333][T12806]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1897.761395][T12806]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1897.766333][T12806]  ? ___cache_free+0x46/0x300
[ 1897.771071][T12806]  ? packet_rcv+0xc3/0x9d0
[ 1897.775560][T12806]  ? __kfree_skb+0xfe/0x150
[ 1897.780063][T12806]  ? kmem_cache_free+0x5e/0x100
[ 1897.784949][T12806]  ? __kfree_skb+0xfe/0x150
[ 1897.789511][T12806]  ? consume_skb+0x48/0x160
[ 1897.794017][T12806]  ? nlmon_xmit+0x5f/0x70
[ 1897.798353][T12806]  ? __this_cpu_preempt_check+0x18/0x20
[ 1897.803986][T12806]  ? __local_bh_enable_ip+0x4d/0x70
[ 1897.809198][T12806]  ? local_bh_enable+0x1b/0x20
[ 1897.813971][T12806]  ? __dev_queue_xmit+0x597/0xf70
[ 1897.819053][T12806]  ? __skb_clone+0x2db/0x300
[ 1897.823657][T12806]  ? __rcu_read_unlock+0x5c/0x290
[ 1897.828752][T12806]  netlink_rcv_skb+0x14e/0x250
[ 1897.833570][T12806]  ? rtnetlink_bind+0x60/0x60
[ 1897.838260][T12806]  rtnetlink_rcv+0x18/0x20
[ 1897.842673][T12806]  netlink_unicast+0x5fc/0x6c0
[ 1897.847431][T12806]  netlink_sendmsg+0x6e1/0x7d0
[ 1897.852220][T12806]  ? netlink_getsockopt+0x720/0x720
[ 1897.857456][T12806]  ____sys_sendmsg+0x39a/0x510
[ 1897.862232][T12806]  __sys_sendmsg+0x195/0x230
[ 1897.866823][T12806]  __x64_sys_sendmsg+0x42/0x50
[ 1897.871673][T12806]  do_syscall_64+0x44/0xd0
[ 1897.876123][T12806]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1897.882106][T12806] RIP: 0033:0x7f0da0d09ae9
[ 1897.886508][T12806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1897.906253][T12806] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1897.916389][T12806] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1897.924441][T12806] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1897.932460][T12806] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1897.940677][T12806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1897.948832][T12806] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1897.956886][T12806]  </TASK>
[ 1897.959907][T12806] ---[ end trace e45544a13c7e479e ]---
[ 1897.966659][T12806] ------------[ cut here ]------------
[ 1897.972164][T12806] WARNING: CPU: 0 PID: 12806 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1897.981556][T12806] Modules linked in:
[ 1897.985423][T12806] CPU: 0 PID: 12806 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1897.995222][T12806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1898.005279][T12806] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1898.010855][T12806] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1898.030559][T12806] RSP: 0000:ffffc900010af5d8 EFLAGS: 00010246
[ 1898.036604][T12806] RAX: ffffffff83b414a7 RBX: ffff88811e0da8a0 RCX: 0000000000040000
[ 1898.044675][T12806] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1898.052693][T12806] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1898.060762][T12806] R10: 0001ffffffffffff R11: 000188811e0da8a0 R12: ffff88811e0da850
[ 1898.068725][T12806] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811e0da800
[ 1898.076707][T12806] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1898.086183][T12806] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1898.092804][T12806] CR2: 000000000046e420 CR3: 000000011f777000 CR4: 00000000003506f0
[ 1898.100791][T12806] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1898.108741][T12806] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1898.116803][T12806] Call Trace:
[ 1898.120100][T12806]  <TASK>
[ 1898.123019][T12806]  tcf_block_put_ext+0xe5/0x180
[ 1898.127978][T12806]  tcf_block_put+0x4c/0x70
[ 1898.132453][T12806]  cake_destroy+0x2d/0x50
[ 1898.136859][T12806]  ? cake_reset+0x5d0/0x5d0
[ 1898.141459][T12806]  qdisc_create+0xa82/0xd10
[ 1898.146093][T12806]  ? __nla_parse+0x3c/0x50
[ 1898.150518][T12806]  tc_modify_qdisc+0x64a/0x10b0
[ 1898.155374][T12806]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1898.161321][T12806]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1898.166261][T12806]  ? ___cache_free+0x46/0x300
[ 1898.170936][T12806]  ? packet_rcv+0xc3/0x9d0
[ 1898.175348][T12806]  ? __kfree_skb+0xfe/0x150
[ 1898.179861][T12806]  ? kmem_cache_free+0x5e/0x100
[ 1898.184839][T12806]  ? __kfree_skb+0xfe/0x150
[ 1898.189358][T12806]  ? consume_skb+0x48/0x160
[ 1898.193862][T12806]  ? nlmon_xmit+0x5f/0x70
[ 1898.198176][T12806]  ? __this_cpu_preempt_check+0x18/0x20
[ 1898.203735][T12806]  ? __local_bh_enable_ip+0x4d/0x70
[ 1898.208931][T12806]  ? local_bh_enable+0x1b/0x20
[ 1898.213801][T12806]  ? __dev_queue_xmit+0x597/0xf70
[ 1898.218842][T12806]  ? __skb_clone+0x2db/0x300
[ 1898.223583][T12806]  ? __rcu_read_unlock+0x5c/0x290
[ 1898.228610][T12806]  netlink_rcv_skb+0x14e/0x250
[ 1898.233456][T12806]  ? rtnetlink_bind+0x60/0x60
[ 1898.238130][T12806]  rtnetlink_rcv+0x18/0x20
[ 1898.242590][T12806]  netlink_unicast+0x5fc/0x6c0
[ 1898.247352][T12806]  netlink_sendmsg+0x6e1/0x7d0
[ 1898.252130][T12806]  ? netlink_getsockopt+0x720/0x720
[ 1898.257337][T12806]  ____sys_sendmsg+0x39a/0x510
[ 1898.262109][T12806]  __sys_sendmsg+0x195/0x230
[ 1898.266771][T12806]  __x64_sys_sendmsg+0x42/0x50
[ 1898.271562][T12806]  do_syscall_64+0x44/0xd0
[ 1898.276030][T12806]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1898.281941][T12806] RIP: 0033:0x7f0da0d09ae9
[ 1898.286348][T12806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1898.306045][T12806] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1898.314476][T12806] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1898.322592][T12806] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1898.330569][T12806] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1898.338522][T12806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1898.346589][T12806] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1898.354570][T12806]  </TASK>
[ 1898.357567][T12806] ---[ end trace e45544a13c7e479f ]---
[ 1898.363098][T12808] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1898.409344][T12804] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1898.442555][T12913] ------------[ cut here ]------------
[ 1898.448054][T12913] WARNING: CPU: 1 PID: 12913 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1898.458663][T12913] Modules linked in:
[ 1898.462553][T12913] CPU: 1 PID: 12913 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1898.472525][T12913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1898.482589][T12913] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1898.489414][T12913] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1898.509060][T12913] RSP: 0018:ffffc90000b075f0 EFLAGS: 00010246
[ 1898.515198][T12913] RAX: ffff88811d724000 RBX: ffff8880324568b0 RCX: 0000000000000000
[ 1898.523175][T12913] RDX: ffffc90007ce8000 RSI: 0000000000001ec5 RDI: ffff888032456800
[ 1898.531167][T12913] RBP: ffffc90000b07738 R08: 00018880324568b7 R09: 0000000000000000
[ 1898.539235][T12913] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8880324568b0
[ 1898.547313][T12913] R13: ffffffff85ec3720 R14: ffff888032456800 R15: ffffc90000b07668
[ 1898.555289][T12913] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1898.564229][T12913] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1898.570819][T12913] CR2: 00000000005bb280 CR3: 000000011f699000 CR4: 00000000003506e0
[ 1898.578788][T12913] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1898.586762][T12913] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1898.594752][T12913] Call Trace:
[ 1898.598027][T12913]  <TASK>
[ 1898.601043][T12913]  tcf_block_put_ext+0x2d/0x180
[ 1898.605923][T12913]  tcf_block_put+0x4c/0x70
[ 1898.610443][T12913]  cake_destroy+0x2d/0x50
[ 1898.614792][T12913]  ? cake_reset+0x5d0/0x5d0
[ 1898.619392][T12913]  qdisc_create+0xa82/0xd10
[ 1898.623927][T12913]  ? __nla_parse+0x3c/0x50
[ 1898.628332][T12913]  tc_modify_qdisc+0x64a/0x10b0
[ 1898.633196][T12913]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1898.639157][T12913]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1898.644131][T12913]  ? ___cache_free+0x46/0x300
[ 1898.648794][T12913]  ? packet_rcv+0xc3/0x9d0
[ 1898.653226][T12913]  ? __kfree_skb+0xfe/0x150
[ 1898.657800][T12913]  ? kmem_cache_free+0x5e/0x100
[ 1898.662735][T12913]  ? __kfree_skb+0xfe/0x150
[ 1898.667249][T12913]  ? consume_skb+0x48/0x160
[ 1898.671765][T12913]  ? nlmon_xmit+0x5f/0x70
[ 1898.676323][T12913]  ? __this_cpu_preempt_check+0x18/0x20
[ 1898.681924][T12913]  ? __local_bh_enable_ip+0x4d/0x70
[ 1898.687168][T12913]  ? local_bh_enable+0x1b/0x20
[ 1898.691981][T12913]  ? __dev_queue_xmit+0x597/0xf70
[ 1898.697010][T12913]  ? __skb_clone+0x2db/0x300
[ 1898.701629][T12913]  ? __rcu_read_unlock+0x5c/0x290
[ 1898.706650][T12913]  netlink_rcv_skb+0x14e/0x250
[ 1898.711493][T12913]  ? rtnetlink_bind+0x60/0x60
[ 1898.716211][T12913]  rtnetlink_rcv+0x18/0x20
[ 1898.720841][T12913]  netlink_unicast+0x5fc/0x6c0
[ 1898.725671][T12913]  netlink_sendmsg+0x6e1/0x7d0
[ 1898.730458][T12913]  ? netlink_getsockopt+0x720/0x720
[ 1898.735734][T12913]  ____sys_sendmsg+0x39a/0x510
[ 1898.740628][T12913]  __sys_sendmsg+0x195/0x230
[ 1898.745225][T12913]  __x64_sys_sendmsg+0x42/0x50
[ 1898.750057][T12913]  do_syscall_64+0x44/0xd0
[ 1898.754484][T12913]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1898.760384][T12913] RIP: 0033:0x7f2ab072eae9
[ 1898.764818][T12913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1898.784605][T12913] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1898.793038][T12913] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 1898.801019][T12913] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1898.809151][T12913] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1898.817122][T12913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1898.825163][T12913] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 1898.833179][T12913]  </TASK>
[ 1898.836200][T12913] ---[ end trace e45544a13c7e47a0 ]---
[ 1898.842133][T12913] ------------[ cut here ]------------
[ 1898.847587][T12913] WARNING: CPU: 1 PID: 12913 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1898.857362][T12913] Modules linked in:
[ 1898.861283][T12913] CPU: 1 PID: 12913 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1898.871096][T12913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1898.881254][T12913] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1898.886878][T12913] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1898.906495][T12913] RSP: 0018:ffffc90000b07628 EFLAGS: 00010283
[ 1898.912719][T12913] RAX: ffffffff83b40f4c RBX: ffff888032456888 RCX: 0000000000040000
[ 1898.920696][T12913] RDX: ffffc90007ce8000 RSI: 000000000003cc1b RDI: 000000000003cc1c
[ 1898.928663][T12913] RBP: ffffc90000b07668 R08: 000188803245688f R09: 0000000000000000
