last executing test programs:

1.279801476s ago: executing program 2 (id=179):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002180))
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', <r2=>0x0})
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
sendmsg$inet(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x4044051)

1.21047277s ago: executing program 2 (id=181):
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e21, @remote}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000000)={r2, 0xa2a3, 0x3, "9f408e"}, 0xb)
socket$inet(0x2, 0x2, 0x0) (async)
r3 = socket$inet(0x2, 0x2, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x2000040, 0x0, 0x0)
listen(0xffffffffffffffff, 0x2d0634a4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
r5 = socket$inet(0x2, 0x4, 0x10)
setsockopt$MRT_DEL_VIF(r5, 0x0, 0xcb, &(0x7f0000000080)={0x0, 0x4, 0x6, 0x1, @vifc_lcl_addr=@multicast2, @remote}, 0x10)
close(r4)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e24, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, 0x804}, 0x1c) (async)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e24, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, 0x804}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001340)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001340))
socket$qrtr(0x2a, 0x2, 0x0) (async)
socket$qrtr(0x2a, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x40082, 0x0) (async)
r7 = openat$ppp(0xffffffffffffff9c, 0x0, 0x40082, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) (async)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffffffffff2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000b00)=ANY=[@ANYBLOB="b4080000000000007311980000000000851d000002000000b7000000000000009500c2000000000095000012000000005a169d9707fddf2237095c0bc8a04f69e4cb085f799f0391761c9448dfebf65eabe0ad962ff54d42c8eebc33c5ec075ce6c739961931388961b82ab748bb76713aff34ab27f9481f2546b0e30272e24a5009e90415da0dbad2224be8b14ca3a70e522866dc24e685a0cb9dcd967a582f96bcc0980ceadd4f6c91530c49d0c49e14533b000075675be357cfac8f27fd2513e14fcbdc882b79d56d66b59d69b05227415fbd38cd2e5a53befd83c0d7fbdaca4b51ebf7e28efe68cd2cee20d1e52ea477d008974627b7ac55663bcf3cb1229a"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x70)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r10 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r8, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd09032800050030000000600000000028290081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef) (async)
write$tun(r8, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd09032800050030000000600000000028290081e949b93897bc3b0000000000007d01ff020000000000000000000000000001"], 0xfdef)
pwritev(r7, &(0x7f0000000040)=[{&(0x7f0000000300)="80fdc7000040", 0x6}], 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8b26, &(0x7f0000000200)={'batadv_slave_1\x00', @local}) (async)
ioctl$SIOCSIFHWADDR(r4, 0x8b26, &(0x7f0000000200)={'batadv_slave_1\x00', @local})

1.020710487s ago: executing program 2 (id=184):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000611224000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES16=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

959.638657ms ago: executing program 2 (id=185):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000fcdbdf2503000000400001802c0004001400010002000000ac141449000000000000000014000200020000000000000000000000000000000d0001007564703a73797a3200000000"], 0x54}}, 0x0)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r4, 0x89e3, &(0x7f0000000000)={0x6, 0x0, 0x8, 0x4, 0x40})
sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x60, r3, 0x4c1dad3e3d6a7499, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x2, @local, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000080}, 0x2400c000)
sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r3, 0x200, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4840}, 0x810)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff})
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$BTRFS_IOC_SCRUB(r4, 0xc400941b, &(0x7f0000001100)={0x0, 0x7})
splice(r5, 0x0, r6, 0x0, 0x80, 0x6)
write(r6, &(0x7f0000003300)="ac", 0x1)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000010c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000000700000024000180060005004e2300000600010002000000080003"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f000068d000/0x2000)=nil, 0x2000, 0x8, 0x22051, r9, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x50, r9, 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x9, 0x5, 0x2, 0x7, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r11}, 0x38)
r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r13=>r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r14 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x4}, 0x50)
r15 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYRESHEX=r6, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESHEX=r1, @ANYRESOCT=r13, @ANYRES16=r12], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r15, &(0x7f0000000080)="8a", &(0x7f0000000000)=""/6, 0x2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1b, 0x4, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f0000000280)='GPL\x00', 0x552, 0xb1, &(0x7f00000002c0)=""/177, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, r6, 0x8, &(0x7f0000000380)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000400)={0x2, 0x0, 0x4, 0x3}, 0x10, 0xffffffffffffffff, r9, 0x6, &(0x7f0000000540)=[r10, r11, 0x1, 0xffffffffffffffff, r14, r15], &(0x7f0000000580)=[{0x2, 0x2, 0x6, 0x9}, {0x1, 0x5, 0x0, 0x8}, {0x3, 0x1, 0x4, 0xb}, {0x3, 0x3, 0x7, 0x6}, {0x5, 0x4, 0xd, 0x5}, {0x2, 0x4, 0x7, 0xd}], 0x10, 0x7}, 0x94)

