 854 854
[  178.454888][T11341] Node 1 Normal free:302952kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8268kB inactive_anon:0kB active_file:1560kB inactive_file:130404kB unevictable:3536kB writepending:112kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:38876kB local_pcp:18168kB free_cma:0kB
[  178.468047][T11341] lowmem_reserve[]: 0 0 0 0 0
[  178.470011][T11341] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  178.474977][T11341] Node 0 DMA32: 390*4kB (UME) 378*8kB (UME) 378*16kB (UM) 84*32kB (UME) 199*64kB (UME) 82*128kB (UME) 41*256kB (UM) 18*512kB (UM) 9*1024kB (UME) 3*2048kB (ME) 79*4096kB (M) = 395208kB
[  178.482414][T11341] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  178.488781][T11341] Node 1 Normal: 402*4kB (UME) 886*8kB (UME) 562*16kB (UME) 442*32kB (UME) 88*64kB (UM) 62*128kB (UM) 28*256kB (UM) 17*512kB (UME) 12*1024kB (UME) 6*2048kB (UME) 53*4096kB (M) = 302936kB
[  178.496323][T11341] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  178.500500][T11341] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  178.504371][T11341] 42143 total pagecache pages
[  178.508370][T11341] 0 pages in swap cache
[  178.510239][T11341] Free swap  = 124996kB
[  178.511929][T11341] Total swap = 124996kB
[  178.513740][T11341] 786301 pages RAM
[  178.515239][T11341] 0 pages HighMem/MovableOnly
[  178.517134][T11341] 241319 pages reserved
[  178.518970][T11341] 0 pages cma reserved
[  178.567807][ T6403] hid-generic 0005:16BF:5505.0019: unknown main item tag 0x0
[  178.573136][ T6403] hid-generic 0005:16BF:5505.0019: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  178.580656][T11345] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  178.582917][T11345] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  178.607641][T11348] netlink: 'syz.2.1896': attribute type 29 has an invalid length.
[  178.679942][T11352] lo speed is unknown, defaulting to 1000
[  178.746192][T11361] IPv6: NLM_F_REPLACE set, but no existing node found!
[  178.930981][T11371] netlink: 'syz.1.1904': attribute type 10 has an invalid length.
[  178.980004][T11371] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  178.996440][T11371] netlink: 'syz.1.1904': attribute type 12 has an invalid length.
[  179.190086][T11375] IPVS: Scheduler module ip_vs_sip not found
[  179.195868][T11375] IPVS: length: 8 != 446622349272
[  179.296451][T11382] lo speed is unknown, defaulting to 1000
[  179.760789][T11418] macsec1: entered promiscuous mode
[  179.762941][T11418] team0: entered promiscuous mode
[  180.502573][T11463] vlan2: entered promiscuous mode
[  180.504657][T11463] bond0: entered promiscuous mode
[  180.506679][T11463] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  180.515188][T11463] vlan2: entered allmulticast mode
[  180.517370][T11463] bond0: entered allmulticast mode
[  180.521075][T11463] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  180.768111][ T1092] wlan1: Trigger new scan to find an IBSS to join
[  180.817818][ T5883] hid-generic 0005:16BF:5505.001A: unknown main item tag 0x0
[  180.824919][ T5883] hid-generic 0005:16BF:5505.001A: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  180.833585][T11471] __nla_validate_parse: 15 callbacks suppressed
[  180.833602][T11471] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1932'.
[  180.840015][T11471] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  180.842990][T11471] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  183.728299][ T3010] wlan1: Trigger new scan to find an IBSS to join
[  186.768205][   T88] wlan1: Trigger new scan to find an IBSS to join
[  187.648539][ T1232] wlan1: Creating new IBSS network, BSSID 2a:9a:a4:d4:bc:63
[  191.088107][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[  202.529365][T11476] IPv6: Can't replace route, no match found
[  202.556044][T11478] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[  202.560262][T11482] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1937'.
[  202.606983][T11488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1938'.
[  202.751060][T11508] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1945'.
[  202.816396][T11514] IPv6: Can't replace route, no match found
[  202.839533][T11515] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1947'.