[ 1898.936656][T12913] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888120050000
[ 1898.944995][T12913] R13: 0000000000000000 R14: ffffc90000b077f0 R15: ffff888032456800
[ 1898.953105][T12913] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1898.962104][T12913] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1898.968729][T12913] CR2: 00000000005bb280 CR3: 000000011f699000 CR4: 00000000003506e0
[ 1898.976710][T12913] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1898.984692][T12913] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1898.992736][T12913] Call Trace:
[ 1898.996007][T12913]  <TASK>
[ 1898.999034][T12913]  tcf_block_put+0x4c/0x70
[ 1899.003512][T12913]  cake_destroy+0x2d/0x50
[ 1899.007909][T12913]  ? cake_reset+0x5d0/0x5d0
[ 1899.012487][T12913]  qdisc_create+0xa82/0xd10
[ 1899.017107][T12913]  ? __nla_parse+0x3c/0x50
[ 1899.021548][T12913]  tc_modify_qdisc+0x64a/0x10b0
[ 1899.026411][T12913]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1899.032327][T12913]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1899.037291][T12913]  ? ___cache_free+0x46/0x300
[ 1899.041973][T12913]  ? packet_rcv+0xc3/0x9d0
[ 1899.046411][T12913]  ? __kfree_skb+0xfe/0x150
[ 1899.050962][T12913]  ? kmem_cache_free+0x5e/0x100
[ 1899.055884][T12913]  ? __kfree_skb+0xfe/0x150
[ 1899.060444][T12913]  ? consume_skb+0x48/0x160
[ 1899.064969][T12913]  ? nlmon_xmit+0x5f/0x70
[ 1899.069412][T12913]  ? __this_cpu_preempt_check+0x18/0x20
[ 1899.074959][T12913]  ? __local_bh_enable_ip+0x4d/0x70
[ 1899.080296][T12913]  ? local_bh_enable+0x1b/0x20
[ 1899.085125][T12913]  ? __dev_queue_xmit+0x597/0xf70
[ 1899.090318][T12913]  ? __skb_clone+0x2db/0x300
[ 1899.095063][T12913]  ? __rcu_read_unlock+0x5c/0x290
[ 1899.100112][T12913]  netlink_rcv_skb+0x14e/0x250
[ 1899.104877][T12913]  ? rtnetlink_bind+0x60/0x60
[ 1899.109613][T12913]  rtnetlink_rcv+0x18/0x20
[ 1899.114027][T12913]  netlink_unicast+0x5fc/0x6c0
[ 1899.118773][T12913]  netlink_sendmsg+0x6e1/0x7d0
[ 1899.123562][T12913]  ? netlink_getsockopt+0x720/0x720
[ 1899.128804][T12913]  ____sys_sendmsg+0x39a/0x510
[ 1899.133590][T12913]  __sys_sendmsg+0x195/0x230
[ 1899.138259][T12913]  __x64_sys_sendmsg+0x42/0x50
[ 1899.143136][T12913]  do_syscall_64+0x44/0xd0
[ 1899.147573][T12913]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1899.153477][T12913] RIP: 0033:0x7f2ab072eae9
[ 1899.157886][T12913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1899.177778][T12913] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1899.186293][T12913] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 1899.194365][T12913] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1899.202340][T12913] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1899.210399][T12913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1899.218419][T12913] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 1899.226400][T12913]  </TASK>
[ 1899.229442][T12913] ---[ end trace e45544a13c7e47a1 ]---
[ 1899.236452][T12913] ------------[ cut here ]------------
[ 1899.241934][T12913] WARNING: CPU: 1 PID: 12913 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1899.251347][T12913] Modules linked in:
[ 1899.255298][T12913] CPU: 1 PID: 12913 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1899.265175][T12913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1899.275260][T12913] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1899.280851][T12913] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1899.300455][T12913] RSP: 0018:ffffc90000b075d8 EFLAGS: 00010246
[ 1899.306511][T12913] RAX: ffffffff83b414a7 RBX: ffff8880324568a0 RCX: 0000000000040000
[ 1899.314482][T12913] RDX: ffffc90007ce8000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1899.322472][T12913] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1899.330439][T12913] R10: 0001ffffffffffff R11: 00018880324568a0 R12: ffff888032456850
[ 1899.338388][T12913] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888032456800
[ 1899.346353][T12913] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1899.355358][T12913] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1899.361983][T12913] CR2: 00000000005bb280 CR3: 000000011f699000 CR4: 00000000003506e0
[ 1899.370060][T12913] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1899.378032][T12913] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1899.386033][T12913] Call Trace:
[ 1899.389330][T12913]  <TASK>
[ 1899.392261][T12913]  tcf_block_put_ext+0xe5/0x180
[ 1899.397197][T12913]  tcf_block_put+0x4c/0x70
[ 1899.401680][T12913]  cake_destroy+0x2d/0x50
[ 1899.406080][T12913]  ? cake_reset+0x5d0/0x5d0
[ 1899.410695][T12913]  qdisc_create+0xa82/0xd10
[ 1899.415249][T12913]  ? __nla_parse+0x3c/0x50
[ 1899.419733][T12913]  tc_modify_qdisc+0x64a/0x10b0
[ 1899.424701][T12913]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1899.430666][T12913]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1899.435593][T12913]  ? ___cache_free+0x46/0x300
[ 1899.440267][T12913]  ? packet_rcv+0xc3/0x9d0
[ 1899.444679][T12913]  ? __kfree_skb+0xfe/0x150
[ 1899.449242][T12913]  ? kmem_cache_free+0x5e/0x100
[ 1899.454116][T12913]  ? __kfree_skb+0xfe/0x150
[ 1899.458610][T12913]  ? consume_skb+0x48/0x160
[ 1899.463113][T12913]  ? nlmon_xmit+0x5f/0x70
[ 1899.467561][T12913]  ? __this_cpu_preempt_check+0x18/0x20
[ 1899.473192][T12913]  ? __local_bh_enable_ip+0x4d/0x70
[ 1899.478374][T12913]  ? local_bh_enable+0x1b/0x20
[ 1899.483243][T12913]  ? __dev_queue_xmit+0x597/0xf70
[ 1899.488327][T12913]  ? __skb_clone+0x2db/0x300
[ 1899.492930][T12913]  ? __rcu_read_unlock+0x5c/0x290
[ 1899.498004][T12913]  netlink_rcv_skb+0x14e/0x250
[ 1899.502941][T12913]  ? rtnetlink_bind+0x60/0x60
[ 1899.507612][T12913]  rtnetlink_rcv+0x18/0x20
[ 1899.512018][T12913]  netlink_unicast+0x5fc/0x6c0
[ 1899.516841][T12913]  netlink_sendmsg+0x6e1/0x7d0
[ 1899.521597][T12913]  ? netlink_getsockopt+0x720/0x720
[ 1899.526792][T12913]  ____sys_sendmsg+0x39a/0x510
[ 1899.531552][T12913]  __sys_sendmsg+0x195/0x230
[ 1899.536128][T12913]  __x64_sys_sendmsg+0x42/0x50
[ 1899.540904][T12913]  do_syscall_64+0x44/0xd0
[ 1899.545321][T12913]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1899.551225][T12913] RIP: 0033:0x7f2ab072eae9
[ 1899.555698][T12913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1899.575818][T12913] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1899.584260][T12913] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 1899.592229][T12913] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1899.600222][T12913] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1899.608199][T12913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1899.616216][T12913] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 1899.624190][T12913]  </TASK>
[ 1899.627288][T12913] ---[ end trace e45544a13c7e47a2 ]---
[ 1899.635832][T13020] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1899.645358][T13022] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1899.665445][T13019] ------------[ cut here ]------------
[ 1899.670989][T13019] WARNING: CPU: 1 PID: 13019 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1899.681571][T13019] Modules linked in:
[ 1899.685446][T13019] CPU: 1 PID: 13019 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1899.695286][T13019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1899.705427][T13019] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1899.712117][T13019] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1899.731737][T13019] RSP: 0018:ffffc90000b375f0 EFLAGS: 00010246
[ 1899.737858][T13019] RAX: ffff88811ec75000 RBX: ffff88811f6fa8b0 RCX: 0000000000000000
[ 1899.746218][T13019] RDX: ffffc900080ea000 RSI: 0000000000001eca RDI: ffff88811f6fa800
[ 1899.754203][T13019] RBP: ffffc90000b37738 R08: 000188811f6fa8b7 R09: 0000000000000000
[ 1899.762174][T13019] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811f6fa8b0
[ 1899.770147][T13019] R13: ffffffff85ec3720 R14: ffff88811f6fa800 R15: ffffc90000b37668
[ 1899.778266][T13019] FS:  00007f2aae442700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1899.787232][T13019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1899.793881][T13019] CR2: 00000000005bb280 CR3: 000000011f699000 CR4: 00000000003506e0
[ 1899.801945][T13019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1899.809933][T13019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1899.817902][T13019] Call Trace:
[ 1899.821214][T13019]  <TASK>
[ 1899.824140][T13019]  tcf_block_put_ext+0x2d/0x180
[ 1899.829023][T13019]  tcf_block_put+0x4c/0x70
[ 1899.833510][T13019]  cake_destroy+0x2d/0x50
[ 1899.837859][T13019]  ? cake_reset+0x5d0/0x5d0
[ 1899.842453][T13019]  qdisc_create+0xa82/0xd10
[ 1899.846994][T13019]  ? __nla_parse+0x3c/0x50
[ 1899.851412][T13019]  tc_modify_qdisc+0x64a/0x10b0
[ 1899.856311][T13019]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1899.862228][T13019]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1899.867155][T13019]  ? ___cache_free+0x46/0x300
[ 1899.871839][T13019]  ? packet_rcv+0xc3/0x9d0
[ 1899.876296][T13019]  ? __kfree_skb+0xfe/0x150
[ 1899.880866][T13019]  ? kmem_cache_free+0x5e/0x100
[ 1899.885887][T13019]  ? __kfree_skb+0xfe/0x150
[ 1899.890401][T13019]  ? consume_skb+0x48/0x160
[ 1899.894916][T13019]  ? nlmon_xmit+0x5f/0x70
[ 1899.899285][T13019]  ? __this_cpu_preempt_check+0x18/0x20
[ 1899.904830][T13019]  ? __local_bh_enable_ip+0x4d/0x70
[ 1899.910149][T13019]  ? local_bh_enable+0x1b/0x20
[ 1899.914906][T13019]  ? __dev_queue_xmit+0x597/0xf70
[ 1899.919928][T13019]  ? __skb_clone+0x2db/0x300
[ 1899.924498][T13019]  ? __rcu_read_unlock+0x5c/0x290
[ 1899.929564][T13019]  netlink_rcv_skb+0x14e/0x250
[ 1899.934344][T13019]  ? rtnetlink_bind+0x60/0x60
[ 1899.939018][T13019]  rtnetlink_rcv+0x18/0x20
[ 1899.943650][T13019]  netlink_unicast+0x5fc/0x6c0
[ 1899.948395][T13019]  netlink_sendmsg+0x6e1/0x7d0
[ 1899.953317][T13019]  ? netlink_getsockopt+0x720/0x720
[ 1899.958526][T13019]  ____sys_sendmsg+0x39a/0x510
[ 1899.963307][T13019]  __sys_sendmsg+0x195/0x230
[ 1899.967877][T13019]  ? __xfrm_init_state+0x350/0x820
[ 1899.972986][T13019]  __x64_sys_sendmsg+0x42/0x50
[ 1899.977735][T13019]  do_syscall_64+0x44/0xd0
[ 1899.982223][T13019]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1899.988265][T13019] RIP: 0033:0x7f2ab072eae9
[ 1899.992695][T13019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1900.012453][T13019] RSP: 002b:00007f2aae442188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1900.020951][T13019] RAX: ffffffffffffffda RBX: 00007f2ab08421a0 RCX: 00007f2ab072eae9
[ 1900.028962][T13019] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1900.036934][T13019] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1900.044937][T13019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1900.052911][T13019] R13: 00007ffc9c92452f R14: 00007f2aae442300 R15: 0000000000022000