870.257442ms ago: executing program 2 (id=187):
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000300)=0x8)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000700)={0xa1, 0x1, 0x10000, 0x8000, 0x8, 0xa25, 0x1ff, 0x1ff, r3}, &(0x7f0000000740)=0x20)
setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x30fea7, 0xa)
sendto$inet(r1, &(0x7f0000000000)="63174001fb077c7d9c63bce6c1c484c44feb2978a2a5c42a44bf89", 0x1b, 0x4000, &(0x7f0000000040)={0x2, 0x4e24, @multicast1}, 0x10)

390.354026ms ago: executing program 0 (id=193):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000080)={<r3=>r2, 0x6, 0x0, 0xfffffffffffffff7})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
getsockopt$sock_int(r3, 0x1, 0x3d, &(0x7f0000000140), &(0x7f0000000180)=0x4)
ioctl$sock_proto_private(r4, 0x891f, &(0x7f0000000000))
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000100)={0x20, 0x1402, 0x1, 0x70bd29, 0x25dfdbfc, "", [@RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r3}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r3}]}, 0x20}, 0x1, 0x0, 0x0, 0x20046889}, 0x40)
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r2}, 0x8)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x2c, r1, 0x6a98047402e98331, 0x0, 0xffffffff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8040}, 0x4886)

329.20065ms ago: executing program 0 (id=194):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x18, &(0x7f0000000000), 0x4)
r2 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r2, 0x107, 0xb, 0x0, &(0x7f0000000300))
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000f40)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r1, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x1c, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000)

261.214283ms ago: executing program 0 (id=197):
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0) (async)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x800, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) (async)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2040, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2040, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'veth1_macvtap\x00', &(0x7f0000000080)=@ethtool_gfeatures})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f00005b0000/0x2000)=nil, 0x2000, 0x200000a, 0x100010, r2, 0x2bcdd000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x5d}, 0x94)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r1)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x41100, 0x21, '\x00', 0x0, 0x0, r2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000914000/0x2000)=nil, 0x2000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x40000000) (async)
mmap(&(0x7f0000914000/0x2000)=nil, 0x2000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x40000000)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x4, &(0x7f0000000300)=0x9143, 0x4) (async)
setsockopt$sock_int(r3, 0x1, 0x4, &(0x7f0000000300)=0x9143, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) (async)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4)
connect$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10) (async)
connect$inet(r3, &(0x7f00000006c0)={0x2, 0x0, @dev}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000180)=0x2, 0x4)
sendmmsg$inet(r3, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001ec0)="8d", 0x1}], 0x1}}], 0x1, 0x4008440)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
bpf$ITER_CREATE(0xb, 0x0, 0x0) (async)
r4 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
close(r4) (async)
close(r4)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)

198.206742ms ago: executing program 0 (id=199):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000611224000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e008000000008ff", @ANYRES16=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

197.976808ms ago: executing program 1 (id=200):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='b'], 0x47)
syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a37f200142c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa3b000003", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000780000c6091ee60e459b91ce74e42db323105ce6619e78ac0df0f77ff65e894c61d644d8e8eba02aef0276e0ccc5f0404f00749374d76a7d4bc2b2676d023892a097e1069afecb0af339b9c1910e4d86d9ae8565c1a99fbc6609f49c466d301b9ab0a94f1164e7002316c5e966c184"], 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000000c0)={'ip_vti0\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x8}})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x3, 0x804, 0x4, 0x6, 0x19829, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @value=r1, @void, @value=r1}, 0x50)
getpeername$packet(r0, &(0x7f00000000c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000180)=0x14)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000200)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x8001, '\x00', r4, 0xffffffffffffffff, 0x1, 0x3, 0x5}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x5, 0x4, 0x6, 0x0, r3}, 0x48)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x6}, {0x10, 0x4}]}]}, {0x0, [0x61, 0x0, 0x61, 0x5f, 0x2e, 0x61, 0x2e]}}, 0x0, 0x3d, 0x0, 0x1, 0x2}, 0x28)
r6 = openat$cgroup_devices(r5, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0)
splice(r0, 0x0, r6, 0x0, 0xd0a9, 0x0)

196.836203ms ago: executing program 1 (id=201):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=@getstat={0xe0, 0x15, 0x0, 0x0, 0x0, {{'pcbc(fcrypt-generic)\x00'}}}, 0xe0}}, 0x0) (async)
socket$netlink(0x10, 0x3, 0x8) (async)
sendmsg$nl_crypto(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="e8000000110001"], 0xe8}}, 0x0)