[  202.842479][T11518] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1950'.
[  202.849434][T11518] netlink: 504 bytes leftover after parsing attributes in process `syz.0.1950'.
[  202.885921][T11510] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1947'.
[  202.932316][T11529] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1954'.
[  202.939829][T11529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1954'.
[  202.942731][T11529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1954'.
[  203.038918][T11542] netlink: 'syz.1.1959': attribute type 10 has an invalid length.
[  203.056653][T11542] netlink: 'syz.1.1959': attribute type 12 has an invalid length.
[  203.061631][T11541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  203.089277][T11549] IPv6: Can't replace route, no match found
[  203.134850][T11551] syzkaller1: entered promiscuous mode
[  203.136654][T11551] syzkaller1: entered allmulticast mode
[  203.293628][T11557] openvswitch: netlink: Flow key attr not present in new flow.
[  203.378236][T11559] macvtap0: entered allmulticast mode
[  203.380427][T11559] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[  203.385174][T11559] mac80211_hwsim hwsim2 wlan0: left allmulticast mode
[  203.548408][ T5883] tipc: Node number set to 1367251487
[  203.909097][T11580] netlink: 'syz.1.1974': attribute type 21 has an invalid length.
[  204.042057][T11592] openvswitch: netlink: Port -8 exceeds max allowable 65535
[  204.052758][T11593] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  204.503617][T11627] IPv6: NLM_F_REPLACE set, but no existing node found!
[  204.631879][T11639] bond0: (slave bridge0): Releasing backup interface
[  204.635858][T11639] bridge0: left promiscuous mode
[  204.639544][T11639] bond0: (slave dummy0): Releasing backup interface
[  204.642371][T11639] dummy0: left promiscuous mode
[  204.647534][T11639] bond0: (slave wlan1): Releasing backup interface
[  204.653620][T11639] mac80211_hwsim hwsim7 wlan1: left promiscuous mode
[  204.657703][ T6403] syz1: Port: 1 Link DOWN
[  204.892500][T11655] IPv6: NLM_F_REPLACE set, but no existing node found!
[  205.266534][T11667] netlink: 'syz.0.2009': attribute type 12 has an invalid length.
[  205.441942][T11672] netlink: 'syz.0.2011': attribute type 4 has an invalid length.
[  205.634588][T11680] IPv6: NLM_F_CREATE should be specified when creating new route
[  205.637392][T11680] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  205.640336][T11680] IPv6: NLM_F_CREATE should be set when creating new route
[  205.643303][T11680] IPv6: NLM_F_CREATE should be set when creating new route
[  205.646182][T11680] IPv6: NLM_F_CREATE should be set when creating new route
[  205.744035][T11692] IPv6: Can't replace route, no match found
[  205.795212][  T791] hid-generic 0005:16BF:5505.001B: unknown main item tag 0x0
[  205.799252][  T791] hid-generic 0005:16BF:5505.001B: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  205.807072][T11694] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  205.815421][T11694] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  205.871209][T11702] bridge0: entered allmulticast mode
[  206.037035][T11717] vlan3: entered allmulticast mode
[  206.039259][T11717] bond3: entered allmulticast mode
[  206.311862][T11732] vlan1: entered promiscuous mode
[  206.314493][T11732] vlan1: entered allmulticast mode
[  206.316646][T11732] hsr_slave_1: entered allmulticast mode
[  206.474331][T11739] syzkaller1: entered promiscuous mode
[  206.476261][T11739] syzkaller1: entered allmulticast mode
[  206.746740][T11774] IPv6: Can't replace route, no match found
[  206.910232][T11790] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  206.914289][T11790] syzkaller0: entered promiscuous mode
[  206.917019][T11790] syzkaller0: entered allmulticast mode
[  206.928313][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[  206.974231][T11790] tipc: Resetting bearer <eth:syzkaller0>
[  206.985198][T11788] tipc: Resetting bearer <eth:syzkaller0>
[  207.001929][T11788] tipc: Disabling bearer <eth:syzkaller0>
[  207.041665][T11808] netlink: 'syz.1.2055': attribute type 1 has an invalid length.
