last executing test programs:

810.988635ms ago: executing program 1 (id=1141):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x48, 0x10, 0x401, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, 0x1a21}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_SLAVE2={0x8, 0x2, r3}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x48}}, 0x0)

701.411639ms ago: executing program 2 (id=1144):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r1 = socket(0x40000000015, 0x5, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, 0x0, 0x20004450)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20040850}, 0x4004014)
socket$nl_generic(0x10, 0x3, 0x10)
connect$inet(r1, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000700), 0x4)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000740)={0x0, r4}, 0x8)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xa, 0x5, 0x1065, 0x4, 0x22e40, r0, 0x0, '\x00', 0x0, r4, 0x1, 0x0, 0x10000001}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
unshare(0x64000600)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
recvmmsg(r7, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000500)={0x6, <r8=>0x0}, 0x8)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r10=>0x0})
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r11, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)={0x70, 0x3, 0x1, 0x301, 0x0, 0x0, {0x7}, [@CTA_MARK_MASK={0x8}, @CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xfffffff7}]}, @CTA_NAT_DST={0x2c, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @local}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0xac}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3}, @CTA_LABELS_MASK={0x8, 0x17, [0x0]}, @CTA_LABELS={0x4}]}, 0x70}, 0x1, 0x0, 0x0, 0xc014}, 0x40)
sendmsg$nl_route_sched(r9, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}, {0x1, 0x8}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0x11}, @TCA_FQ_PLIMIT={0x8}, @TCA_FQ_ORPHAN_MASK={0x8, 0xa, 0x13}]}}]}, 0x48}}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000005c0)=@bpf_lsm={0x1d, 0x14, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, [@map_idx_val={0x18, 0x6, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9}, @generic={0x7, 0x6, 0x9, 0x81, 0x1}, @generic={0x7, 0x9, 0x7, 0x0, 0x87d4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x24, &(0x7f00000002c0)=""/36, 0x41000, 0x40, '\x00', 0x0, 0x1b, r7, 0x8, &(0x7f00000003c0)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000400)={0x0, 0xd, 0x3, 0x4}, 0x10, r8, 0x0, 0x2, &(0x7f0000000540)=[r0, r5, r5, r5], &(0x7f0000000580)=[{0x3, 0x4, 0x4, 0xa}, {0x3, 0x2, 0x0, 0x3}], 0x10, 0x73d}, 0x94)

701.253931ms ago: executing program 1 (id=1145):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x8000000000000000}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001f00000018000180140002007665746830"], 0x2c}}, 0x0)

548.200125ms ago: executing program 1 (id=1147):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000300)=0x1, 0x4)

547.60474ms ago: executing program 0 (id=1149):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000200)={0x40, r2, 0x1, 0x70bd2c, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x2, 0x25}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000)

475.147597ms ago: executing program 0 (id=1150):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0xff, 0x4932, 0x7f, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6   \x00'}, 0x20)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, 0x0, &(0x7f0000000300), 0x2, r1}, 0x38)

474.879999ms ago: executing program 0 (id=1151):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, 0x0, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x3, &(0x7f0000000000)=0x3, 0x4)

411.129952ms ago: executing program 1 (id=1152):
r0 = socket(0x25, 0x5, 0x0)
recvfrom$ax25(r0, 0x0, 0x0, 0x2063, 0x0, 0x0)

410.938686ms ago: executing program 0 (id=1153):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0xb0, 0x44, 0x107, 0xfffffffc, 0x0, {0x1, 0x7c}, [@nested={0x9c, 0x4, 0x0, 0x1, [@nested={0x96, 0x12, 0x0, 0x1, [@generic="a437fa54a0cc5d1124ab2b2806e7f423b6e257262cccca9a82234d912f8d4196192c1ddd5dcb13d7f0921142632c5ebd28b4b4513d200e3c56c2dfd37d0f42fb34dc396d5a11005f6bfe5993e5c04528fba03ac92ee6ed1d968a7554517590de2c1900000000", @nested={0x29, 0xde, 0x0, 0x1, [@generic="d3915f12712a643d4966212c4f25b0f088ecbcca05e2c38719e4adaad0c012779c2e654b7a"]}]}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

370.969343ms ago: executing program 1 (id=1154):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x0)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_addrs=@can})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4})
ioctl$sock_netdev_private(r1, 0x89f4, &(0x7f0000000000))
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0xd, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000080}, 0x4000000)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))

313.023052ms ago: executing program 0 (id=1155):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000061100c000000000063013500000000009500090000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52)

261.619234ms ago: executing program 0 (id=1156):
pwrite64(0xffffffffffffffff, &(0x7f0000000240)="e1", 0x1, 0x7fffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="340000001100010027bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="20100000000004001400030076657468315f766c616e000000000000651515bf1ee92be363"], 0x34}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000ffdbdf250400000018000180140002006970766c616e3100000000000000000075d130fca503f6847d388e09f5dcf3bf7eae02b0ba7a007c74f8f0aa9d38b8ea95a716bb087b24879e374bb90455ebfc32a5d6a2c822b3a7e96d0d49188bddd49da3f511ddd1088154f1a88f9da452fd4c4303f9f274481e9d4da01c5019a04e163a"], 0x2c}, 0x1, 0x0, 0x0, 0x2001}, 0x4010000)

259.967079ms ago: executing program 1 (id=1157):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xc4)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000006340))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r2=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x20000000, 0x8, 0x6, 0x900, 0x401}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@ipv4_newroute={0x2c, 0x18, 0x1, 0x0, 0x25dfdbfe, {0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x2a00}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_DPORT={0x6, 0x1d, 0x4e24}]}, 0x2c}}, 0x20008081)
syz_emit_ethernet(0x86, &(0x7f0000000000)=ANY=[], 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000001000000080001003f0000000c000200700f00000000ffff0c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0xc000)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$FITRIM(r3, 0xc0185879, &(0x7f0000000480)={0x0, 0x4, 0x6})
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r9}, 0x10)
r10 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r11 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x34, r10, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}]}, 0x34}}, 0xc800)
sendmsg$SMC_PNETID_DEL(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)={0x34, r10, 0x300, 0x70bd28, 0xfffffffe, {0x4, 0x7, 0x2}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x34}, 0x1, 0x40030000000000, 0x0, 0x4001}, 0x0)
getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000340)={r2, 0xd9, 0xca28, 0xc3, 0xfff, 0x2, 0x3, 0xffff2366, {r2, @in={{0x2, 0x4e23, @multicast1}}, 0xbc, 0x3, 0x2, 0xb67, 0x80000001}}, &(0x7f0000000400)=0xb0)
socket$kcm(0x29, 0x0, 0x0)

179.336246ms ago: executing program 2 (id=1158):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="38000000010003", 0x7)

104.84125ms ago: executing program 2 (id=1159):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000001104000000002e"], 0x0, 0x37}, 0x20)

104.741829ms ago: executing program 2 (id=1160):
unshare(0x20000400)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000004000000000000000100000000800000a64080c0f88ba933f7a0e7f8", @ANYRES32=0x1, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES32], 0x50)

293.768µs ago: executing program 2 (id=1161):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0xa}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0xf743}]}}}, {0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x8}]}}}]}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x1}, 0x0)