[ 1900.060912][T13019]  </TASK>
[ 1900.063925][T13019] ---[ end trace e45544a13c7e47a3 ]---
[ 1900.069759][T13019] ------------[ cut here ]------------
[ 1900.075230][T13019] WARNING: CPU: 1 PID: 13019 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1900.084815][T13019] Modules linked in:
[ 1900.088689][T13019] CPU: 1 PID: 13019 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1900.098503][T13019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1900.108574][T13019] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1900.114219][T13019] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1900.133846][T13019] RSP: 0018:ffffc90000b37628 EFLAGS: 00010287
[ 1900.140003][T13019] RAX: ffffffff83b40f4c RBX: ffff88811f6fa888 RCX: 0000000000040000
[ 1900.147970][T13019] RDX: ffffc900080ea000 RSI: 000000000003c50b RDI: 000000000003c50c
[ 1900.155938][T13019] RBP: ffffc90000b37668 R08: 000188811f6fa88f R09: 0000000000000000
[ 1900.163986][T13019] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888120050000
[ 1900.172142][T13019] R13: 0000000000000000 R14: ffffc90000b377f0 R15: ffff88811f6fa800
[ 1900.180292][T13019] FS:  00007f2aae442700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1900.189283][T13019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1900.195938][T13019] CR2: 00000000005bb280 CR3: 000000011f699000 CR4: 00000000003506e0
[ 1900.203940][T13019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1900.211910][T13019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1900.219922][T13019] Call Trace:
[ 1900.223193][T13019]  <TASK>
[ 1900.226163][T13019]  tcf_block_put+0x4c/0x70
[ 1900.230580][T13019]  cake_destroy+0x2d/0x50
[ 1900.234893][T13019]  ? cake_reset+0x5d0/0x5d0
[ 1900.239424][T13019]  qdisc_create+0xa82/0xd10
[ 1900.243924][T13019]  ? __nla_parse+0x3c/0x50
[ 1900.248367][T13019]  tc_modify_qdisc+0x64a/0x10b0
[ 1900.253310][T13019]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1900.259277][T13019]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1900.264213][T13019]  ? ___cache_free+0x46/0x300
[ 1900.268979][T13019]  ? packet_rcv+0xc3/0x9d0
[ 1900.273394][T13019]  ? __kfree_skb+0xfe/0x150
[ 1900.277920][T13019]  ? kmem_cache_free+0x5e/0x100
[ 1900.282763][T13019]  ? __kfree_skb+0xfe/0x150
[ 1900.287321][T13019]  ? consume_skb+0x48/0x160
[ 1900.291830][T13019]  ? nlmon_xmit+0x5f/0x70
[ 1900.296176][T13019]  ? __this_cpu_preempt_check+0x18/0x20
[ 1900.301716][T13019]  ? __local_bh_enable_ip+0x4d/0x70
[ 1900.306964][T13019]  ? local_bh_enable+0x1b/0x20
[ 1900.311723][T13019]  ? __dev_queue_xmit+0x597/0xf70
[ 1900.316855][T13019]  ? __skb_clone+0x2db/0x300
[ 1900.321456][T13019]  ? __rcu_read_unlock+0x5c/0x290
[ 1900.326624][T13019]  netlink_rcv_skb+0x14e/0x250
[ 1900.331411][T13019]  ? rtnetlink_bind+0x60/0x60
[ 1900.336111][T13019]  rtnetlink_rcv+0x18/0x20
[ 1900.340523][T13019]  netlink_unicast+0x5fc/0x6c0
[ 1900.345271][T13019]  netlink_sendmsg+0x6e1/0x7d0
[ 1900.350162][T13019]  ? netlink_getsockopt+0x720/0x720
[ 1900.355407][T13019]  ____sys_sendmsg+0x39a/0x510
[ 1900.360167][T13019]  __sys_sendmsg+0x195/0x230
[ 1900.364748][T13019]  ? __xfrm_init_state+0x350/0x820
[ 1900.369905][T13019]  __x64_sys_sendmsg+0x42/0x50
[ 1900.374665][T13019]  do_syscall_64+0x44/0xd0
[ 1900.379078][T13019]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1900.385140][T13019] RIP: 0033:0x7f2ab072eae9
[ 1900.389551][T13019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1900.409282][T13019] RSP: 002b:00007f2aae442188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1900.417779][T13019] RAX: ffffffffffffffda RBX: 00007f2ab08421a0 RCX: 00007f2ab072eae9
[ 1900.425770][T13019] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1900.433736][T13019] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1900.441707][T13019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1900.449693][T13019] R13: 00007ffc9c92452f R14: 00007f2aae442300 R15: 0000000000022000
[ 1900.457921][T13019]  </TASK>
[ 1900.460946][T13019] ---[ end trace e45544a13c7e47a4 ]---
[ 1900.467881][T13019] ------------[ cut here ]------------
[ 1900.473439][T13019] WARNING: CPU: 1 PID: 13019 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1900.482939][T13019] Modules linked in:
[ 1900.486984][T13019] CPU: 1 PID: 13019 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1900.496832][T13019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1900.506916][T13019] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1900.512472][T13019] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1900.532502][T13019] RSP: 0018:ffffc90000b375d8 EFLAGS: 00010246
[ 1900.538566][T13019] RAX: ffffffff83b414a7 RBX: ffff88811f6fa8a0 RCX: 0000000000040000
[ 1900.546596][T13019] RDX: ffffc900080ea000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1900.554578][T13019] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1900.562559][T13019] R10: 0001ffffffffffff R11: 000188811f6fa8a0 R12: ffff88811f6fa850
[ 1900.570627][T13019] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811f6fa800
[ 1900.578762][T13019] FS:  00007f2aae442700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1900.587951][T13019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1900.594916][T13019] CR2: 00000000005bb280 CR3: 000000011f699000 CR4: 00000000003506e0
[ 1900.602890][T13019] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1900.610929][T13019] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1900.618925][T13019] Call Trace:
[ 1900.622196][T13019]  <TASK>
[ 1900.625111][T13019]  tcf_block_put_ext+0xe5/0x180
[ 1900.629977][T13019]  tcf_block_put+0x4c/0x70
[ 1900.634463][T13019]  cake_destroy+0x2d/0x50
[ 1900.638882][T13019]  ? cake_reset+0x5d0/0x5d0
[ 1900.643380][T13019]  qdisc_create+0xa82/0xd10
[ 1900.647887][T13019]  ? __nla_parse+0x3c/0x50
[ 1900.652346][T13019]  tc_modify_qdisc+0x64a/0x10b0
[ 1900.657215][T13019]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1900.663118][T13019]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1900.668060][T13019]  ? ___cache_free+0x46/0x300
[ 1900.672764][T13019]  ? packet_rcv+0xc3/0x9d0
[ 1900.677227][T13019]  ? __kfree_skb+0xfe/0x150
[ 1900.681725][T13019]  ? kmem_cache_free+0x5e/0x100
[ 1900.686559][T13019]  ? __kfree_skb+0xfe/0x150
[ 1900.691080][T13019]  ? consume_skb+0x48/0x160
[ 1900.695640][T13019]  ? nlmon_xmit+0x5f/0x70
[ 1900.699984][T13019]  ? __this_cpu_preempt_check+0x18/0x20
[ 1900.705586][T13019]  ? __local_bh_enable_ip+0x4d/0x70
[ 1900.710822][T13019]  ? local_bh_enable+0x1b/0x20
[ 1900.715595][T13019]  ? __dev_queue_xmit+0x597/0xf70
[ 1900.720630][T13019]  ? __skb_clone+0x2db/0x300
[ 1900.725279][T13019]  ? __rcu_read_unlock+0x5c/0x290
[ 1900.730397][T13019]  netlink_rcv_skb+0x14e/0x250
[ 1900.735165][T13019]  ? rtnetlink_bind+0x60/0x60
[ 1900.739899][T13019]  rtnetlink_rcv+0x18/0x20
[ 1900.744420][T13019]  netlink_unicast+0x5fc/0x6c0
[ 1900.749257][T13019]  netlink_sendmsg+0x6e1/0x7d0
[ 1900.754022][T13019]  ? netlink_getsockopt+0x720/0x720
[ 1900.759229][T13019]  ____sys_sendmsg+0x39a/0x510
[ 1900.764109][T13019]  __sys_sendmsg+0x195/0x230
[ 1900.768685][T13019]  ? __xfrm_init_state+0x350/0x820
[ 1900.773817][T13019]  __x64_sys_sendmsg+0x42/0x50
[ 1900.778717][T13019]  do_syscall_64+0x44/0xd0
[ 1900.783197][T13019]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1900.789165][T13019] RIP: 0033:0x7f2ab072eae9
[ 1900.793637][T13019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1900.813257][T13019] RSP: 002b:00007f2aae442188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1900.821771][T13019] RAX: ffffffffffffffda RBX: 00007f2ab08421a0 RCX: 00007f2ab072eae9
[ 1900.829827][T13019] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1900.837791][T13019] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1900.845785][T13019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1900.853857][T13019] R13: 00007ffc9c92452f R14: 00007f2aae442300 R15: 0000000000022000
[ 1900.861854][T13019]  </TASK>
[ 1900.864866][T13019] ---[ end trace e45544a13c7e47a5 ]---
[ 1900.870450][T13126] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1900.889325][T13125] ------------[ cut here ]------------
[ 1900.894818][T13125] WARNING: CPU: 0 PID: 13125 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1900.905515][T13125] Modules linked in:
[ 1900.909464][T13125] CPU: 0 PID: 13125 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1900.919337][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1900.929416][T13125] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1900.936285][T13125] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1900.955982][T13125] RSP: 0000:ffffc90000ba75f0 EFLAGS: 00010246
[ 1900.962065][T13125] RAX: ffff88811ff09000 RBX: ffff88811fd748b0 RCX: 0000000000000000
[ 1900.970056][T13125] RDX: ffffc900018b6000 RSI: 0000000000001ec9 RDI: ffff88811fd74800
[ 1900.978129][T13125] RBP: ffffc90000ba7738 R08: 000188811fd748b7 R09: 0000000000000000
[ 1900.986207][T13125] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811fd748b0
[ 1900.994181][T13125] R13: ffffffff85ec3720 R14: ffff88811fd74800 R15: ffffc90000ba7668
[ 1901.002401][T13125] FS:  00007f0d9ea3e700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1901.011521][T13125] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1901.018105][T13125] CR2: 0000000000cbbdc0 CR3: 000000011f777000 CR4: 00000000003506f0
[ 1901.026245][T13125] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1901.034229][T13125] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1901.042205][T13125] Call Trace:
[ 1901.045478][T13125]  <TASK>
[ 1901.048394][T13125]  tcf_block_put_ext+0x2d/0x180
[ 1901.053338][T13125]  tcf_block_put+0x4c/0x70
[ 1901.057817][T13125]  cake_destroy+0x2d/0x50
[ 1901.062221][T13125]  ? cake_reset+0x5d0/0x5d0
[ 1901.066773][T13125]  qdisc_create+0xa82/0xd10
[ 1901.071483][T13125]  ? __nla_parse+0x3c/0x50
[ 1901.075910][T13125]  tc_modify_qdisc+0x64a/0x10b0
[ 1901.080813][T13125]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1901.086804][T13125]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1901.092107][T13125]  ? ___cache_free+0x46/0x300
[ 1901.096912][T13125]  ? packet_rcv+0xc3/0x9d0
[ 1901.101422][T13125]  ? __kfree_skb+0xfe/0x150
[ 1901.105958][T13125]  ? kmem_cache_free+0x5e/0x100
[ 1901.110862][T13125]  ? __kfree_skb+0xfe/0x150
[ 1901.115451][T13125]  ? consume_skb+0x48/0x160
[ 1901.120091][T13125]  ? nlmon_xmit+0x5f/0x70
[ 1901.124489][T13125]  ? __this_cpu_preempt_check+0x18/0x20
[ 1901.130133][T13125]  ? __local_bh_enable_ip+0x4d/0x70
[ 1901.135519][T13125]  ? local_bh_enable+0x1b/0x20