[  207.073213][T11808] 8021q: adding VLAN 0 to HW filter on device bond7
[  207.117230][T11815] netlink: 'syz.0.2058': attribute type 10 has an invalid length.
[  207.155537][T11815] netlink: 'syz.0.2058': attribute type 12 has an invalid length.
[  207.161785][T11814] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  207.712960][T11834] __nla_validate_parse: 32 callbacks suppressed
[  207.712981][T11834] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2065'.
[  207.964199][T11847] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2069'.
[  207.978828][T11850] IPv6: Can't replace route, no match found
[  208.015078][T11853] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2071'.
[  208.026173][T11847] IPv6: Can't replace route, no match found
[  208.090378][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2072'.
[  208.253347][T11867] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2078'.
[  208.263172][T11867] netlink: 'syz.0.2078': attribute type 7 has an invalid length.
[  208.415651][ T6403] hid-generic 0005:16BF:5505.001C: unknown main item tag 0x0
[  208.430152][ T6403] hid-generic 0005:16BF:5505.001C: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  208.448581][T11872] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2080'.
[  208.452149][T11872] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  208.465081][T11872] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  208.499404][T11884] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2082'.
[  208.575684][T11890] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2085'.
[  208.614113][T11892] IPv6: NLM_F_REPLACE set, but no existing node found!
[  208.686685][T11896] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2088'.
[  208.691861][ T1232] wlan1: Trigger new scan to find an IBSS to join
[  208.694813][T11896] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2088'.
[  209.663539][T11949] netlink: 'syz.2.2105': attribute type 10 has an invalid length.
[  209.687126][T11949] netlink: 'syz.2.2105': attribute type 12 has an invalid length.
[  209.696824][T11948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  209.736188][T11955] netlink: 'syz.0.2108': attribute type 1 has an invalid length.
[  209.875882][ T6403] hid-generic 0005:16BF:5505.001D: unknown main item tag 0x0
[  209.883657][ T6403] hid-generic 0005:16BF:5505.001D: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  209.887040][T11970] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  209.890997][T11970] IPv6: NLM_F_CREATE should be set when creating new route
[  209.892106][T11967] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  209.896295][T11967] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  210.414282][T12018] lo speed is unknown, defaulting to 1000
[  210.651528][T12034] bond0: (slave rose0): Error: Device can not be enslaved while up
[  211.069298][T12084] syzkaller0: entered promiscuous mode
[  211.072425][T12084] syzkaller0: entered allmulticast mode
[  211.157316][T12094] geneve3: entered promiscuous mode
[  211.163166][T12094] geneve3: entered allmulticast mode
[  211.248133][T12103] netlink: 'syz.1.2157': attribute type 10 has an invalid length.
[  211.255916][T12103] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  211.262369][T12103] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  211.278779][T12103] netlink: 'syz.1.2157': attribute type 12 has an invalid length.
[  211.282738][T12102] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  211.403981][T12116] netlink: 'syz.2.2163': attribute type 11 has an invalid length.
[  211.534204][T12122] IPVS: Unknown mcast interface: batadv0
[  211.824847][T12145] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  211.853367][T12144] netlink: 'syz.0.2173': attribute type 1 has an invalid length.
[  211.856160][T12144] netlink: 'syz.0.2173': attribute type 2 has an invalid length.
[  212.091301][T12170] IPv6: Can't replace route, no match found
[  212.184570][   T47] hid-generic 0005:16BF:5505.001E: unknown main item tag 0x0
[  212.189705][   T47] hid-generic 0005:16BF:5505.001E: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  212.198555][T12178] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  212.201351][T12178] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  212.241400][T12183] IPv6: NLM_F_REPLACE set, but no existing node found!
[  212.749756][T12217] sctp: [Deprecated]: syz.0.2197 (pid 12217) Use of struct sctp_assoc_value in delayed_ack socket option.
