last executing test programs:

1.970208527s ago: executing program 1 (id=1171):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x7, [@enum={0x5, 0x2, 0x0, 0x6, 0x4, [{0x4}, {0xffffffff, 0x4}]}]}, {0x0, [0x61, 0x0, 0x61, 0x2e, 0x71]}}, 0x0, 0x3b, 0x0, 0x1}, 0x28)

1.918076832s ago: executing program 1 (id=1173):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x50, &(0x7f00000000c0)=0x2, 0x4)
unshare(0x20000400)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$igmp6(0xa, 0x3, 0x2)
splice(r1, 0xfffffffffffffffe, r2, 0x0, 0x8, 0x0)
socketpair(0x11, 0x1, 0x401, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000140)={<r4=>0x0, 0x2c, &(0x7f0000000180)=[@in6={0xa, 0x4e20, 0x0, @private0}, @in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000040)=0x10)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x101842, 0x0)
readv(r5, &(0x7f0000001500)=[{&(0x7f0000000400)=""/96, 0x60}, {0x0}], 0x2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000004c0)={r4, @in={{0x2, 0xfffe, @empty}}, 0x0, 0x80}, 0x90)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x8001)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x4000004)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000004900010028bd7000fedbdf250a008000", @ANYRES32=0x0, @ANYBLOB="00000000080002000100000014000100fc000000000000000000000000000000202ada3a2b0cee5d146024e752b31e5f2ddfcf37452f012abb0c6d5c25061e0d003396f9412149078e04be23d192962cdb70209a8fcd60bf15fdef6d44379b8f0e5d081004efdbb7e5d9fe2c"], 0x38}, 0x1, 0x0, 0x0, 0x14000000}, 0x80)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.2MB.failcnt\x00', 0x2, 0x0)
r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_netrom_SIOCADDRT(r7, 0x890b, &(0x7f0000000040)={0x1, @null, @bpq0, 0xb49, 'syz1\x00', @null, 0xfff, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]})
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0x1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)

1.390186616s ago: executing program 0 (id=1194):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x3, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x4000)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x4004f506, &(0x7f00000000c0)=0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x4c580, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r5 = socket(0xa, 0x3, 0x3a)
recvmmsg(r5, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x9}], 0x2, 0x2, 0x0)
socket$kcm(0x2, 0xa, 0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x14, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4000804)

1.311237539s ago: executing program 2 (id=1197):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
pread64(r2, &(0x7f0000001840)=""/4096, 0x1000, 0x4)

1.197388922s ago: executing program 2 (id=1198):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x200, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
listen(r0, 0x6)

1.197240447s ago: executing program 2 (id=1199):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xe, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000b5000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000008900000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0xc, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc85}, 0x94)

1.107955377s ago: executing program 2 (id=1200):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00'}, 0x48)
r1 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r1, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
r2 = socket$kcm(0x29, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r4 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r4, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r4, r3})
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r1, r0})
close(r2)

990.26812ms ago: executing program 1 (id=1201):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, 0x0, 0x0, 0x24000045)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000040)=0xc)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0xa, 0x0, &(0x7f0000000680)='GPL\x00', 0x9, 0x0, 0x0, 0x40f00, 0x53, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000d80), &(0x7f0000000dc0)=[{0x5, 0x5, 0x9, 0x1}, {0x3, 0x2, 0x7, 0x2}, {0x5, 0x4, 0x4, 0x7}], 0x10, 0x5}, 0x94)
bpf$PROG_BIND_MAP(0x1c, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x24}, 0xc)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
unshare(0x62040200)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000b40)=@data_frame={@msdu=@type10={{0x0, 0x2, 0x6, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x7ff9}, @initial, @device_a, @device_b, {0xb, 0x4}}, @a_msdu}, 0x18)
r6 = socket$inet6(0xa, 0x2, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b000000"], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x6, 0x0, 0x0)
nanosleep(0x0, 0x0)

554.227753ms ago: executing program 0 (id=1202):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000300)={'tunl0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x7, 0x7, 0x8, 0x7, {{0x5, 0x4, 0x3, 0x2b, 0x14, 0x67, 0x0, 0xd3, 0x4, 0x0, @local, @empty}}}})

479.431018ms ago: executing program 0 (id=1203):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@delpolicy={0x50, 0x14, 0x300, 0x70bd2d, 0x25dfdbff, {{@in6=@dev={0xfe, 0x80, '\x00', 0x23}, @in=@empty, 0x4e23, 0x8, 0x4e21, 0x0, 0x8, 0x20, 0x20, 0x3b}, 0x6e6bb4, 0x1}}, 0x50}, 0x1, 0x0, 0x0, 0xc0}, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x2, {@ip4=@rand_addr=0x64010100, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)

479.040361ms ago: executing program 0 (id=1204):
unshare(0x20000400)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r1, 0x34}, 0x10)

399.192741ms ago: executing program 0 (id=1205):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0)

398.927715ms ago: executing program 0 (id=1206):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
socket$nl_rdma(0x10, 0x3, 0x14)
socket(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
write$tun(r0, &(0x7f0000001240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x65, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e20, 0x4d, 0x0, @wg=@data={0x4, 0x2, 0x8, "e8771ac366586e56f446dcd22ec94c672f1cd650516a2fbeddd0cb5cffc4ef63a1c2be9551171e48bb8559ac9077c099289048d76d"}}}}, 0x73)

250.089048ms ago: executing program 2 (id=1207):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x4, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006c00000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b200000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6c, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)

249.888667ms ago: executing program 2 (id=1208):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xffffd000)
r0 = socket$pppoe(0x18, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000001c0)={0x0, 0x100}, &(0x7f0000000200)=0x8)
connect$pppoe(r0, 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
shutdown(r1, 0x1)
close(0x3)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x3, 0x4, @mcast1}}}, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='0\x00\x00|'], 0x30}], 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000100))
socket$alg(0x26, 0x5, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000014006b05c84e21000ab16d6e230675f8", 0x14}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b04, &(0x7f0000000000)={'wlan1\x00'})

172.97172ms ago: executing program 1 (id=1209):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)={0x50, r1, 0x1, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0x34, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOTMODE={0x5, 0xe, 0x1}, @NL80211_MESHCONF_GATE_ANNOUNCEMENTS={0x5, 0x11, 0x1}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x401}, @NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0x6e}, @NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0x200}, @NL80211_MESHCONF_POWER_MODE={0x8, 0x1a, 0x2}]}]}, 0x50}}, 0x4040810)

60.300142ms ago: executing program 1 (id=1210):
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)