130.941376ms ago: executing program 0 (id=202):
r0 = socket$inet(0x2b, 0x801, 0x0)
listen(r0, 0x9)
accept$inet(r0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000001c0)="114dc9a3b6a7eb51f2fcb926a9a9c1d5b7a070225371b8e5764ac2bee6563f95ee8b1325c263768c72b7d5973e719916ce038b9b6118d152a64b2f3a76f078976e6a", 0x42}], 0x1, 0x0, 0x24d0}, 0x20040091)
r1 = socket$inet6(0x10, 0x2, 0x0)
write(r1, &(0x7f0000000000)="fc0000001c000705ab092509b86813000aab080102000000b85b0e93210001c0f0060848050000010000000000039815fa2c53c28648000000b937799f377a00bc000c00f0036cdf0db400600033d44000040060b16a482c0a3c313012dafd5a32e273fc83ab82d710f74cec18444ef90d475ef8b2863ef3d92c94170e5bba2e177312e081f691bc5110556888100000463ae4f5df1b394cfd6239ec2a0f0d1bcae5f5502943283f4b9e611183b102b2b8f5566791cb19020191bd0733802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4794eedfca92c09d776e7a90ab79a6f00a1960548deac279c00"/252, 0xfc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair(0x1d, 0xa, 0x18, &(0x7f0000000040))
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x401, 0x70bd29, 0x1, {0x0, 0x0, 0x0, 0x0, 0x32b}}, 0x20}, 0x1, 0x0, 0x0, 0x4040088}, 0x8004)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000180))
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f00000000c0)={0x0, 0x6b41badb}, &(0x7f0000000100)=0x8)

130.65863ms ago: executing program 1 (id=203):
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x1}, 0x50)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'syztnl1\x00', &(0x7f0000000140)={'ip_vti0\x00', <r2=>0x0, 0x7800, 0x80, 0x6, 0x4, {{0x1a, 0x4, 0x3, 0x2, 0x68, 0x64, 0x0, 0x5, 0x2f, 0x0, @remote, @multicast1, {[@lsrr={0x83, 0x23, 0x33, [@local, @local, @multicast2, @private=0xa010101, @multicast1, @multicast2, @loopback, @broadcast]}, @cipso={0x86, 0x11, 0xfffffffffffffffc, [{0x6, 0xb, "42ca3ed0c2073119f8"}]}, @timestamp_prespec={0x44, 0x14, 0x6, 0x3, 0xd, [{@local, 0xfffffffe}, {@broadcast, 0x1}]}, @generic={0x83, 0xb, "a9d4421a3b3a785187"}]}}}}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xab}, @map_val={0x18, 0x3, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x7db}], &(0x7f00000000c0)='GPL\x00', 0x4, 0x11, &(0x7f0000000100)=""/17, 0x40f00, 0x64, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x0, 0xb, 0x80, 0x1}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000480), &(0x7f00000004c0)=[{0x1, 0x3, 0x2, 0x6}, {0x5, 0x4, 0x8, 0xb}, {0x1, 0x3, 0x8, 0x1}, {0x4, 0x2, 0xb, 0x3}], 0x10, 0x100}, 0x94)
sendmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)="3504000030000511d25a80648c63940d1124fc60040035400c0002000a00002037153e373f04018006041000450055d64a12f76710989a119052acaa1100da3e813fa6ba1eb693d93f699e37af0d43f908fa7d995a8feb85d6a4e1b691276cd9561767306b74b4098e9e71fa51bde29f19b06fb9b3ba96da0e93d5a402dc7fe462a6cc4718c94c1747fff68092705b44bb48dd2db4f3127aab13b4af05549571a6c0e03db227b65d459fa5c1232d7b62f12b65354b7e70d32998da02ae0dc28942f682d97191d0b68697bac278c34b2972ca8ed35b61ee6831c78af85c6711cd687694ce3835a98387fcdb8616524ea04449dbedb3250fb366740d6b96307e1d2f0d85dd592ca2d8c2730ad1d16eb4d87cbb48d2f7c4eb7a490aee0493ffe3b72b508c9a8eb2ec9ed353d79ed29ffed1e48bf370bfb8af11085997d38210601155ec361cd6f3577da98c0a528a4d24ce75fbe297cb75f4b36719edd354ee6312c5527de7ea1a4233b9b0bba0ba2deac12f0257c64ceca8a0a62db179c7d9df7749da38624aab1865024e56a1b2a41e1c7e3a29c01adb31f1865bf6f44aa1e0fd6d827fbae1d57b5ff0026b580c890df83592aceb316fcd6ca200d007b786f9ae", 0x1c0}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd56c7c0b57b1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd", 0x275}], 0x2}, 0x4)

80.600617ms ago: executing program 1 (id=204):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x30, r2, 0x1, 0x10100, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r3}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008814}, 0x4)
socket$netlink(0x10, 0x3, 0x4) (async)
write(r0, &(0x7f0000000080)="2700000014000707034b0000120f0a0011020000f5fe0012ea40a094a920e53df16c6e20ff000000078a151f7508050088859b74b65c84b242d730ac495d1f37", 0x40)

79.932563ms ago: executing program 1 (id=205):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8000001201", 0x2e}], 0x1, 0x0, 0x40000}, 0x0)