[  212.749756][T12217] Use struct sctp_sack_info instead
[  212.760409][T12219] ==================================================================
[  212.763111][T12219] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[  212.765505][T12219] Read of size 1 at addr ffff888107174c30 by task syz.1.2198/12219
[  212.769361][T12219] 
[  212.770258][T12219] CPU: 0 UID: 0 PID: 12219 Comm: syz.1.2198 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  212.770280][T12219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  212.770292][T12219] Call Trace:
[  212.770298][T12219]  <TASK>
[  212.770306][T12219]  dump_stack_lvl+0x189/0x250
[  212.770330][T12219]  ? __kasan_check_byte+0x12/0x40
[  212.770354][T12219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.770371][T12219]  ? lock_release+0x4b/0x3e0
[  212.770393][T12219]  ? __virt_addr_valid+0x4a5/0x5c0
[  212.770412][T12219]  print_report+0xca/0x240
[  212.770425][T12219]  ? xfrm_state_find+0x2cf2/0x5400
[  212.770442][T12219]  kasan_report+0x118/0x150
[  212.770461][T12219]  ? xfrm_state_find+0x2cf2/0x5400
[  212.770483][T12219]  xfrm_state_find+0x2cf2/0x5400
[  212.770502][T12219]  ? __lock_acquire+0xab9/0xd20
[  212.770529][T12219]  ? xfrm_state_find+0x1da/0x5400
[  212.770548][T12219]  ? __pfx_xfrm_state_find+0x10/0x10
[  212.770572][T12219]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  212.770593][T12219]  ? xfrm_policy_lookup_bytype+0x2a7/0x1250
[  212.770608][T12219]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  212.770622][T12219]  ? xfrm_policy_lookup_bytype+0x123/0x1250
[  212.770642][T12219]  ? xfrm_policy_lookup_bytype+0x11ef/0x1250
[  212.770667][T12219]  ? xfrm_expand_policies+0x41f/0x6a0
[  212.770681][T12219]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  212.770707][T12219]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  212.770732][T12219]  ? __lock_acquire+0xab9/0xd20
[  212.770754][T12219]  xfrm_lookup_route+0x3c/0x1c0
[  212.770768][T12219]  __ip4_datagram_connect+0x9a5/0x1270
[  212.770797][T12219]  udp_connect+0x33/0x1f0
[  212.770815][T12219]  __sys_connect+0x316/0x440
[  212.770833][T12219]  ? __pfx___sys_connect+0x10/0x10
[  212.770853][T12219]  ? rcu_is_watching+0x15/0xb0
[  212.770870][T12219]  __x64_sys_connect+0x7a/0x90
[  212.770887][T12219]  do_syscall_64+0xfa/0x3b0
[  212.770905][T12219]  ? lockdep_hardirqs_on+0x9c/0x150
[  212.770919][T12219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.770963][T12219]  ? exc_page_fault+0x9f/0xf0
[  212.770980][T12219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.770994][T12219] RIP: 0033:0x7fd79018ebe9
[  212.771009][T12219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.771021][T12219] RSP: 002b:00007fd791052038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  212.771036][T12219] RAX: ffffffffffffffda RBX: 00007fd7903b5fa0 RCX: 00007fd79018ebe9
[  212.771048][T12219] RDX: 0000000000000010 RSI: 0000200000000280 RDI: 0000000000000003
[  212.771057][T12219] RBP: 00007fd790211e19 R08: 0000000000000000 R09: 0000000000000000
[  212.771067][T12219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  212.771075][T12219] R13: 00007fd7903b6038 R14: 00007fd7903b5fa0 R15: 00007fffc98b0e98
[  212.771092][T12219]  </TASK>
[  212.771097][T12219] 
[  212.873537][T12219] Allocated by task 8806:
[  212.875190][T12219]  kasan_save_track+0x3e/0x80
[  212.876993][T12219]  __kasan_slab_alloc+0x6c/0x80
[  212.878826][T12219]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  212.880850][T12219]  xfrm_state_alloc+0x24/0x2f0
[  212.882590][T12219]  __find_acq_core+0x8a7/0x1c00