0s ago: executing program 1 (id=1211):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e24, @remote}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={r2, 0xff, 0x20}, 0xc)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:52745' (ED25519) to the list of known hosts.
syzkaller login: [   56.519858][ T5808] cgroup: Unknown subsys name 'net'
[   56.662591][ T5808] cgroup: Unknown subsys name 'cpuset'
[   56.668142][ T5808] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.019801][ T5808] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   62.189326][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.194848][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.197796][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.201350][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.204552][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.206144][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.213276][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.218551][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.226215][ T5825] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.229498][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.230029][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.236146][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.239826][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.247526][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.250685][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.466715][ T5822] chnl_net:caif_netlink_parms(): no params data found
[   62.552093][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.554948][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.557414][ T5822] bridge_slave_0: entered allmulticast mode
[   62.561110][ T5822] bridge_slave_0: entered promiscuous mode
[   62.567332][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.570362][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.572769][ T5822] bridge_slave_1: entered allmulticast mode
[   62.575504][ T5822] bridge_slave_1: entered promiscuous mode
[   62.643450][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.656518][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.703767][ T5822] team0: Port device team_slave_0 added
[   62.705978][ T5826] chnl_net:caif_netlink_parms(): no params data found
[   62.716738][ T5822] team0: Port device team_slave_1 added
[   62.754179][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.757071][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.768273][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.780615][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   62.785689][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.789506][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.801157][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.920000][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.922715][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.926105][ T5826] bridge_slave_0: entered allmulticast mode
[   62.931239][ T5826] bridge_slave_0: entered promiscuous mode
[   62.953421][ T5822] hsr_slave_0: entered promiscuous mode
[   62.955877][ T5822] hsr_slave_1: entered promiscuous mode
[   62.958902][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.961685][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.964394][ T5826] bridge_slave_1: entered allmulticast mode
[   62.967792][ T5826] bridge_slave_1: entered promiscuous mode
[   63.013397][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.020235][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.036803][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.039784][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.042452][ T5831] bridge_slave_0: entered allmulticast mode
[   63.045914][ T5831] bridge_slave_0: entered promiscuous mode
[   63.050439][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.052752][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.054986][ T5831] bridge_slave_1: entered allmulticast mode
[   63.057578][ T5831] bridge_slave_1: entered promiscuous mode
[   63.114845][ T5826] team0: Port device team_slave_0 added
[   63.119965][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.142740][ T5826] team0: Port device team_slave_1 added
[   63.146663][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.195333][ T5831] team0: Port device team_slave_0 added
[   63.203057][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.205427][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.214196][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.221366][ T5831] team0: Port device team_slave_1 added
[   63.224285][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.226928][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.236400][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.283013][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.285531][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.295197][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.301976][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.304311][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.313308][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.360294][ T5826] hsr_slave_0: entered promiscuous mode
[   63.362955][ T5826] hsr_slave_1: entered promiscuous mode
[   63.365170][ T5826] debugfs: 'hsr0' already exists in 'hsr'
[   63.367206][ T5826] Cannot create hsr debugfs directory
[   63.397620][ T5831] hsr_slave_0: entered promiscuous mode
[   63.400473][ T5831] hsr_slave_1: entered promiscuous mode
[   63.403063][ T5831] debugfs: 'hsr0' already exists in 'hsr'
[   63.404969][ T5831] Cannot create hsr debugfs directory
[   63.523893][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   63.532349][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   63.553780][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   63.559607][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   63.703432][ T5826] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   63.711545][ T5826] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   63.722915][ T5826] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   63.731894][ T5826] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   63.807183][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.820814][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.826888][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.840185][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   63.859694][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.893135][ T5822] 8021q: adding VLAN 0 to HW filter on device team0
[   63.910276][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.913529][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.919042][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.921456][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.973494][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.005218][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   64.017141][   T78] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.019992][   T78] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.033914][ T5822] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   64.042722][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.044981][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.059562][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.109360][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   64.125521][ T4645] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.128349][ T4645] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.151128][ T4645] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.153856][ T4645] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.181272][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.250022][ T5822] veth0_vlan: entered promiscuous mode
[   64.263345][   T54] Bluetooth: hci2: command tx timeout
[   64.263378][ T5828] Bluetooth: hci1: command tx timeout
[   64.265770][   T54] Bluetooth: hci0: command tx timeout
[   64.267917][ T5822] veth1_vlan: entered promiscuous mode
[   64.297055][ T5822] veth0_macvtap: entered promiscuous mode
[   64.302846][ T5822] veth1_macvtap: entered promiscuous mode
[   64.319960][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.345975][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.374133][ T5853] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.378005][ T5853] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.386811][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.394962][ T5853] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.399998][ T5853] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.445024][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.544676][ T5826] veth0_vlan: entered promiscuous mode
[   64.552405][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.555803][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.573405][ T5831] veth0_vlan: entered promiscuous mode
[   64.590854][ T5826] veth1_vlan: entered promiscuous mode
[   64.608009][ T5831] veth1_vlan: entered promiscuous mode
[   64.613681][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.621924][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.662981][ T5826] veth0_macvtap: entered promiscuous mode
[   64.676707][ T5826] veth1_macvtap: entered promiscuous mode
[   64.695890][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   64.707814][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.713948][ T5831] veth0_macvtap: entered promiscuous mode
[   64.729246][ T5831] veth1_macvtap: entered promiscuous mode
[   64.735698][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.768647][ T5852] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.772523][ T5852] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.789688][ T5852] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.799144][ T5852] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.827919][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.842206][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.851540][ T5852] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.863561][ T5852] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.871613][ T5852] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.874701][ T5852] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.875214][ T5893] sctp: [Deprecated]: syz.1.5 (pid 5893) Use of struct sctp_assoc_value in delayed_ack socket option.