[ 1901.140291][T13125]  ? __dev_queue_xmit+0x597/0xf70
[ 1901.145499][T13125]  ? __skb_clone+0x2db/0x300
[ 1901.150085][T13125]  ? __rcu_read_unlock+0x5c/0x290
[ 1901.155380][T13125]  netlink_rcv_skb+0x14e/0x250
[ 1901.160343][T13125]  ? rtnetlink_bind+0x60/0x60
[ 1901.165013][T13125]  rtnetlink_rcv+0x18/0x20
[ 1901.169502][T13125]  netlink_unicast+0x5fc/0x6c0
[ 1901.174255][T13125]  netlink_sendmsg+0x6e1/0x7d0
[ 1901.179003][T13125]  ? netlink_getsockopt+0x720/0x720
[ 1901.184379][T13125]  ____sys_sendmsg+0x39a/0x510
[ 1901.189143][T13125]  __sys_sendmsg+0x195/0x230
[ 1901.193735][T13125]  ? __xfrm_init_state+0x350/0x820
[ 1901.198882][T13125]  __x64_sys_sendmsg+0x42/0x50
[ 1901.203716][T13125]  do_syscall_64+0x44/0xd0
[ 1901.208121][T13125]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1901.214010][T13125] RIP: 0033:0x7f0da0d09ae9
[ 1901.218420][T13125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1901.238050][T13125] RSP: 002b:00007f0d9ea3e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1901.246462][T13125] RAX: ffffffffffffffda RBX: 00007f0da0e1d0e0 RCX: 00007f0da0d09ae9
[ 1901.254669][T13125] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1901.262631][T13125] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1901.270594][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1901.278723][T13125] R13: 00007ffc810aceef R14: 00007f0d9ea3e300 R15: 0000000000022000
[ 1901.286693][T13125]  </TASK>
[ 1901.289775][T13125] ---[ end trace e45544a13c7e47a6 ]---
[ 1901.295625][T13125] ------------[ cut here ]------------
[ 1901.301082][T13125] WARNING: CPU: 0 PID: 13125 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1901.310647][T13125] Modules linked in:
[ 1901.314576][T13125] CPU: 0 PID: 13125 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1901.324390][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1901.334470][T13125] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1901.340139][T13125] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1901.359947][T13125] RSP: 0000:ffffc90000ba7628 EFLAGS: 00010287
[ 1901.365994][T13125] RAX: ffffffff83b40f4c RBX: ffff88811fd74888 RCX: 0000000000040000
[ 1901.373959][T13125] RDX: ffffc900018b6000 RSI: 000000000003c4e1 RDI: 000000000003c4e2
[ 1901.381936][T13125] RBP: ffffc90000ba7668 R08: 000188811fd7488f R09: 0000000000000000
[ 1901.389916][T13125] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108dd8000
[ 1901.397979][T13125] R13: 0000000000000000 R14: ffffc90000ba77f0 R15: ffff88811fd74800
[ 1901.406043][T13125] FS:  00007f0d9ea3e700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1901.415043][T13125] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1901.421656][T13125] CR2: 0000000000cbbdc0 CR3: 000000011f777000 CR4: 00000000003506f0
[ 1901.429622][T13125] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1901.437574][T13125] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1901.445544][T13125] Call Trace:
[ 1901.448805][T13125]  <TASK>
[ 1901.451728][T13125]  tcf_block_put+0x4c/0x70
[ 1901.456134][T13125]  cake_destroy+0x2d/0x50
[ 1901.460474][T13125]  ? cake_reset+0x5d0/0x5d0
[ 1901.464972][T13125]  qdisc_create+0xa82/0xd10
[ 1901.470033][T13125]  ? __nla_parse+0x3c/0x50
[ 1901.474436][T13125]  tc_modify_qdisc+0x64a/0x10b0
[ 1901.479319][T13125]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1901.485822][T13125]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1901.490962][T13125]  ? ___cache_free+0x46/0x300
[ 1901.495677][T13125]  ? packet_rcv+0xc3/0x9d0
[ 1901.500149][T13125]  ? __kfree_skb+0xfe/0x150
[ 1901.504633][T13125]  ? kmem_cache_free+0x5e/0x100
[ 1901.509498][T13125]  ? __kfree_skb+0xfe/0x150
[ 1901.514088][T13125]  ? consume_skb+0x48/0x160
[ 1901.518813][T13125]  ? nlmon_xmit+0x5f/0x70
[ 1901.523286][T13125]  ? __this_cpu_preempt_check+0x18/0x20
[ 1901.528881][T13125]  ? __local_bh_enable_ip+0x4d/0x70
[ 1901.534248][T13125]  ? local_bh_enable+0x1b/0x20
[ 1901.539004][T13125]  ? __dev_queue_xmit+0x597/0xf70
[ 1901.544112][T13125]  ? __skb_clone+0x2db/0x300
[ 1901.548789][T13125]  ? __rcu_read_unlock+0x5c/0x290
[ 1901.553895][T13125]  netlink_rcv_skb+0x14e/0x250
[ 1901.558817][T13125]  ? rtnetlink_bind+0x60/0x60
[ 1901.563491][T13125]  rtnetlink_rcv+0x18/0x20
[ 1901.567890][T13125]  netlink_unicast+0x5fc/0x6c0
[ 1901.572645][T13125]  netlink_sendmsg+0x6e1/0x7d0
[ 1901.577430][T13125]  ? netlink_getsockopt+0x720/0x720
[ 1901.582690][T13125]  ____sys_sendmsg+0x39a/0x510
[ 1901.587450][T13125]  __sys_sendmsg+0x195/0x230
[ 1901.592100][T13125]  ? __xfrm_init_state+0x350/0x820
[ 1901.597232][T13125]  __x64_sys_sendmsg+0x42/0x50
[ 1901.602070][T13125]  do_syscall_64+0x44/0xd0
[ 1901.606480][T13125]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1901.612464][T13125] RIP: 0033:0x7f0da0d09ae9
[ 1901.616863][T13125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1901.636631][T13125] RSP: 002b:00007f0d9ea3e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1901.645347][T13125] RAX: ffffffffffffffda RBX: 00007f0da0e1d0e0 RCX: 00007f0da0d09ae9
[ 1901.653419][T13125] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1901.661500][T13125] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1901.669474][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1901.677456][T13125] R13: 00007ffc810aceef R14: 00007f0d9ea3e300 R15: 0000000000022000
[ 1901.685870][T13125]  </TASK>
[ 1901.688877][T13125] ---[ end trace e45544a13c7e47a7 ]---
[ 1901.695992][T13125] ------------[ cut here ]------------
[ 1901.701576][T13125] WARNING: CPU: 0 PID: 13125 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1901.711233][T13125] Modules linked in:
[ 1901.715116][T13125] CPU: 0 PID: 13125 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1901.724934][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1901.735089][T13125] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1901.740695][T13125] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1901.760328][T13125] RSP: 0000:ffffc90000ba75d8 EFLAGS: 00010246
[ 1901.766534][T13125] RAX: ffffffff83b414a7 RBX: ffff88811fd748a0 RCX: 0000000000040000
[ 1901.774522][T13125] RDX: ffffc900018b6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1901.782594][T13125] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1901.790569][T13125] R10: 0001ffffffffffff R11: 000188811fd748a0 R12: ffff88811fd74850
[ 1901.798568][T13125] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811fd74800
[ 1901.806544][T13125] FS:  00007f0d9ea3e700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1901.815511][T13125] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1901.822113][T13125] CR2: 0000000000cbbdc0 CR3: 000000011f777000 CR4: 00000000003506f0
[ 1901.830141][T13125] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1901.838092][T13125] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1901.846225][T13125] Call Trace:
[ 1901.849566][T13125]  <TASK>
[ 1901.852498][T13125]  tcf_block_put_ext+0xe5/0x180
[ 1901.857353][T13125]  tcf_block_put+0x4c/0x70
[ 1901.861813][T13125]  cake_destroy+0x2d/0x50
[ 1901.866155][T13125]  ? cake_reset+0x5d0/0x5d0
[ 1901.870693][T13125]  qdisc_create+0xa82/0xd10
[ 1901.875187][T13125]  ? __nla_parse+0x3c/0x50
[ 1901.879600][T13125]  tc_modify_qdisc+0x64a/0x10b0
[ 1901.884495][T13125]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1901.890402][T13125]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1901.895390][T13125]  ? ___cache_free+0x46/0x300
[ 1901.900105][T13125]  ? packet_rcv+0xc3/0x9d0
[ 1901.904514][T13125]  ? __kfree_skb+0xfe/0x150
[ 1901.909051][T13125]  ? kmem_cache_free+0x5e/0x100
[ 1901.914074][T13125]  ? __kfree_skb+0xfe/0x150
[ 1901.918556][T13125]  ? consume_skb+0x48/0x160
[ 1901.923063][T13125]  ? nlmon_xmit+0x5f/0x70
[ 1901.927398][T13125]  ? __this_cpu_preempt_check+0x18/0x20
[ 1901.933034][T13125]  ? __local_bh_enable_ip+0x4d/0x70
[ 1901.938237][T13125]  ? local_bh_enable+0x1b/0x20
[ 1901.942993][T13125]  ? __dev_queue_xmit+0x597/0xf70
[ 1901.948071][T13125]  ? __skb_clone+0x2db/0x300
[ 1901.952725][T13125]  ? __rcu_read_unlock+0x5c/0x290
[ 1901.957730][T13125]  netlink_rcv_skb+0x14e/0x250
[ 1901.962608][T13125]  ? rtnetlink_bind+0x60/0x60
[ 1901.967292][T13125]  rtnetlink_rcv+0x18/0x20
[ 1901.971796][T13125]  netlink_unicast+0x5fc/0x6c0
[ 1901.976808][T13125]  netlink_sendmsg+0x6e1/0x7d0
[ 1901.981624][T13125]  ? netlink_getsockopt+0x720/0x720
[ 1901.986875][T13125]  ____sys_sendmsg+0x39a/0x510
[ 1901.991665][T13125]  __sys_sendmsg+0x195/0x230
[ 1901.996257][T13125]  ? __xfrm_init_state+0x350/0x820
[ 1902.001449][T13125]  __x64_sys_sendmsg+0x42/0x50
[ 1902.006217][T13125]  do_syscall_64+0x44/0xd0
[ 1902.010763][T13125]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1902.016667][T13125] RIP: 0033:0x7f0da0d09ae9
[ 1902.021449][T13125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1902.041222][T13125] RSP: 002b:00007f0d9ea3e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1902.049661][T13125] RAX: ffffffffffffffda RBX: 00007f0da0e1d0e0 RCX: 00007f0da0d09ae9
[ 1902.057696][T13125] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1902.065756][T13125] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1902.073823][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1902.081816][T13125] R13: 00007ffc810aceef R14: 00007f0d9ea3e300 R15: 0000000000022000
[ 1902.089859][T13125]  </TASK>
[ 1902.092915][T13125] ---[ end trace e45544a13c7e47a8 ]---
[ 1902.108945][T13339] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1902.125612][T13340] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
18:51:47 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3639]}]}}]}, 0x434}}, 0x0)

18:51:47 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeaffffff]}]}}]}, 0x434}}, 0x0)

18:51:47 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

18:51:47 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x300}}, {0x4}}]}]}, 0x68}}, 0x0)

18:51:49 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xefffffff]}]}}]}, 0x434}}, 0x0)

18:51:49 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0xc00}}, {0x4}}]}]}, 0x68}}, 0x0)

18:51:49 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

18:51:49 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6558, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