[  212.884440][T12219]  xfrm_find_acq+0x78/0xa0
[  212.886116][T12219]  xfrm_alloc_userspi+0x6b3/0xc90
[  212.888000][T12219]  xfrm_user_rcv_msg+0x7a3/0xab0
[  212.889837][T12219]  netlink_rcv_skb+0x208/0x470
[  212.891560][T12219]  xfrm_netlink_rcv+0x79/0x90
[  212.893319][T12219]  netlink_unicast+0x82f/0x9e0
[  212.895127][T12219]  netlink_sendmsg+0x805/0xb30
[  212.896940][T12219]  __sock_sendmsg+0x21c/0x270
[  212.898633][T12219]  ____sys_sendmsg+0x505/0x830
[  212.900356][T12219]  ___sys_sendmsg+0x21f/0x2a0
[  212.902071][T12219]  __x64_sys_sendmsg+0x19b/0x260
[  212.903946][T12219]  do_syscall_64+0xfa/0x3b0
[  212.905618][T12219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.907703][T12219] 
[  212.908579][T12219] Freed by task 47:
[  212.909966][T12219]  kasan_save_track+0x3e/0x80
[  212.911669][T12219]  kasan_save_free_info+0x46/0x50
[  212.913516][T12219]  __kasan_slab_free+0x5b/0x80
[  212.915324][T12219]  kmem_cache_free+0x18f/0x400
[  212.917051][T12219]  xfrm_state_gc_task+0x52d/0x6b0
[  212.918898][T12219]  process_scheduled_works+0xae1/0x17b0
[  212.920968][T12219]  worker_thread+0x8a0/0xda0
[  212.922708][T12219]  kthread+0x711/0x8a0
[  212.924270][T12219]  ret_from_fork+0x3fc/0x770
[  212.925960][T12219]  ret_from_fork_asm+0x1a/0x30
[  212.927703][T12219] 
[  212.928618][T12219] The buggy address belongs to the object at ffff888107174900
[  212.928618][T12219]  which belongs to the cache xfrm_state of size 928
[  212.933610][T12219] The buggy address is located 816 bytes inside of
[  212.933610][T12219]  freed 928-byte region [ffff888107174900, ffff888107174ca0)
[  212.938472][T12219] 
[  212.939341][T12219] The buggy address belongs to the physical page:
[  212.941629][T12219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888107174480 pfn:0x107174
[  212.945299][T12219] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  212.948316][T12219] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  212.951083][T12219] page_type: f5(slab)
[  212.952557][T12219] raw: 057ff00000000040 ffff88801dbe1140 dead000000000122 0000000000000000
[  212.955668][T12219] raw: ffff888107174480 00000000800e000a 00000000f5000000 0000000000000000
[  212.959010][T12219] head: 057ff00000000040 ffff88801dbe1140 dead000000000122 0000000000000000
[  212.962117][T12219] head: ffff888107174480 00000000800e000a 00000000f5000000 0000000000000000
[  212.965248][T12219] head: 057ff00000000002 ffffea00041c5d01 00000000ffffffff 00000000ffffffff
[  212.968285][T12219] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  212.971491][T12219] page dumped because: kasan: bad access detected
[  212.973836][T12219] page_owner tracks the page as allocated
[  212.975845][T12219] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6220, tgid 6218 (syz.0.115), ts 74353970459, free_ts 74286691991
[  212.982725][T12219]  post_alloc_hook+0x240/0x2a0
[  212.984543][T12219]  get_page_from_freelist+0x21e4/0x22c0
[  212.986540][T12219]  __alloc_frozen_pages_noprof+0x181/0x370
[  212.988629][T12219]  alloc_pages_mpol+0x232/0x4a0
[  212.990353][T12219]  allocate_slab+0x8a/0x370
[  212.992053][T12219]  ___slab_alloc+0xbeb/0x1410
[  212.993838][T12219]  kmem_cache_alloc_noprof+0x283/0x3c0
[  212.995805][T12219]  xfrm_state_alloc+0x24/0x2f0
[  212.997528][T12219]  xfrm_add_sa+0x17d1/0x4070
[  212.999189][T12219]  xfrm_user_rcv_msg+0x7a3/0xab0
[  213.001059][T12219]  netlink_rcv_skb+0x208/0x470
[  213.002792][T12219]  xfrm_netlink_rcv+0x79/0x90
[  213.004521][T12219]  netlink_unicast+0x82f/0x9e0
