last executing test programs:

389.103183ms ago: executing program 1 (id=462):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14, 0x10, 0x9000, 0x6, 0x0, {0x3}}, [@NFT_MSG_DELTABLE={0x38, 0x2, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x60}, 0x1, 0x0, 0x0, 0x8805}, 0x810)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)

319.160487ms ago: executing program 1 (id=466):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000ffdbdf25030000000800010000000000400007803c0001"], 0x5c}, 0x1, 0x0, 0x0, 0x4050}, 0x100)

318.533447ms ago: executing program 2 (id=468):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x24, 0x2c, 0x107, 0x70bd2b, 0x25dfdbff, {0x6, 0x7c}, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0xdd}]}, @nested={0x8, 0x3, 0x0, 0x1, [@nested={0x4, 0x1}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x10000004}, 0xc010)
socket(0xb, 0x7, 0x80)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x2000, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef)

257.122289ms ago: executing program 1 (id=469):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in6=@private2, 0x0, 0x4, 0x1, 0x0, 0xa, 0x60, 0x0, 0x3a, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe, 0x4}, 0x100009, 0x0, 0x0, 0x1, 0x2}}, 0xb8}}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000001"], 0xb8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x71, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x60}, 0x1, 0x7}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x44011}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040"], 0xb8}}, 0x0)

255.552525ms ago: executing program 0 (id=471):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0x70, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

246.706842ms ago: executing program 1 (id=472):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x6}, 0x10)
write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_KEY(r0, 0x0, 0x2004c840)
syz_genetlink_get_family_id$gtp(&(0x7f0000000200), r0)

185.220953ms ago: executing program 0 (id=473):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb8, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0xd, 0x1, 0x40], 0x0, [0x8, 0x6, 0x3c, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x8, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xffffffffffffff41, 0x8, 0x40}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x1}]}}]}, 0xb8}}, 0x0)

172.940798ms ago: executing program 2 (id=474):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000340)=@newtaction={0x88c, 0x30, 0x12f, 0x0, 0x0, {}, [{0x878, 0x1, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x864, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404}], [@TCA_POLICE_RATE={0x404}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x88c}}, 0x0)

169.820226ms ago: executing program 1 (id=475):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r2)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0xffffffffffffff8e, &(0x7f0000000240)={&(0x7f0000000080)=@delchain={0x54, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff3}, {0xfff3, 0xffff}, {0xa, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x6a, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}]}, @TCA_FLOWER_KEY_VLAN_ETH_TYPE={0x6, 0x19, 0x88a8}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x40044}, 0x4804)

125.359026ms ago: executing program 0 (id=476):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x30, r1, 0x1, 0x60bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x85}, 0x4c040)

125.153712ms ago: executing program 2 (id=477):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
setsockopt$rose(r0, 0x104, 0x4, &(0x7f0000000000)=0x2, 0x4)

72.401755ms ago: executing program 2 (id=478):
unshare(0x24060400)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x122}}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000002c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x1}}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a1b000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0)

72.123256ms ago: executing program 0 (id=479):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000))

57.698917ms ago: executing program 1 (id=480):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24000045, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000e80)='D', 0x1}, {0x0}], 0x2}}], 0x1, 0x2090)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x20000000)
close(0x3)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

56.143773ms ago: executing program 2 (id=481):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r0, &(0x7f0000000200)={0x2, @none={0x0, 0xffff}}, 0x14)

366.017µs ago: executing program 0 (id=482):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000180)={0x14, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0)

105.047µs ago: executing program 2 (id=483):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, &(0x7f0000000180), &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x94)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084)
recvmmsg$unix(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
sendmsg$xdp(r3, 0x0, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0)