18:51:49 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000003540)=[{&(0x7f0000000040)="29715ef40a1b46d5d5ba84728f869bc6be5775dc615a584b12ca674402b9d092413460d0a51731b55ae0e69ffe16b4672f162053ce", 0x35}, {&(0x7f0000000200)="b881519a9129980e392314397c8669a65d34ad44f98a81d4f830f46862637b2bfaee20515e2bbb09b20bddd84ec5460b48317ca4343b6c824ea9fccaeae45669365f4ab57b0e0dfa552afcd7fa45d788d63760c3cf08fdac130ac58a6b951c08fdafbd0fff3b164fedc7c1a1259448126e941fab259ae2b51b85a542386383107805f20d0aae9998aebc36abb3b45293", 0x90}, {&(0x7f00000000c0)}, {&(0x7f00000002c0)="718925528dc7712d2cb951b54098ea4bf9248408bc86ec60901af6326dcafd51ea9be281d2de9554f12326a2496a036ddda4fbfea796309737c161111566a450bb8384d7c8ef4499fd110b04cae93db9a0ec7949b1f7e9b4a3700f3eacf7008ccb3875cd1adccbca29dcf09e71db4d234dd3c65ba10b13b0549c13eb157babd9fda2f2e0f53f1f45d23d7af75e52488dfd60b124ed23d13ca3065e11aea3e2c6a8190dc8b9fd37c7cc0568f36d3e4080df4293e47a61ac6f48130f483e8e5c619046c4bfc63002843a8d0d0c459093c451d0bd344e778dc56ec0e4e54ba94e353530cdedd49e3feb4377dcc04c08d586828ee0e2c9ae9ed4d2086500b35b17d4e995c3113b7e56059314a59132fc94be84c29585f7f842db1cc046edb4f155ba79caa60e2670b01a534a1722dd80959ece6f629d62852a5507030a7e4e73b8cf135c099973e33e48bd4ff6fb50b3848cc67038daf6cf792ef1d2b1e2b58c554b1fa11fff9d24b922a4092de83d8970b2296347eb5de0e0fd197739ab2055df6f62b035fad3b817bf8213f106234ba41d38f1ac0d26ca15d9c945cd00922510a002d9c10c7c38369ba4e80817e240e4162678be24f96e5818ad6b047ea7d46e56a03210ae440d1a2ec0e3a438e14dc8798deb69d8f943b76b2a98c1bb503e1b15984900b29cb0da09f068af0537aad40a3fe83caac6236386f68ba8586480433a08d137ddadb493f43e0868afb52e6a24ce3ebfbfe935c32e8e694c06540105926b97cd5a0f638d5ee3196f03fdb42d6c0a669268b04c05f82cc2df36ce021a7754eaf508df9ae9ae657f08fc8b58215267c2194044279891dc0a065ad603dbf615ebc3c5a267fca5e74288f17ba0d74f70a4aadb8689844a3d9b3b9bb23bda5a4d0ce41ac9f235d2213f19831623c3bd145eaedc9104504f81e325076cc79b5fa0bcc975fd6a6312ead54997ead0dfb18c7c23730365edda0cb326b40fe2cdb04f9b46d800c43981f49e0a765af5f8bc2a678eb1b957be6ecad4cfbab48c27c61c7fcb5e1818888aa8a48f1f0e99cb18754a6eedd66eed7e0f4e7a5da819707d234cb0f5a8feeb308c5f7e1597a501237c9cb5b23e5923dc074e51a73e1290fa6b92fe86f0ebb9febb9c759196e8c6566228cc1bd19d28fc1fc8febbac4ce9629cd8546706f038486f09822b3fa4889d0535cdbfb67e6fbbb7ca80bc58a22c0be82bd354be9b2c2ca5819b38566bc15fb8ab70bbbde44218662e303ce3d15a511a17b2d14c36a4d89455be181c47daa9cab0a9479ff4483cd62cbe68f6cef3d7191ef722c0d04d0e9f77df76baf15361d0d997bf44779954e59bb7fe24401cfe53ab7bc097bd8891e33a9b643d7f95f6139786a3b9e1c253f92e492acc39655a6c5f62616ad0174082bcdaf20659a960b7c98df2292df152cf75a522441e39cef13756ea260c09926617665d9d8d3096f6e170aa640116989c90dd26ea06fca1568d4afac05988e4bfac8632f5068b1de6d46bf7c9a856e4967c57c6d0b1fe5e9f63db69ccaca61865cece36658156284bd9821a8a6a762ed41862e7ab83de916e3d127a734a72aec41f7a35eac2c7fb49a7eabc8a82cabb95f187f03a5bfd2cf78606801e4b432631d5322df0103d64b7ac80631d512fd19a738c8c1b36be2e93bfb889e289a2adbcde2849c018215b99335f3c4959612918a5d1b57996e7694d949e3926401c81966d8d339efb8f8ca2fd87014a1c07c62d1ed64e9f18dae203f8b15096eeb3e49313b15f4e8ff679b81b3cf366ba209824a8c347b9a1b94a1d803e8a5d8c40dc27180c8ff223d0c54a14ab5a5013e616468dcb75406b3d80323dba716e9e830a37a606371ce2c32709e43f04527ec753b88e673bbf1ccca89cb23383105232fe89269c655f9bc973a90e51b1d7b92ab667df2b764fd6ff7975fbce2b18759a028e532dfa8caca65a2e23f051d4972679fc16c6b8477bbc328d482edba7448086570b831ed900b16055c3a1d81d464862ef3091de79da73da3c0c13875355999edb1d9fcb30a4d3c463607e6f0751455a783c9b80eced2309866d881dd8758506abb4dd28203bf6a015be4f5c1d695883afc6a97004f94ca9a455ced338eef59c1ceb37f29579c1a593ac3f5144de2a8910517ba72e42661097b03dfdc3b3c9bf10031e7e380d038924b4408201f6e12578df1731d00e212371c5d44217d9a5ca50e2f209f5d5625017b9e1745231f17c3880d1d371813d2f876b46a9d469bf490f92806d94697d84712aa45cb101a402742f48e1849869baabfff877bee14c91cecd3dc9037f6cf55be5a5332d2e0e36936b791801894efde7781eb0aa5c7be5268348bbbfd398a307f940f883fe281703afd153cfd75f51c4302d6d85c45fad31bd66f760cf03beb3bf269ef1ca846db73d044b4e0e35420276daf2b979ff0979f3718643b4e86db1712912a0a2311bf833a517831e68ed261c3e6ea860908a58e2f49a80415d045524b8ec2567c09010a877532854a854654b3621dae78ce768399a3cc04f9d0043f6ed865624dde264e1b998142077501dc2ed67c31e7878920512b52c5f9bc420f9c71f5f1e9fd2e826309122cfb86548c909776305158490e9e0206267faf64ac35fac64f502e3f2d3d9390f4db49a05b0b402e9f1ddcb1b81bf3b05545eb4cf565a488ba4f7921f99437d3541ff9e33165614d2b03945dd9aa395fac4b058e1267c702e72af33748dbe08d88b7b34553b7d504ab6fcb23d9f1431ef994b085f15e20427af7ac78d5c33b6cd5f4978ba82eb3f148ccd12c1e53791f7f5696365f2c7ae89e0f3fb1f3fabb80100e676b5df4cd157202888267c517e18347fbeb1c8f45bb4f0c37fbbeac16d74f41c9a1069ab0b42be059badaf73a8f7fc180cb5e4ba3d732041052303b98729e359246dcb14c5fcdb2b8896420adad40bc18c0f6d1f0bd11ca1283f3c7516ae79094019efccff0e55babbbd2018c50be3754b11881a4e568e8e25d50b910e62c97892a688c122602db413e71052124712d7d84e4532b6f9cb1756ab32b28f4a2778d07aa4997122306e487411a3385297911757148aa845c32d71c6ae6d151738f437c327d051daeebcbfc6f4fb53715510ed5ef9982e52eeb971e1868199c95954f607578da0e573414895ca2637353a55a55d60b6196e23c2607e3afd381a46f251dc84a3720b05c61a7e68fb6a8b99a3ee6ff5d7d0cf7f382b37f8cf2156778643efde35791f139df43c22e1213d78b2cf5a37079dd6c72cbdd8b2fac2b72d3e1b8290d674b77229bbf89489fc3b11500a9596deb4672df724bb3c5a8df93cf8e7a84ddbc86b61a7fa0a33d7f6580c7e5f65d2dbf266cee5ca6435734119b338da9748a9f536e375f75e7047525dffc9bb89930e17473e0f19f4a0a96733be63f59b3cadf6d47143aa5bbde8deeee6eb99c941c3f990c103576fa5a3c5080afcdae0618beeae5b48bd5ba6ced07d112e3efb23d43446ddd1ae93a02e0aa026f0159d13fb812030bad4f2a0c286ee280d234d61a01845dd0561e2d8475c7835d888bcb47488c9a768a0fb22d0f8fcca9ed37859f4d2e4ba383aa73d70d4f607cef82aec462287cc3275cb4c29bfbaa17fe558d1e35d299ada2a5170d8af8187f06d5246761b29a3daeda21043f2b72091a40e4a3e6055ab6e49fba44c8afc228706eae26835d590b61da00dba72c278fbaaaf9da990b82ee162e4cba14beb74a78ec810de1db16c69937ad8dd6a3e32bfeebe51851c1578e998fa18f77035b62336879d590bf373c6a65bff7a7d72f44b7263ba477e12769983e7d1d49758f72604889641d14e4b7dc077876aaea97d560e62fbafe27c3d811ec9edb53099f5a4d4c7bc463562fbf0b9bfe5b2751c78fe3f5bd0c9f44d38866507a42f0cad66f887c7e6d3c249b4257a73861099f30a4d309c475dba4bf7182f4e6937e830f10262fb48abcec0a17aff2fa390e22907f52df1c21b9811403d13fb4de6f3180e98873de671c8d06be270f578a80ee9d62d4ecd085fe43eec0358289f495e38aa726d28b2bd4a651bc5edb1f60fd824a010f7fcc2b238b50dbcee16702e11e948bcea89e517c9a356231e85c6eddfc39e4402c6d0adb4e5de2a4245749a94977d4e427e95c63d8f3f33e12c8415338286c1b9cd6652c039ea9882e2b58c73ba6bdcf4bf3e82b3e0ba70a4b6bec82da4d6568bd66488a8a03315e2f5eac98462e258ed560bf1e5c6f134df8e103f133063b02d68d5d48d737214e559684ce634806e997b09c69e6690e2e223ef831ef29900c1c98bdf63844c0b941f164b19a4efe42e9128350b1694b474d61d39b4f95e30fd85d07df2ab924f0d9f5dad31081a1c9240ed443cc8cb1530b4bdd3d41c2632e5e9defeb6a6d6ccc5483cd42144c25fe9024290298ba78cff7bf9984629d77debc71d84a2059e566d2b22ca05e0f2983ae442e43905e883873a402fe9b3692e15bb6c4340637e81748f5d756e67b40b96483cebd757bfcccc53896652b528215d8cbdf61ce9fe882e86790f12550a8dab9b369c2850ef0838909d274eecb5158c9269ce3be2c21d556f580ab3a14b651f9cb48239150ac690bad35508b621d0173fdc28075daf892ef8868175ca549938cbc1e1c8013a196fe4d3e6beda80f2d154c387d9140013cab3f787db15189e88570b5d2dae020d831c8ac5f596fafe4729410bb14897b27e618b4ed3aa9e33f7b9cb05e0ed9b4b0ff252d3caa9075978630ae291754e311cd4e3ca813b14aef9ccbca1476acb513f4b59d6c72c91f2fc3060fddc20a4d7da68b3e1c8372b3a793372ec44437f9d8610bb05f40cd51f8afd00dbf57a42fc7fd4203448f74bf06bfb2d3513ab46ee76ec386b5f459402d89fa8212ac35b18f46c9ce79ffc28964a0f49075b38aeec3a25955233b26601896d4e6e52360cdd1fa9beae1197a8a09f71a932729105e0a21b5d37ce51e64e2bef4a6967173f4d0c045468ec8505644ead0519b8469190b5b20eb904fb8b0d679f1e821ab299bdfb257047a02ab675b20fd776689484a4ca887c252bb26ca475ede0b3fd61c4e4026de60e27d7efe754531b27d1a27c77418fa19e7f365bcb9ccd8d5979530180a5773f38084a17a0d4812aa849215730540c5701bc1b3cd67785ab2025947660705697727ab711bf8424656b1370d519adf8a268db276728c049b16497d7938c3de3beed0e0e29686078413ca3c18f73b03da8f5506f2931da4af9e4dbea780b37b2c059af21a47d051b2fd2acd24f5a93ee04e211777a135d6893eb0cfa8e1c175df09b33254aa1e6cc5288733aba94185fd9a8617ac5be5c0bb4e995f1137a70ff91cb9e825d7c9768da21c026e30ba0956ba71e15a762f00ca32202b6cfc0172fc2200f0f8836a99d3b47d309bbd24d994dbf33564042081bde12592ab1d914229230c776188b402a6f19c80828549fd6c2eec549a80627307c2285802bab6fc7111668d3d093975eae555bb46c7164785efe13893ce9f4980903bd493522e44c933317d5b9c52d82e3d9cf28a1f97cfb1b8c0975b558e9c63017b4aa22537b38477512795a5ee28c4f92523323a27f8fb788961567a2cb6b5ad2b1f2f2ac4794072a31641d23fd96eb414fa73bb757908888854114a0ae65180cf251a92ac347d0cd1a3cb2f347d054d82f8c98142dd362e5a80845d49ee6a74702b63639693994229fad6b31b98941c895dbe08966a86bf0103385351b3f8905e41b3ed8783c7d0ba346abf171", 0x1000}, {&(0x7f00000012c0)="5ab1a309e5ac81f5d2761012a4f70c8d7de0e7db7b0c485e56dcf7dfb4b14d51a45e0b53f5715a6182adc4447a8a93d73108553459f33eaf73caadf7b32d4a34681611e15e7e811512f3e13832b5e1c808f5716896d5c0ff28caffeef9cc0f719742edffaa6172bee683792fb20e36e03a940ca46763094264f85c0aac04ed01b9312263e21cd7c6ac6d45f72b70e5c9e554b4c81abec8c0d2aeb63c23f513a4f4092347b99f96c4456d3b94a9a9b710d6c507ac0dee020340970099c514d12b7cc86b572265b0acf48165723df935ecafc218d5f8ebc070f3d271a64ce0234a099229e776122ee491c9df457bb36e1cb30de7173c27021b12b5b18a504b1136d73376d2c77c1f8e831d5a0959052620f9e8cdbb66d647b41b1d17f7def6807fc83775ff3b55b4aad91c9a53eb699be242b7d97b52863cf9e3df2a5bac55ab53fd1414f5cac59b5cc41a2d9e03574f4ceb37d62810209e91249a2a8bd56dfcb4d2c4c7be01e494f356680d070ad7df689b481b01223d913935ff0eba592227ffe962e9ac7a2951ce8c0cff843a28267382e5dd922bf4333f9a7c01dc55d9c6417d52c5194078bddc490e98aad52df9d0ed292b07944cd2ad9aff3269178c82873977be84a7297b0c78f6efe95ff62b85d69f1ce68f69dbc2254fdf47fe8d8c871fd2659865b07357865b743c11a7b2d43dfb3f707b7e3c6049aeeddcdc66f5bdc3efc53ea8c4b0885c26565fef68570487815e391a974939cb3511a1d9aedd55ac91fdfb8ec9bbf0bd61f2b6dd853e8235fe71de38cf775457454d53dd2c3230be23413f24be774d2c6914469b365a8f6f3ced8c3247d13ea36f0c9ed81756a9fe8e41bcd49216710735adcf83e1fb7a94b99f43ca4a42ebd04d48c2b8572983c7a79c11727d9e14e6fa438844ecf958073e9643a0b9d9c4993903b3b1845c8f8993c63b10ad0945337bb4339236a2ce36eeba5cee0178e5a649fd9177e49e9112da29d669060bb931132ee4774d6dbc1b451b26e7b16ce004d5009bed4df7e5b7f803ff02673087306b460bb8e45671dbd49a7f572d7045063c989832254ba6de6043f810114282cd844396859477cb83cb9bd32daac8f01f5dc01c74c194d4cdf3d8809fca443ebb30a84e9a0e9a8c18c566f6e64e3aafc22e073e9600d047155fe5e7f167b3081d368ac8074b48e53ea53a7d6726d98903def36591ad6c32c3e50fb40951d6555cfd7866a3ff375092cc4aa8921c47318e1e2c8bc60361c3b109b8db987ff41c076aa1332b543a6c3ba023ef97af7682f31056f0ddef40f66d1b3461083b169ddfc6d8070a00d148c660bbd75cae3e2ee05e078aa18eeb7493fdadbc4083f5ce4eb4500769564c3ada2edc4b14fb3f41b83fcd87079e4c561e04f29650387ff8ec03593ac314c079ca948b2ff335a6ca0431479ce57e25d4c4a1eddbf81409ba549ee76ec52bf638d00a68d845e3bfdd8200ed5b23071bb042424f43fca8b640e60f461f129f466b74e9d968ea7a8d698d9b78a6dc2696b95f7d5ecba75aa6c00b366b19e649d50d4355d061662dc7fcb70b13672ffc090cd503e4e24218af36af593de3cee9b1f4b4211f294c538ba28a6e9e52148155e4e190c7d8714d0c049280d50a11048597c222e8f1aa0fd34c6154be7f5f5e85f98f7ce047ad0efca3eb0857f126387faf335ba866a9da79b90dec65b11e60a9cfd7081d9069721f45648d