0s ago: executing program 2 (id=1162):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0x6, 0x6, 0x3, 0x0, 0x0, {0xa, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x24000004}, 0x80)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:36841' (ED25519) to the list of known hosts.
syzkaller login: [   50.831265][ T5788] cgroup: Unknown subsys name 'net'
[   50.968437][ T5788] cgroup: Unknown subsys name 'cpuset'
[   50.972312][ T5788] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   52.799099][ T5788] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.024904][ T5235] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.028687][ T5235] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.032256][ T5235] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.036677][ T5235] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.053413][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.056889][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.060684][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.064239][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.095998][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.100477][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.183895][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.189792][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.193299][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.197141][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.200527][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.515162][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   57.584080][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   57.605352][ T5838] chnl_net:caif_netlink_parms(): no params data found
[   57.619006][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.622677][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.625960][ T5850] bridge_slave_0: entered allmulticast mode
[   57.630367][ T5850] bridge_slave_0: entered promiscuous mode
[   57.661667][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.664647][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.667911][ T5850] bridge_slave_1: entered allmulticast mode
[   57.671635][ T5850] bridge_slave_1: entered promiscuous mode
[   57.750444][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.767553][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.823240][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.826147][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.828846][ T5842] bridge_slave_0: entered allmulticast mode
[   57.832499][ T5842] bridge_slave_0: entered promiscuous mode
[   57.848056][ T5850] team0: Port device team_slave_0 added
[   57.850738][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.853558][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.856959][ T5838] bridge_slave_0: entered allmulticast mode
[   57.860361][ T5838] bridge_slave_0: entered promiscuous mode
[   57.863760][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.866817][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.869634][ T5842] bridge_slave_1: entered allmulticast mode
[   57.873053][ T5842] bridge_slave_1: entered promiscuous mode
[   57.885345][ T5850] team0: Port device team_slave_1 added
[   57.900608][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.903666][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.907259][ T5838] bridge_slave_1: entered allmulticast mode
[   57.910996][ T5838] bridge_slave_1: entered promiscuous mode
[   57.951431][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.954353][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.965409][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.988956][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.994901][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.000128][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.002971][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.015364][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.022273][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.028396][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.119716][ T5842] team0: Port device team_slave_0 added
[   58.123779][ T5838] team0: Port device team_slave_0 added
[   58.133301][ T5850] hsr_slave_0: entered promiscuous mode
[   58.136985][ T5850] hsr_slave_1: entered promiscuous mode
[   58.142082][ T5842] team0: Port device team_slave_1 added
[   58.145613][ T5838] team0: Port device team_slave_1 added
[   58.222008][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.225003][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.235596][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.242999][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.246043][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.256641][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.262029][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.264920][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.276029][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.293892][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.297031][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.307832][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.376502][ T5842] hsr_slave_0: entered promiscuous mode
[   58.379677][ T5842] hsr_slave_1: entered promiscuous mode
[   58.382520][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   58.384841][ T5842] Cannot create hsr debugfs directory
[   58.437058][ T5838] hsr_slave_0: entered promiscuous mode
[   58.439878][ T5838] hsr_slave_1: entered promiscuous mode
[   58.442065][ T5838] debugfs: 'hsr0' already exists in 'hsr'
[   58.443887][ T5838] Cannot create hsr debugfs directory
[   58.743741][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.753460][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.760937][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.774398][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.829091][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   58.834874][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   58.857467][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   58.868439][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   58.901988][ T5838] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   58.911283][ T5838] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   58.917364][ T5838] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   58.927671][ T5838] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   58.959572][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.987079][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   59.005489][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.008306][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.026504][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.029250][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.074413][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.104524][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   59.113986][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.127325][   T66] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.129989][   T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.162318][   T66] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.164866][   T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.166584][ T5845] Bluetooth: hci1: command tx timeout
[   59.170075][ T5845] Bluetooth: hci0: command tx timeout
[   59.179078][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[   59.202395][   T66] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.205481][   T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.211501][   T66] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.213962][   T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.241314][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.249046][ T5235] Bluetooth: hci2: command tx timeout
[   59.273769][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   59.317642][ T5850] veth0_vlan: entered promiscuous mode
[   59.323623][ T5850] veth1_vlan: entered promiscuous mode
[   59.375517][ T5850] veth0_macvtap: entered promiscuous mode
[   59.381521][ T5850] veth1_macvtap: entered promiscuous mode
[   59.392384][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.405675][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.424890][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.429480][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.432534][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.441851][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.454500][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.464631][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.502400][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.510518][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.540364][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.543399][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.544916][ T5842] veth0_vlan: entered promiscuous mode
[   59.559834][ T5838] veth0_vlan: entered promiscuous mode
[   59.564730][ T5842] veth1_vlan: entered promiscuous mode
[   59.572630][ T5838] veth1_vlan: entered promiscuous mode
[   59.600413][ T5850] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   59.609250][ T5842] veth0_macvtap: entered promiscuous mode
[   59.614579][ T5842] veth1_macvtap: entered promiscuous mode
[   59.622478][ T5838] veth0_macvtap: entered promiscuous mode
[   59.640929][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.648111][ T5838] veth1_macvtap: entered promiscuous mode
[   59.659291][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.664083][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.668724][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.675592][ T5873] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.695336][ T5873] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.713008][ T5873] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.719294][ T5908] Zero length message leads to an empty skb
[   59.729187][ T5908] nbd: must specify at least one socket