[   64.875214][ T5893] Use struct sctp_sack_info instead
[   64.945565][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.953199][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.022117][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.030990][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.068841][   T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.071439][   T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.082446][   T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.085015][   T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.100599][ T5901] netlink: 'syz.1.9': attribute type 3 has an invalid length.
[   65.103362][ T5901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9'.
[   65.151236][ T5904] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   65.160509][ T5905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'.
[   65.163496][ T5905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'.
[   65.196809][ T5909] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[   65.229961][ T5909] bond1: entered promiscuous mode
[   65.231715][ T5909] bond1: entered allmulticast mode
[   65.233665][ T5909] 8021q: adding VLAN 0 to HW filter on device bond1
[   65.470358][ T5932] unknown channel width for channel at 909000KHz?
[   65.483130][ T5932] unknown channel width for channel at 909000KHz?
[   65.491646][ T5932] unknown channel width for channel at 909000KHz?
[   65.583885][ T5942] netlink: 'syz.1.25': attribute type 1 has an invalid length.
[   65.589323][ T5942] netlink: 232 bytes leftover after parsing attributes in process `syz.1.25'.
[   65.651763][ T5948] netlink: 'syz.2.32': attribute type 1 has an invalid length.
[   65.826646][ T5967] netlink: 8 bytes leftover after parsing attributes in process `syz.1.38'.
[   65.854747][ T5969] netlink: 56 bytes leftover after parsing attributes in process `syz.1.41'.
[   65.859486][ T5969] netlink: 24 bytes leftover after parsing attributes in process `syz.1.41'.
[   66.157367][ T5998] syz.1.52 uses obsolete (PF_INET,SOCK_PACKET)
[   66.183190][ T6000] netlink: 72 bytes leftover after parsing attributes in process `syz.2.53'.
[   66.329220][ T6007] nbd: socks must be embedded in a SOCK_ITEM attr
[   66.332431][ T6007] block nbd0: shutting down sockets
[   66.338519][   T54] Bluetooth: hci0: command tx timeout
[   66.338679][ T5212] Bluetooth: hci1: command tx timeout
[   66.340347][   T54] Bluetooth: hci2: command tx timeout
[   66.721999][ T6038] Bluetooth: MGMT ver 1.23
[   66.915006][ T6053] netlink: 96 bytes leftover after parsing attributes in process `syz.1.78'.
[   66.927507][ T6055] netlink: 8 bytes leftover after parsing attributes in process `syz.0.79'.
[   67.083049][ T6070] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[   67.086775][ T6070] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   67.229704][ T6081] ip6erspan0: entered allmulticast mode
[   67.259988][ T6085] netlink: 'syz.2.94': attribute type 4 has an invalid length.
[   67.689212][ T6120] netlink: 'syz.1.109': attribute type 1 has an invalid length.
[   68.069063][ T6156] netlink: 'syz.0.124': attribute type 10 has an invalid length.
[   68.099537][ T6156] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   68.124861][ T6160] 8021q: VLANs not supported on gre0
[   68.308637][ T6173] Driver unsupported XDP return value 0 on prog  (id 20) dev N/A, expect packet loss!
[   68.420015][   T54] Bluetooth: hci1: command tx timeout
[   68.420443][ T5212] Bluetooth: hci0: command tx timeout
[   68.422367][   T54] Bluetooth: hci2: command tx timeout
[   68.483863][ T6187] warning: `syz.1.139' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.544729][ T6192] Zero length message leads to an empty skb
[   68.811129][ T6201] tipc: Started in network mode
[   68.813384][ T6201] tipc: Node identity a2d625ad3a28, cluster identity 4711
[   68.816516][ T6201] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   68.822771][ T6201] syzkaller0: entered promiscuous mode
[   68.825100][ T6201] syzkaller0: entered allmulticast mode
[   68.848740][ T6201] tipc: Resetting bearer <eth:syzkaller0>
[   68.862315][ T6200] tipc: Resetting bearer <eth:syzkaller0>
[   68.878016][ T6200] tipc: Disabling bearer <eth:syzkaller0>
[   69.795000][ T6241] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2
[   69.884109][ T6245] bridge_slave_0: left allmulticast mode
[   69.886662][ T6245] bridge_slave_0: left promiscuous mode
[   69.890936][ T6245] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.903218][ T6245] bridge_slave_1: left allmulticast mode
[   69.905630][ T6245] bridge_slave_1: left promiscuous mode
[   69.918724][ T6245] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.937513][ T6245] bond0: (slave bond_slave_0): Releasing backup interface
[   69.959234][ T6245] bond0: (slave bond_slave_1): Releasing backup interface
[   69.973213][ T6245] team0: Port device team_slave_0 removed
[   69.985684][ T6245] team0: Port device team_slave_1 removed
[   69.989110][ T6245] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.992358][ T6245] batman_adv: batadv0: Removing interface: batadv_slave_0
[   69.997581][ T6245] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   70.004336][ T6245] batman_adv: batadv0: Removing interface: batadv_slave_1
[   70.500623][ T5828] Bluetooth: hci0: command tx timeout
[   70.503032][ T5828] Bluetooth: hci1: command tx timeout
[   70.505306][ T5828] Bluetooth: hci2: command tx timeout
[   70.671203][ T6283] __nla_validate_parse: 4 callbacks suppressed
[   70.671221][ T6283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.179'.
[   70.717282][ T6286] netlink: 12 bytes leftover after parsing attributes in process `syz.1.180'.
[   70.735861][ T6286] netlink: 4 bytes leftover after parsing attributes in process `syz.1.180'.
[   70.757942][ T6287] netlink: 192 bytes leftover after parsing attributes in process `syz.0.176'.
[   71.228013][ T6311] netlink: 'syz.0.191': attribute type 303 has an invalid length.
[   71.233170][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.235464][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.489832][ T6324] syzkaller1: entered promiscuous mode
[   71.492323][ T6324] syzkaller1: entered allmulticast mode
[   71.744092][ T6342] netlink: 'syz.2.205': attribute type 1 has an invalid length.
[   71.747639][ T6342] netlink: 4 bytes leftover after parsing attributes in process `syz.2.205'.
[   71.816590][ T6345] netlink: 72 bytes leftover after parsing attributes in process `syz.2.207'.
[   71.822081][ T6345] netlink: 72 bytes leftover after parsing attributes in process `syz.2.207'.
[   72.174644][ T6359] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   72.230034][ T6362] netlink: 8 bytes leftover after parsing attributes in process `syz.1.214'.
[   72.263261][ T6364] vlan0: entered promiscuous mode
[   72.589166][ T5212] Bluetooth: hci2: command 0x0405 tx timeout
[   72.737446][ T6397] tipc: Started in network mode
[   72.740158][ T6397] tipc: Node identity 0230378582d2, cluster identity 4711
[   72.744017][ T6397] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   72.747640][ T6397] syzkaller0: entered promiscuous mode
[   72.753004][ T6397] syzkaller0: entered allmulticast mode
[   72.769905][ T6397] tipc: Resetting bearer <eth:syzkaller0>
[   72.774369][ T6396] tipc: Resetting bearer <eth:syzkaller0>
[   72.788129][ T6396] tipc: Disabling bearer <eth:syzkaller0>
[   73.335996][ T6431] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   73.519202][ T6439] netlink: 'syz.0.250': attribute type 10 has an invalid length.
[   73.523665][ T6439] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[   73.720146][ T6451] Bluetooth: MGMT ver 1.23
[   73.934455][ T6468] netlink: 'syz.1.265': attribute type 1 has an invalid length.
[   74.100603][ T6481] netlink: 20 bytes leftover after parsing attributes in process `syz.1.269'.
[   74.286323][ T6500] netlink: 40 bytes leftover after parsing attributes in process `syz.1.278'.
[   74.674678][ T6510] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.733592][ T6510] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.777767][ T6510] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.814060][ T6510] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   74.883015][ T5852] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.899831][ T5852] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.909625][ T5853] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.920541][ T5853] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.032206][ T6516] netlink: 'syz.0.284': attribute type 1 has an invalid length.
[   75.035520][ T6516] netlink: 'syz.0.284': attribute type 2 has an invalid length.
[   75.367000][ T6544] netlink: 'syz.2.298': attribute type 1 has an invalid length.
[   75.404940][ T6544] 8021q: adding VLAN 0 to HW filter on device bond2
[   75.420780][ T6544] vlan2: entered promiscuous mode
[   75.422747][ T6544] bond2: entered promiscuous mode
[   75.425160][ T6544] vlan2: entered allmulticast mode
[   75.427328][ T6544] bond2: entered allmulticast mode
[   75.456183][ T6544] bond2: (slave gretap1): making interface the new active one
[   75.460515][ T6544] gretap1: entered promiscuous mode
[   75.462331][ T6544] gretap1: entered allmulticast mode
[   75.468736][ T6544] bond2: (slave gretap1): Enslaving as an active interface with an up link
[   75.479976][ T6544] syz.2.298 (6544) used greatest stack depth: 19432 bytes left
[   75.574265][ T6557] lo speed is unknown, defaulting to 1000
[   75.590737][ T6557] lo speed is unknown, defaulting to 1000
[   75.594534][ T6557] lo speed is unknown, defaulting to 1000