2e8a6c9d08802e33417806836ec51c9676095f92d913e176404ec9b30f263bfbc8127400f75495b547924f29fd1932f0b70abf20a34a0d91cf9bdcfd7bda46b865d9d3874d5cc27efddbdc70fab003522f5e5263bc0913f9e1d1de519cf0f1b0e564a990c436f65e6836f46889bb15e7aa346d0a84fe6477e8dccf1b02bdd5d4a6318b3298728efafcb5f9189facfda3ce9d3e31f0b36d874de073a9b09581fba299fba6c78cd771d7118d0a09ce936f76b1a463be7ee78ca2bef4909146d233bd3961ae0d6daa4887ad27acfdce3399bf6c0ae14c9bf6a80ad9585d18f183ec1dc5cba844c39fcaf9486e87980081df6ee99e926b43954210b1b87f2fd6b7865208b056b03b9b21b0afacb0a3ae649019f48dcd61ba8ae60ed9f7fb9f7530bdc9a25d9afe15b40465d8fe3f35023791eba601b5f66570c91650cd66c7dddf0af7c10b90686aaac8682c4a1a2b5b384d420768befce05a703b3e5ed23e4865545999b49f9e9738ef45f5cc1e92542fbe38ec03f5e7e23ae8f5b86f746175bf6f216e482d844f92efa7dc1175e506ef1c708bafb1075d137bd6f4ca03d3f44be41194c8346ac0bed55f93c3328632966e56c5a116570ace26b4d3ba444af0ddda8f8951ebce3268c0f48d3981fa1fe14bd99960f7686deb08142e07cd6c08059eb2a5b5dfef8ff0c6097007205ad0fd96534cc1d4b419c783ad3c601dbd475abfc23cd250861f65b46c5c054421ba4456d96789053a92cc62f922fdb9b5362e3a9a2af9136423dd72d7b8e9cb4701c9ee3c2900e2938e91944c13e7fbe3210b8e8212de81652ac0192fc02a471fd4c944bb1622b45f4072c758d29e6a608fe967d7afa5713e2a139be842c1cd975adedb5db92b8eb3800d783e0ea8dc44cd50f8d1adecfb4a7c98827a45e16d8e93667679e08feb7791e0628b84d98d502cbe55f64313fc0dc9db1057b364c4b4d7467b4364f8853d7eba9fa73ee4602277e37bd30055654d4d68365da93c430060d7880efc93d6e932aa509cc4a83b3fcff3887c65ccf969f768e8be0e46a77a6aacd43bf1d7a5935c163ea67c19b8b5dccb9f304ff389618b8a9e943b4669ec51b7d07167a091ce6dab087360ed968bf4ed018f3a169773e5db531021cefa88e8cfeea6a50c45ae5bcce84c301601bdcaeee7b407d144a632588bdcba9a7ffb6501797721a449c5fa6dd0cae83f5a1dd75b1c4d6c6cd3f0fa61237705834218c520025b647c062cc8112275e03d6142c717a87ebb532aa4678573503d4ededf7b5f3c9ed362e360ba45afd247aba94a6d9e5e378471f8552259488ed59e05e88979015d5f0110dd683a174eb685a30d192ba014f803961c766eff94745c76b552361c68d7f53c4887365eefcc1e9db9c0cff8f7572a17257c22512dae3a8e422fec63142c16d3567d723edd8911199cc54fbe6804254265523276d16aafa0eb4b4a2264d1654b932fb23f724f7f915ac92b4759c3536ec3362ea095ade2e8b56c40c79af0327f055eedef8118ee3b038d8682945b85fbd59f21d659545071d1ba61413476dc855e6eb605c83dd858c75525c4b54a712b692aafd92dd02c6114622d3483d772a765bc5d5b4575be387847ffbb2c5477e12a093be9db5eac84620cb654d17f9ee7b836fcd186373832ffea0ae24f7d54c70d21d3756ffd8ecb7d13b25a745a39d038c8eab21b2d3fff94d2f050b002d0403af103235910831cfdecf589593f87b6172aeeac0e3c50a144054a07c954d240b9e00ab0a3d139ac311f3649d98743a2a905deadd5063b8aba0184e3a72828249d328ec9f1424ec5f0e2409222608a63c01ff1d9b4b6cad117cec71e22ba37b298fc660fe8af9280f131523a44ed993ca16d87cb643ee921b7a9f5bc2d66ea9b766d46acfdc8c069a5af61c2746b001958ecddc853730d064d9d59919128ff3d11e80c4b400ea7c4a97f26972b56db40991432223a1b66b7560264bd6e9a6fe58c41106d7c147047214835a561399a263cf6f28819f15f694f50f36a5ca2c3441a10c2d88c20b6339801638103f3c619c17af29e5eaf57aca2d930ffc6e02d2acb9aeb62b89e6f58c4b5d44bb52d08fc084c1378039771c5e415957344ad692b1e9c9d3fe95c1a2f1da342e9da2c3833fbff90dcf84e7a841ad07e6ece4a7f98c4034e6c82740b24133403e142a838058cd74adc8076e55bdf1c82548a26f7a7da2e1f864e112c7f244deb2ff518f77f3ace5a56dc074c4b40c12a4a926e05beb8c3bfb4799fcd2b50a40c09e9433a4019e8ac23350fe25c2ef46dcac699ae666b8b62ae330213f85298bfbe63f673936cc3277f9ac09f018ed5c6805a7ec49e77c7b5c8cf1d031c2496cafeada01974447a3091856b4f73d5a7cbca00e6346fc55ecc4bdc69633024b09227e1382821b2d0168a1664797d89bdc519cb751f30447154206f8b106c0fcf0db3d7388793e628f531d777d6e79fc37101a02d0e32064435eed6af1bd4d29b6a66f2e29422611a6e2476228f1a1a278591662ff34655cf7400d98619f798cc2af2c8071bb861aeb56999c274a0f60485b3e413e973f790faa3ed0393e348d4a5dc9412dc0ed1c8db2dc39eb271856e54b484c858b060447ffe2716b47e6b760b03d1d510aec3977195bbb529882cd588b3321168d773a7b29d6583d5d23e6f878f2a50fd6e865d641765fdd32ac719b6e2789aa90c90d3d2102e2c409132e0100a6df3bb660cfe921a07b93ebbc51a53f765973c8fe28b262e5946d4f522366a3f3501ff8d5ba2271fbfe970b0cd7d422350e075390abf1b5698bd2922fcaf54f06fa7b5b84577938f3bd642676e738c7c4d461e14d4f696714548bef730d569d23a3a534b29f8cc4ee036196b24c505c609b627af3223f3fa452d55271b7ea889852d49b5c1486dd3af3133bbd1c8ccf1d3f631e6524c116e07091a3855cb4f3ae1ec10f1bf0a08fe3b5ec978f8dd47ea89fe3dfbaa6f07c58addcecf15c8572fe0bdfb54aff021774ca19ace4ee9e5d94e516dd5b11103f40ac6da3dbc2fb7cb5c6a17f4aebd8432144bdfb4efc1c412b521f7d79da6e3b228927df878b249acfa6f19e4dbeb29ae177b7881535c2ba27972b2742accb30cb9d4e48f5fd2243c3aa0d856788eaf5c3e3ba203e98f0130d9e3686b18be515a21d2e1c2488d3ca51ac374e1fc313eb51638beb7f8c32faf6f34462c80fa3f63ac3ef267fd38723a1d67ba628e05881cdc95bc939ffb9f69b86fa918a9f544a8b843673d1bb7ede6fe32d8d97f48ad095fbeabdfe4e09874fea45d8d261668dc5ec09d428bde7ca42a5b89180f477ee9e5def0bafcc7ccf067ef1f1635f4f9dfae56329b1362443acd1e209f1518947ee819f8e9f79b59be5ed403512324f0fbfe6599329b79dcaee06a0acf84667a9db67e67d04142e39bde45dd0e84a9617136a82e2788959d5824922fc9a079d4a751da030266cd67ce7453207a295ae950c4ccf9e3f85e60fd778920760b9b626ec1e25d1165e886564ea3774bfd2b2b14e0130ee173701f2c81d652efc87cd5b658f5fda9dbff6fb440c4cf05b5cf426de257caf09808ce9da32b9b532b1215461cebf9b8815130d7d25af79dedb434e262b18adfca0a3ad56bb8fc05bbd015039228f334bb5eda3dc7736ce2999b9f46c688e1a88e39d1071cb45ca204baa5a3b2a1270cb6175bcaea486f5d0fa6b9c431a4d620906599072abb3a490f0143d915c7c2576119284ef0f4cd53c20913d9ab3d4014679f24dfeba78ac49991f8a02d32216afb686aafa412515c1b95d582a6d0b7bd9c907cc488ef379c198da79ccfff202705d07f2757618eda39a83f5e8520aa18cbbefc488b70a7cf6b4bd136f15f9b48ccdd38af4ee55fd1870f8f6c359b2019411cb3e3c065982608815e4060bfc7fea33782d54d79aef095ac2ffd48d5ed755b25ab6a235aa8aaf1de7e59e85ad81e4dc3aa470f55a0c520df1fce1b017a598ba58e6b77aab06f2b9c11721e04b4746fcb3b13b9d42314c30d2b37d674eb3cc2f703f5013c556813d8", 0x1000}, {&(0x7f00000022c0)="853fd96bbee9413c62e1dc9d441e51e2a508254528517831a5abfd6397c2965aee37751c30cf5176d3d4e43f54aafb1d7c05dd0e4f002680c8ce4d9c70127397561c25f4ff1423834835b0da016e5660ca74ac49770c950a2d2b60a49a7eba60978bb4846980e4b4a8056d91136c55f3029b3489490a4d457701a3f3cd26", 0x7e}, {&(0x7f0000002340)="09a1b3257c5b1c8ec1caf45c46d09c8a9236c1a88b181959b4e33802ad46eb9c6c615b24b892299e741dcf69f294e88ee750934190a7677d424f69695381d84cd85442c3f320bd43d4d205da2f4226e23dd07caec022d130cbab61824de1b17812df4112fbdc0eeff6ad9b57b1f1852de627e58ef7bcea0cc3ec9198c4", 0x7d}, {&(0x7f00000023c0)="1dc73b31ac44b9d0420a385645330d4975d7e23a5b8c6cd7b60defb28a3a3ddc5e8a7675ff23d3284299b2977a2447e4cd028056053b0a72d98fb454573c2410b1c13be98cc899ecab68e83bb6d9fc78ffab5fc60730d7e0ea396b7fa521f788d72bc4a441f7de798b3a065e5eb05e36b81b1a1d70ab9feff1156fd4ed821db559fd4eb297fb4213cbc3ad07a6d265b9917041d8046802a6535a5becfc7302bdf58d9f2c582f2b6ab6d0780e855316a25909f2d8e94081603b8eaa7706c29408b5ed201368e708f5587bf7a9c8d8a18365a313", 0xd3}, {&(0x7f0000003680)="906513401dd71121a2c12a0aaeb45d0f073006000000000000009253fcf5f5bc42a615ff2ef99712b04d2b895f6863453699fc5999c0950d591a497991f0e7ece7b3149e627b33e9b6b02e8ee667e39b8cae39e10c9dd6ec0f81a63bb735ea3004e077ce84986d36c3099829fc593ccebb6abf0f2e869c9ddf8c2db00f4d73b83f0bfcbf98419f2a2430216bb452beaa63873bfcd9e107babd3ab006dc8bb987493aa05cc570782daf5ac0e9406726f6e1467e63bd498c1a9106e5172070e77697788b9ef00e18459ee16ed1f57691d5c866113e655ca610d0cf1833c658b1e86b8c9b70c0a87fa29552283a92feac9c14", 0xf1}, {&(0x7f0000002540)="ef55bf403af1355e3c516a6948074393b9bd877d89d187c600ad1d53151d729c8976eed2c9f4b89e96acd44be96fe77f73d3306919d00afe2392684c4ed918c311606734bf7b3d2982de867056fb88b038572d5cc9425d3e776a3e05acc1625d56cb5b6af7c8e5eba256de7273bd9ee987cecca117cdf9c5303d3f362b60ae5e0a994b491ed04056ab2519c8909a270d5230089c63a7adac34f8ecb339cd7668bc133b566837d91fe933ee78b4881f5ab7c3e469218d7fa0989dbecaef0fcbc378e866c2ed426d59316f8c3ce0085a147334800e18f9d611ccb7e3715caf539bacb8fe583af0321e4e9777fc2ce1ee67c43133c5e8b48fc50f233ecac57754cbd21a17346163b901ced689a56584975e47f98d15866eff7ed41433a4c5d4731b49c6ad3a08c40e64258b24925239f19bde2329854cee3b9d6b982c2b5125795a58038885c156f51bafe4ce51d91773056f7949a2ea9877b6282d3e4d7786d3689b71c3ad01ea3ae516a22ee346a39fdce891d2b9c9a7271ca4bd71fbe31e5d8dda9d3da08f99eaae1f2d8bf1ce26a3c229cd4653eff035f9e81b66f1cdf89dce60ac8cf498d7a96ba1c297180b69f9e11f8c8c49dbbc4e7c79f225c661f5097f95456e5c6fe322885685bdd232d618c11bf4e00f8bc5e4f1bfd582cb475e98bf27b351571f3a9b973cd76598ce6bb7849eff73ef46bd6d04b0a1946df2e823957cc4602c5cfa65dcf19882a72e0badeec82bb4d8c96fbcd44a47c371413522f9da7ae244c5b5fce5e597afc02630b680b81fb2bcbbae00c69a0fbb2973ca0875334c59ec8fe51738f7a867e7951134a8e0f4a06811ee070468239d0e30671c625a2eba83931ff7b30893978654bb1a8c2523ef4c7f89b13a9333f54400b9402953d7639bad8246bec878095b6bca9dd0610b06567199980d418779d9cbe7eab422910106ce2d19b7d86e8bbced55a9d5268e095637f61621d5e0c744d96ec750ac7af78312c0a8f0d358659884ffde914e62e7852968a852c595bce933e135225b673dfee0cc1c8f16d89e13656f6ceaef304fb5fecce6cf8f288a9f6645d47398d956dc2620dd56379f1949f51143da59612d81badc9afd7ab06371b6facf26d62eeea11b37c9ee43d683a3799b49952e5a88fb3d9bc6c89cc9080b707acc6338b777ecaceecd4e5e110ce80a6231cda6661142a01faa275b36732d5feadd07c3f82802cbcaefd5dbf2c90292c8c6635be84340f1939dcbc73b385c5bc8d66352d35df8118eedd7c6b7c6487ef2551f4c7c5db089e920b257f4a45b80e424f6d4e990c7ad66b548f10fd952f13eec592e6c33ec9f45e342e516bb0343c0be4447e93b0a4071db2cc304c30ee7784ab0e17f33c12b39dc4cad445448b7e18db92e8b03761f1316c77f51878b0fd6a35ff0a1bb2def16c604ab7cca6c0b033ecc977b24e88da8388792274096086027f30024233198749c57495d667b3eff91d920c7bd9c65dc64f18338829548cfbbeb1bb73e7a67ff2888c4c6a1cb02115b71497fb2a735d83203a00161d77727fe6a62aca7bea919f27ef0f37ffed12ef7ae9107936e3c05fb9bc0dedda1380cd8a53377d1f271889f391c9f630b37b5c2a0dd3e2c08f6ee78826277fc5e8c11488f83048f18a7115587e781e139138667886ba668ed95a121175abedc396cb58c05ea7552a2b6b46b1e6b8e1e09ba0da04787e8efc70c96f9ebd57c9d10be5e4de4673736bb94f2ac6e60b949c4c827a19d87451ae14371f8a5c5b79fbf1255b2eec534e27410b721574ff92b5273f98ac6f0f2a8895a08ce9f723739b8c1b4d8655ba0d15cdea3ca0e67596b1904d0b0d46df7a835f2406570afaef6ea7b1d90df3b074de6040e2f2a864021b5777df1175258b51e46838f3e6163d9073a6efc4ba19834b1741ca8c22b2aa1c81d4c9a9744b988cedf86702a1d0a3c75101409510fbe894d4ad703764c2350949c0733afd42218ed2a3a76e210a042dca7814bf0fb653a6aa3bdb7154c6b836dd958748146fbf13c067460b399f36aec9b45530eef7de8080c40c87d4dcdeb3b2449bc4ffe13771d6da58947103591b1d18070fc2fca28e15aa962c1270dd8f8d894c19fb7c52f484982ca72262601c7b61d47ee1ae5f5a4cb63234f99691220a4374b86d755fc8fdac5ff1367284b1c915f53b83223de47cf3d4ab3b52e3a7d797ff91f4f97ab12cebad08d122b6753924f809153a1b8d36fcf8d13b403f6aecb08d6bf6a3e7e6dfa1bd6ae7c0ecc308b1adde1b90e85a5350d873abb2bcfe50a793b94c7c681c15aada33aea6bc1aa28443f9bbb67ea21427cddb98883857a74a1ed2919cd5aee2aafc887aeceb9986358f24e66129c80ec53c23ba9b16b44ee02f2946fad0d7042d6c05717ad43fa94d8c2d72eedba9a56f9f250a619f23b1a93f3e51583ec240e08