79.463809ms ago: executing program 0 (id=206):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000004000000000000000000000a03000000000000000200000d030000000a000000040000000000080003000000020000000000000c02000000000061"], 0x0, 0x50}, 0x28)
r0 = socket(0x10, 0x3, 0x0)
r1 = epoll_create1(0x80000)
epoll_wait(r1, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}], 0x6, 0x8)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r7, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x10)
sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01008000000000006c486991000008000300", @ANYRES32=r5], 0x28}, 0x1, 0x0, 0x0, 0x4000844}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2b0885", @ANYRES16=r2, @ANYBLOB="02002fbd7000fedbdf25070000000a0004007770616e3100000008000300", @ANYRES32, @ANYBLOB="08000500020000000c000600030000000300000008000500ffffffff0a0004007770616e34000000"], 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
gettid()
r8 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r8, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x4e22, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000008400000000000000000080"], 0x18}, 0xd1)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1800e80000000000000000000000000071122b00000000009500000700000000d9c130a4237b0b9fe29a69002a35b1110d892383afdc2a99f51229b257a7869a1f3ac8e26a754069521c8dd1c1f5f42e9c9ed1ec5c4b0b33ef7ed7e445e18c9d2b784b94930e8568db89173dd61432293fa291bc5ad93688be3ee617622fc12294ec416deaaff395cae63ce6ffdb787905d66cca9a0fe365279d42ad7384c970e9cbb7735361d84a82ebb727bffa102d8c0fe933193e0285a868d85e5dbcb2abcc9c0894855251a90b0f5db25969b465cbef9ea62940843450a6932dd45cf5345f37edb80097bab54ad18cc34fc270019fa748983cf39dbc2cfdd8c373cad313fe66b16192e5"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', <r11=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r11, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_blackhole={0xe}]}, 0x34}}, 0x44080)
r12 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r12, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r9, &(0x7f0000000340)={0x10000000})
sendmsg$nl_route(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000e40)=ANY=[@ANYBLOB="240000004a00010000000000000001000a001800", @ANYRES32=0x0, @ANYBLOB="00000000080001"], 0x24}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r11, {}, {0xfff1, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20044800}, 0x4000)
write(r4, &(0x7f00000003c0)="964936990e85a42c6015eacf2473007273f9a84c6b83965cab7dd2aa787fc470b9c11a0bc33acac4b8cca2b8a88492241a7b4738e83d3662396505aa33c14dbf59007b5c7e666151a11c744e59d3823c0916b03994750581b8e526e6e65ef1e8bd79fad3545a", 0x66)

625.112µs ago: executing program 1 (id=207):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
socket$nl_route(0x10, 0x3, 0x0)
write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x200}, @void, @eth={@multicast, @empty, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x9, 0x14, 0x67, 0x0, 0x48, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x29}, @dev={0xac, 0x14, 0x14, 0x1}}}}}}}, 0x26)