[   59.730975][ T5873] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.737042][ T5873] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.751909][ T5873] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.758206][ T5873] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.762262][ T5873] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.898453][ T5918] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7'.
[   59.907385][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.908684][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.911031][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.916909][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.964801][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.969799][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.982107][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.985121][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.491403][ T5960] netlink: 24 bytes leftover after parsing attributes in process `syz.0.25'.
[   60.565430][ T5964] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.634059][ T5970] netlink: 'syz.0.30': attribute type 5 has an invalid length.
[   60.642946][ T5970] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.30'.
[   60.695572][ T5974] syz.1.31 uses obsolete (PF_INET,SOCK_PACKET)
[   60.786594][ T5982] netlink: 'syz.0.36': attribute type 30 has an invalid length.
[   61.058807][ T5999] netlink: 12 bytes leftover after parsing attributes in process `syz.0.45'.
[   61.070846][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.45'.
[   61.204937][ T6002] netlink: 'syz.2.43': attribute type 12 has an invalid length.
[   61.246095][ T5235] Bluetooth: hci0: command tx timeout
[   61.248617][ T5845] Bluetooth: hci1: command tx timeout
[   61.293883][ T6013] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.326760][ T5235] Bluetooth: hci2: command tx timeout
[   61.616929][ T6034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.58'.
[   61.931007][ T6052] tipc: Started in network mode
[   61.933175][ T6052] tipc: Node identity e2656327aa25, cluster identity 4711
[   61.938732][ T6052] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   61.943266][ T6052] syzkaller0: entered promiscuous mode
[   61.945619][ T6052] syzkaller0: entered allmulticast mode
[   61.982624][ T6052] tipc: Resetting bearer <eth:syzkaller0>
[   62.000714][ T6051] tipc: Resetting bearer <eth:syzkaller0>
[   62.032892][ T6051] tipc: Disabling bearer <eth:syzkaller0>
[   62.105232][ T6056] infiniband syz2: set down
[   62.107089][ T6056] infiniband syz2: added ipvlan0
[   62.128926][ T6056] RDS/IB: syz2: added
[   62.130772][ T6056] smc: adding ib device syz2 with port count 1
[   62.132969][ T6056] smc:    ib device syz2 port 1 has no pnetid
[   62.601697][ T6086] netlink: 12 bytes leftover after parsing attributes in process `syz.2.82'.
[   62.735906][ T6091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.84'.
[   63.011143][ T6109] netlink: 68 bytes leftover after parsing attributes in process `syz.0.92'.
[   63.325876][ T5235] Bluetooth: hci0: command tx timeout
[   63.328016][ T5235] Bluetooth: hci1: command tx timeout
[   63.406464][ T5235] Bluetooth: hci2: command tx timeout
[   63.622473][ T6141] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[   63.654701][ T6149] netlink: 12 bytes leftover after parsing attributes in process `syz.1.111'.
[   63.792024][ T6161] netlink: ct family unspecified
[   63.794281][ T6161] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   63.882211][ T6167] syz.1.120 uses old SIOCAX25GETINFO
[   64.153806][ T6185] sctp: [Deprecated]: syz.2.128 (pid 6185) Use of int in max_burst socket option.
[   64.153806][ T6185] Use struct sctp_assoc_value instead
[   64.218443][ T6191] tipc: Started in network mode
[   64.220407][ T6191] tipc: Node identity 5e8bd6cba68e, cluster identity 4711
[   64.223214][ T6191] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   64.246459][ T6191] syzkaller0: entered promiscuous mode
[   64.255305][ T6191] syzkaller0: entered allmulticast mode
[   64.262787][ T6191] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   64.282215][ T6191] tipc: Resetting bearer <eth:syzkaller0>
[   64.304673][ T6190] tipc: Resetting bearer <eth:syzkaller0>
[   64.320222][ T6190] tipc: Disabling bearer <eth:syzkaller0>
[   64.610434][ T6220] Illegal XDP return value 4294967274 on prog  (id 12) dev N/A, expect packet loss!
[   64.774317][ T6230] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   65.163964][ T6278] netlink: 'syz.2.166': attribute type 9 has an invalid length.
[   65.169213][ T6278] __nla_validate_parse: 4 callbacks suppressed
[   65.169226][ T6278] netlink: 212260 bytes leftover after parsing attributes in process `syz.2.166'.
[   65.344794][ T6286] netlink: 100 bytes leftover after parsing attributes in process `syz.0.170'.
[   65.407652][ T5845] Bluetooth: hci0: command tx timeout
[   65.410292][ T5235] Bluetooth: hci1: command tx timeout
[   65.486266][ T5235] Bluetooth: hci2: command tx timeout
[   65.748590][ T6312] netlink: 'syz.2.177': attribute type 1 has an invalid length.
[   65.751792][ T6312] netlink: 'syz.2.177': attribute type 1 has an invalid length.
[   65.757165][ T6312] netlink: 'syz.2.177': attribute type 1 has an invalid length.
[   65.985331][ T6325] netlink: 'syz.1.183': attribute type 2 has an invalid length.
[   66.149182][ T6338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.189'.
[   66.152839][ T6338] netlink: 7 bytes leftover after parsing attributes in process `syz.2.189'.
[   66.203100][ T6343] netlink: 20 bytes leftover after parsing attributes in process `syz.1.190'.
[   66.308921][ T6350] netlink: 830 bytes leftover after parsing attributes in process `syz.2.195'.
[   66.811260][ T6387] warning: `syz.1.211' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   67.237211][ T6404] : renamed from wg2 (while UP)
[   67.269838][ T6408] syz_tun: entered allmulticast mode
[   67.272660][ T6408] netlink: 60 bytes leftover after parsing attributes in process `syz.0.222'.
[   67.280187][ T6408] unsupported nlmsg_type 40
[   67.287333][ T6406] syz_tun: left allmulticast mode
[   67.360185][ T6417] netlink: 24 bytes leftover after parsing attributes in process `syz.0.225'.
[   67.955134][ T6453] netlink: 32 bytes leftover after parsing attributes in process `syz.2.239'.
[   68.076962][ T6462] netlink: 'syz.2.245': attribute type 1 has an invalid length.
[   68.447477][ T6502] delete_channel: no stack
[   68.554786][ T6511] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[   68.803708][ T6533] tipc: Started in network mode
[   68.805494][ T6533] tipc: Node identity 6e8e57273824, cluster identity 4711
[   68.808441][ T6533] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   68.811336][ T6533] syzkaller0: entered promiscuous mode
[   68.813304][ T6533] syzkaller0: entered allmulticast mode
[   68.825456][ T6533] tipc: Resetting bearer <eth:syzkaller0>
[   68.829182][ T6531] tipc: Resetting bearer <eth:syzkaller0>
[   68.835677][ T6531] tipc: Disabling bearer <eth:syzkaller0>
[   68.943084][ T6537] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   68.947565][ T6537] syzkaller0: entered promiscuous mode
[   68.949780][ T6537] syzkaller0: entered allmulticast mode
[   68.957808][ T6537] tipc: Resetting bearer <eth:syzkaller0>
[   68.963032][ T6536] tipc: Resetting bearer <eth:syzkaller0>
[   68.972619][ T6536] tipc: Disabling bearer <eth:syzkaller0>
[   69.180496][ T6540] netlink: 'syz.0.278': attribute type 10 has an invalid length.
[   69.193227][ T6540] team0: Port device dummy0 added
[   69.200759][ T6540] netlink: 'syz.0.278': attribute type 10 has an invalid length.
[   69.214506][ T6540] team0: Port device dummy0 removed
[   69.221674][ T6540] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   69.298875][ T6542] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[   70.023938][ T6581] netlink: 'syz.1.298': attribute type 1 has an invalid length.
[   70.448291][ T6607] netlink: 100 bytes leftover after parsing attributes in process `syz.0.309'.
[   70.471080][ T6605] ip6_tunnel: non-ECT from fe88:a43d:e1a4:0000:0000:0000:0000:7d01 with DS=0xe
[   70.692980][ T6617] ieee802154 phy0 wpan0: encryption failed: -22
[   70.700625][ T6619] x_tables: ip_tables: udp match: only valid for protocol 17
[   70.802508][ T6629] netlink: 8 bytes leftover after parsing attributes in process `syz.1.319'.
[   70.845531][ T6635] netlink: 56 bytes leftover after parsing attributes in process `syz.1.321'.
[   70.851069][ T6635] netlink: 19 bytes leftover after parsing attributes in process `syz.1.321'.
[   70.854971][ T6635] netlink: 19 bytes leftover after parsing attributes in process `syz.1.321'.
[   71.171473][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.174946][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.332689][ T6666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.336'.
[   71.740078][ T6694] netlink: 'syz.1.349': attribute type 2 has an invalid length.
[   71.902754][ T6709] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[   71.992917][ T6719] netlink: 92 bytes leftover after parsing attributes in process `syz.0.360'.
[   72.250678][ T6745] netlink: 12 bytes leftover after parsing attributes in process `syz.0.373'.
[   72.312551][ T6749] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   72.384110][ T6751] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[   72.387352][ T6011] IPVS: starting estimator thread 0...
[   72.506045][ T6755] IPVS: using max 45 ests per chain, 108000 per kthread
[   72.522284][ T6760] syz_tun: entered allmulticast mode
[   72.554167][ T6760] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.557761][ T6760] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.631576][ T6760] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   72.638595][ T6760] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   72.717651][   T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.721194][   T12] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.734835][   T12] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.739260][   T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   72.913170][ T6776] netlink: 8 bytes leftover after parsing attributes in process `syz.1.384'.