dc895c2a6f2347fceff0c7d006e9a60cdfa6e67440c96793214d3b5cd21fcfd22cc439246c640a212445a446ded6599e0ab1f4075f154e1da6b39482d28a45ed7a7e0d76a37fd5313d36fb29f8b24346e36ba28632062932a6daa022ebeadec928202f533ef8dbc6636156855240057a2830475bef307b33ed08d66e82fc44677452ca54c209037df69bf44db28f241c7326a7a7603f2a16e0cdd46198e0ad03acfa71f5e3919ae2de963598225f6524bb0b945585c57ad819ad92639ddc62a8ec8d677e6d00980581293166b45ffd59da4ec7cf833016556f45a71c31e2037c92249e83b9a6b3eb4d942da45f828ceb99eb81b87660462f6f0790b6bb9921c6240f5be28e024f23e402a39ed136fb127e28acacbe0c2b7aacc312e0bd31231cefef472851e74ab2841cb376c676dc86e87830bc9145bd7fa36b409583e44aba52a3a45ef3fb5aa22b96307c8bdfca0e6ac84cf8b1c7c992813b4a73476658cd8df4a033370486992fd6a5c9034594408a502d084b178d9d661b2686ce9cc2cfed4e574923a54ec22107eecb124d5f68b70ebbdd7466414f03cef1f0dc8d55242fda4ef3c3f29e7dce13f1b2a9671df8b66128ac725d1194022d2de0abf01935b2cd37fca91715fa6a6c4f4b370dacefbba1905e2c38086fc4eb67b0d4af7bd408565c94000f4bf43728532dc166f08bb64d4f6e68c31fee7f145aae65b92f3026835742629ea586ca2b6e7bd8fe15ff7fac93e05d02a33d4dfdd0fe8dfce6c4992cf6654522641ec913d6ae60aa84e65898a1b26d3fea3d47f3cac1e6094c9cddff2673b7251d8057d158fa30d9de3d0af9bc96990e8e4d87401a1da19ae7a797c6f3bc1cf8c4b982480c515ced7238737368e0fc9f98a7e76a3277e9d318c105c474996d5639b2e20b61045c273bcd80e256b75e71c3f475b689c056573adae6c4845f5d4a977e86fff8eaa31fd4398fd26181f9ec2445586f35dc9d87314619e6b467a54d2374f559b38021b16b4266f929262c244b020340dad1477b75204185f6536730b6ff0bb9391a3ff8cbeefaaffdbdd32a252bc10b89ec0d6f6a9c85284233ff03a6fd85b5ad7c0dcbddea3bbad8dc08dc77be345d8f0c573ba6028ce72b00e1f50825677e64845d8b55c01361fc7a965c77d364703008916326160af61b5a59202b37d17497294372f5e6885fb79dd4fd548d87e7881493519f024d66dc4a99e93273502adfeb549dac66cf4373b2c84873717d9428c982800a6228ba9cb9c847511cc49be0f9eec559003a368005df2ad5dc1d23a1e5e9a7e18e7025414ab2b814ee8ba63315a02165a5a332bd352627dc18bad0724050fced612d2f0599868086531cfd39382232c8bb9646ee007f33ea8a901cdf811ce4815991bd424dcc7ae76d09f10cec1fa7e32c2ffd636ab9a87fb9cdfdaa15a8941dfbc849a3c1af72a8f43fb3bd33532b6820feaed4b4901097a92ab396596c27008fb872b781f41ed7e12a83a8c619042a62a31d465739ea64cd11ce2e3833d85f5e1670f5fc8ae150aefbb89df26f81efdd645a64841e780fab4c2b22fde273a21b69e0a21a3b7a841fb8f6636013a9511faee0463a4d3d277f7120296de73a614693c5a9b8d42c663c8453428974066762faca6d09f9b28598108e5cc7023b62370061aa372bfcaa2cae761ed1bec8e4ec872dbcdb5841069b2fa5c3d4af87c8fd6c96eed92eebe05e61c621cf2dc33560d5961002381e276dbe4f75220b3af3cd7f0bdf5c56b8e5cd95f1203ba858b1013be774a0be8f6f5c2393b263445a82caf0b35cc0b4512705b9c6e74e357ccdaccd29ca9cadd4b7006474905bba84718107b2157902b4858d02de34b70ad8696788e299e3a63f20db220555f0428e246ce89970ad88efe970864ae96d31ffc7590d142dc927af0d11b985a4ab61d91d7405a78e6488c5769460faa830c8c05eded642bdabf7b338b97c4702bb9bbaabdd07d9e1283055628efdd6a587f83dfa74a88f403f144bffcbadb45cd4ed9b1d72591624c62a25ea560da8b89f39f821ea97b8fe7e3580893214368ab1235eca3252647855c48bb556c60f9117715cee9840df48b621a25d5df28990a35038255d1b714fd84a8a3bec089f4863e7653b2e030011bf862c9502f036d70ae38ae622277c322759d27efb0356a85284aaff25fdade983e8916ae1d62c06374a22defbdcd3c3501c3428d3fd9eacb28d824008c8f6b394aced3e15a9e15f509b8b31fa25cb2f655e8dac2acc2ef2749825ba536a4b042a5607a9b76d305f92024ffa8fa2b1d5dd3bcfa44cc577b8f8d6cafa1b22d95b1f741f6ea148f6531557c94f17508dc3b1c9ce94633c250d1cbfc61c4ffb4d311b129522735d2b0fd960579b11e49e8bca2164fafb834ba6cc55dc7881ccbe9b433f39d036822fa59a13dc138acb3ad23af8ba9f422977979e5b747e7913999ec692ec0a2677ef7c7952d3a2815eea971ce388dfe1b1351204aab79a1f27897b498acf234b7b65664b9e4a9d3b8fad373cbb315943780e0795d2c8776d50e3588b695f6eaea1c72b58da4da76bbbeb87176fc8efcba7f8fb34fb7f83b391edd5fb6f44a2e62272c0b8ed8150c013a8520a4d91bad307c91d08a94d8d6ce29a6beef5cee9d0bd7e9136cf1af0ab07c70cb97b7e0d637e547e940ecffbc8b96d4d83b2f3d009c055d2737c474c01ce38535ed3faad707f7cae5eedc131d8f9ea716af1e9a9b66891154faae33304e86bfbb90bfc05a9bd479941d827b0a9261267b27a2e76b48027f608a573507e285b222308b6ce30302a5f6e5b71baeacc88e5c9ed31731b892c32335807528553f4c2ce1bf57b07fd1d7675b74c474a109e2aac68e2538c960e0affa0c729f4364c50a56e742530f33305a043bf3434f48d2c6dbc45646e7903c02bf49cfacad1c9381d161eb635bd33de9cb4c8e5e74b04a2a9b9cc26e254379b4b6c20dd9f24e0c52085aa31ab856bd5a81e29af54c12467d837e294ab0aded401938f6fb4e914c1c4c173c9ed2766d016e0cf40ed59f04af44ae55fe48f848cc9b7eccad89b7cbd6ab8dac6cda76d0860f6bd5014f782ccff4b110f5652dfcd49ea1ebb56a3294fcff79e1476e55a06ad7565379e50ed9552c1b5b472d91dd99b90d3b6535afcf0a2821f7a3c2b391fccd3a08f7358847a9743765816278440b738aa880b77903aaf988194b0409748f2fa75564dd28510d4633e68d8330cf6d6cc535e2ce89c694b1163ded6d73dda60dc1948f6b2d18f90de3faba85f99ce187c574a006ec6c825275c878de510a11c9f72160e64708fcb0920452e253a", 0x1000}], 0xa, &(0x7f0000003600)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1000}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}], 0x48}, 0x8000)

[ 1902.425531][T13662] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 1902.444795][T13665] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1902.489842][T13660] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
18:51:56 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

18:51:56 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0xf00}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 1913.109731][T13665] warn_alloc: 3 callbacks suppressed
[ 1913.109750][T13665] syz-executor.0: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 1913.131725][T13665] CPU: 1 PID: 13665 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1913.141621][T13665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1913.151699][T13665] Call Trace:
[ 1913.155009][T13665]  <TASK>
[ 1913.157971][T13665]  dump_stack_lvl+0xd6/0x122
[ 1913.162547][T13665]  dump_stack+0x11/0x1b
[ 1913.166821][T13665]  warn_alloc+0x132/0x190
[ 1913.171176][T13665]  __vmalloc_node_range+0x58b/0x690
[ 1913.176382][T13665]  ? cake_init+0x20d/0x640
[ 1913.180813][T13665]  __vmalloc_node+0x61/0x70
[ 1913.185352][T13665]  ? cake_init+0x20d/0x640
[ 1913.189794][T13665]  kvmalloc_node+0xd2/0x110
[ 1913.194597][T13665]  cake_init+0x20d/0x640
[ 1913.198893][T13665]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 1913.204605][T13665]  ? qdisc_alloc+0x334/0x3c0
[ 1913.209290][T13665]  ? qdisc_lookup+0x20c/0x2e0
[ 1913.214059][T13665]  ? qdisc_peek_dequeued+0x140/0x140
[ 1913.219334][T13665]  qdisc_create+0x5f4/0xd10
[ 1913.223891][T13665]  ? __nla_parse+0x3c/0x50
[ 1913.228447][T13665]  tc_modify_qdisc+0x64a/0x10b0
[ 1913.233286][T13665]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1913.239329][T13665]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1913.244272][T13665]  ? ___cache_free+0x46/0x300
[ 1913.248966][T13665]  ? packet_rcv+0xc3/0x9d0
[ 1913.253430][T13665]  ? __kfree_skb+0xfe/0x150
[ 1913.257970][T13665]  ? kmem_cache_free+0x5e/0x100
[ 1913.262804][T13665]  ? __kfree_skb+0xfe/0x150
[ 1913.267290][T13665]  ? consume_skb+0x48/0x160
[ 1913.271777][T13665]  ? nlmon_xmit+0x5f/0x70
[ 1913.276287][T13665]  ? __this_cpu_preempt_check+0x18/0x20
[ 1913.281825][T13665]  ? __local_bh_enable_ip+0x4d/0x70
[ 1913.287060][T13665]  ? local_bh_enable+0x1b/0x20
[ 1913.291871][T13665]  ? __dev_queue_xmit+0x597/0xf70
[ 1913.296971][T13665]  ? __skb_clone+0x2db/0x300
[ 1913.301670][T13665]  ? __rcu_read_unlock+0x5c/0x290
[ 1913.306833][T13665]  netlink_rcv_skb+0x14e/0x250
[ 1913.311780][T13665]  ? rtnetlink_bind+0x60/0x60
[ 1913.316587][T13665]  rtnetlink_rcv+0x18/0x20
[ 1913.320999][T13665]  netlink_unicast+0x5fc/0x6c0
[ 1913.325770][T13665]  netlink_sendmsg+0x6e1/0x7d0
[ 1913.330518][T13665]  ? netlink_getsockopt+0x720/0x720
[ 1913.335775][T13665]  ____sys_sendmsg+0x39a/0x510
[ 1913.340555][T13665]  __sys_sendmsg+0x195/0x230
[ 1913.345159][T13665]  __x64_sys_sendmsg+0x42/0x50
[ 1913.350076][T13665]  do_syscall_64+0x44/0xd0
[ 1913.354498][T13665]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1913.360455][T13665] RIP: 0033:0x7f0da0d09ae9
[ 1913.364864][T13665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1913.384603][T13665] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1913.393045][T13665] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1913.401137][T13665] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1913.409119][T13665] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1913.417084][T13665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1913.425084][T13665] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1913.433041][T13665]  </TASK>
[ 1913.436088][T13665] Mem-Info:
[ 1913.439209][T13665] active_anon:10684 inactive_anon:100710 isolated_anon:0
[ 1913.439209][T13665]  active_file:407 inactive_file:478 isolated_file:0
[ 1913.439209][T13665]  unevictable:0 dirty:0 writeback:0
[ 1913.439209][T13665]  slab_reclaimable:8117 slab_unreclaimable:1741385
[ 1913.439209][T13665]  mapped:52654 shmem:373 pagetables:5281 bounce:0
[ 1913.439209][T13665]  kernel_misc_reclaimable:0
[ 1913.439209][T13665]  free:13462 free_pcp:400 free_cma:0
[ 1913.480664][T13665] Node 0 active_anon:42736kB inactive_anon:402840kB active_file:1628kB inactive_file:1912kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210616kB dirty:0kB writeback:0kB shmem:1492kB writeback_tmp:0kB kernel_stack:5344kB pagetables:21124kB all_unreclaimable? no
[ 1913.507032][T13665] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1913.534179][T13665] lowmem_reserve[]: 0 2896 7874 7874
[ 1913.539555][T13665] Node 0 DMA32 free:23956kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:36kB free_cma:0kB
[ 1913.567850][T13665] lowmem_reserve[]: 0 0 4978 4978
[ 1913.572996][T13665] Node 0 Normal free:14532kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42736kB inactive_anon:401920kB active_file:1624kB inactive_file:1908kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1564kB local_pcp:72kB free_cma:0kB
[ 1913.603040][T13665] lowmem_reserve[]: 0 0 0 0
[ 1913.607567][T13665] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1913.620374][T13665] Node 0 DMA32: 215*4kB (UME) 121*8kB (UME) 55*16kB (UME) 48*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 4*2048kB (UME) 1*4096kB (M) = 23956kB
[ 1913.638022][T13665] Node 0 Normal: 1471*4kB (UMEH) 695*8kB (UMEH) 181*16kB (UMEH) 6*32kB (UH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 14532kB
[ 1913.653257][T13665] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1913.662684][T13665] 1263 total pagecache pages
[ 1913.667246][T13665] 0 pages in swap cache
[ 1913.671383][T13665] Swap cache stats: add 0, delete 0, find 0/0
[ 1913.677464][T13665] Free swap  = 0kB
[ 1913.681166][T13665] Total swap = 0kB
[ 1913.684899][T13665] 2097051 pages RAM
[ 1913.688675][T13665] 0 pages HighMem/MovableOnly
[ 1913.693336][T13665] 75955 pages reserved