[  213.006262][T12219]  netlink_sendmsg+0x805/0xb30
[  213.007986][T12219]  __sock_sendmsg+0x21c/0x270
[  213.009702][T12219]  ____sys_sendmsg+0x505/0x830
[  213.011421][T12219] page last free pid 6217 tgid 6215 stack trace:
[  213.013684][T12219]  __free_frozen_pages+0xbc4/0xd30
[  213.015576][T12219]  stack_depot_save_flags+0x436/0x860
[  213.017569][T12219]  kasan_save_track+0x4f/0x80
[  213.019264][T12219]  __kasan_slab_alloc+0x6c/0x80
[  213.021066][T12219]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  213.023233][T12219]  kmalloc_reserve+0xbd/0x290
[  213.024989][T12219]  __alloc_skb+0x142/0x2d0
[  213.026629][T12219]  _sctp_make_chunk+0x5e/0x430
[  213.028375][T12219]  sctp_make_abort_user+0x97/0x620
[  213.030223][T12219]  sctp_sendmsg_check_sflags+0x1ce/0x2e0
[  213.032240][T12219]  sctp_sendmsg+0x173a/0x2810
[  213.033956][T12219]  __sock_sendmsg+0x19c/0x270
[  213.035646][T12219]  ____sys_sendmsg+0x52d/0x830
[  213.037379][T12219]  ___sys_sendmsg+0x21f/0x2a0
[  213.039174][T12219]  __sys_sendmmsg+0x227/0x430
[  213.040968][T12219]  __x64_sys_sendmmsg+0xa0/0xc0
[  213.042818][T12219] 
[  213.043708][T12219] Memory state around the buggy address:
[  213.045747][T12219]  ffff888107174b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.048745][T12219]  ffff888107174b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.051724][T12219] >ffff888107174c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  213.054600][T12219]                                      ^
[  213.056591][T12219]  ffff888107174c80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  213.059415][T12219]  ffff888107174d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  213.062262][T12219] ==================================================================
[  213.072971][T12219] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  213.075770][T12219] CPU: 1 UID: 0 PID: 12219 Comm: syz.1.2198 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  213.080321][T12219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  213.084217][T12219] Call Trace:
[  213.085565][T12219]  <TASK>
[  213.086740][T12219]  dump_stack_lvl+0x99/0x250
[  213.088541][T12219]  ? __asan_memcpy+0x40/0x70
[  213.090402][T12219]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.092453][T12219]  ? __pfx__printk+0x10/0x10
[  213.094186][T12219]  vpanic+0x281/0x750
[  213.095635][T12219]  ? preempt_schedule+0xae/0xc0
[  213.097368][T12219]  ? __pfx_vpanic+0x10/0x10
[  213.099014][T12219]  ? preempt_schedule_common+0x83/0xd0
[  213.100729][T12219]  ? preempt_schedule+0xae/0xc0
[  213.102192][T12219]  ? __pfx_preempt_schedule+0x10/0x10
[  213.104191][T12219]  panic+0xb9/0xc0
[  213.105581][T12219]  ? __pfx_panic+0x10/0x10
[  213.107085][T12219]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  213.109012][T12219]  ? xfrm_state_find+0x2cf2/0x5400
[  213.110599][T12219]  check_panic_on_warn+0x89/0xb0
[  213.112463][T12219]  ? xfrm_state_find+0x2cf2/0x5400
[  213.114541][T12219]  end_report+0x78/0x160
[  213.116263][T12219]  kasan_report+0x129/0x150
[  213.118102][T12219]  ? xfrm_state_find+0x2cf2/0x5400
[  213.120162][T12219]  xfrm_state_find+0x2cf2/0x5400
[  213.122158][T12219]  ? __lock_acquire+0xab9/0xd20
[  213.124104][T12219]  ? xfrm_state_find+0x1da/0x5400
[  213.126133][T12219]  ? __pfx_xfrm_state_find+0x10/0x10
[  213.128116][T12219]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  213.130150][T12219]  ? xfrm_policy_lookup_bytype+0x2a7/0x1250
[  213.132522][T12219]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  213.135149][T12219]  ? xfrm_policy_lookup_bytype+0x123/0x1250