0s ago: executing program 2 (id=208):
r0 = socket(0x10, 0x80003, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x13, "00000f0000000000000100000e00"}}}]}, 0x48}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:2608' (ED25519) to the list of known hosts.
syzkaller login: [   49.916183][ T5798] cgroup: Unknown subsys name 'net'
[   49.999203][ T5798] cgroup: Unknown subsys name 'cpuset'
[   50.003539][ T5798] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.506120][ T5798] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   56.344819][ T5814] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   56.349608][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   56.352823][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   56.357101][ T5202] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   56.361053][ T5202] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   56.364455][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   56.368282][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   56.371760][ T5816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   56.393709][ T5202] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   56.398489][ T5202] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   56.469436][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   56.472693][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   56.475523][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   56.478622][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   56.481350][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   56.632485][ T5811] chnl_net:caif_netlink_parms(): no params data found
[   56.775717][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.778884][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.781759][ T5811] bridge_slave_0: entered allmulticast mode
[   56.785109][ T5811] bridge_slave_0: entered promiscuous mode
[   56.793945][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.797042][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.799449][ T5811] bridge_slave_1: entered allmulticast mode
[   56.802243][ T5811] bridge_slave_1: entered promiscuous mode
[   56.833939][ T5815] chnl_net:caif_netlink_parms(): no params data found
[   56.902351][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.914780][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.934711][ T5821] chnl_net:caif_netlink_parms(): no params data found
[   56.990731][ T5811] team0: Port device team_slave_0 added
[   57.010601][ T5811] team0: Port device team_slave_1 added
[   57.038721][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.041877][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.045064][ T5815] bridge_slave_0: entered allmulticast mode
[   57.049282][ T5815] bridge_slave_0: entered promiscuous mode
[   57.054014][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.057703][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.060728][ T5815] bridge_slave_1: entered allmulticast mode
[   57.063777][ T5815] bridge_slave_1: entered promiscuous mode
[   57.119705][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.122664][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.134337][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.142448][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.145340][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.156401][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.161381][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.184947][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.203138][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.206768][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.209896][ T5821] bridge_slave_0: entered allmulticast mode
[   57.213794][ T5821] bridge_slave_0: entered promiscuous mode
[   57.244394][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.248211][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.251422][ T5821] bridge_slave_1: entered allmulticast mode
[   57.255377][ T5821] bridge_slave_1: entered promiscuous mode
[   57.273316][ T5815] team0: Port device team_slave_0 added
[   57.297152][ T5815] team0: Port device team_slave_1 added
[   57.302491][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.309927][ T5811] hsr_slave_0: entered promiscuous mode
[   57.312838][ T5811] hsr_slave_1: entered promiscuous mode
[   57.333424][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.382444][ T5821] team0: Port device team_slave_0 added
[   57.395337][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.398516][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.408355][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.415029][ T5821] team0: Port device team_slave_1 added
[   57.436743][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.439576][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.449065][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.475200][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   57.478020][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.488056][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   57.500029][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   57.502604][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   57.513097][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   57.566428][ T5815] hsr_slave_0: entered promiscuous mode
[   57.569739][ T5815] hsr_slave_1: entered promiscuous mode
[   57.572754][ T5815] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.576567][ T5815] Cannot create hsr debugfs directory
[   57.622207][ T5821] hsr_slave_0: entered promiscuous mode
[   57.624791][ T5821] hsr_slave_1: entered promiscuous mode
[   57.627678][ T5821] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   57.630431][ T5821] Cannot create hsr debugfs directory
[   57.835692][ T5811] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   57.850460][ T5811] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   57.863663][ T5811] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   57.874495][ T5811] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   57.921400][ T5815] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   57.949225][ T5815] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   57.964881][ T5815] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   57.971940][ T5815] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   58.021219][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   58.029956][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   58.048998][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   58.073087][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   58.091587][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.134328][ T5811] 8021q: adding VLAN 0 to HW filter on device team0