0s ago: executing program 0 (id=484):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb01081800000000ff00d0a49978f77b39810000000000a14d1eff752e6e47965a81bc4631c34f41cb24d701cd3963552cb612110f91be1bfe2a9c73c2e8b9bc7efb225ad076b9cf8c90596ac26ac3f50fdc1932374a0da690c9e8d682cc31bf152439636477b4bd5dbf5a2c411b6258ce5240209f0dd522bd9a05c414e7a05730d0f45f1bb5dc46684d45ac0d92edae947fb3f808fa932c0a24f29cb7c7c27f36487ec6f1572f7c924d102fdd34577b8baecfcd90098a6fa6ba7a937d159da2c81c86ee033239be0687436fede0f31e6f20812b4d23a3e3e3bf4a5f399bbc2900d49c1cc8c8e85f8724e10150cd94f9089edc3a7c2e21febb06779241bfecc0594ec3338e5523d45c7605d21684c0fa23c3b3f549e202d6e44d98ee08375d1003b11a6387c5bda440138afdf3fb8dd8bb8a2fb84ff3978885a15d514e4b3feb61ab34d57a88"], &(0x7f0000001f80)=""/226, 0x26, 0x81, 0x2}, 0x20)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:9761' (ED25519) to the list of known hosts.
syzkaller login: [   50.328252][ T5745] cgroup: Unknown subsys name 'net'
[   50.396649][ T5745] cgroup: Unknown subsys name 'cpuset'
[   50.400654][ T5745] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.765613][ T5745] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   56.180592][ T5809] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   56.184601][ T5809] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   56.187619][ T5809] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   56.190767][ T5809] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   56.193548][ T5809] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   56.236443][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   56.240585][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   56.243875][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   56.249459][ T5200] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   56.252465][ T5200] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   56.256093][ T5200] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   56.267086][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   56.270695][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   56.275075][ T5815] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   56.278411][ T5815] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   56.475447][ T5806] chnl_net:caif_netlink_parms(): no params data found
[   56.606244][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.609292][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.611609][ T5806] bridge_slave_0: entered allmulticast mode
[   56.614863][ T5806] bridge_slave_0: entered promiscuous mode
[   56.618944][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.621132][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.623549][ T5806] bridge_slave_1: entered allmulticast mode
[   56.626341][ T5806] bridge_slave_1: entered promiscuous mode
[   56.635445][ T5812] chnl_net:caif_netlink_parms(): no params data found
[   56.669165][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.681769][ T5811] chnl_net:caif_netlink_parms(): no params data found
[   56.691684][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.746674][ T5806] team0: Port device team_slave_0 added
[   56.763460][ T5806] team0: Port device team_slave_1 added
[   56.765741][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.768047][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.770343][ T5812] bridge_slave_0: entered allmulticast mode
[   56.773500][ T5812] bridge_slave_0: entered promiscuous mode
[   56.776641][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.778886][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.781178][ T5812] bridge_slave_1: entered allmulticast mode
[   56.783871][ T5812] bridge_slave_1: entered promiscuous mode
[   56.834917][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.837737][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   56.848248][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.859895][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.862268][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.865034][ T5811] bridge_slave_0: entered allmulticast mode
[   56.868172][ T5811] bridge_slave_0: entered promiscuous mode
[   56.871434][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.874211][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   56.882198][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.896048][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.899831][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.903121][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.906147][ T5811] bridge_slave_1: entered allmulticast mode
[   56.909979][ T5811] bridge_slave_1: entered promiscuous mode
[   56.926250][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.957144][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.977538][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.986192][ T5806] hsr_slave_0: entered promiscuous mode
[   56.989334][ T5806] hsr_slave_1: entered promiscuous mode
[   56.995915][ T5812] team0: Port device team_slave_0 added
[   57.006363][ T5812] team0: Port device team_slave_1 added
[   57.018153][ T5811] team0: Port device team_slave_0 added
[   57.036614][ T5811] team0: Port device team_slave_1 added
[   57.066958][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.069621][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.078223][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.093580][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.095751][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.104516][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.109176][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.111451][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.120355][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.130554][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.132710][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   57.140790][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.236011][ T5812] hsr_slave_0: entered promiscuous mode