[   73.272949][ T6806] netlink: 'syz.0.396': attribute type 1 has an invalid length.
[   73.451338][ T6821] netlink: 8 bytes leftover after parsing attributes in process `syz.0.403'.
[   73.570900][ T6834] tipc: Enabled bearer <ib:ip6gre0>, priority 10
[   73.644495][ T6843] Bluetooth: MGMT ver 1.23
[   74.048646][ T6879] netlink: 'syz.2.427': attribute type 12 has an invalid length.
[   74.093595][ T6883] netlink: 'syz.1.428': attribute type 21 has an invalid length.
[   74.107943][   T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   74.111060][ T6883] netlink: 'syz.1.428': attribute type 21 has an invalid length.
[   74.115890][   T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   74.115923][   T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   74.115945][   T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   74.381160][ T6905] pim6reg1: entered promiscuous mode
[   74.383380][ T6905] pim6reg1: entered allmulticast mode
[   74.525971][ T6912] nbd1: detected capacity change from 0 to 127
[   74.536752][   T56] block nbd1: Receive control failed (result -32)
[   74.541426][ T5847] block nbd1: Dead connection, failed to find a fallback
[   74.544367][ T5847] block nbd1: shutting down sockets
[   74.558921][ T5847] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.563228][ T5847] Buffer I/O error on dev nbd1, logical block 0, async page read
[   74.570841][ T5847] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.575114][ T5847] Buffer I/O error on dev nbd1, logical block 1, async page read
[   74.581150][ T5847] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.585940][ T5847] Buffer I/O error on dev nbd1, logical block 2, async page read
[   74.591468][ T5847] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.595396][ T5847] Buffer I/O error on dev nbd1, logical block 3, async page read
[   74.599564][ T5847] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.603513][ T5847] Buffer I/O error on dev nbd1, logical block 0, async page read
[   74.607424][ T5847] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.611410][ T5847] Buffer I/O error on dev nbd1, logical block 1, async page read
[   74.615305][ T5847] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.619196][ T5847] Buffer I/O error on dev nbd1, logical block 2, async page read
[   74.622790][ T5847] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.626786][ T5847] Buffer I/O error on dev nbd1, logical block 3, async page read
[   74.630263][ T5847] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.635577][ T5847] Buffer I/O error on dev nbd1, logical block 0, async page read
[   74.645036][ T5847] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   74.668953][ T5847] Buffer I/O error on dev nbd1, logical block 1, async page read
[   74.671603][ T6923] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[   74.674229][ T5847] ldm_validate_partition_table(): Disk read failed.
[   74.687297][ T6011] tipc: Node number set to 1212179239
[   74.696420][ T5847] Dev nbd1: unable to read RDB block 0
[   74.701107][ T5847]  nbd1: unable to read partition table
[   74.717374][ T5847] ldm_validate_partition_table(): Disk read failed.
[   74.721631][ T5847] Dev nbd1: unable to read RDB block 0
[   74.728860][ T5847]  nbd1: unable to read partition table
[   75.691679][ T6956] netlink: 'syz.1.457': attribute type 2 has an invalid length.
[   75.703864][ T6956] __nla_validate_parse: 4 callbacks suppressed
[   75.703882][ T6956] netlink: 51 bytes leftover after parsing attributes in process `syz.1.457'.
[   76.180783][ T6985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.471'.
[   76.196713][ T6983] team0: Device ipip0 is of different type
[   76.230049][ T6987] netlink: 12 bytes leftover after parsing attributes in process `syz.1.472'.
[   76.249228][ T6988] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.257007][ T6988] syzkaller0: entered promiscuous mode
[   76.265887][ T6988] syzkaller0: entered allmulticast mode
[   76.291706][ T6983] tipc: Resetting bearer <eth:syzkaller0>
[   76.307212][ T6982] tipc: Resetting bearer <eth:syzkaller0>
[   76.321902][ T6982] tipc: Disabling bearer <eth:syzkaller0>
[   76.399382][ T6994] netlink: 8 bytes leftover after parsing attributes in process `syz.1.475'.
[   76.418839][ T6996] netlink: 256 bytes leftover after parsing attributes in process `syz.2.476'.
[   76.456595][ T7000] netlink: 20 bytes leftover after parsing attributes in process `syz.1.477'.
[   76.490200][ T7000] nbd: socks must be embedded in a SOCK_ITEM attr
[   76.494383][ T7002] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.500891][ T5849] block nbd64: NBD_DISCONNECT
[   76.514412][ T7002] syzkaller0: entered promiscuous mode
[   76.517157][ T7002] syzkaller0: entered allmulticast mode
[   76.539483][ T7002] tipc: Resetting bearer <eth:syzkaller0>
[   76.544610][ T7001] tipc: Resetting bearer <eth:syzkaller0>
[   76.562262][ T7001] tipc: Disabling bearer <eth:syzkaller0>
[   77.564411][ T7047] netlink: 'syz.1.497': attribute type 3 has an invalid length.
[   77.567510][ T7047] netlink: 224 bytes leftover after parsing attributes in process `syz.1.497'.
[   78.122757][ T7063] netlink: 16 bytes leftover after parsing attributes in process `syz.2.504'.
[   78.126883][ T7061] netlink: 'syz.1.503': attribute type 30 has an invalid length.
[   78.129684][ T7061] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[   78.133439][ T7063] openvswitch: netlink: EtherType 0 is less than min 600
[   78.151599][ T7061] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[   78.210737][ T7069] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[   78.224041][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.2.508'.
[   78.228871][ T7071] netlink: 8 bytes leftover after parsing attributes in process `syz.2.508'.
[   78.285501][ T7075] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   78.289594][ T7073] netlink: 'syz.1.509': attribute type 1 has an invalid length.
[   78.330976][ T7073] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[   78.335650][ T7073] bond1: (slave vxcan3): Error -95 calling set_mac_address
[   78.375681][ T7085] bond1: (slave bridge1): Enslaving as an active interface with a down link
[   78.412669][ T7073] macvlan2: entered promiscuous mode
[   78.414984][ T7073] macvlan2: entered allmulticast mode
[   78.420729][ T7073] bond1: entered promiscuous mode
[   78.424974][ T7073] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   78.462787][ T7073] bond1: left promiscuous mode
[   78.575682][ T7089] sctp: [Deprecated]: syz.0.515 (pid 7089) Use of struct sctp_assoc_value in delayed_ack socket option.
[   78.575682][ T7089] Use struct sctp_sack_info instead
[   78.622262][ T7087] infiniband syz0: set active
[   78.624074][ T7087] infiniband syz0: added veth1_to_hsr
[   78.660224][ T7087] RDS/IB: syz0: added
[   78.661684][ T7087] smc: adding ib device syz0 with port count 1
[   78.663818][ T7087] smc:    ib device syz0 port 1 has no pnetid
[   78.828084][ T7107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   78.836478][ T7107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   78.842603][ T7107] bond0 (unregistering): Released all slaves
[   79.438819][ T7134] bridge_slave_1: left allmulticast mode
[   79.440971][ T7134] bridge_slave_1: left promiscuous mode
[   79.443112][ T7134] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.453322][ T7134] bridge_slave_0: left allmulticast mode
[   79.456865][ T7134] bridge_slave_0: left promiscuous mode
[   79.461252][ T7134] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.516817][ T7141] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   79.783285][ T7156] sctp: [Deprecated]: syz.0.543 (pid 7156) Use of int in maxseg socket option.
[   79.783285][ T7156] Use struct sctp_assoc_value instead
[   80.028074][ T7178] netlink: 'syz.2.554': attribute type 1 has an invalid length.
[   80.217216][ T7196] syzkaller1: tun_chr_ioctl cmd 1074025677
[   80.219776][ T7196] syzkaller1: linktype set to 823
[   80.267368][ T7200] syzkaller1: entered promiscuous mode
[   80.269283][ T7200] syzkaller1: entered allmulticast mode
[   80.305410][ T7202] trusted_key: syz.1.566 sent an empty control message without MSG_MORE.
[   80.340117][ T7206] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[   80.378999][ T7209] unknown channel width for channel at 909000KHz?
[   80.381633][ T7209] unknown channel width for channel at 909000KHz?
[   80.384459][ T7209] unknown channel width for channel at 909000KHz?
[   80.940697][ T7235] RDS: rds_bind could not find a transport for fe80::2a, load rds_tcp or rds_rdma?
[   81.186448][ T7258] erspan0: entered promiscuous mode
[   81.192596][ T7258] __nla_validate_parse: 5 callbacks suppressed
[   81.192609][ T7258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.592'.
[   81.244288][ T7265] netlink: 20 bytes leftover after parsing attributes in process `syz.1.596'.
[   81.457634][ T7287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.605'.
[   81.471081][ T7290] sock: sock_set_timeout: `syz.0.606' (pid 7290) tries to set negative timeout
[   81.472856][ T7291] netlink: 12 bytes leftover after parsing attributes in process `syz.2.607'.
[   81.477396][ T7291] netlink: 4 bytes leftover after parsing attributes in process `syz.2.607'.
[   81.501060][ T7293] netlink: 'syz.0.608': attribute type 1 has an invalid length.
[   81.503548][ T7293] netlink: 'syz.0.608': attribute type 1 has an invalid length.
[   81.566531][ T7303] netlink: 20 bytes leftover after parsing attributes in process `syz.1.613'.
[   81.580561][ T7305] netlink: 8 bytes leftover after parsing attributes in process `syz.0.614'.
[   81.606425][ T7308] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-xor(2)
[   81.683483][ T7313] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   81.692065][ T7313] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.712593][ T7322] netem: incorrect gi model size
[   81.714968][ T7322] netem: change failed