[   75.801594][ T6557] infiniband syz0: set active
[   75.804165][ T6557] infiniband syz0: added lo
[   75.812384][ T5288] lo speed is unknown, defaulting to 1000
[   75.845174][ T6557] RDS/IB: syz0: added
[   75.847364][ T6557] smc: adding ib device syz0 with port count 1
[   75.850276][ T6557] smc:    ib device syz0 port 1 has pnetid 
[   75.856024][ T6557] lo speed is unknown, defaulting to 1000
[   75.937434][ T6584] netlink: 'syz.2.314': attribute type 10 has an invalid length.
[   75.940877][ T6584] netlink: 40 bytes leftover after parsing attributes in process `syz.2.314'.
[   75.993780][ T6584] team0: Port device geneve0 added
[   76.009081][ T5288] lo speed is unknown, defaulting to 1000
[   76.045161][ T6557] lo speed is unknown, defaulting to 1000
[   76.205408][ T6597] netlink: 'syz.2.318': attribute type 13 has an invalid length.
[   76.211141][ T6597] netlink: 'syz.2.318': attribute type 17 has an invalid length.
[   76.386773][ T6556] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   76.393586][ T6597] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   76.399779][ T6557] lo speed is unknown, defaulting to 1000
[   76.533906][ T6593] lo speed is unknown, defaulting to 1000
[   76.765161][ T6615] netlink: 550 bytes leftover after parsing attributes in process `syz.1.325'.
[   76.945740][ T6622] netlink: 165 bytes leftover after parsing attributes in process `syz.1.328'.
[   76.999359][ T6624] netlink: 16 bytes leftover after parsing attributes in process `syz.0.329'.
[   77.173404][ T6635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.333'.
[   77.262818][ T6639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.336'.
[   77.460137][ T6656] netlink: 'syz.0.343': attribute type 2 has an invalid length.
[   77.723950][ T6670] netlink: 312 bytes leftover after parsing attributes in process `syz.1.347'.
[   77.974151][ T6690] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   78.391709][ T6714] netlink: 12 bytes leftover after parsing attributes in process `syz.0.367'.
[   78.395318][ T6714] netlink: 'syz.0.367': attribute type 1 has an invalid length.
[   78.399577][ T6714] netlink: 108 bytes leftover after parsing attributes in process `syz.0.367'.
[   78.406275][ T6714] lo speed is unknown, defaulting to 1000
[   78.412423][ T6714] lo speed is unknown, defaulting to 1000
[   78.417054][ T6714] lo speed is unknown, defaulting to 1000
[   78.424401][ T6714] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   78.437197][ T6714] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   78.466892][ T6714] lo speed is unknown, defaulting to 1000
[   78.484158][ T6714] lo speed is unknown, defaulting to 1000
[   78.505759][ T6714] lo speed is unknown, defaulting to 1000
[   78.697044][ T6719] netlink: 'syz.0.369': attribute type 9 has an invalid length.
[   78.710862][ T6719] netlink: 224 bytes leftover after parsing attributes in process `syz.0.369'.
[   79.728000][ T5852] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   79.733371][ T5852] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20000 - 0
[   79.739833][ T5852] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   79.750933][ T5852] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20000 - 0
[   79.760402][ T5852] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   79.767142][ T5852] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20000 - 0
[   79.776328][ T5852] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   79.783829][ T5852] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20000 - 0
[   79.817388][ T6755] syz0: rxe_newlink: already configured on lo
[   79.835548][ T6755] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   79.847899][   T51] lo speed is unknown, defaulting to 1000
[   80.163398][ T6785] syz_tun: entered allmulticast mode
[   80.167130][ T6783] syz_tun: left allmulticast mode
[   80.213034][ T6790] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   80.222144][ T6790] syzkaller0: entered promiscuous mode
[   80.224104][ T6790] syzkaller0: entered allmulticast mode
[   80.243309][ T6790] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   80.284782][ T6790] tipc: Resetting bearer <eth:syzkaller0>
[   80.291733][ T6788] tipc: Resetting bearer <eth:syzkaller0>
[   80.301865][ T6788] tipc: Disabling bearer <eth:syzkaller0>
[   80.940677][ T6837] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   80.984531][ T6837] tipc: Resetting bearer <eth:syzkaller0>
[   81.005718][ T6836] tipc: Resetting bearer <eth:syzkaller0>
[   81.732825][ T6836] tipc: Disabling bearer <eth:syzkaller0>
[   81.807030][ T6847] netlink: 'syz.2.417': attribute type 4 has an invalid length.
[   82.064982][ T6864] batadv_slave_0: entered promiscuous mode
[   82.069367][ T6864] __nla_validate_parse: 11 callbacks suppressed
[   82.069379][ T6864] netlink: 4 bytes leftover after parsing attributes in process `syz.2.425'.
[   82.075492][ T6864] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.097835][ T6864] batadv_slave_0 (unregistering): left promiscuous mode
[   82.100821][ T6864] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.191659][ T6868] netdevsim netdevsim2: Direct firmware load for .
[   82.191659][ T6868]  failed with error -2
[   82.196108][ T6868] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[   82.196108][ T6868] 
[   82.843563][ T6883] netlink: 176 bytes leftover after parsing attributes in process `syz.0.434'.
[   83.149536][ T6906] vti0: entered promiscuous mode
[   83.192395][ T6910] netlink: 'syz.1.446': attribute type 1 has an invalid length.
[   83.195075][ T6910] netlink: 244 bytes leftover after parsing attributes in process `syz.1.446'.
[   83.468896][ T6931] netlink: 'syz.2.455': attribute type 6 has an invalid length.
[   83.688167][ T6944] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   83.871544][ T6956] @: renamed from veth0_vlan
[   84.182839][ T6987] geneve2: entered promiscuous mode
[   84.302637][ T6995] bridge0: port 1(macsec0) entered blocking state
[   84.305717][ T6995] bridge0: port 1(macsec0) entered disabled state
[   84.312314][ T6995] macsec0: entered allmulticast mode
[   84.330145][ T6995] macsec0: entered promiscuous mode
[   84.494180][ T7011] netlink: 60 bytes leftover after parsing attributes in process `syz.2.493'.
[   84.498837][ T7010] netlink: 60 bytes leftover after parsing attributes in process `syz.2.493'.
[   84.524138][ T7013] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.494'.
[   84.688532][   T33] audit: type=1800 audit(1754443009.939:2): pid=7018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.495" name="memory.events" dev="tmpfs" ino=654 res=0 errno=0
[   84.703165][ T7021] netlink: 36 bytes leftover after parsing attributes in process `syz.0.497'.
[   84.807066][ T7025] netlink: 'syz.0.499': attribute type 8 has an invalid length.
[   84.909256][ T7027] lo speed is unknown, defaulting to 1000
[   84.959445][ T5852] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   85.019272][ T7027] lo speed is unknown, defaulting to 1000
[   85.387125][ T7045] lo speed is unknown, defaulting to 1000
[   85.434849][ T7047] syzkaller1: entered promiscuous mode
[   85.437319][ T7047] syzkaller1: entered allmulticast mode
[   85.556323][ T7045] lo speed is unknown, defaulting to 1000
[   85.841781][ T7052] netlink: 'syz.0.506': attribute type 1 has an invalid length.
[   85.845726][ T7052] netlink: 228 bytes leftover after parsing attributes in process `syz.0.506'.
[   86.182473][ T7066] netlink: 24 bytes leftover after parsing attributes in process `syz.2.512'.
[   86.267009][ T7066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.512'.
[   86.588152][   T10] cfg80211: failed to load regulatory.db
[   86.791612][ T7107] macsec1: entered promiscuous mode
[   86.793418][ T7107] dummy0: entered promiscuous mode
[   86.795313][ T7107] macsec1: entered allmulticast mode
[   86.797076][ T7107] dummy0: entered allmulticast mode
[   86.804852][ T7107] dummy0: left allmulticast mode
[   86.806977][ T7107] dummy0: left promiscuous mode
[   87.385028][ T7139] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.389147][ T7139] batman_adv: batadv0: Removing interface: batadv_slave_1
[   87.677826][ T7163] __nla_validate_parse: 3 callbacks suppressed
[   87.677836][ T7163] netlink: 204 bytes leftover after parsing attributes in process `syz.1.558'.
[   87.686251][ T7163] netlink: 16 bytes leftover after parsing attributes in process `syz.1.558'.
[   87.695045][ T7164] netlink: 28 bytes leftover after parsing attributes in process `syz.2.559'.
[   87.811951][ T7182] netlink: 'syz.1.568': attribute type 3 has an invalid length.
[   87.847457][ T7169] macvlan0: entered allmulticast mode
[   87.864798][ T7169] veth1_vlan: entered allmulticast mode
[   87.876991][ T7169] team0: Port device macvlan0 added
[   88.315340][ T7224] tipc: Enabling of bearer <dp:s> rejected, media not registered
[   88.691199][ T7248] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.593'.
[   88.763291][ T7256] macsec1: entered promiscuous mode
[   88.765250][ T7256] team0: entered promiscuous mode
[   88.884108][ T7270] netlink: 80 bytes leftover after parsing attributes in process `syz.1.604'.
[   88.887082][ T7270] netlink: 12 bytes leftover after parsing attributes in process `syz.1.604'.
[   88.891025][ T7270] netlink: 20 bytes leftover after parsing attributes in process `syz.1.604'.
[   89.028354][ T7271] netlink: 'syz.0.601': attribute type 16 has an invalid length.
[   89.031465][ T7271] netlink: 'syz.0.601': attribute type 17 has an invalid length.
[   89.047161][ T7271] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   89.409074][ T7291] netlink: zone id is out of range
[   89.412439][ T7291] netlink: zone id is out of range
[   89.414447][ T7291] netlink: zone id is out of range
[   89.416424][ T7291] netlink: zone id is out of range
[   89.418489][ T7291] netlink: zone id is out of range
[   89.420970][ T7291] netlink: zone id is out of range
[   89.423073][ T7291] netlink: zone id is out of range