[   57.240355][ T5812] hsr_slave_1: entered promiscuous mode
[   57.243600][ T5812] debugfs: 'hsr0' already exists in 'hsr'
[   57.245974][ T5812] Cannot create hsr debugfs directory
[   57.254831][ T5811] hsr_slave_0: entered promiscuous mode
[   57.258070][ T5811] hsr_slave_1: entered promiscuous mode
[   57.260923][ T5811] debugfs: 'hsr0' already exists in 'hsr'
[   57.263830][ T5811] Cannot create hsr debugfs directory
[   57.389003][ T5806] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   57.411619][ T5806] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   57.448916][ T5806] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   57.478110][ T5806] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   57.586746][ T5811] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   57.596497][ T5811] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   57.601113][ T5811] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   57.606637][ T5811] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   57.688989][ T5812] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   57.707923][ T5812] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.723982][ T5812] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.730855][ T5812] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   57.756288][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.795207][ T5806] 8021q: adding VLAN 0 to HW filter on device team0
[   57.807868][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.817743][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.820840][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.840077][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.843167][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.851525][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[   57.881931][  T796] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.884893][  T796] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.897892][  T796] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.900761][  T796] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.987090][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.017537][ T5812] 8021q: adding VLAN 0 to HW filter on device team0
[   58.030793][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.033821][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.048348][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.051267][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.101815][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.154786][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.158552][ T5811] veth0_vlan: entered promiscuous mode
[   58.170405][ T5811] veth1_vlan: entered promiscuous mode
[   58.200638][ T5806] veth0_vlan: entered promiscuous mode
[   58.219010][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.224514][ T5806] veth1_vlan: entered promiscuous mode
[   58.230952][ T5811] veth0_macvtap: entered promiscuous mode
[   58.238674][ T5811] veth1_macvtap: entered promiscuous mode
[   58.253401][ T5809] Bluetooth: hci0: command tx timeout
[   58.261345][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.270919][ T5806] veth0_macvtap: entered promiscuous mode
[   58.289650][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.304600][ T5806] veth1_macvtap: entered promiscuous mode
[   58.318715][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.334388][ T5809] Bluetooth: hci2: command tx timeout
[   58.334648][ T5815] Bluetooth: hci1: command tx timeout
[   58.340245][ T5812] veth0_vlan: entered promiscuous mode
[   58.348397][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.365824][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.372025][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.376225][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.384399][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.400333][ T5812] veth1_vlan: entered promiscuous mode
[   58.408089][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.426296][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.431476][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.454554][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.537482][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.540749][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.545452][ T5812] veth0_macvtap: entered promiscuous mode
[   58.560431][ T5812] veth1_macvtap: entered promiscuous mode
[   58.596723][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.604500][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.612372][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.620845][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.656948][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.660500][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.667697][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.668092][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.671484][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.681414][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.682909][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.693706][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.746215][ T5811] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   58.804559][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.807024][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.834058][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.837698][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.000646][ T5884] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   59.149445][ T5897] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'.