[   81.753364][ T7313] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   81.759892][ T7313] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.938621][ T7313] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   81.943829][ T7313] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.991833][ T7333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.626'.
[   82.016780][ T7313] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   82.020232][ T7313] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.040441][ T7333] netlink: 48 bytes leftover after parsing attributes in process `syz.0.626'.
[   82.116939][   T12] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   82.119879][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.170731][   T12] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   82.174539][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.195858][   T12] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   82.199126][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.243963][   T12] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   82.246990][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.292167][ T7344] Bluetooth: MGMT ver 1.23
[   82.544111][ T7357] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   82.547001][ T7357] syzkaller0: entered promiscuous mode
[   82.548807][ T7357] syzkaller0: entered allmulticast mode
[   82.647293][ T7357] tipc: Resetting bearer <eth:syzkaller0>
[   82.650694][ T7356] tipc: Resetting bearer <eth:syzkaller0>
[   82.663470][ T7356] tipc: Disabling bearer <eth:syzkaller0>
[   83.334745][ T7381] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   83.350843][ T7383] netlink: 224 bytes leftover after parsing attributes in process `syz.2.647'.
[   83.389520][ T7385] 8021q: adding VLAN 0 to HW filter on device bond1
[   83.410450][ T7385] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[   83.478508][ T7397] netlink: 'syz.2.653': attribute type 49 has an invalid length.
[   83.496933][   T12] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[   83.533473][ T7400] netlink: get zone limit has 8 unknown bytes
[   83.605344][ T7407] sctp: [Deprecated]: syz.2.658 (pid 7407) Use of int in maxseg socket option.
[   83.605344][ T7407] Use struct sctp_assoc_value instead
[   83.612569][ T5873] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[   84.493489][ T7477] vlan2: entered allmulticast mode
[   85.294673][ T7524] netlink: 'syz.0.695': attribute type 5 has an invalid length.
[   86.293724][ T7577] __nla_validate_parse: 14 callbacks suppressed
[   86.293738][ T7577] netlink: 64 bytes leftover after parsing attributes in process `syz.0.719'.
[   86.532499][   T10] cfg80211: failed to load regulatory.db
[   86.569251][   T33] audit: type=1800 audit(1758053796.404:2): pid=7605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.732" name="blkio.bfq.time_recursive" dev="tmpfs" ino=1162 res=0 errno=0
[   86.585171][ T7609] netlink: 'syz.2.735': attribute type 83 has an invalid length.
[   86.892100][ T7631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.746'.
[   86.895919][ T7631] bridge_slave_1: left allmulticast mode
[   86.900908][ T7631] bridge_slave_1: left promiscuous mode
[   86.904905][ T7631] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.916807][ T7631] bridge_slave_0: left promiscuous mode
[   86.919721][ T7631] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.396542][ T7655] netlink: 24 bytes leftover after parsing attributes in process `syz.0.756'.
[   87.408188][ T7657] netlink: 'syz.2.757': attribute type 11 has an invalid length.
[   87.504482][ T7661] netlink: 24 bytes leftover after parsing attributes in process `syz.0.759'.
[   87.530599][ T7663] geneve2: entered promiscuous mode
[   87.537826][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.545548][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.566741][ T7663] netlink: 12 bytes leftover after parsing attributes in process `syz.2.760'.
[   87.602793][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.607691][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.672609][ T7605] syz.1.732: vmalloc error: size 18874368, failed to allocated page array size 36864, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   87.679361][ T7605] CPU: 0 UID: 0 PID: 7605 Comm: syz.1.732 Not tainted syzkaller #0 PREEMPT(full) 
[   87.679374][ T7605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   87.679378][ T7605] Call Trace:
[   87.679382][ T7605]  <TASK>
[   87.679386][ T7605]  dump_stack_lvl+0x189/0x250
[   87.679401][ T7605]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.679411][ T7605]  ? __pfx__printk+0x10/0x10
[   87.679422][ T7605]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   87.679432][ T7605]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   87.679441][ T7605]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   87.679451][ T7605]  warn_alloc+0x214/0x310
[   87.679465][ T7605]  ? __pfx_warn_alloc+0x10/0x10
[   87.679480][ T7605]  ? __get_vm_area_node+0x28f/0x300
[   87.679492][ T7605]  ? hash_netport4_resize+0x235/0x1b60
[   87.679504][ T7605]  __vmalloc_node_range_noprof+0x67e/0x12f0
[   87.679527][ T7605]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   87.679541][ T7605]  ? rcu_is_watching+0x15/0xb0
[   87.679550][ T7605]  ? hash_netport4_resize+0x235/0x1b60
[   87.679560][ T7605]  ? hash_netport4_resize+0x235/0x1b60
[   87.679570][ T7605]  __kvmalloc_node_noprof+0x3b8/0x5f0
[   87.679581][ T7605]  ? hash_netport4_resize+0x235/0x1b60
[   87.679594][ T7605]  hash_netport4_resize+0x235/0x1b60
[   87.679604][ T7605]  ? hash_netport4_uadt+0xc97/0xf30
[   87.679618][ T7605]  ? __pfx_hash_netport4_add+0x10/0x10
[   87.679632][ T7605]  ? __pfx_hash_netport4_uadt+0x10/0x10
[   87.679651][ T7605]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   87.679667][ T7605]  call_ad+0x44e/0xb00
[   87.679682][ T7605]  ? __pfx_call_ad+0x10/0x10
[   87.679700][ T7605]  ? __nla_parse+0x40/0x60
[   87.679714][ T7605]  ip_set_ad+0x791/0x930
[   87.679730][ T7605]  ? __pfx_ip_set_ad+0x10/0x10
[   87.679761][ T7605]  nfnetlink_rcv_msg+0xb4d/0x1130
[   87.679775][ T7605]  ? nfnetlink_rcv_msg+0x20d/0x1130
[   87.679793][ T7605]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   87.679799][ T7605]  ? kasan_save_free_info+0x46/0x50
[   87.679825][ T7605]  netlink_rcv_skb+0x208/0x470
[   87.679861][ T7605]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   87.679876][ T7605]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   87.679892][ T7605]  ? bpf_lsm_capable+0x9/0x20
[   87.679903][ T7605]  ? security_capable+0x7e/0x2e0
[   87.679917][ T7605]  nfnetlink_rcv+0x26a/0x2520
[   87.679926][ T7605]  ? __dev_queue_xmit+0x1d79/0x3b50
[   87.679941][ T7605]  ? __dev_queue_xmit+0x27b/0x3b50
[   87.679957][ T7605]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   87.679964][ T7605]  ? __pfx___dev_queue_xmit+0x10/0x10
[   87.679980][ T7605]  ? ref_tracker_free+0x63a/0x7d0
[   87.679988][ T7605]  ? __asan_memcpy+0x40/0x70
[   87.679996][ T7605]  ? __pfx_ref_tracker_free+0x10/0x10
[   87.680009][ T7605]  ? skb_clone+0x246/0x3a0
[   87.680021][ T7605]  ? __netlink_deliver_tap+0x807/0x850
[   87.680030][ T7605]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.680041][ T7605]  ? netlink_deliver_tap+0x2e/0x1b0
[   87.680053][ T7605]  netlink_unicast+0x82f/0x9e0
[   87.680064][ T7605]  ? __pfx_netlink_unicast+0x10/0x10
[   87.680076][ T7605]  ? netlink_sendmsg+0x642/0xb30
[   87.680084][ T7605]  ? skb_put+0x11b/0x210
[   87.680095][ T7605]  netlink_sendmsg+0x805/0xb30
[   87.680107][ T7605]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.680118][ T7605]  ? aa_sock_msg_perm+0xf1/0x1d0
[   87.680126][ T7605]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   87.680135][ T7605]  ? __pfx_netlink_sendmsg+0x10/0x10
[   87.680144][ T7605]  __sock_sendmsg+0x21c/0x270
[   87.680153][ T7605]  ____sys_sendmsg+0x505/0x830
[   87.680165][ T7605]  ? __pfx_____sys_sendmsg+0x10/0x10
[   87.680179][ T7605]  ? import_iovec+0x74/0xa0
[   87.680191][ T7605]  ___sys_sendmsg+0x21f/0x2a0
[   87.680202][ T7605]  ? __pfx____sys_sendmsg+0x10/0x10
[   87.680226][ T7605]  ? __fget_files+0x2a/0x420
[   87.680232][ T7605]  ? __fget_files+0x3a0/0x420
[   87.680242][ T7605]  __x64_sys_sendmsg+0x19b/0x260
[   87.680254][ T7605]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   87.680273][ T7605]  ? rcu_is_watching+0x15/0xb0
[   87.680282][ T7605]  ? do_syscall_64+0xbe/0x3b0
[   87.680293][ T7605]  do_syscall_64+0xfa/0x3b0
[   87.680301][ T7605]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.680310][ T7605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.680317][ T7605]  ? exc_page_fault+0x9f/0xf0
[   87.680326][ T7605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.680333][ T7605] RIP: 0033:0x7f123178eba9
[   87.680342][ T7605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.680348][ T7605] RSP: 002b:00007f1232609038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.680357][ T7605] RAX: ffffffffffffffda RBX: 00007f12319d5fa0 RCX: 00007f123178eba9
[   87.680363][ T7605] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000009
[   87.680367][ T7605] RBP: 00007f1231811e19 R08: 0000000000000000 R09: 0000000000000000
[   87.680372][ T7605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.680376][ T7605] R13: 00007f12319d6038 R14: 00007f12319d5fa0 R15: 00007ffed9fcc5a8
[   87.680387][ T7605]  </TASK>
[   87.680390][ T7605] Mem-Info:
[   87.865421][ T7605] active_anon:13606 inactive_anon:0 isolated_anon:0
[   87.865421][ T7605]  active_file:1352 inactive_file:38251 isolated_file:0
[   87.865421][ T7605]  unevictable:1768 dirty:166 writeback:0
[   87.865421][ T7605]  slab_reclaimable:9773 slab_unreclaimable:56982
[   87.865421][ T7605]  mapped:18306 shmem:2442 pagetables:1016
[   87.865421][ T7605]  sec_pagetables:0 bounce:0
[   87.865421][ T7605]  kernel_misc_reclaimable:0
[   87.865421][ T7605]  free:276723 free_pcp:25225 free_cma:0