[   89.425084][ T7291] netlink: zone id is out of range
[   89.427084][ T7291] netlink: zone id is out of range
[   89.971628][ T7318] batadv_slave_1: entered promiscuous mode
[   89.975730][ T7316] lo speed is unknown, defaulting to 1000
[   90.083665][ T7329] netlink: 20 bytes leftover after parsing attributes in process `syz.2.629'.
[   90.116696][  T970] lo speed is unknown, defaulting to 1000
[   90.120462][  T970] syz2: Port: 1 Link DOWN
[   90.391325][ T7316] lo speed is unknown, defaulting to 1000
[   90.796101][ T7368] netlink: 8 bytes leftover after parsing attributes in process `syz.1.644'.
[   91.204181][ T7397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.656'.
[   91.325087][ T7397] macsec0 (unregistering): left allmulticast mode
[   91.333804][ T7397] macsec0 (unregistering): left promiscuous mode
[   91.343777][ T7397] bridge0: port 1(macsec0) entered disabled state
[   92.157993][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.161664][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.305316][ T7423] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   92.315427][ T7423] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.433342][ T7423] ip6erspan0: left allmulticast mode
[   92.446178][ T7423] geneve2: left promiscuous mode
[   93.257081][ T7425] @: renamed from veth0_vlan
[   93.262752][ T5852] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.266946][ T5852] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.278011][ T5852] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.290744][ T5852] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.375829][ T7448] syzkaller1: entered promiscuous mode
[   93.378766][ T7448] syzkaller1: entered allmulticast mode
[   93.576686][ T7468] __nla_validate_parse: 3 callbacks suppressed
[   93.576695][ T7468] netlink: 20 bytes leftover after parsing attributes in process `syz.1.679'.
[   93.620890][ T7474] netlink: 16 bytes leftover after parsing attributes in process `syz.2.681'.
[   93.629299][ T7474] IPVS: Unknown mcast interface: batadv0
[   93.945832][ T7507] netlink: 8 bytes leftover after parsing attributes in process `syz.2.698'.
[   94.811132][ T7558] netlink: 12 bytes leftover after parsing attributes in process `syz.2.721'.
[   95.162818][ T7595] netlink: 60 bytes leftover after parsing attributes in process `syz.1.740'.
[   95.166015][ T7595] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'.
[   95.311575][ T5874] IPVS: starting estimator thread 0...
[   95.398510][ T7609] IPVS: using max 45 ests per chain, 108000 per kthread
[   95.443239][ T7623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.753'.
[   95.478502][ T7627] netlink: 'syz.0.755': attribute type 1 has an invalid length.
[   95.526468][ T7627] netlink: 'syz.0.755': attribute type 1 has an invalid length.
[   95.626380][ T7641] veth3: entered promiscuous mode
[   95.631834][ T7641] bond0: (slave veth3): Enslaving as an active interface with an up link
[   95.702774][ T7648] netlink: 28 bytes leftover after parsing attributes in process `syz.0.764'.
[   95.706314][ T7648] netlink: 28 bytes leftover after parsing attributes in process `syz.0.764'.
[   95.711627][ T7648] netlink: 28 bytes leftover after parsing attributes in process `syz.0.764'.
[   96.627261][ T7664] vxcan1 speed is unknown, defaulting to 1000
[   96.629791][ T7664] vxcan1 speed is unknown, defaulting to 1000
[   96.632705][ T7664] vxcan1 speed is unknown, defaulting to 1000
[   96.719619][ T7666] bond2: entered promiscuous mode
[   96.722697][ T7666] 8021q: adding VLAN 0 to HW filter on device bond2
[   96.782783][ T7664] infiniband syz2: set active
[   96.784506][ T7664] infiniband syz2: added vxcan1
[   96.789676][    T9] vxcan1 speed is unknown, defaulting to 1000
[   96.809189][ T7664] RDS/IB: syz2: added
[   96.811165][ T7664] smc: adding ib device syz2 with port count 1
[   96.813794][ T7664] smc:    ib device syz2 port 1 has pnetid 
[   96.817019][ T7664] vxcan1 speed is unknown, defaulting to 1000
[   96.848423][    T9] vxcan1 speed is unknown, defaulting to 1000
[   96.955382][ T7664] vxcan1 speed is unknown, defaulting to 1000
[   97.105259][ T7664] vxcan1 speed is unknown, defaulting to 1000
[   97.346654][ T7696] net_ratelimit: 94 callbacks suppressed
[   97.346663][ T7696] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   97.779711][ T7742] bond0: Unable to set down delay as MII monitoring is disabled
[   98.154049][ T7757] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   98.162568][ T7757] syzkaller0: entered promiscuous mode
[   98.172504][ T7757] syzkaller0: entered allmulticast mode
[   98.211530][ T7757] tipc: Resetting bearer <eth:syzkaller0>
[   98.226869][ T7754] tipc: Resetting bearer <eth:syzkaller0>
[   98.240731][ T7754] tipc: Disabling bearer <eth:syzkaller0>
[   98.352677][ T7772] pim6reg0: tun_chr_ioctl cmd 1074025677
[   98.354653][ T7772] pim6reg0: linktype set to 768
[   98.664874][ T7799] pim6reg1: entered promiscuous mode
[   98.667338][ T7799] pim6reg1: entered allmulticast mode
[   98.727203][ T7800] __nla_validate_parse: 4 callbacks suppressed
[   98.727212][ T7800] netlink: 32 bytes leftover after parsing attributes in process `syz.0.831'.
[   98.749113][ T7800] 8021q: adding VLAN 0 to HW filter on device bond3
[   98.752128][ T7800] team0: Port device bond3 added
[   99.315079][ T7809] netlink: 20 bytes leftover after parsing attributes in process `syz.1.834'.
[   99.393851][ T7813] sctp: [Deprecated]: syz.1.835 (pid 7813) Use of struct sctp_assoc_value in delayed_ack socket option.
[   99.393851][ T7813] Use struct sctp_sack_info instead
[   99.642416][ T7833] netlink: 336 bytes leftover after parsing attributes in process `syz.2.845'.
[   99.741768][ T7843] netlink: 'syz.0.849': attribute type 1 has an invalid length.
[  100.089964][ T7866] netlink: 128 bytes leftover after parsing attributes in process `syz.0.859'.
[  100.244454][ T7879] openvswitch: netlink: IP tunnel TTL not specified.
[  100.820676][ T7865] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  100.868944][ T7891] netlink: 256 bytes leftover after parsing attributes in process `syz.0.870'.
[  101.565303][ T7944] dummy0: mtu less than device minimum
[  101.751451][ T7964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.903'.
[  101.910573][ T7968] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  101.932193][ T7968] syzkaller0: entered promiscuous mode
[  101.934169][ T7968] syzkaller0: entered allmulticast mode
[  101.936592][ T7968] tipc: Resetting bearer <eth:syzkaller0>
[  101.945957][ T7967] tipc: Resetting bearer <eth:syzkaller0>
[  102.741210][ T7981] netlink: 24 bytes leftover after parsing attributes in process `syz.1.911'.
[  102.761145][ T7967] tipc: Disabling bearer <eth:syzkaller0>
[  102.765672][ T7983] netlink: 'syz.1.912': attribute type 1 has an invalid length.
[  102.853219][ T7991] netlink: 'syz.1.916': attribute type 1 has an invalid length.
[  102.861547][ T7991] netlink: 224 bytes leftover after parsing attributes in process `syz.1.916'.
[  102.867827][ T7989] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  102.873638][ T7989] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  102.909134][ T7993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'.
[  102.913288][ T7993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'.
[  102.990792][ T8000] vlan3: entered promiscuous mode
[  102.993125][ T8000] bond0: entered promiscuous mode
[  102.995452][ T8000] bond_slave_0: entered promiscuous mode
[  102.999215][ T8000] bond_slave_1: entered promiscuous mode
[  103.002348][ T8000] vlan3: entered allmulticast mode
[  103.005239][ T8000] bond0: entered allmulticast mode
[  103.007667][ T8000] bond_slave_0: entered allmulticast mode
[  103.010417][ T8000] bond_slave_1: entered allmulticast mode
[  104.743217][ T8073] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  105.013742][ T8089] netlink: 'syz.1.960': attribute type 16 has an invalid length.
[  105.016973][ T8089] netlink: 'syz.1.960': attribute type 17 has an invalid length.
[  105.059331][ T8089] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.063532][ T8089] 8021q: adding VLAN 0 to HW filter on device team0
[  105.073533][ T8089] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  105.771719][ T8096] __nla_validate_parse: 7 callbacks suppressed
[  105.771728][ T8096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.963'.
[  105.850824][ T8097] A link change request failed with some changes committed already. Interface team_slave_1 may have been left with an inconsistent configuration, please check.
[  106.116929][ T8117] netlink: 'syz.1.973': attribute type 6 has an invalid length.
[  106.381805][ T8150] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  106.426272][ T8157] ieee802154 phy0 wpan0: encryption failed: -90
[  106.491532][ T8155] batman_adv: batadv0: Adding interface: ip6gretap1
[  106.499045][ T8155] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.509397][ T8155] batman_adv: batadv0: Interface activated: ip6gretap1
[  106.514977][ T8164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.993'.
[  106.518787][ T8164] netlink: 2 bytes leftover after parsing attributes in process `syz.1.993'.
[  106.661860][ T8174] dummy0: entered promiscuous mode
[  106.663968][ T8174] dummy0: entered allmulticast mode
[  106.906793][ T8191] vti1: entered promiscuous mode
[  106.911478][ T8191] vti1: entered allmulticast mode
[  107.824523][ T8218] wireguard0: entered promiscuous mode
[  107.826433][ T8218] wireguard0: entered allmulticast mode
[  107.834729][ T8224] netlink: 'syz.2.1017': attribute type 9 has an invalid length.
[  107.838102][ T8224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1017'.
[  107.870450][ T8224] hsr0: entered promiscuous mode
[  107.873201][ T8224] macvlan2: entered promiscuous mode
[  107.875787][ T8224] macvlan2: entered allmulticast mode
[  107.883476][ T8224] hsr0: entered allmulticast mode
[  107.885680][ T8224] hsr_slave_0: entered allmulticast mode
[  107.888085][ T8224] hsr_slave_1: entered allmulticast mode