[   59.285078][ T5906] netlink: 'syz.1.14': attribute type 21 has an invalid length.
[   59.322454][ T5903] bond1: option tlb_dynamic_lb: invalid value (5)
[   59.329879][ T5903] bond1 (unregistering): Released all slaves
[   59.341248][ T5906] netlink: 'syz.1.14': attribute type 1 has an invalid length.
[   59.344582][ T5906] netlink: 132 bytes leftover after parsing attributes in process `syz.1.14'.
[   59.505134][ T5918] netlink: 'syz.0.20': attribute type 11 has an invalid length.
[   59.730718][ T5936] syzkaller0: entered promiscuous mode
[   59.734007][ T5936] syzkaller0: entered allmulticast mode
[   60.240519][ T5961] Zero length message leads to an empty skb
[   60.337482][ T5815] Bluetooth: hci0: command tx timeout
[   60.433852][ T5815] Bluetooth: hci1: command tx timeout
[   60.436726][ T5815] Bluetooth: hci2: command tx timeout
[   60.681407][ T5971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.40'.
[   60.684587][ T5971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.40'.
[   60.901685][ T5981] netlink: 12 bytes leftover after parsing attributes in process `syz.0.46'.
[   60.907032][ T5981] netlink: 68 bytes leftover after parsing attributes in process `syz.0.46'.
[   60.910389][ T5981] netlink: 12 bytes leftover after parsing attributes in process `syz.0.46'.
[   60.913932][ T5981] netlink: 68 bytes leftover after parsing attributes in process `syz.0.46'.
[   61.179335][ T5992] netlink: 'syz.0.49': attribute type 1 has an invalid length.
[   61.182645][ T5992] netlink: 224 bytes leftover after parsing attributes in process `syz.0.49'.
[   61.188833][ T5992] NCSI netlink: No device for ifindex 0
[   61.223615][ T5994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.50'.
[   61.230707][ T5994] hsr0: entered promiscuous mode
[   61.237453][ T5994] macvlan2: entered allmulticast mode
[   61.239667][ T5994] hsr0: entered allmulticast mode
[   61.241628][ T5994] hsr_slave_0: entered allmulticast mode
[   61.245979][ T5994] hsr_slave_1: entered allmulticast mode
[   61.397140][ T6006] syzkaller0: entered promiscuous mode
[   61.399483][ T6006] syzkaller0: entered allmulticast mode
[   61.544506][ T6016] tap0: tun_chr_ioctl cmd 1074025681
[   61.711483][ T6034] Driver unsupported XDP return value 0 on prog  (id 6) dev N/A, expect packet loss!
[   62.023273][ T6058] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   62.121229][ T6068] netlink: 'syz.2.86': attribute type 5 has an invalid length.
[   62.414772][ T5809] Bluetooth: hci0: command tx timeout
[   62.493353][ T5815] Bluetooth: hci1: command tx timeout
[   62.497643][ T5809] Bluetooth: hci2: command tx timeout
[   62.510253][ T6110] netlink: 'syz.1.103': attribute type 8 has an invalid length.
[   63.194913][ T6094] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   63.200219][ T6114] netlink: 'syz.1.106': attribute type 1 has an invalid length.
[   63.675131][ T6153] netlink: 'syz.2.124': attribute type 4 has an invalid length.
[   63.684339][ T6153] netlink: 'syz.2.124': attribute type 4 has an invalid length.
[   64.228485][ T6183] bond1: option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[   64.306552][ T6183] bond1 (unregistering): Released all slaves
[   64.411813][ T6200] syz.0.142 uses obsolete (PF_INET,SOCK_PACKET)
[   64.498692][ T5809] Bluetooth: hci0: command tx timeout
[   64.548119][ T6211] __nla_validate_parse: 11 callbacks suppressed
[   64.548135][ T6211] netlink: 28 bytes leftover after parsing attributes in process `syz.1.146'.
[   64.556510][ T6211] netlink: 28 bytes leftover after parsing attributes in process `syz.1.146'.
[   64.560938][ T6212] netlink: 'syz.2.145': attribute type 3 has an invalid length.
[   64.573575][ T5815] Bluetooth: hci1: command tx timeout
[   64.586050][ T5809] Bluetooth: hci2: command tx timeout
[   64.602187][ T6216] xt_hashlimit: overflow, rate too high: 0
[   64.638202][ T6218] netlink: 12 bytes leftover after parsing attributes in process `syz.2.149'.
[   64.645938][ T6220] netlink: 'syz.0.150': attribute type 1 has an invalid length.
[   64.648919][ T6220] netlink: 244 bytes leftover after parsing attributes in process `syz.0.150'.
[   64.721169][ T6226] dvmrp1: tun_chr_ioctl cmd 2147767507
[   64.956875][ T6247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.163'.
[   64.964126][ T6247] netlink: 'syz.0.163': attribute type 1 has an invalid length.
[   64.968477][ T6247] netlink: 'syz.0.163': attribute type 2 has an invalid length.
[   65.775324][ T6273] netlink: 'syz.2.174': attribute type 11 has an invalid length.
[   66.144783][ T6289] netlink: 436 bytes leftover after parsing attributes in process `syz.1.182'.
[   66.148515][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.1.182'.
[   66.224438][ T6295] netlink: 'syz.1.186': attribute type 2 has an invalid length.
[   66.286596][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.187'.
[   66.338876][ T6305] Bluetooth: MGMT ver 1.23
[   66.394692][ T6306] netlink: 'syz.0.190': attribute type 13 has an invalid length.
[   66.406793][ T6306] gretap0: refused to change device tx_queue_len
[   66.408987][ T6306] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   66.741513][ T6344] warning: `syz.1.209' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   66.999056][ T6368] bond1: option all_slaves_active: invalid value (5)
[   67.701665][ T6368] bond1 (unregistering): Released all slaves