[   58.154226][ T1087] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.157050][ T1087] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.171034][ T1087] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.173351][ T1087] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.242407][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.283911][ T5815] 8021q: adding VLAN 0 to HW filter on device team0
[   58.295263][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   58.304969][ T3572] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.308102][ T3572] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.325046][ T3572] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.328208][ T3572] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.340849][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   58.364277][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.367720][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.390699][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.393023][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.404853][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.458927][ T5202] Bluetooth: hci1: command tx timeout
[   58.460018][   T54] Bluetooth: hci0: command tx timeout
[   58.465715][ T5811] veth0_vlan: entered promiscuous mode
[   58.484325][ T5811] veth1_vlan: entered promiscuous mode
[   58.529998][ T5811] veth0_macvtap: entered promiscuous mode
[   58.536761][   T54] Bluetooth: hci2: command tx timeout
[   58.548484][ T5811] veth1_macvtap: entered promiscuous mode
[   58.564714][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.574448][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.599097][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.603303][ T5811] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.607159][ T5811] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.609969][ T5811] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.612909][ T5811] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.633020][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.704787][ T5821] veth0_vlan: entered promiscuous mode
[   58.721670][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.724926][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.739606][ T5821] veth1_vlan: entered promiscuous mode
[   58.749402][ T5815] veth0_vlan: entered promiscuous mode
[   58.759868][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.763266][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.789220][ T5815] veth1_vlan: entered promiscuous mode
[   58.811452][ T5811] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   58.812416][ T5821] veth0_macvtap: entered promiscuous mode
[   58.855477][ T5821] veth1_macvtap: entered promiscuous mode
[   58.871383][ T5815] veth0_macvtap: entered promiscuous mode
[   58.887936][ T5815] veth1_macvtap: entered promiscuous mode
[   58.918225][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.938696][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.948442][ T5878] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.953376][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.958303][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.965426][ T5815] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.971591][ T5815] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.975105][ T5815] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.978966][ T5815] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.994036][ T5821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.999299][ T5821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.002978][ T5821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.009074][ T5821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.142686][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.145606][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.186651][ T3814] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.191781][ T3814] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.209139][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.211681][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.226947][ T3572] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.230118][ T3572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.249742][ T5882] warning: `syz.1.4' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   59.373239][ T5888] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5'.
[   59.463269][ T5893] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7'.
[   59.679620][ T5895] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8'.
[   59.764329][ T5902] xt_CT: You must specify a L4 protocol and not use inversions on it
[   59.863988][ T5906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12'.
[   59.876584][ T5909] syz.0.11 uses obsolete (PF_INET,SOCK_PACKET)
[   59.949834][ T5915] netlink: 'syz.0.15': attribute type 1 has an invalid length.
[   60.419998][ T5954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26'.
[   60.464095][ T5951] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[   60.470649][ T5951] netlink: 40 bytes leftover after parsing attributes in process `syz.1.25'.
[   60.537363][   T54] Bluetooth: hci0: command tx timeout
[   60.541243][   T54] Bluetooth: hci1: command tx timeout
[   60.621170][ T5964] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29'.
[   60.621905][ T5961] tipc: Started in network mode
[   60.627884][   T54] Bluetooth: hci2: command tx timeout
[   60.630108][ T5961] tipc: Node identity ac14140f, cluster identity 4711
[   60.634269][ T5961] tipc: New replicast peer: 255.255.255.255
[   60.640651][ T5961] tipc: Enabled bearer <udp:syz2>, priority 10
[   60.660533][ T5961] netlink: 28 bytes leftover after parsing attributes in process `syz.0.28'.
[   60.708215][ T5966] netlink: 'syz.1.30': attribute type 12 has an invalid length.
[   60.746788][ T5968] netlink: 'syz.2.31': attribute type 58 has an invalid length.
[   60.747452][ T5969] netlink: 'syz.2.31': attribute type 58 has an invalid length.
[   60.866762][ T5971] x_tables: duplicate underflow at hook 4
[   61.013293][ T5980] Cannot find add_set index 0 as target
[   61.207126][ T5993] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   61.211701][ T5993] batadv_slave_0: entered promiscuous mode
[   61.342459][ T5996] netlink: 12 bytes leftover after parsing attributes in process `syz.1.42'.
[   61.345556][ T5996] tipc: Started in network mode
[   61.346052][ T6001] netlink: 8 bytes leftover after parsing attributes in process `syz.2.44'.
[   61.350254][ T5996] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[   61.358960][ T5996] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:0000
[   61.362189][ T5996] tipc: Enabled bearer <udp:syz1>, priority 10
[   61.477323][ T6005] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check.