[   87.883133][ T7605] Node 0 active_anon:45868kB inactive_anon:0kB active_file:3608kB inactive_file:146180kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:39668kB dirty:632kB writeback:0kB shmem:5132kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4528kB pagetables:2408kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   87.896289][ T7605] Node 1 active_anon:8556kB inactive_anon:0kB active_file:1800kB inactive_file:6824kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:33556kB dirty:32kB writeback:0kB shmem:4636kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7088kB pagetables:1656kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   87.908647][ T7605] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   87.920483][ T7605] lowmem_reserve[]: 0 811 811 811 811
[   87.922655][ T7605] Node 0 DMA32 free:221652kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:45868kB inactive_anon:0kB active_file:3608kB inactive_file:146180kB unevictable:3536kB writepending:632kB present:1556484kB managed:830856kB mlocked:0kB bounce:0kB free_pcp:46912kB local_pcp:31128kB free_cma:0kB
[   87.936225][ T7605] lowmem_reserve[]: 0 0 0 0 0
[   87.938299][ T7605] Node 1 DMA32 free:458492kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:0kB free_cma:0kB
[   87.950759][ T7605] lowmem_reserve[]: 0 0 854 854 854
[   87.953233][ T7605] Node 1 Normal free:411388kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8556kB inactive_anon:0kB active_file:1800kB inactive_file:6824kB unevictable:3536kB writepending:32kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:53804kB local_pcp:18044kB free_cma:0kB
[   87.966822][ T7605] lowmem_reserve[]: 0 0 0 0 0
[   87.968601][ T7605] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   87.973504][ T7605] Node 0 DMA32: 577*4kB (UM) 347*8kB (UME) 203*16kB (UE) 411*32kB (UE) 148*64kB (UM) 40*128kB (UE) 13*256kB (UME) 4*512kB (UE) 4*1024kB (U) 2*2048kB (U) 42*4096kB (UM) = 221676kB
[   87.981551][ T7605] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[   87.988000][ T7605] Node 1 Normal: 1123*4kB (UME) 692*8kB (UM) 335*16kB (UME) 253*32kB (UM) 67*64kB (UME) 35*128kB (UME) 25*256kB (UM) 18*512kB (UM) 21*1024kB (UME) 3*2048kB (ME) 82*4096kB (UM) = 411388kB
[   87.998096][ T7605] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   88.001443][ T7605] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   88.005480][ T7605] 42045 total pagecache pages
[   88.007747][ T7605] 0 pages in swap cache
[   88.009263][ T7605] Free swap  = 124996kB
[   88.010820][ T7605] Total swap = 124996kB
[   88.012334][ T7605] 786301 pages RAM
[   88.013637][ T7605] 0 pages HighMem/MovableOnly
[   88.015223][ T7605] 241355 pages reserved
[   88.017429][ T7605] 0 pages cma reserved
[   88.264997][ T7688] netlink: 'syz.2.772': attribute type 1 has an invalid length.
[   88.278205][ T7688] netlink: 232 bytes leftover after parsing attributes in process `syz.2.772'.
[   88.298187][ T7690] netlink: 24 bytes leftover after parsing attributes in process `syz.1.773'.
[   88.374021][ T7692] netlink: 44 bytes leftover after parsing attributes in process `syz.2.774'.
[   88.386090][ T7692] netlink: 43 bytes leftover after parsing attributes in process `syz.2.774'.
[   88.389857][ T7692] netlink: 'syz.2.774': attribute type 5 has an invalid length.
[   88.393108][ T7692] netlink: 43 bytes leftover after parsing attributes in process `syz.2.774'.
[   89.783480][ T7747] syzkaller1: entered promiscuous mode
[   89.787660][ T7747] syzkaller1: entered allmulticast mode
[   90.005110][ T5893] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[   90.019864][ T5893] hid-generic 0005:16BF:5505.0001: unknown main item tag 0x0
[   90.030055][ T5893] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vff.fa Device [syz0] on aa:aa:aa:aa:aa:aa
[   90.481257][ T7782] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[   90.562188][ T7782] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.565464][ T7782] batadv_slave_0: entered promiscuous mode
[   90.871276][ T7796] netlink: 'syz.2.818': attribute type 1 has an invalid length.
[   90.874781][ T7796] netlink: 'syz.2.818': attribute type 2 has an invalid length.
[   91.547053][ T7852] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.678192][ T7862] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.689839][ T7862] bond0: (slave rose0): Enslaving as an active interface with an up link
[   91.903208][ T7884] __nla_validate_parse: 6 callbacks suppressed
[   91.903228][ T7884] netlink: 277 bytes leftover after parsing attributes in process `syz.2.852'.
[   91.919534][ T7885] Bluetooth: MGMT ver 1.23
[   92.063473][ T7894] ip6tnl1: entered promiscuous mode
[   92.065669][ T7894] ip6tnl1: entered allmulticast mode
[   92.140303][ T7900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.857'.
[   92.568538][ T7942] erspan0: left promiscuous mode
[   92.578471][ T7940] netlink: 4 bytes leftover after parsing attributes in process `syz.0.863'.
[   92.601332][ T7942] geneve2: left promiscuous mode
[   92.609974][   T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.616025][   T12] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.629875][   T12] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.634863][   T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.184639][ T7981] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   93.428270][ T8010] veth0_to_bridge: entered promiscuous mode
[   93.431869][ T8007] veth0_to_bridge: left promiscuous mode
[   93.621170][ T8027] sctp: [Deprecated]: syz.1.895 (pid 8027) Use of int in maxseg socket option.
[   93.621170][ T8027] Use struct sctp_assoc_value instead
[   93.757044][ T8045] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   94.012882][ T8070] netlink: 8 bytes leftover after parsing attributes in process `syz.0.913'.
[   94.271498][ T8092] syz_tun: entered allmulticast mode
[   94.282884][ T8092] dvmrp8: entered allmulticast mode
[   94.889934][ T8123] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.935'.
[   94.972681][ T8130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.939'.
[   95.088250][ T8139] netlink: 'syz.0.941': attribute type 39 has an invalid length.
[   95.093611][ T8139] veth0_macvtap: left promiscuous mode
[   95.128929][ T8091] syz_tun: left allmulticast mode
[   95.131668][ T8091] dvmrp8: left allmulticast mode
[   95.333342][ T8152] netlink: 240 bytes leftover after parsing attributes in process `syz.2.949'.
[   95.499610][ T8160] netlink: 8 bytes leftover after parsing attributes in process `syz.1.952'.
[   95.627999][ T8166] netlink: 12 bytes leftover after parsing attributes in process `syz.2.954'.
[   95.658482][ T8168] netlink: 36 bytes leftover after parsing attributes in process `syz.1.956'.
[   96.213238][ T8208] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   96.217741][ T8208] syzkaller0: entered promiscuous mode
[   96.220169][ T8208] syzkaller0: entered allmulticast mode
[   96.227551][ T8208] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   96.243861][ T8208] tipc: Resetting bearer <eth:syzkaller0>
[   96.250511][ T8207] tipc: Resetting bearer <eth:syzkaller0>
[   96.261496][ T8207] tipc: Disabling bearer <eth:syzkaller0>
[   96.694403][ T8256] bridge: RTM_NEWNEIGH with unconfigured vlan 4 on bridge0
[   97.260772][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803a41fc00: rx timeout, send abort
[   97.266309][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88803a41fc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   97.468606][ T8313] __nla_validate_parse: 7 callbacks suppressed
[   97.468626][ T8313] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1019'.
[   97.874969][ T8336] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1029'.
[   97.965485][ T8341] tap0: tun_chr_ioctl cmd 1074025677
[   97.967696][ T8341] tap0: linktype set to 776
[   98.100253][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1035'.
[   98.104898][ T8350] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1035'.
[   98.211776][ T8362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1042'.
[   98.740060][ T8395] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1056'.
[   98.857968][ T8403] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.1060'.
[   99.565140][ T8442] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1079'.
[   99.742970][ T8459] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   99.749339][ T8459] macsec1: entered promiscuous mode
[   99.751877][ T8459] macsec1: entered allmulticast mode
[   99.758954][ T8459] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[   99.944668][ T8475] tipc: Enabled bearer <udp:syz2>, priority 26
[  100.015578][ T8477] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  100.021431][ T8477] syzkaller0: entered promiscuous mode
[  100.023448][ T8477] syzkaller0: entered allmulticast mode
[  100.031873][ T8477] tipc: Resetting bearer <eth:syzkaller0>
[  100.047068][ T8476] tipc: Resetting bearer <eth:syzkaller0>
[  100.063252][ T8476] tipc: Disabling bearer <eth:syzkaller0>
[  100.308816][ T8506] smc: net device bond0 applied user defined pnetid SYZ2
[  100.340874][ T8511] netlink: 'syz.1.1113': attribute type 101 has an invalid length.
[  100.344340][ T8511] netlink: 'syz.1.1113': attribute type 7 has an invalid length.
[  100.349210][ T8513] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1114'.
[  100.817293][ T8551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1131'.
[  100.821507][ T8551] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  100.849369][ T8551] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.058933][  T792] tipc: Node number set to 1454004007
[  101.854482][   T36] smc: removing ib device syz2
[  101.973575][ T6011] ==================================================================
[  101.976607][ T6011] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190
[  101.979786][ T6011] Read of size 8 at addr ffff888117f862e8 by task kworker/1:4/6011
[  101.983737][ T6011] 
[  101.984597][ T6011] CPU: 1 UID: 0 PID: 6011 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full) 
[  101.984608][ T6011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  101.984614][ T6011] Workqueue: events smc_ib_port_event_work
[  101.984626][ T6011] Call Trace:
[  101.984631][ T6011]  <TASK>
[  101.984634][ T6011]  dump_stack_lvl+0x189/0x250
[  101.984646][ T6011]  ? rcu_is_watching+0x15/0xb0
[  101.984654][ T6011]  ? __kasan_check_byte+0x12/0x40