[   67.768722][ T6373] netlink: 'syz.2.222': attribute type 4 has an invalid length.
[   67.784746][ T6373] netlink: 'syz.2.222': attribute type 4 has an invalid length.
[   67.791480][ T6373] netlink: 'syz.2.222': attribute type 4 has an invalid length.
[   68.050314][ T6390] netlink: 36 bytes leftover after parsing attributes in process `syz.1.230'.
[   68.054847][ T6390] netlink: 36 bytes leftover after parsing attributes in process `syz.1.230'.
[   68.112957][ T6390] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.116720][ T6390] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.169463][ T6390] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   68.175793][ T6390] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   68.260510][ T5873] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.272979][ T5873] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.275896][ T5873] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.278713][ T5873] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.358996][ T6405] x_tables: duplicate underflow at hook 1
[   68.498166][ T6420] netlink: 'syz.1.243': attribute type 10 has an invalid length.
[   68.505512][ T6420] team0: Port device dummy0 added
[   68.510848][ T6420] team0: Port device dummy0 removed
[   68.514992][ T6420] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   69.232472][ T6407] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[   69.236301][ T6407] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[   69.318724][ T6460] openvswitch: netlink: Geneve opt len 1 is not a multiple of 4.
[   69.370985][ T6467] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   69.375308][ T6467] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   72.207720][ T6453] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   72.211816][ T6483] netlink: 'syz.0.268': attribute type 11 has an invalid length.
[   72.227712][ T6483] __nla_validate_parse: 147 callbacks suppressed
[   72.227728][ T6483] netlink: 244 bytes leftover after parsing attributes in process `syz.0.268'.
[   72.555996][ T6538] validate_nla: 2 callbacks suppressed
[   72.556011][ T6538] netlink: 'syz.2.279': attribute type 1 has an invalid length.
[   72.624617][ T6546] netlink: 'syz.2.282': attribute type 12 has an invalid length.
[   72.627770][ T6546] netlink: 132 bytes leftover after parsing attributes in process `syz.2.282'.
[   72.909454][ T6572] netlink: 'syz.2.290': attribute type 3 has an invalid length.
[   73.342287][ T6612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.309'.
[   73.356561][ T6612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.309'.
[   74.098311][ T6661] netlink: 36 bytes leftover after parsing attributes in process `syz.2.331'.
[   74.137079][ T6663] Cannot find add_set index 1 as target
[   74.226823][ T6669] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.335'.
[   74.368373][ T6679] netlink: 'syz.2.340': attribute type 4 has an invalid length.
[   74.495981][ T6694] syz.0.347: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   74.501060][ T6694] CPU: 0 UID: 0 PID: 6694 Comm: syz.0.347 Not tainted syzkaller #0 PREEMPT(full) 
[   74.501078][ T6694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   74.501087][ T6694] Call Trace:
[   74.501094][ T6694]  <TASK>
[   74.501100][ T6694]  dump_stack_lvl+0xe8/0x150
[   74.501125][ T6694]  warn_alloc+0x249/0x340
[   74.501163][ T6694]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   74.501179][ T6694]  ? __pfx_warn_alloc+0x10/0x10
[   74.501191][ T6694]  ? kasan_save_track+0x4f/0x80
[   74.501200][ T6694]  ? kasan_save_track+0x3e/0x80
[   74.501206][ T6694]  ? __kasan_kmalloc+0x93/0xb0
[   74.501214][ T6694]  ? __kmalloc_cache_noprof+0x31c/0x660
[   74.501221][ T6694]  ? xskq_create+0x56/0x170
[   74.501229][ T6694]  ? xsk_setsockopt+0x54c/0x990
[   74.501240][ T6694]  ? do_sock_setsockopt+0x17c/0x1b0
[   74.501249][ T6694]  ? __x64_sys_setsockopt+0x13d/0x1b0
[   74.501256][ T6694]  ? do_syscall_64+0x14d/0xf80
[   74.501267][ T6694]  __vmalloc_node_range_noprof+0x132/0x1730
[   74.501287][ T6694]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   74.501297][ T6694]  ? __kasan_kmalloc+0x93/0xb0
[   74.501307][ T6694]  vmalloc_user_noprof+0xad/0xe0
[   74.501315][ T6694]  ? xskq_create+0xbf/0x170
[   74.501323][ T6694]  xskq_create+0xbf/0x170
[   74.501331][ T6694]  xsk_init_queue+0x8a/0xe0
[   74.501340][ T6694]  xsk_setsockopt+0x54c/0x990
[   74.501359][ T6694]  ? __pfx_xsk_setsockopt+0x10/0x10
[   74.501377][ T6694]  ? __pfx_aa_sk_perm+0x10/0x10
[   74.501395][ T6694]  ? aa_sock_opt_perm+0xff/0x1a0
[   74.501417][ T6694]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[   74.501431][ T6694]  ? __pfx_xsk_setsockopt+0x10/0x10
[   74.501451][ T6694]  do_sock_setsockopt+0x17c/0x1b0
[   74.501466][ T6694]  __x64_sys_setsockopt+0x13d/0x1b0
[   74.501483][ T6694]  do_syscall_64+0x14d/0xf80
[   74.501495][ T6694]  ? trace_irq_disable+0x3b/0x150
[   74.501506][ T6694]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.501523][ T6694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.501536][ T6694] RIP: 0033:0x7fe1a139c819
[   74.501550][ T6694] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   74.501560][ T6694] RSP: 002b:00007fe1a22c3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   74.501574][ T6694] RAX: ffffffffffffffda RBX: 00007fe1a1615fa0 RCX: 00007fe1a139c819
[   74.501583][ T6694] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[   74.501590][ T6694] RBP: 00007fe1a1432c91 R08: 0000000000000004 R09: 0000000000000000
[   74.501597][ T6694] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.501605][ T6694] R13: 00007fe1a1616038 R14: 00007fe1a1615fa0 R15: 00007ffc82776928