[   61.485657][ T6007] tipc: Invalid UDP bearer configuration
[   61.485688][ T6007] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   61.647594][  T790] tipc: Node number set to 2886997007
[   62.131654][ T6053] netlink: 'syz.2.60': attribute type 1 has an invalid length.
[   62.140366][ T6049] netlink: 'syz.0.59': attribute type 15 has an invalid length.
[   62.182532][ T6049] bond0: option resend_igmp: invalid value (196616)
[   62.187642][ T6049] bond0: option resend_igmp: allowed values 0 - 255
[   62.221798][ T6054] veth3: entered promiscuous mode
[   62.255185][ T6053] erspan0: entered allmulticast mode
[   62.277905][ T6053] netlink: 'syz.2.60': attribute type 11 has an invalid length.
[   62.356016][    T9] tipc: Node number set to 1
[   62.517353][ T6081] netlink: 'syz.2.65': attribute type 10 has an invalid length.
[   62.523815][ T6081] batman_adv: batadv0: Adding interface: virt_wifi0
[   62.527830][ T6081] batman_adv: batadv0: Interface activated: virt_wifi0
[   62.620536][   T54] Bluetooth: hci1: command tx timeout
[   62.620853][ T5202] Bluetooth: hci0: command tx timeout
[   62.673915][ T6093] IPVS: set_ctl: invalid protocol: 28 127.0.0.1:20000
[   62.696539][ T5202] Bluetooth: hci2: command tx timeout
[   62.705552][ T6093] sctp: [Deprecated]: syz.1.71 (pid 6093) Use of struct sctp_assoc_value in delayed_ack socket option.
[   62.705552][ T6093] Use struct sctp_sack_info instead
[   62.747176][ T6095] 8021q: adding VLAN 0 to HW filter on device bond1
[   62.756884][ T6095] Zero length message leads to an empty skb
[   62.766580][ T6095] netlink: 'syz.2.72': attribute type 1 has an invalid length.
[   62.778497][ T6095] netlink: 'syz.2.72': attribute type 1 has an invalid length.
[   62.793641][ T6101] atomic_op ffff8881106e7998 conn xmit_atomic 0000000000000000
[   63.225304][ T6132] Driver unsupported XDP return value 0 on prog  (id 29) dev N/A, expect packet loss!
[   63.311883][ T6137] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.319916][ T6135] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.323949][ T6135] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.533641][ T6142] ipt_REJECT: ECHOREPLY no longer supported.
[   64.273185][ T6166] sctp: [Deprecated]: syz.0.97 (pid 6166) Use of int in maxseg socket option.
[   64.273185][ T6166] Use struct sctp_assoc_value instead
[   64.448329][ T6179] __nla_validate_parse: 19 callbacks suppressed
[   64.448349][ T6179] netlink: 232 bytes leftover after parsing attributes in process `syz.0.100'.
[   64.665174][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.104'.
[   64.695923][ T5202] Bluetooth: hci0: command tx timeout
[   64.697524][   T54] Bluetooth: hci1: command tx timeout
[   64.780484][   T54] Bluetooth: hci2: command tx timeout
[   64.805548][ T6203] netlink: 4 bytes leftover after parsing attributes in process `syz.1.109'.
[   64.822702][ T6204] netlink: 4 bytes leftover after parsing attributes in process `syz.1.109'.
[   64.833817][ T6203] netlink: 8 bytes leftover after parsing attributes in process `syz.1.109'.
[   64.838991][ T6203] netlink: 156 bytes leftover after parsing attributes in process `syz.1.109'.
[   64.843225][ T6206] netlink: 20 bytes leftover after parsing attributes in process `syz.0.110'.
[   64.862910][ T6203] netlink: 4 bytes leftover after parsing attributes in process `syz.1.109'.
[   65.019045][ T6224] netlink: 68 bytes leftover after parsing attributes in process `syz.2.112'.
[   65.035626][ T6224] netlink: 12 bytes leftover after parsing attributes in process `syz.2.112'.
[   65.069002][ T6223] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.160331][ T6223] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.168270][ T6234] validate_nla: 5 callbacks suppressed
[   65.168285][ T6234] netlink: 'syz.1.116': attribute type 10 has an invalid length.
[   65.193503][ T6237] netlink: 'syz.1.116': attribute type 10 has an invalid length.
[   65.238800][ T6223] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.295475][ T6223] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.387005][ T6223] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.387976][ T6242] netlink: 'syz.1.118': attribute type 1 has an invalid length.
[   65.396055][ T6242] netlink: 'syz.1.118': attribute type 1 has an invalid length.
[   65.399048][ T6242] netlink: 'syz.1.118': attribute type 1 has an invalid length.
[   65.399860][ T6223] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.411267][ T6223] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.418823][ T6223] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.484286][ T6248] xt_l2tp: unknown flags: 10
[   65.605071][ T6261] tap0: tun_chr_ioctl cmd 1074025676
[   65.609841][ T6261] tap0: owner set to 0
[   65.643039][ T6263] No such timeout policy "syz0"
[   65.826811][ T6276] netlink: 'syz.0.131': attribute type 3 has an invalid length.
[   65.871635][ T6286] sctp: [Deprecated]: syz.2.135 (pid 6286) Use of int in max_burst socket option deprecated.
[   65.871635][ T6286] Use struct sctp_assoc_value instead
[   65.960059][ T6294] xt_recent: hitcount (4294967292) is larger than allowed maximum (65535)
[   66.082147][ T6307] Bluetooth: MGMT ver 1.23
[   66.291866][ T6327] netlink: 'syz.2.150': attribute type 5 has an invalid length.
[   66.303751][ T6327] netlink: 'syz.2.150': attribute type 2 has an invalid length.
[   66.420109][ T6338] netlink: 'syz.1.155': attribute type 1 has an invalid length.
[   67.243923][ T6400] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[   67.602181][ T6421] tipc: Started in network mode
[   67.604044][ T6421] tipc: Node identity ac141449, cluster identity 4711
[   67.608685][ T6421] tipc: New replicast peer: 0.0.0.0
[   67.612211][ T6421] tipc: Enabled bearer <udp:syz2>, priority 10
[   67.627349][ T6421] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa
[   68.269774][ T6452] openvswitch: netlink: Missing key (keys=44, expected=200000)
[   68.441185][ T6470] netlink: 'syz.0.202': attribute type 12 has an invalid length.
[   68.613813][ T6478] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI
[   68.618773][ T6478] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
[   68.623250][ T6478] CPU: 1 UID: 0 PID: 6478 Comm: syz.0.206 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   68.628264][ T6478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   68.632344][ T6478] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480
[   68.634979][ T6478] Code: 89 ef e8 00 80 b3 f8 4d 89 ef 85 db 74 0d e8 34 fc 4f f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 c9 7f b3 f8 48 8b
[   68.642225][ T6478] RSP: 0018:ffffc90003b8f128 EFLAGS: 00010202
[   68.644842][ T6478] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002
[   68.648110][ T6478] RDX: ffff8880230c1cc0 RSI: 0000000000000000 RDI: 0000000000000000
[   68.651367][ T6478] RBP: 0000000000000000 R08: ffff8880230c1cc0 R09: 0000000000000002