[  213.137311][T12219]  ? xfrm_policy_lookup_bytype+0x11ef/0x1250
[  213.139474][T12219]  ? xfrm_expand_policies+0x41f/0x6a0
[  213.141609][T12219]  xfrm_lookup_with_ifid+0x58a/0x1a70
[  213.143622][T12219]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  213.145665][T12219]  ? __lock_acquire+0xab9/0xd20
[  213.147320][T12219]  xfrm_lookup_route+0x3c/0x1c0
[  213.149009][T12219]  __ip4_datagram_connect+0x9a5/0x1270
[  213.150928][T12219]  udp_connect+0x33/0x1f0
[  213.152406][T12219]  __sys_connect+0x316/0x440
[  213.153919][T12219]  ? __pfx___sys_connect+0x10/0x10
[  213.155583][T12219]  ? rcu_is_watching+0x15/0xb0
[  213.157151][T12219]  __x64_sys_connect+0x7a/0x90
[  213.158690][T12219]  do_syscall_64+0xfa/0x3b0
[  213.160417][T12219]  ? lockdep_hardirqs_on+0x9c/0x150
[  213.162487][T12219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.164839][T12219]  ? exc_page_fault+0x9f/0xf0
[  213.166701][T12219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.169069][T12219] RIP: 0033:0x7fd79018ebe9
[  213.170839][T12219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.177511][T12219] RSP: 002b:00007fd791052038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  213.180456][T12219] RAX: ffffffffffffffda RBX: 00007fd7903b5fa0 RCX: 00007fd79018ebe9
[  213.183573][T12219] RDX: 0000000000000010 RSI: 0000200000000280 RDI: 0000000000000003
[  213.186597][T12219] RBP: 00007fd790211e19 R08: 0000000000000000 R09: 0000000000000000
[  213.189134][T12219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  213.192141][T12219] R13: 00007fd7903b6038 R14: 00007fd7903b5fa0 R15: 00007fffc98b0e98
[  213.194713][T12219]  </TASK>
[  213.196319][T12219] Kernel Offset: disabled
[  213.197598][T12219] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:44:13  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000034 RBX=0000000000000034 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000014df RDI=00000000000014e0 RBP=00000000000003f8 RSP=ffffc9000463ee10
R8 =ffff8881065b8237 R9 =1ffff11020cb7046 R10=dffffc0000000000 R11=ffffffff854e72a0
R12=dffffc0000000000 R13=ffffffff99af28fb R14=ffffffff99de74e0 R15=0000000000000000
RIP=ffffffff854e731c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fd7910526c0 ffffffff 00c00000
GS =0000 ffff8880b8623000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000100 CR3=0000000035852000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fd790387498 00007fd790387470 XMM03=00007fd7903874a8 00007fd7903874a0
XMM04=00007fd790eed100 00007fd790387460 XMM05=00007fd790387478 00007fd7903874c0
XMM06=00007fd7903874b8 00007fd7903874b0 XMM07=00007fd7903874a8 00007fd7903874a0
XMM08=0000000000000000 00007fd790212ee7 XMM09=0000000000000000 00007fd790212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=294908f9cf9ff200 RBX=ffffffff81968308 RCX=294908f9cf9ff200 RDX=0000000000000001
RSI=ffffffff8d9b441b RDI=ffffffff8be32600 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa34330 R13=0000000000000001 R14=0000000000000001 R15=1ffff1102001f000
RIP=ffffffff8b78a3f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c23000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055a968984000 CR3=000000010f3d4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000015 000000000003bf12
XMM02=0000555585e79787 0000555585e79520 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000555585e77428 0000555585e77330
XMM06=0000000000000000 0000000000000000 XMM07=0ad0030010000ac0 030210000ab00358
XMM08=100005900302d402 0011d203aaaaaaaa XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