[   74.501625][ T6694]  </TASK>
[   74.501631][ T6694] Mem-Info:
[   74.591749][ T6694] active_anon:5812 inactive_anon:0 isolated_anon:0
[   74.591749][ T6694]  active_file:11264 inactive_file:38315 isolated_file:0
[   74.591749][ T6694]  unevictable:1768 dirty:1609 writeback:0
[   74.591749][ T6694]  slab_reclaimable:10152 slab_unreclaimable:79069
[   74.591749][ T6694]  mapped:18182 shmem:2433 pagetables:918
[   74.591749][ T6694]  sec_pagetables:0 bounce:0
[   74.591749][ T6694]  kernel_misc_reclaimable:0
[   74.591749][ T6694]  free:1135724 free_pcp:22885 free_cma:0
[   74.606256][ T6694] Node 0 active_anon:8628kB inactive_anon:0kB active_file:11792kB inactive_file:16516kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24300kB dirty:336kB writeback:0kB shmem:4920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4040kB pagetables:1792kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   74.615847][ T6694] Node 1 active_anon:14620kB inactive_anon:0kB active_file:33264kB inactive_file:136744kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:48428kB dirty:6100kB writeback:0kB shmem:4812kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7596kB pagetables:1880kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   74.625563][ T6694] Node 0 DMA free:15360kB boost:0kB min:240kB low:300kB high:360kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   74.635030][ T6694] lowmem_reserve[]: 0 1587 2117 2117 2117
[   74.636832][ T6694] Node 0 DMA32 free:1613436kB boost:0kB min:25028kB low:31284kB high:37540kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:2080636kB managed:1625364kB mlocked:0kB bounce:0kB free_pcp:11920kB local_pcp:136kB free_cma:0kB
[   74.646436][ T6694] lowmem_reserve[]: 0 0 530 530 530
[   74.648109][ T6694] Node 0 Normal free:54548kB boost:0kB min:8512kB low:10640kB high:12768kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8644kB inactive_anon:0kB active_file:11792kB inactive_file:16516kB unevictable:3536kB writepending:336kB zspages:0kB present:1572868kB managed:543364kB mlocked:0kB bounce:0kB free_pcp:11228kB local_pcp:11132kB free_cma:0kB
[   74.658054][ T6694] lowmem_reserve[]: 0 0 0 0 0
[   74.659558][ T6694] Node 1 Normal free:2859264kB boost:0kB min:56324kB low:70404kB high:84484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14620kB inactive_anon:0kB active_file:33264kB inactive_file:136744kB unevictable:3536kB writepending:6100kB zspages:0kB present:3670012kB managed:3594688kB mlocked:0kB bounce:0kB free_pcp:68420kB local_pcp:30024kB free_cma:0kB
[   74.670362][ T6694] lowmem_reserve[]: 0 0 0 0 0
[   74.672118][ T6694] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   74.678131][ T6694] Node 0 DMA32: 1*4kB (M) 3*8kB (UM) 4*16kB (UM) 3*32kB (UM) 3*64kB (UM) 2*128kB (UM) 2*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 391*4096kB (M) = 1613436kB
[   74.684120][ T6694] Node 0 Normal: 355*4kB (UME) 399*8kB (UME) 429*16kB (UM) 73*32kB (UM) 28*64kB (UME) 18*128kB (UM) 3*256kB (UM) 2*512kB (UE) 2*1024kB (UM) 6*2048kB (ME) 5*4096kB (M) = 54516kB
[   74.689766][ T6694] Node 1 Normal: 801*4kB (UME) 1408*8kB (UM) 266*16kB (UME) 358*32kB (UME) 118*64kB (UM) 31*128kB (UME) 17*256kB (UME) 6*512kB (M) 4*1024kB (M) 2*2048kB (M) 684*4096kB (UM) = 2858980kB
[   74.698495][ T6694] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   74.703395][ T6694] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   74.706760][ T6694] 52012 total pagecache pages
[   74.708235][ T6694] 0 pages in swap cache
[   74.709528][ T6694] Free swap  = 124996kB
[   74.710829][ T6694] Total swap = 124996kB
[   74.712172][ T6694] 1834877 pages RAM
[   74.714656][ T6694] 0 pages HighMem/MovableOnly
[   74.717768][ T6694] 390183 pages reserved
[   74.719176][ T6694] 0 pages cma reserved
[   74.775121][ T6703] IPv6: addrconf: prefix option has invalid lifetime
[   74.801423][ T6705] tap0: tun_chr_ioctl cmd 1074025677
[   74.803521][ T6705] tap0: linktype set to 6
[   74.946433][ T6719] netlink: 6856 bytes leftover after parsing attributes in process `syz.1.358'.
[   74.950031][ T6719] netlink: 6856 bytes leftover after parsing attributes in process `syz.1.358'.
[   75.089179][ T6734] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   75.142689][ T6742] netlink: 'syz.2.370': attribute type 4 has an invalid length.
[   75.167463][ T6742] netlink: 8 bytes leftover after parsing attributes in process `syz.2.370'.
[   76.395519][ T6814] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[   76.428089][ T6816] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   76.564101][ T6825] netem: unknown loss type 0
[   76.565894][ T6825] netem: change failed
[   76.658076][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[   76.660412][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[   76.887976][   T31] IPVS: starting estimator thread 0...
[   76.943990][ T6848] syzkaller0: entered promiscuous mode
[   76.946227][ T6848] syzkaller0: entered allmulticast mode
[   76.982979][ T6844] IPVS: using max 81 ests per chain, 194400 per kthread
[   77.802082][ T6859] xt_bpf: check failed: parse error
[   77.896870][ T6870] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   77.897812][ T6871] netlink: 8 bytes leftover after parsing attributes in process `syz.2.424'.
[   78.014438][ T6884] Cannot find add_set index 0 as target
[   78.107016][ T6892] syzkaller0: entered promiscuous mode
[   78.108870][ T6892] syzkaller0: entered allmulticast mode
[   78.808300][ T6917] syzkaller1: entered promiscuous mode
[   78.810567][ T6917] syzkaller1: entered allmulticast mode
[   78.916681][ T6889] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   79.068209][ T6929] netlink: 'syz.2.451': attribute type 1 has an invalid length.