[  107.919597][   T10] IPVS: starting estimator thread 0...
[  108.022365][ T8228] IPVS: using max 79 ests per chain, 189600 per kthread
[  108.130024][ T8243] netlink: 'syz.1.1025': attribute type 4 has an invalid length.
[  108.133540][ T8243] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1025'.
[  108.139022][ T8243] : renamed from bond0 (while UP)
[  108.287268][ T8236] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1021'.
[  108.336608][ T8236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1021'.
[  108.532017][ T8257] netlink: 'syz.0.1028': attribute type 10 has an invalid length.
[  108.536276][ T8257] batman_adv: batadv0: Adding interface: team0
[  108.541980][ T8257] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.552311][ T8257] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  108.559404][ T8257] netlink: 'syz.0.1028': attribute type 10 has an invalid length.
[  108.562596][ T8257] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1028'.
[  108.566078][ T8257] team0: entered promiscuous mode
[  108.577944][ T8257] team_slave_0: entered promiscuous mode
[  108.581249][ T8257] team_slave_1: entered promiscuous mode
[  108.586261][ T8257] bond3: entered promiscuous mode
[  108.589649][ T8257] 8021q: adding VLAN 0 to HW filter on device team0
[  108.592612][ T8257] batman_adv: batadv0: Interface activated: team0
[  108.595446][ T8257] batman_adv: batadv0: Interface deactivated: team0
[  108.598412][ T8257] batman_adv: batadv0: Removing interface: team0
[  108.601983][ T8257] bridge0: port 3(team0) entered blocking state
[  108.605843][ T8257] bridge0: port 3(team0) entered disabled state
[  108.608905][ T8257] team0: entered allmulticast mode
[  108.610965][ T8257] team_slave_0: entered allmulticast mode
[  108.612947][ T8257] team_slave_1: entered allmulticast mode
[  108.614933][ T8257] bond3: entered allmulticast mode
[  108.802109][ T8280] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1039'.
[  108.850460][ T8283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1040'.
[  108.853742][    C0] vcan0: j1939_session_tx_dat: 0xffff88803c2b5800: queue data error: -100
[  109.138014][ T8287] syzkaller0: entered promiscuous mode
[  109.140199][ T8287] syzkaller0: entered allmulticast mode
[  110.024424][ T8297] lo speed is unknown, defaulting to 1000
[  110.255613][ T8297] vxcan1 speed is unknown, defaulting to 1000
[  110.823183][ T8341] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  110.831656][ T8338] bridge0: entered promiscuous mode
[  110.840581][ T8341] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  111.749453][ T8368] netlink: 'syz.1.1077': attribute type 3 has an invalid length.
[  111.864627][ T8372] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[  111.899109][ T8372] tipc: Resetting bearer <eth:syzkaller0>
[  111.927868][ T8371] tipc: Resetting bearer <eth:syzkaller0>
[  112.680595][ T8371] tipc: Disabling bearer <eth:syzkaller0>
[  112.686076][ T8390] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  112.857708][ T8409] __nla_validate_parse: 1 callbacks suppressed
[  112.857720][ T8409] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1096'.
[  112.932486][ T8415] syz.2.1099 uses old SIOCAX25GETINFO
[  112.989776][ T8420] tap0: tun_chr_ioctl cmd 1074812118
[  113.119779][ T8434] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1108'.
[  113.277293][ T8447] syzkaller0: entered promiscuous mode
[  113.280591][ T8447] syzkaller0: entered allmulticast mode
[  113.450024][ T8464] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode
[  113.458067][ T8464] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode
[  113.915169][ T8510] netlink: 'syz.1.1140': attribute type 1 has an invalid length.
[  114.056903][ T8522] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1146'.
[  114.133091][ T8531] syzkaller1: entered promiscuous mode
[  114.134963][ T8531] syzkaller1: entered allmulticast mode
[  114.256964][ T8543] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1156'.
[  114.266266][ T8543] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  114.270994][ T8543] syzkaller0: entered promiscuous mode
[  114.273232][ T8543] syzkaller0: entered allmulticast mode
[  114.281465][ T8542] tipc: Resetting bearer <eth:syzkaller0>
[  114.291786][ T8542] tipc: Disabling bearer <eth:syzkaller0>
[  115.605660][ T8587] sctp: [Deprecated]: syz.2.1176 (pid 8587) Use of struct sctp_assoc_value in delayed_ack socket option.
[  115.605660][ T8587] Use struct sctp_sack_info instead
[  115.609628][ T8588] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1175'.
[  115.763342][ T8604] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1183'.
[  115.766516][ T8604] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1183'.
[  115.772077][ T8604] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  115.782013][ T8607] netlink: 'syz.2.1182': attribute type 11 has an invalid length.
[  115.784969][ T8607] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1182'.
[  115.945464][ T8625] netlink: ct family unspecified
[  115.947229][ T8625] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  116.094005][ T8642] netlink: 788 bytes leftover after parsing attributes in process `syz.2.1196'.
[  116.503324][ T8668] lo speed is unknown, defaulting to 1000
[  116.580451][ T8668] vxcan1 speed is unknown, defaulting to 1000
[  116.938609][ T8673] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1203'.
[  117.067172][ T8679] syzkaller1: entered promiscuous mode
[  117.069953][ T8679] syzkaller1: entered allmulticast mode
[  117.233378][ T8684] lo speed is unknown, defaulting to 1000
[  117.481588][ T8694] ==================================================================
[  117.485108][ T8694] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  117.488436][ T8694] Read of size 4 at addr ffff88803c9b80c4 by task syz.1.1212/8694
[  117.492516][ T8694] 
[  117.493623][ T8694] CPU: 1 UID: 0 PID: 8694 Comm: syz.1.1212 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[  117.493639][ T8694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  117.493646][ T8694] Call Trace:
[  117.493654][ T8694]  <TASK>
[  117.493659][ T8694]  dump_stack_lvl+0x189/0x250
[  117.493677][ T8694]  ? __kasan_check_byte+0x12/0x40
[  117.493700][ T8694]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.493713][ T8694]  ? lock_release+0x4b/0x3e0
[  117.493733][ T8694]  ? __virt_addr_valid+0x4a5/0x5c0
[  117.493750][ T8694]  print_report+0xca/0x240
[  117.493766][ T8694]  ? xfrm_alloc_spi+0x570/0xf30
[  117.493781][ T8694]  kasan_report+0x118/0x150
[  117.493801][ T8694]  ? xfrm_alloc_spi+0x570/0xf30
[  117.493816][ T8694]  xfrm_alloc_spi+0x570/0xf30
[  117.493828][ T8694]  ? xfrm_alloc_spi+0x2a0/0xf30
[  117.493845][ T8694]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  117.493857][ T8694]  ? xfrm_find_acq+0x87/0xa0
[  117.493870][ T8694]  xfrm_alloc_userspi+0x70b/0xc90
[  117.493885][ T8694]  ? __pfx_aa_get_newest_label+0x10/0x10
[  117.493906][ T8694]  ? apparmor_capable+0x137/0x1b0
[  117.493918][ T8694]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  117.493934][ T8694]  ? __nla_parse+0x40/0x60
[  117.493949][ T8694]  xfrm_user_rcv_msg+0x7a3/0xab0
[  117.493965][ T8694]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  117.493987][ T8694]  ? __pfx___mutex_trylock_common+0x10/0x10
[  117.494001][ T8694]  ? rcu_is_watching+0x15/0xb0
[  117.494019][ T8694]  ? trace_contention_end+0x39/0x120
[  117.494032][ T8694]  ? __mutex_lock+0x335/0x1340
[  117.494052][ T8694]  netlink_rcv_skb+0x208/0x470
[  117.494071][ T8694]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  117.494084][ T8694]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  117.494105][ T8694]  ? netlink_deliver_tap+0x2e/0x1b0
[  117.494122][ T8694]  ? netlink_deliver_tap+0x2e/0x1b0
[  117.494138][ T8694]  xfrm_netlink_rcv+0x79/0x90
[  117.494177][ T8694]  netlink_unicast+0x82f/0x9e0
[  117.494196][ T8694]  ? __pfx_netlink_unicast+0x10/0x10
[  117.494213][ T8694]  ? netlink_sendmsg+0x642/0xb30
[  117.494244][ T8694]  ? skb_put+0x11b/0x210
[  117.494259][ T8694]  netlink_sendmsg+0x805/0xb30
[  117.494280][ T8694]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.494301][ T8694]  ? aa_sock_msg_perm+0x94/0x160
[  117.494320][ T8694]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  117.494335][ T8694]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.494353][ T8694]  __sock_sendmsg+0x21c/0x270
[  117.494371][ T8694]  ____sys_sendmsg+0x505/0x830
[  117.494385][ T8694]  ? __pfx_____sys_sendmsg+0x10/0x10
[  117.494398][ T8694]  ? import_iovec+0x74/0xa0
[  117.494415][ T8694]  ___sys_sendmsg+0x21f/0x2a0
[  117.494428][ T8694]  ? __pfx____sys_sendmsg+0x10/0x10
[  117.494455][ T8694]  ? __fget_files+0x2a/0x420
[  117.494468][ T8694]  ? __fget_files+0x3a0/0x420
[  117.494480][ T8694]  __x64_sys_sendmsg+0x19b/0x260
[  117.494493][ T8694]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  117.494508][ T8694]  ? rcu_is_watching+0x15/0xb0
[  117.494527][ T8694]  ? do_syscall_64+0xbe/0x3b0
[  117.494545][ T8694]  do_syscall_64+0xfa/0x3b0
[  117.494560][ T8694]  ? lockdep_hardirqs_on+0x9c/0x150
[  117.494577][ T8694]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.494590][ T8694]  ? exc_page_fault+0x9f/0xf0
[  117.494606][ T8694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.494619][ T8694] RIP: 0033:0x7f965918ebe9
[  117.494630][ T8694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.494641][ T8694] RSP: 002b:00007f9659f41038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.494655][ T8694] RAX: ffffffffffffffda RBX: 00007f96593b5fa0 RCX: 00007f965918ebe9
[  117.494664][ T8694] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  117.494671][ T8694] RBP: 00007f9659211e19 R08: 0000000000000000 R09: 0000000000000000
[  117.494680][ T8694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  117.494687][ T8694] R13: 00007f96593b6038 R14: 00007f96593b5fa0 R15: 00007ffd3afc4868
[  117.494699][ T8694]  </TASK>
[  117.494703][ T8694] 