[  101.984666][ T6011]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.984674][ T6011]  ? rcu_is_watching+0x15/0xb0
[  101.984711][ T6011]  ? lock_release+0x4b/0x3e0
[  101.984728][ T6011]  ? __virt_addr_valid+0x1c8/0x5c0
[  101.984739][ T6011]  ? __virt_addr_valid+0x4a5/0x5c0
[  101.984748][ T6011]  print_report+0xca/0x240
[  101.984756][ T6011]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  101.984767][ T6011]  kasan_report+0x118/0x150
[  101.984778][ T6011]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  101.984789][ T6011]  __ethtool_get_link_ksettings+0x6e/0x190
[  101.984800][ T6011]  ib_get_eth_speed+0x15e/0x7b0
[  101.984812][ T6011]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  101.984823][ T6011]  ? do_raw_spin_unlock+0x4d/0x240
[  101.984833][ T6011]  rxe_query_port+0x93/0x3b0
[  101.984843][ T6011]  ib_query_port+0x170/0x830
[  101.984854][ T6011]  smc_ib_port_event_work+0x15a/0x940
[  101.984863][ T6011]  ? _raw_spin_unlock_irq+0x23/0x50
[  101.984870][ T6011]  ? process_scheduled_works+0x9ef/0x17b0
[  101.984877][ T6011]  ? process_scheduled_works+0x9ef/0x17b0
[  101.984884][ T6011]  process_scheduled_works+0xae1/0x17b0
[  101.984895][ T6011]  ? __pfx_process_scheduled_works+0x10/0x10
[  101.984904][ T6011]  worker_thread+0x8a0/0xda0
[  101.984913][ T6011]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  101.984922][ T6011]  ? __kthread_parkme+0x7b/0x200
[  101.984931][ T6011]  kthread+0x711/0x8a0
[  101.984940][ T6011]  ? __pfx_worker_thread+0x10/0x10
[  101.984947][ T6011]  ? __pfx_kthread+0x10/0x10
[  101.984956][ T6011]  ? _raw_spin_unlock_irq+0x23/0x50
[  101.984968][ T6011]  ? lockdep_hardirqs_on+0x9c/0x150
[  101.984976][ T6011]  ? __pfx_kthread+0x10/0x10
[  101.984985][ T6011]  ret_from_fork+0x439/0x7d0
[  101.984993][ T6011]  ? __pfx_ret_from_fork+0x10/0x10
[  101.985001][ T6011]  ? __switch_to_asm+0x39/0x70
[  101.985010][ T6011]  ? __switch_to_asm+0x33/0x70
[  101.985019][ T6011]  ? __pfx_kthread+0x10/0x10
[  101.985027][ T6011]  ret_from_fork_asm+0x1a/0x30
[  101.985038][ T6011]  </TASK>
[  101.985041][ T6011] 
[  102.069777][ T6011] Allocated by task 5850:
[  102.071296][ T6011]  kasan_save_track+0x3e/0x80
[  102.072883][ T6011]  __kasan_kmalloc+0x93/0xb0
[  102.074519][ T6011]  __kvmalloc_node_noprof+0x30d/0x5f0
[  102.076483][ T6011]  alloc_netdev_mqs+0xa3/0x11b0
[  102.078500][ T6011]  rtnl_create_link+0x31f/0xd10
[  102.080345][ T6011]  rtnl_newlink_create+0x25c/0xb00
[  102.082078][ T6011]  rtnl_newlink+0x16d6/0x1c70
[  102.083652][ T6011]  rtnetlink_rcv_msg+0x7cf/0xb70
[  102.085341][ T6011]  netlink_rcv_skb+0x208/0x470
[  102.087002][ T6011]  netlink_unicast+0x82f/0x9e0
[  102.088934][ T6011]  netlink_sendmsg+0x805/0xb30
[  102.090645][ T6011]  __sock_sendmsg+0x21c/0x270
[  102.092264][ T6011]  __sys_sendto+0x3bd/0x520
[  102.093872][ T6011]  __x64_sys_sendto+0xde/0x100
[  102.095497][ T6011]  do_syscall_64+0xfa/0x3b0
[  102.097017][ T6011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.099171][ T6011] 
[  102.100028][ T6011] Freed by task 8612:
[  102.101389][ T6011]  kasan_save_track+0x3e/0x80
[  102.103037][ T6011]  kasan_save_free_info+0x46/0x50
[  102.105002][ T6011]  __kasan_slab_free+0x5b/0x80
[  102.106622][ T6011]  kfree+0x18e/0x440
[  102.108066][ T6011]  device_release+0x9c/0x1c0
[  102.110022][ T6011]  kobject_put+0x22b/0x480
[  102.111846][ T6011]  netdev_run_todo+0xd2e/0xea0
[  102.113623][ T6011]  rtnl_dellink+0x537/0x710
[  102.115216][ T6011]  rtnetlink_rcv_msg+0x7cf/0xb70
[  102.117084][ T6011]  netlink_rcv_skb+0x208/0x470
[  102.118965][ T6011]  netlink_unicast+0x82f/0x9e0
[  102.120662][ T6011]  netlink_sendmsg+0x805/0xb30
[  102.122310][ T6011]  __sock_sendmsg+0x21c/0x270
[  102.124216][ T6011]  ____sys_sendmsg+0x505/0x830
[  102.125909][ T6011]  ___sys_sendmsg+0x21f/0x2a0
[  102.127823][ T6011]  __x64_sys_sendmsg+0x19b/0x260
[  102.129854][ T6011]  do_syscall_64+0xfa/0x3b0
[  102.131479][ T6011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.133891][ T6011] 
[  102.134873][ T6011] The buggy address belongs to the object at ffff888117f86000
[  102.134873][ T6011]  which belongs to the cache kmalloc-cg-4k of size 4096
[  102.139964][ T6011] The buggy address is located 744 bytes inside of
[  102.139964][ T6011]  freed 4096-byte region [ffff888117f86000, ffff888117f87000)
[  102.144963][ T6011] 
[  102.145825][ T6011] The buggy address belongs to the physical page:
[  102.148264][ T6011] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117f80
[  102.151577][ T6011] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  102.155030][ T6011] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  102.158235][ T6011] page_type: f5(slab)
[  102.159963][ T6011] raw: 057ff00000000040 ffff88801a44b500 dead000000000122 0000000000000000
[  102.163560][ T6011] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  102.167164][ T6011] head: 057ff00000000040 ffff88801a44b500 dead000000000122 0000000000000000
[  102.170738][ T6011] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  102.174296][ T6011] head: 057ff00000000003 ffffea00045fe001 00000000ffffffff 00000000ffffffff
[  102.177915][ T6011] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  102.181445][ T6011] page dumped because: kasan: bad access detected
[  102.183891][ T6011] page_owner tracks the page as allocated
[  102.186316][ T6011] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5850, tgid 5850 (syz-executor), ts 58204518034, free_ts 0
[  102.194639][ T6011]  post_alloc_hook+0x240/0x2a0
[  102.196704][ T6011]  get_page_from_freelist+0x21e4/0x22c0
[  102.199041][ T6011]  __alloc_frozen_pages_noprof+0x181/0x370
[  102.201504][ T6011]  alloc_pages_mpol+0x232/0x4a0
[  102.203528][ T6011]  allocate_slab+0x8a/0x370
[  102.205419][ T6011]  ___slab_alloc+0xbeb/0x1420
[  102.207399][ T6011]  __kmalloc_cache_noprof+0x296/0x3d0
[  102.209660][ T6011]  ipv6_add_dev+0x6ca/0x1370
[  102.211648][ T6011]  addrconf_notify+0x794/0x1010
[  102.213710][ T6011]  notifier_call_chain+0x1b6/0x3e0
[  102.215784][ T6011]  register_netdevice+0x1608/0x1ae0
[  102.217989][ T6011]  virt_wifi_newlink+0x428/0x860
[  102.220112][ T6011]  rtnl_newlink_create+0x310/0xb00
[  102.222306][ T6011]  rtnl_newlink+0x16d6/0x1c70
[  102.224315][ T6011]  rtnetlink_rcv_msg+0x7cf/0xb70
[  102.226434][ T6011]  netlink_rcv_skb+0x208/0x470
[  102.228472][ T6011] page_owner free stack trace missing
[  102.230711][ T6011] 
[  102.231758][ T6011] Memory state around the buggy address:
[  102.234063][ T6011]  ffff888117f86180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  102.237113][ T6011]  ffff888117f86200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  102.240484][ T6011] >ffff888117f86280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  102.243801][ T6011]                                                           ^
[  102.246875][ T6011]  ffff888117f86300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  102.250260][ T6011]  ffff888117f86380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  102.253591][ T6011] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  102.267335][ T6011] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  102.270440][ T6011] CPU: 1 UID: 0 PID: 6011 Comm: kworker/1:4 Not tainted syzkaller #0 PREEMPT(full) 
[  102.274319][ T6011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  102.278435][ T6011] Workqueue: events smc_ib_port_event_work
[  102.280759][ T6011] Call Trace:
[  102.282223][ T6011]  <TASK>
[  102.283476][ T6011]  dump_stack_lvl+0x99/0x250
[  102.285468][ T6011]  ? __asan_memcpy+0x40/0x70
[  102.287437][ T6011]  ? __pfx_dump_stack_lvl+0x10/0x10
[  102.289625][ T6011]  ? __pfx__printk+0x10/0x10
[  102.291593][ T6011]  vpanic+0x281/0x750
[  102.293377][ T6011]  ? preempt_schedule+0xae/0xc0
[  102.295338][ T6011]  ? __pfx_vpanic+0x10/0x10
[  102.297208][ T6011]  ? preempt_schedule_common+0x83/0xd0
[  102.299505][ T6011]  ? preempt_schedule+0xae/0xc0
[  102.301435][ T6011]  ? __pfx_preempt_schedule+0x10/0x10
[  102.303650][ T6011]  panic+0xb9/0xc0
[  102.305239][ T6011]  ? __pfx_panic+0x10/0x10
[  102.307153][ T6011]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  102.309670][ T6011]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  102.312246][ T6011]  check_panic_on_warn+0x89/0xb0
[  102.314353][ T6011]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  102.316905][ T6011]  end_report+0x78/0x160
[  102.318718][ T6011]  kasan_report+0x129/0x150
[  102.320618][ T6011]  ? __ethtool_get_link_ksettings+0x6e/0x190
[  102.323104][ T6011]  __ethtool_get_link_ksettings+0x6e/0x190
[  102.325554][ T6011]  ib_get_eth_speed+0x15e/0x7b0
[  102.327602][ T6011]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  102.329821][ T6011]  ? do_raw_spin_unlock+0x4d/0x240
[  102.332162][ T6011]  rxe_query_port+0x93/0x3b0
[  102.334159][ T6011]  ib_query_port+0x170/0x830
[  102.336138][ T6011]  smc_ib_port_event_work+0x15a/0x940
[  102.338414][ T6011]  ? _raw_spin_unlock_irq+0x23/0x50
[  102.340618][ T6011]  ? process_scheduled_works+0x9ef/0x17b0
[  102.343050][ T6011]  ? process_scheduled_works+0x9ef/0x17b0
[  102.345479][ T6011]  process_scheduled_works+0xae1/0x17b0
[  102.347841][ T6011]  ? __pfx_process_scheduled_works+0x10/0x10
[  102.350363][ T6011]  worker_thread+0x8a0/0xda0
[  102.352234][ T6011]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  102.354955][ T6011]  ? __kthread_parkme+0x7b/0x200
[  102.357035][ T6011]  kthread+0x711/0x8a0
[  102.358764][ T6011]  ? __pfx_worker_thread+0x10/0x10
[  102.360846][ T6011]  ? __pfx_kthread+0x10/0x10
[  102.362832][ T6011]  ? _raw_spin_unlock_irq+0x23/0x50
[  102.365045][ T6011]  ? lockdep_hardirqs_on+0x9c/0x150
[  102.367107][ T6011]  ? __pfx_kthread+0x10/0x10
[  102.369045][ T6011]  ret_from_fork+0x439/0x7d0
[  102.371015][ T6011]  ? __pfx_ret_from_fork+0x10/0x10
[  102.373177][ T6011]  ? __switch_to_asm+0x39/0x70
[  102.375260][ T6011]  ? __switch_to_asm+0x33/0x70
[  102.377280][ T6011]  ? __pfx_kthread+0x10/0x10
[  102.379207][ T6011]  ret_from_fork_asm+0x1a/0x30
[  102.381213][ T6011]  </TASK>
[  102.383268][ T6011] Kernel Offset: disabled
[  102.385006][ T6011] Rebooting in 86400 seconds..