[   79.071461][ T6929] netlink: 224 bytes leftover after parsing attributes in process `syz.2.451'.
[   79.315121][ T6943] netlink: 'syz.0.458': attribute type 21 has an invalid length.
[   79.318239][ T6943] netlink: 128 bytes leftover after parsing attributes in process `syz.0.458'.
[   79.321764][ T6943] netlink: 'syz.0.458': attribute type 4 has an invalid length.
[   79.330456][ T6943] netlink: 'syz.0.458': attribute type 5 has an invalid length.
[   79.334579][ T6943] netlink: 3 bytes leftover after parsing attributes in process `syz.0.458'.
[   79.425406][ T6953] netlink: 12 bytes leftover after parsing attributes in process `syz.1.462'.
[   79.477452][ T6960] block nbd0: not configured, cannot reconfigure
[   79.604762][ T6974] netlink: 20 bytes leftover after parsing attributes in process `syz.0.473'.
[   79.658314][ T6978] netlink: 24 bytes leftover after parsing attributes in process `syz.1.475'.
[   79.694172][ T6978] netlink: 16 bytes leftover after parsing attributes in process `syz.1.475'.
[   79.697807][ T6978] netlink: 12 bytes leftover after parsing attributes in process `syz.1.475'.
[   79.807868][ T6994] netlink: 44 bytes leftover after parsing attributes in process `syz.2.483'.
[   79.810692][ T6994] ------------[ cut here ]------------
[   79.812713][ T6994] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16)
[   79.816826][ T6994] WARNING: net/sched/cls_u32.c:855 at u32_change+0x1da0/0x2720, CPU#0: syz.2.483/6994
[   79.820445][ T6994] Modules linked in:
[   79.822642][ T6994] CPU: 0 UID: 0 PID: 6994 Comm: syz.2.483 Not tainted syzkaller #0 PREEMPT(full) 
[   79.826118][ T6994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.829230][ T6994] RIP: 0010:u32_change+0x1daf/0x2720
[   79.830905][ T6994] Code: 3d 1a 34 43 06 01 75 33 e8 5e 43 0d f8 eb 50 e8 57 43 0d f8 48 8d 3d c0 67 68 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 00 9b e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 32 43 0d f8 eb 24 e8 2b 43 0d f8
[   79.837629][ T6994] RSP: 0018:ffffc90006a4efc0 EFLAGS: 00010287
[   79.839974][ T6994] RAX: ffffffff89b86b19 RBX: ffff88811e0cb400 RCX: 0000000000000010
[   79.842451][ T6994] RDX: ffffffff8ce19b00 RSI: 0000000000000020 RDI: ffffffff9020d2e0
[   79.845426][ T6994] RBP: ffffc90006a4f178 R08: 0000000000000dc0 R09: 00000000ffffffff
[   79.847691][ T6994] R10: dffffc0000000000 R11: fffffbfff20237b7 R12: ffff88811e0cb0e8
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   79.851877][ T6994] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[   79.854657][ T6994] FS:  00007fb9bd86f6c0(0000) GS:ffff88818de5a000(0000) knlGS:0000000000000000
[   79.857479][ T6994] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   79.860121][ T6994] CR2: 0000000000000008 CR3: 000000010cf28000 CR4: 00000000000006f0
[   79.862958][ T6994] Call Trace:
[   79.864032][ T6994]  <TASK>
[   79.864986][ T6994]  ? __pfx_u32_change+0x10/0x10
[   79.866713][ T6994]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   79.868864][ T6994]  tc_new_tfilter+0xff8/0x1780
[   79.870786][ T6994]  ? __pfx_tc_new_tfilter+0x10/0x10
[   79.872686][ T6994]  ? __pfx_tc_new_tfilter+0x10/0x10
[   79.874407][ T6994]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   79.876005][ T6994]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   79.877631][ T6994]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   79.879371][ T6994]  ? ref_tracker_free+0x693/0x840
[   79.880950][ T6994]  ? __copy_skb_header+0xa3/0x4a0
[   79.882535][ T6994]  ? __pfx_ref_tracker_free+0x10/0x10
[   79.884455][ T6994]  netlink_rcv_skb+0x232/0x4b0
[   79.886200][ T6994]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   79.887865][ T6994]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   79.889546][ T6994]  ? netlink_deliver_tap+0x2e/0x1b0
[   79.891184][ T6994]  netlink_unicast+0x80f/0x9b0
[   79.892650][ T6994]  ? __pfx_netlink_unicast+0x10/0x10
[   79.894429][ T6994]  ? netlink_sendmsg+0x650/0xb40
[   79.896107][ T6994]  ? skb_put+0x11b/0x210
[   79.897510][ T6994]  netlink_sendmsg+0x813/0xb40
[   79.899019][ T6994]  ? __pfx_netlink_sendmsg+0x10/0x10
[   79.900720][ T6994]  ? aa_sock_msg_perm+0xf1/0x1b0
[   79.902428][ T6994]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   79.904223][ T6994]  ____sys_sendmsg+0x972/0x9f0
[   79.905748][ T6994]  ? __pfx_____sys_sendmsg+0x10/0x10
[   79.907432][ T6994]  ? import_iovec+0x73/0xa0
[   79.909114][ T6994]  ___sys_sendmsg+0x2a5/0x360
[   79.910955][ T6994]  ? __pfx____sys_sendmsg+0x10/0x10
[   79.913108][ T6994]  ? preempt_schedule_common+0x82/0xd0
[   79.915146][ T6994]  ? preempt_schedule_thunk+0x16/0x30
[   79.916792][ T6994]  ? __fget_files+0x2a/0x420
[   79.918352][ T6994]  ? __fget_files+0x3a0/0x420
[   79.920509][ T6994]  __sys_sendmmsg+0x27c/0x4e0
[   79.922002][ T6994]  ? __pfx___sys_sendmmsg+0x10/0x10
[   79.923744][ T6994]  ? do_futex+0x395/0x420
[   79.925156][ T6994]  ? rcu_is_watching+0x15/0xb0
[   79.926710][ T6994]  __x64_sys_sendmmsg+0xa0/0xc0
[   79.928292][ T6994]  do_syscall_64+0x14d/0xf80
[   79.929731][ T6994]  ? trace_irq_disable+0x3b/0x150
[   79.931295][ T6994]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.933357][ T6994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.935766][ T6994] RIP: 0033:0x7fb9bc99c819
[   79.937610][ T6994] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   79.945541][ T6994] RSP: 002b:00007fb9bd86f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   79.948911][ T6994] RAX: ffffffffffffffda RBX: 00007fb9bcc15fa0 RCX: 00007fb9bc99c819
[   79.952143][ T6994] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000007