[   68.654655][ T6478] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000afff1
[   68.657998][ T6478] R13: ffff888118877000 R14: dffffc0000000000 R15: ffff888118877000
[   68.661245][ T6478] FS:  00007f3910ecf6c0(0000) GS:ffff8881a3c50000(0000) knlGS:0000000000000000
[   68.664756][ T6478] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.667426][ T6478] CR2: 00007f6d920c5fc8 CR3: 000000003de2e000 CR4: 00000000000006f0
[   68.670681][ T6478] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.673952][ T6478] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.677241][ T6478] Call Trace:
[   68.678685][ T6478]  <TASK>
[   68.679940][ T6478]  ? qdisc_tree_reduce_backlog+0x3c/0x480
[   68.682343][ T6478]  hhf_change+0x764/0xad0
[   68.684160][ T6478]  ? __pfx_hhf_change+0x10/0x10
[   68.686185][ T6478]  ? __pfx_hhf_init+0x10/0x10
[   68.688217][ T6478]  hhf_init+0x213/0x950
[   68.690009][ T6478]  ? __pfx_hhf_init+0x10/0x10
[   68.692015][ T6478]  qdisc_create+0x7ac/0xea0
[   68.693990][ T6478]  tc_modify_qdisc+0x1426/0x2010
[   68.696085][ T6478]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   68.698249][ T6478]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   68.700404][ T6478]  rtnetlink_rcv_msg+0x77c/0xb70
[   68.702419][ T6478]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[   68.704469][ T6478]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.706698][ T6478]  ? ref_tracker_free+0x63a/0x7d0
[   68.708716][ T6478]  ? __copy_skb_header+0xa7/0x550
[   68.710821][ T6478]  ? __pfx_ref_tracker_free+0x10/0x10
[   68.713005][ T6478]  netlink_rcv_skb+0x208/0x470
[   68.715029][ T6478]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   68.717254][ T6478]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   68.719410][ T6478]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.721495][ T6478]  ? netlink_deliver_tap+0x2e/0x1b0
[   68.723617][ T6478]  netlink_unicast+0x75b/0x8d0
[   68.725563][ T6478]  netlink_sendmsg+0x805/0xb30
[   68.727555][ T6478]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.729626][ T6478]  ? aa_sock_msg_perm+0x94/0x160
[   68.731698][ T6478]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   68.733912][ T6478]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.736073][ T6478]  __sock_sendmsg+0x21c/0x270
[   68.738036][ T6478]  ____sys_sendmsg+0x505/0x830
[   68.739973][ T6478]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.742138][ T6478]  ? import_iovec+0x74/0xa0
[   68.744033][ T6478]  ___sys_sendmsg+0x21f/0x2a0
[   68.746029][ T6478]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.748211][ T6478]  ? __fget_files+0x2a/0x420
[   68.750140][ T6478]  ? __fget_files+0x3a0/0x420
[   68.752091][ T6478]  __x64_sys_sendmsg+0x19b/0x260
[   68.753979][ T6478]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   68.756054][ T6478]  ? rcu_is_watching+0x15/0xb0
[   68.757606][ T6478]  ? do_syscall_64+0xbe/0x3b0
[   68.759125][ T6478]  do_syscall_64+0xfa/0x3b0
[   68.760649][ T6478]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.762360][ T6478]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.764458][ T6478]  ? exc_page_fault+0x9f/0xf0
[   68.766146][ T6478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.768406][ T6478] RIP: 0033:0x7f390ff8e929
[   68.770083][ T6478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.777450][ T6478] RSP: 002b:00007f3910ecf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   68.780611][ T6478] RAX: ffffffffffffffda RBX: 00007f39101b5fa0 RCX: 00007f390ff8e929
[   68.783399][ T6478] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000003
[   68.786109][ T6478] RBP: 00007f3910010b39 R08: 0000000000000000 R09: 0000000000000000
[   68.788996][ T6478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.791546][ T6478] R13: 0000000000000000 R14: 00007f39101b5fa0 R15: 00007ffefce291f8
[   68.794093][ T6478]  </TASK>
[   68.795369][ T6478] Modules linked in:
[   68.797205][ T6478] ---[ end trace 0000000000000000 ]---
[   68.799324][ T6478] RIP: 0010:qdisc_tree_reduce_backlog+0x223/0x480
[   68.801945][ T6478] Code: 89 ef e8 00 80 b3 f8 4d 89 ef 85 db 74 0d e8 34 fc 4f f8 4c 89 f5 e9 88 00 00 00 48 8b 6d 00 48 8d 45 20 48 89 c3 48 c1 eb 03 <42> 80 3c 33 00 48 89 04 24 74 0d 48 8b 3c 24 e8 c9 7f b3 f8 48 8b
[   68.809878][ T6478] RSP: 0018:ffffc90003b8f128 EFLAGS: 00010202
[   68.812406][ T6478] RAX: 0000000000000020 RBX: 0000000000000004 RCX: 0000000000000002
[   68.815649][ T6478] RDX: ffff8880230c1cc0 RSI: 0000000000000000 RDI: 0000000000000000
[   68.819000][ T6478] RBP: 0000000000000000 R08: ffff8880230c1cc0 R09: 0000000000000002
[   68.822277][ T6478] R10: 00000000ffffffff R11: 0000000000000002 R12: 00000000000afff1
[   68.825571][ T6478] R13: ffff888118877000 R14: dffffc0000000000 R15: ffff888118877000
[   68.828980][ T6478] FS:  00007f3910ecf6c0(0000) GS:ffff8881a3c50000(0000) knlGS:0000000000000000
[   68.832626][ T6478] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.835439][ T6478] CR2: 00007f6d920c5fc8 CR3: 000000003de2e000 CR4: 00000000000006f0
[   68.838962][ T6478] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   68.842271][ T6478] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   68.845451][ T6478] Kernel panic - not syncing: Fatal exception in interrupt
[   68.849155][ T6478] Kernel Offset: disabled
[   68.850971][ T6478] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:26:20  Registers:
info registers vcpu 0

CPU#0
RAX=5e53384810390a00 RBX=ffffffff81974d58 RCX=5e53384810390a00 RDX=0000000000000001
RSI=ffffffff8be28d20 RDI=ffffffff81974d58 RBP=ffffffff8de07ea8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa10cf0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a50
RIP=ffffffff8b66b4a3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000000012c0 CR3=0000000027204000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffffffffffff ffffffffffffffff
XMM02=0000000000000000 0000000000000000 XMM03=ffffffffffffffff ffffffffffffffff
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 000000524f525245 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f6d91211c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001043 RDI=0000000000001044 RBP=00000000000003f8 RSP=ffffc90003b8e950
R8 =ffff888107038237 R9 =1ffff11020e07046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac4909 R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3910ecf6c0 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f6d920c5fc8 CR3=000000003de2e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffffff ffff00ff00000000 XMM05=00000000000000b1 000000317950452f
XMM06=ffffffffffffff00 ffffff0000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffffff00 ffffff0000000000 XMM09=00000000000000b1 000000317968702f
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