[  117.506942][ T8684] vxcan1 speed is unknown, defaulting to 1000
[  117.508975][ T8694] Allocated by task 7105:
[  117.508986][ T8694]  kasan_save_track+0x3e/0x80
[  117.509006][ T8694]  __kasan_slab_alloc+0x6c/0x80
[  117.509022][ T8694]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  117.509043][ T8694]  xfrm_state_alloc+0x24/0x2f0
[  117.509062][ T8694]  __find_acq_core+0x8a7/0x1c00
[  117.674768][ T8694]  xfrm_find_acq+0x78/0xa0
[  117.676706][ T8694]  xfrm_alloc_userspi+0x6b3/0xc90
[  117.678740][ T8694]  xfrm_user_rcv_msg+0x7a3/0xab0
[  117.680846][ T8694]  netlink_rcv_skb+0x208/0x470
[  117.682926][ T8694]  xfrm_netlink_rcv+0x79/0x90
[  117.684954][ T8694]  netlink_unicast+0x82f/0x9e0
[  117.687031][ T8694]  netlink_sendmsg+0x805/0xb30
[  117.689115][ T8694]  __sock_sendmsg+0x21c/0x270
[  117.691170][ T8694]  ____sys_sendmsg+0x505/0x830
[  117.693249][ T8694]  ___sys_sendmsg+0x21f/0x2a0
[  117.695267][ T8694]  __x64_sys_sendmsg+0x19b/0x260
[  117.697400][ T8694]  do_syscall_64+0xfa/0x3b0
[  117.699392][ T8694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.701850][ T8694] 
[  117.702856][ T8694] Freed by task 9:
[  117.704492][ T8694]  kasan_save_track+0x3e/0x80
[  117.706527][ T8694]  kasan_save_free_info+0x46/0x50
[  117.708712][ T8694]  __kasan_slab_free+0x62/0x70
[  117.710789][ T8694]  kmem_cache_free+0x18f/0x400
[  117.712865][ T8694]  xfrm_state_gc_task+0x518/0x6a0
[  117.715055][ T8694]  process_scheduled_works+0xae1/0x17b0
[  117.717467][ T8694]  worker_thread+0x8a0/0xda0
[  117.719480][ T8694]  kthread+0x711/0x8a0
[  117.721254][ T8694]  ret_from_fork+0x3fc/0x770
[  117.723237][ T8694]  ret_from_fork_asm+0x1a/0x30
[  117.725291][ T8694] 
[  117.726348][ T8694] The buggy address belongs to the object at ffff88803c9b8000
[  117.726348][ T8694]  which belongs to the cache xfrm_state of size 928
[  117.732180][ T8694] The buggy address is located 196 bytes inside of
[  117.732180][ T8694]  freed 928-byte region [ffff88803c9b8000, ffff88803c9b83a0)
[  117.737958][ T8694] 
[  117.739027][ T8694] The buggy address belongs to the physical page:
[  117.741783][ T8694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3c9b8
[  117.745488][ T8694] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  117.749084][ T8694] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  117.752328][ T8694] page_type: f5(slab)
[  117.754055][ T8694] raw: 00fff00000000040 ffff888104b30c80 dead000000000122 0000000000000000
[  117.757699][ T8694] raw: 0000000000000000 00000000800e000e 00000000f5000000 0000000000000000
[  117.761404][ T8694] head: 00fff00000000040 ffff888104b30c80 dead000000000122 0000000000000000
[  117.765074][ T8694] head: 0000000000000000 00000000800e000e 00000000f5000000 0000000000000000
[  117.768803][ T8694] head: 00fff00000000002 ffffea0000f26e01 00000000ffffffff 00000000ffffffff
[  117.772471][ T8694] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  117.776014][ T8694] page dumped because: kasan: bad access detected
[  117.778700][ T8694] page_owner tracks the page as allocated
[  117.781133][ T8694] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7105, tgid 7104 (syz.1.530), ts 86747532171, free_ts 86638639684
[  117.789096][ T8694]  post_alloc_hook+0x240/0x2a0
[  117.791202][ T8694]  get_page_from_freelist+0x21e4/0x22c0
[  117.793589][ T8694]  __alloc_frozen_pages_noprof+0x181/0x370
[  117.796094][ T8694]  alloc_pages_mpol+0x232/0x4a0
[  117.798250][ T8694]  allocate_slab+0x8a/0x3b0
[  117.800221][ T8694]  ___slab_alloc+0xbfc/0x1480
[  117.802225][ T8694]  kmem_cache_alloc_noprof+0x283/0x3c0
[  117.804573][ T8694]  xfrm_state_alloc+0x24/0x2f0
[  117.806648][ T8694]  __find_acq_core+0x8a7/0x1c00
[  117.808754][ T8694]  xfrm_find_acq+0x78/0xa0
[  117.810688][ T8694]  xfrm_alloc_userspi+0x6b3/0xc90
[  117.812849][ T8694]  xfrm_user_rcv_msg+0x7a3/0xab0
[  117.814939][ T8694]  netlink_rcv_skb+0x208/0x470
[  117.817022][ T8694]  xfrm_netlink_rcv+0x79/0x90
[  117.819062][ T8694]  netlink_unicast+0x82f/0x9e0
[  117.821166][ T8694]  netlink_sendmsg+0x805/0xb30
[  117.823258][ T8694] page last free pid 5853 tgid 5853 stack trace:
[  117.825954][ T8694]  __free_frozen_pages+0xc71/0xe70
[  117.828157][ T8694]  __folio_put+0x21b/0x2c0
[  117.830086][ T8694]  free_large_kmalloc+0x145/0x200
[  117.832281][ T8694]  ops_undo_list+0x856/0x990
[  117.834287][ T8694]  cleanup_net+0x4c5/0x800
[  117.836222][ T8694]  process_scheduled_works+0xae1/0x17b0
[  117.838621][ T8694]  worker_thread+0x8a0/0xda0
[  117.840625][ T8694]  kthread+0x711/0x8a0
[  117.842387][ T8694]  ret_from_fork+0x3fc/0x770
[  117.844452][ T8694]  ret_from_fork_asm+0x1a/0x30
[  117.846525][ T8694] 
[  117.847570][ T8694] Memory state around the buggy address:
[  117.849984][ T8694]  ffff88803c9b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.853395][ T8694]  ffff88803c9b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  117.856818][ T8694] >ffff88803c9b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  117.860255][ T8694]                                            ^
[  117.862877][ T8694]  ffff88803c9b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  117.866290][ T8694]  ffff88803c9b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  117.869643][ T8694] ==================================================================
[  117.873425][ T8694] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  117.876518][ T8694] CPU: 1 UID: 0 PID: 8694 Comm: syz.1.1212 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[  117.881472][ T8694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  117.885660][ T8694] Call Trace:
[  117.887114][ T8694]  <TASK>
[  117.888383][ T8694]  dump_stack_lvl+0x99/0x250
[  117.890289][ T8694]  ? __asan_memcpy+0x40/0x70
[  117.892163][ T8694]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.894255][ T8694]  ? __pfx__printk+0x10/0x10
[  117.896269][ T8694]  panic+0x2db/0x790
[  117.897964][ T8694]  ? __pfx_panic+0x10/0x10
[  117.899944][ T8694]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  117.902530][ T8694]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  117.905069][ T8694]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  117.907823][ T8694]  ? print_memory_metadata+0x314/0x400
[  117.910204][ T8694]  ? xfrm_alloc_spi+0x570/0xf30
[  117.912252][ T8694]  check_panic_on_warn+0x89/0xb0
[  117.914388][ T8694]  ? xfrm_alloc_spi+0x570/0xf30
[  117.916493][ T8694]  end_report+0x78/0x160
[  117.918384][ T8694]  kasan_report+0x129/0x150
[  117.920378][ T8694]  ? xfrm_alloc_spi+0x570/0xf30
[  117.922511][ T8694]  xfrm_alloc_spi+0x570/0xf30
[  117.924527][ T8694]  ? xfrm_alloc_spi+0x2a0/0xf30
[  117.926694][ T8694]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  117.928927][ T8694]  ? xfrm_find_acq+0x87/0xa0
[  117.930929][ T8694]  xfrm_alloc_userspi+0x70b/0xc90
[  117.933112][ T8694]  ? __pfx_aa_get_newest_label+0x10/0x10
[  117.935535][ T8694]  ? apparmor_capable+0x137/0x1b0
[  117.937676][ T8694]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  117.940079][ T8694]  ? __nla_parse+0x40/0x60
[  117.942019][ T8694]  xfrm_user_rcv_msg+0x7a3/0xab0
[  117.944199][ T8694]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  117.946524][ T8694]  ? __pfx___mutex_trylock_common+0x10/0x10
[  117.948963][ T8694]  ? rcu_is_watching+0x15/0xb0
[  117.951012][ T8694]  ? trace_contention_end+0x39/0x120
[  117.953319][ T8694]  ? __mutex_lock+0x335/0x1340
[  117.955428][ T8694]  netlink_rcv_skb+0x208/0x470
[  117.957512][ T8694]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  117.959881][ T8694]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  117.962185][ T8694]  ? netlink_deliver_tap+0x2e/0x1b0
[  117.964452][ T8694]  ? netlink_deliver_tap+0x2e/0x1b0
[  117.966685][ T8694]  xfrm_netlink_rcv+0x79/0x90
[  117.968750][ T8694]  netlink_unicast+0x82f/0x9e0
[  117.970838][ T8694]  ? __pfx_netlink_unicast+0x10/0x10
[  117.973115][ T8694]  ? netlink_sendmsg+0x642/0xb30
[  117.975256][ T8694]  ? skb_put+0x11b/0x210
[  117.977088][ T8694]  netlink_sendmsg+0x805/0xb30
[  117.979202][ T8694]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.981461][ T8694]  ? aa_sock_msg_perm+0x94/0x160
[  117.983574][ T8694]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  117.985838][ T8694]  ? __pfx_netlink_sendmsg+0x10/0x10
[  117.988126][ T8694]  __sock_sendmsg+0x21c/0x270
[  117.990201][ T8694]  ____sys_sendmsg+0x505/0x830
[  117.992264][ T8694]  ? __pfx_____sys_sendmsg+0x10/0x10
[  117.994537][ T8694]  ? import_iovec+0x74/0xa0
[  117.996444][ T8694]  ___sys_sendmsg+0x21f/0x2a0
[  117.998506][ T8694]  ? __pfx____sys_sendmsg+0x10/0x10
[  118.000763][ T8694]  ? __fget_files+0x2a/0x420
[  118.002764][ T8694]  ? __fget_files+0x3a0/0x420
[  118.004816][ T8694]  __x64_sys_sendmsg+0x19b/0x260
[  118.006946][ T8694]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  118.009325][ T8694]  ? rcu_is_watching+0x15/0xb0
[  118.011397][ T8694]  ? do_syscall_64+0xbe/0x3b0
[  118.013445][ T8694]  do_syscall_64+0xfa/0x3b0
[  118.015318][ T8694]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.017556][ T8694]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.020201][ T8694]  ? exc_page_fault+0x9f/0xf0
[  118.022254][ T8694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.024784][ T8694] RIP: 0033:0x7f965918ebe9
[  118.026691][ T8694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.034851][ T8694] RSP: 002b:00007f9659f41038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.038456][ T8694] RAX: ffffffffffffffda RBX: 00007f96593b5fa0 RCX: 00007f965918ebe9
[  118.041807][ T8694] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  118.045200][ T8694] RBP: 00007f9659211e19 R08: 0000000000000000 R09: 0000000000000000
[  118.048549][ T8694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.051883][ T8694] R13: 00007f96593b6038 R14: 00007f96593b5fa0 R15: 00007ffd3afc4868
[  118.055268][ T8694]  </TASK>
[  118.057422][ T8694] Kernel Offset: disabled
[  118.059298][ T8694] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:17:22  Registers:
info registers vcpu 0