VM DIAGNOSIS:
20:16:51  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88810712a104 RCX=7989c9a6ccf05800 RDX=0000000000000001
RSI=ffffffff8dba9abd RDI=ffff888107129cc0 RBP=dffffc0000000000 RSP=ffffc900032470a8
R8 =ffffc90003247207 R9 =0000000000000000 R10=ffffc900032471f8 R11=fffff52000648e41
R12=1ffff11020e25420 R13=ffffc90003240000 R14=ffffc900032471a8 R15=dffffc0000000000
RIP=ffffffff81a72a29 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555557a72500 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fa6f6bb6940 CR3=000000003cd2c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffff000000000000 ffffffff00000000 XMM05=0000000000000000 00007fa6f6c12e53
XMM06=0000000000000000 00007fa6f6c12e4d XMM07=0000000000000000 00007fa6f6c12e61
XMM08=0000000000000000 00007fa6f6c12ee7 XMM09=0000000000000000 00007fa6f6c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002f RBX=000000000000002f RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90003af70b0
R8 =ffff888107828237 R9 =1ffff11020f05046 R10=dffffc0000000000 R11=ffffffff854f95c0
R12=dffffc0000000000 R13=ffffffff99b0290f R14=ffffffff99df7420 R15=0000000000000000
RIP=ffffffff854f963c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b31d1fff8 CR3=000000012485c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff816799cf ffffffff8167999b
XMM02=fc30d17500000000 ffffffff8167999b XMM03=b002ae7ebff3dcf5 098e387d84f603a5
XMM04=bb16a795eab8389d aaf0f8747c007aba XMM05=3a164ea019501ca0 4d9d1e4874f2f903
XMM06=434cfd52a49d8fa8 f1548108d1dd11f5 XMM07=a39dd4dd8b18490d 6de9a7b322c8a2d6
XMM08=a532fceb5504b94b 379e87247b08bb16 XMM09=0000000000000000 00007fc003c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