[   79.955393][ T6994] RBP: 00007fb9bca32c91 R08: 0000000000000000 R09: 0000000000000000
[   79.958156][ T6994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   79.960732][ T6994] R13: 00007fb9bcc16038 R14: 00007fb9bcc15fa0 R15: 00007fff5f2b52e8
[   79.963502][ T6994]  </TASK>
[   79.964445][ T6994] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   79.966662][ T6994] CPU: 0 UID: 0 PID: 6994 Comm: syz.2.483 Not tainted syzkaller #0 PREEMPT(full) 
[   79.969436][ T6994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.973267][ T6994] Call Trace:
[   79.974584][ T6994]  <TASK>
[   79.975730][ T6994]  vpanic+0x56c/0xa60
[   79.977305][ T6994]  ? __pfx__printk+0x10/0x10
[   79.978861][ T6994]  ? __pfx_vpanic+0x10/0x10
[   79.980288][ T6994]  ? is_bpf_text_address+0x292/0x2b0
[   79.981947][ T6994]  ? is_bpf_text_address+0x26/0x2b0
[   79.983558][ T6994]  panic+0xc5/0xd0
[   79.984725][ T6994]  ? __pfx_panic+0x10/0x10
[   79.986118][ T6994]  __warn+0x315/0x4f0
[   79.987451][ T6994]  ? u32_change+0x1da0/0x2720
[   79.988951][ T6994]  ? u32_change+0x1da0/0x2720
[   79.990764][ T6994]  __report_bug+0x29a/0x540
[   79.992471][ T6994]  ? ___sys_sendmsg+0x2a5/0x360
[   79.994043][ T6994]  ? __sys_sendmmsg+0x27c/0x4e0
[   79.995574][ T6994]  ? __x64_sys_sendmmsg+0xa0/0xc0
[   79.997360][ T6994]  ? u32_change+0x1da0/0x2720
[   79.998995][ T6994]  ? __pfx___report_bug+0x10/0x10
[   80.000659][ T6994]  report_bug_entry+0x19a/0x290
[   80.002632][ T6994]  ? u32_change+0x1daf/0x2720
[   80.004608][ T6994]  ? u32_change+0x1db4/0x2720
[   80.006112][ T6994]  handle_bug+0xce/0x200
[   80.007383][ T6994]  exc_invalid_op+0x1a/0x50
[   80.008715][ T6994]  asm_exc_invalid_op+0x1a/0x20
[   80.010207][ T6994] RIP: 0010:u32_change+0x1daf/0x2720
[   80.011756][ T6994] Code: 3d 1a 34 43 06 01 75 33 e8 5e 43 0d f8 eb 50 e8 57 43 0d f8 48 8d 3d c0 67 68 06 b9 10 00 00 00 4c 89 f6 48 c7 c2 00 9b e1 8c <67> 48 0f b9 3a e9 af ee ff ff e8 32 43 0d f8 eb 24 e8 2b 43 0d f8
[   80.017543][ T6994] RSP: 0018:ffffc90006a4efc0 EFLAGS: 00010287
[   80.019425][ T6994] RAX: ffffffff89b86b19 RBX: ffff88811e0cb400 RCX: 0000000000000010
[   80.021909][ T6994] RDX: ffffffff8ce19b00 RSI: 0000000000000020 RDI: ffffffff9020d2e0
[   80.024397][ T6994] RBP: ffffc90006a4f178 R08: 0000000000000dc0 R09: 00000000ffffffff
[   80.026825][ T6994] R10: dffffc0000000000 R11: fffffbfff20237b7 R12: ffff88811e0cb0e8
[   80.029231][ T6994] R13: 0000000000000001 R14: 0000000000000020 R15: 0000000000000001
[   80.031509][ T6994]  ? u32_change+0x1d99/0x2720
[   80.032884][ T6994]  ? __pfx_u32_change+0x10/0x10
[   80.034343][ T6994]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   80.036252][ T6994]  tc_new_tfilter+0xff8/0x1780
[   80.038305][ T6994]  ? __pfx_tc_new_tfilter+0x10/0x10
[   80.040286][ T6994]  ? __pfx_tc_new_tfilter+0x10/0x10
[   80.042319][ T6994]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   80.044219][ T6994]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   80.046017][ T6994]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   80.047678][ T6994]  ? ref_tracker_free+0x693/0x840
[   80.049265][ T6994]  ? __copy_skb_header+0xa3/0x4a0
[   80.051040][ T6994]  ? __pfx_ref_tracker_free+0x10/0x10
[   80.053029][ T6994]  netlink_rcv_skb+0x232/0x4b0
[   80.054880][ T6994]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   80.056957][ T6994]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   80.058976][ T6994]  ? netlink_deliver_tap+0x2e/0x1b0
[   80.060949][ T6994]  netlink_unicast+0x80f/0x9b0
[   80.062466][ T6994]  ? __pfx_netlink_unicast+0x10/0x10
[   80.064388][ T6994]  ? netlink_sendmsg+0x650/0xb40
[   80.066091][ T6994]  ? skb_put+0x11b/0x210
[   80.067521][ T6994]  netlink_sendmsg+0x813/0xb40
[   80.069140][ T6994]  ? __pfx_netlink_sendmsg+0x10/0x10
[   80.070924][ T6994]  ? aa_sock_msg_perm+0xf1/0x1b0
[   80.072483][ T6994]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   80.074162][ T6994]  ____sys_sendmsg+0x972/0x9f0
[   80.075853][ T6994]  ? __pfx_____sys_sendmsg+0x10/0x10
[   80.077539][ T6994]  ? import_iovec+0x73/0xa0
[   80.078961][ T6994]  ___sys_sendmsg+0x2a5/0x360
[   80.080431][ T6994]  ? __pfx____sys_sendmsg+0x10/0x10
[   80.082035][ T6994]  ? preempt_schedule_common+0x82/0xd0
[   80.083732][ T6994]  ? preempt_schedule_thunk+0x16/0x30
[   80.085548][ T6994]  ? __fget_files+0x2a/0x420
[   80.087057][ T6994]  ? __fget_files+0x3a0/0x420
[   80.088721][ T6994]  __sys_sendmmsg+0x27c/0x4e0
[   80.090226][ T6994]  ? __pfx___sys_sendmmsg+0x10/0x10
[   80.091828][ T6994]  ? do_futex+0x395/0x420
[   80.093188][ T6994]  ? rcu_is_watching+0x15/0xb0
[   80.094667][ T6994]  __x64_sys_sendmmsg+0xa0/0xc0
[   80.096341][ T6994]  do_syscall_64+0x14d/0xf80
[   80.097967][ T6994]  ? trace_irq_disable+0x3b/0x150
[   80.099548][ T6994]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.101451][ T6994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.103244][ T6994] RIP: 0033:0x7fb9bc99c819
[   80.104621][ T6994] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   80.111848][ T6994] RSP: 002b:00007fb9bd86f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   80.115095][ T6994] RAX: ffffffffffffffda RBX: 00007fb9bcc15fa0 RCX: 00007fb9bc99c819
[   80.118025][ T6994] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000007
[   80.120654][ T6994] RBP: 00007fb9bca32c91 R08: 0000000000000000 R09: 0000000000000000
[   80.123206][ T6994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   80.125672][ T6994] R13: 00007fb9bcc16038 R14: 00007fb9bcc15fa0 R15: 00007fff5f2b52e8
[   80.128206][ T6994]  </TASK>
[   80.130174][ T6994] Kernel Offset: disabled
[   80.131642][ T6994] Rebooting in 86400 seconds..