CPU#0
RAX=c7d76594ccaed200 RBX=ffff88802d2642a0 RCX=c7d76594ccaed200 RDX=0000000000000000
RSI=ffffffff81a7f5d4 RDI=ffffffff8e13c600 RBP=ffffc90000007e30 RSP=ffffc90000007b78
R8 =ffffffff8fa07bf7 R9 =1ffffffff1f40f7e R10=dffffc0000000000 R11=fffffbfff1f40f7f
R12=ffffffff823a47a0 R13=ffffffff81a7f5d4 R14=1ffff11005a4c855 R15=ffff88802d2642a8
RIP=ffffffff819d8122 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555aa42500 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000440 CR3=0000000046c6a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff81cea0ed ffffffff81688e7f
XMM02=6dd748902899c077 ffffffff81688e7f XMM03=5195bec2a163efc4 ff5ccbd0ddbe2f6a
XMM04=ffffffff894e006d ffffffff894dfdab XMM05=ffffffff894dfcd8 ffffffff823be104
XMM06=ffffffff823bdf9d ffffffff823bd63c XMM07=ffffffff823bd5b4 ffffffff823bd2f2
XMM08=0000000000000000 00007fbd6e612ee7 XMM09=0000000000000000 00007fbd6e612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000062 RBX=0000000000000062 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000110c RDI=000000000000110d RBP=00000000000003f8 RSP=ffffc9000336e9f0
R8 =ffff8880216b8237 R9 =1ffff110042d7046 R10=dffffc0000000000 R11=ffffffff854c1d90
R12=dffffc0000000000 R13=ffffffff99a95920 R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1e0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9659f416c0 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9659f40fc8 CR3=00000000290e4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f9659387498 00007f9659387470 XMM03=00007f96593874a8 00007f96593874a0
XMM04=00007f9659eed100 00007f9659387460 XMM05=00007f9659387478 00007f96593874c0
XMM06=00007f96593874b8 00007f96593874b0 XMM07=00007f96593874a8 00007f96593874a0
XMM08=0000000000000000 00007f9659212ee7 XMM09=0000000000000000 00007f9659212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