[ 1913.701283][T13665] ------------[ cut here ]------------
[ 1913.706808][T13665] WARNING: CPU: 0 PID: 13665 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1913.717599][T13665] Modules linked in:
[ 1913.721509][T13665] CPU: 0 PID: 13665 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1913.731350][T13665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1913.741532][T13665] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1913.748226][T13665] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1913.767944][T13665] RSP: 0000:ffffc90000f375f0 EFLAGS: 00010246
[ 1913.774067][T13665] RAX: ffff88811de68000 RBX: ffff88803bae18b0 RCX: 0000000000000000
[ 1913.782117][T13665] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: ffff88803bae1800
[ 1913.790123][T13665] RBP: ffffc90000f37738 R08: 000188803bae18b7 R09: 0000000000000000
[ 1913.798161][T13665] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88803bae18b0
[ 1913.806166][T13665] R13: ffffffff85ec3720 R14: ffff88803bae1800 R15: ffffc90000f37668
[ 1913.814270][T13665] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1913.823306][T13665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1913.829917][T13665] CR2: 00000000005f0304 CR3: 0000000123fc0000 CR4: 00000000003506f0
[ 1913.837942][T13665] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1913.846090][T13665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1913.854083][T13665] Call Trace:
[ 1913.857411][T13665]  <TASK>
[ 1913.860371][T13665]  tcf_block_put_ext+0x2d/0x180
[ 1913.865256][T13665]  tcf_block_put+0x4c/0x70
[ 1913.869732][T13665]  cake_destroy+0x2d/0x50
[ 1913.874134][T13665]  ? cake_reset+0x5d0/0x5d0
[ 1913.878691][T13665]  qdisc_create+0xa82/0xd10
[ 1913.883221][T13665]  ? __nla_parse+0x3c/0x50
[ 1913.887667][T13665]  tc_modify_qdisc+0x64a/0x10b0
[ 1913.892603][T13665]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1913.898515][T13665]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1913.903488][T13665]  ? ___cache_free+0x46/0x300
[ 1913.908160][T13665]  ? packet_rcv+0xc3/0x9d0
[ 1913.912685][T13665]  ? __kfree_skb+0xfe/0x150
[ 1913.917231][T13665]  ? kmem_cache_free+0x5e/0x100
[ 1913.922237][T13665]  ? __kfree_skb+0xfe/0x150
[ 1913.926749][T13665]  ? consume_skb+0x48/0x160
[ 1913.931320][T13665]  ? nlmon_xmit+0x5f/0x70
[ 1913.935648][T13665]  ? __this_cpu_preempt_check+0x18/0x20
[ 1913.941273][T13665]  ? __local_bh_enable_ip+0x4d/0x70
[ 1913.946547][T13665]  ? local_bh_enable+0x1b/0x20
[ 1913.951346][T13665]  ? __dev_queue_xmit+0x597/0xf70
[ 1913.956439][T13665]  ? __skb_clone+0x2db/0x300
[ 1913.961080][T13665]  ? __rcu_read_unlock+0x5c/0x290
[ 1913.966109][T13665]  netlink_rcv_skb+0x14e/0x250
[ 1913.970913][T13665]  ? rtnetlink_bind+0x60/0x60
[ 1913.975620][T13665]  rtnetlink_rcv+0x18/0x20
[ 1913.980159][T13665]  netlink_unicast+0x5fc/0x6c0
[ 1913.984935][T13665]  netlink_sendmsg+0x6e1/0x7d0
[ 1913.989740][T13665]  ? netlink_getsockopt+0x720/0x720
[ 1913.994954][T13665]  ____sys_sendmsg+0x39a/0x510
[ 1913.999776][T13665]  __sys_sendmsg+0x195/0x230
[ 1914.005171][T13665]  __x64_sys_sendmsg+0x42/0x50
[ 1914.010051][T13665]  do_syscall_64+0x44/0xd0
[ 1914.014473][T13665]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1914.020387][T13665] RIP: 0033:0x7f0da0d09ae9
[ 1914.025150][T13665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1914.044827][T13665] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1914.053277][T13665] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1914.061319][T13665] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1914.069513][T13665] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1914.077527][T13665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1914.085632][T13665] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1914.093736][T13665]  </TASK>
[ 1914.096760][T13665] ---[ end trace e45544a13c7e47a9 ]---
[ 1914.102852][T13665] ------------[ cut here ]------------
[ 1914.108421][T13665] WARNING: CPU: 0 PID: 13665 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1914.118239][T13665] Modules linked in:
[ 1914.122144][T13665] CPU: 0 PID: 13665 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1914.132162][T13665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1914.142247][T13665] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1914.148037][T13665] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1914.167680][T13665] RSP: 0000:ffffc90000f37628 EFLAGS: 00010246
[ 1914.173779][T13665] RAX: ffffffff83b40f4c RBX: ffff88803bae1888 RCX: 0000000000040000
[ 1914.181845][T13665] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1914.189871][T13665] RBP: ffffc90000f37668 R08: 000188803bae188f R09: 0000000000000000
[ 1914.197873][T13665] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811d1f8000
[ 1914.205883][T13665] R13: 0000000000000000 R14: ffffc90000f377f0 R15: ffff88803bae1800
[ 1914.213974][T13665] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1914.223014][T13665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1914.229649][T13665] CR2: 00000000005f0304 CR3: 0000000123fc0000 CR4: 00000000003506f0
[ 1914.237701][T13665] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1914.245722][T13665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1914.253749][T13665] Call Trace:
[ 1914.257045][T13665]  <TASK>
[ 1914.260010][T13665]  tcf_block_put+0x4c/0x70
[ 1914.264439][T13665]  cake_destroy+0x2d/0x50
[ 1914.268842][T13665]  ? cake_reset+0x5d0/0x5d0
[ 1914.273373][T13665]  qdisc_create+0xa82/0xd10
[ 1914.277891][T13665]  ? __nla_parse+0x3c/0x50
[ 1914.282368][T13665]  tc_modify_qdisc+0x64a/0x10b0
[ 1914.287368][T13665]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1914.293307][T13665]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1914.298285][T13665]  ? ___cache_free+0x46/0x300
[ 1914.303057][T13665]  ? packet_rcv+0xc3/0x9d0
[ 1914.307549][T13665]  ? __kfree_skb+0xfe/0x150
[ 1914.312083][T13665]  ? kmem_cache_free+0x5e/0x100
[ 1914.316933][T13665]  ? __kfree_skb+0xfe/0x150
[ 1914.321511][T13665]  ? consume_skb+0x48/0x160
[ 1914.326018][T13665]  ? nlmon_xmit+0x5f/0x70
[ 1914.330389][T13665]  ? __this_cpu_preempt_check+0x18/0x20
[ 1914.335945][T13665]  ? __local_bh_enable_ip+0x4d/0x70
[ 1914.341246][T13665]  ? local_bh_enable+0x1b/0x20
[ 1914.346025][T13665]  ? __dev_queue_xmit+0x597/0xf70
[ 1914.351091][T13665]  ? __skb_clone+0x2db/0x300
[ 1914.355703][T13665]  ? __rcu_read_unlock+0x5c/0x290
[ 1914.360753][T13665]  netlink_rcv_skb+0x14e/0x250
[ 1914.365520][T13665]  ? rtnetlink_bind+0x60/0x60
[ 1914.370225][T13665]  rtnetlink_rcv+0x18/0x20
[ 1914.374642][T13665]  netlink_unicast+0x5fc/0x6c0
[ 1914.379568][T13665]  netlink_sendmsg+0x6e1/0x7d0
[ 1914.384364][T13665]  ? netlink_getsockopt+0x720/0x720
[ 1914.389687][T13665]  ____sys_sendmsg+0x39a/0x510
[ 1914.394462][T13665]  __sys_sendmsg+0x195/0x230
[ 1914.399219][T13665]  __x64_sys_sendmsg+0x42/0x50
[ 1914.403989][T13665]  do_syscall_64+0x44/0xd0
[ 1914.408474][T13665]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1914.414571][T13665] RIP: 0033:0x7f0da0d09ae9
[ 1914.418980][T13665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1914.438636][T13665] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1914.447168][T13665] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1914.455166][T13665] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1914.463770][T13665] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1914.471876][T13665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1914.479946][T13665] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1914.487995][T13665]  </TASK>
[ 1914.491035][T13665] ---[ end trace e45544a13c7e47aa ]---
[ 1914.497887][T13665] ------------[ cut here ]------------
[ 1914.503364][T13665] WARNING: CPU: 0 PID: 13665 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1914.512782][T13665] Modules linked in:
[ 1914.516792][T13665] CPU: 0 PID: 13665 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1914.526690][T13665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1914.536817][T13665] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1914.542416][T13665] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1914.563277][T13665] RSP: 0000:ffffc90000f375d8 EFLAGS: 00010246
[ 1914.569378][T13665] RAX: ffffffff83b414a7 RBX: ffff88803bae18a0 RCX: 0000000000040000
[ 1914.577352][T13665] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1914.585448][T13665] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1914.593449][T13665] R10: 0001ffffffffffff R11: 000188803bae18a0 R12: ffff88803bae1850
[ 1914.601448][T13665] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88803bae1800
[ 1914.609555][T13665] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1914.618509][T13665] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1914.625121][T13665] CR2: 00000000005f0304 CR3: 0000000123fc0000 CR4: 00000000003506f0
[ 1914.633127][T13665] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1914.641210][T13665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1914.649303][T13665] Call Trace:
[ 1914.652585][T13665]  <TASK>
[ 1914.655512][T13665]  tcf_block_put_ext+0xe5/0x180
[ 1914.660470][T13665]  tcf_block_put+0x4c/0x70
[ 1914.664953][T13665]  cake_destroy+0x2d/0x50
[ 1914.669383][T13665]  ? cake_reset+0x5d0/0x5d0
[ 1914.673922][T13665]  qdisc_create+0xa82/0xd10
[ 1914.680439][T13665]  ? __nla_parse+0x3c/0x50
[ 1914.684946][T13665]  tc_modify_qdisc+0x64a/0x10b0
[ 1914.689850][T13665]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1914.695784][T13665]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1914.700836][T13665]  ? ___cache_free+0x46/0x300
[ 1914.705606][T13665]  ? packet_rcv+0xc3/0x9d0
[ 1914.710055][T13665]  ? __kfree_skb+0xfe/0x150
[ 1914.715332][T13665]  ? kmem_cache_free+0x5e/0x100
[ 1914.720393][T13665]  ? __kfree_skb+0xfe/0x150
[ 1914.724906][T13665]  ? consume_skb+0x48/0x160
[ 1914.729440][T13665]  ? nlmon_xmit+0x5f/0x70
[ 1914.734050][T13665]  ? __this_cpu_preempt_check+0x18/0x20
[ 1914.739672][T13665]  ? __local_bh_enable_ip+0x4d/0x70
[ 1914.744871][T13665]  ? local_bh_enable+0x1b/0x20
[ 1914.749724][T13665]  ? __dev_queue_xmit+0x597/0xf70
[ 1914.754830][T13665]  ? __skb_clone+0x2db/0x300
[ 1914.759451][T13665]  ? __rcu_read_unlock+0x5c/0x290
[ 1914.764603][T13665]  netlink_rcv_skb+0x14e/0x250
[ 1914.769476][T13665]  ? rtnetlink_bind+0x60/0x60
[ 1914.774154][T13665]  rtnetlink_rcv+0x18/0x20
[ 1914.778591][T13665]  netlink_unicast+0x5fc/0x6c0
[ 1914.783504][T13665]  netlink_sendmsg+0x6e1/0x7d0
[ 1914.788278][T13665]  ? netlink_getsockopt+0x720/0x720
[ 1914.793514][T13665]  ____sys_sendmsg+0x39a/0x510
[ 1914.798301][T13665]  __sys_sendmsg+0x195/0x230
[ 1914.803125][T13665]  __x64_sys_sendmsg+0x42/0x50
[ 1914.808020][T13665]  do_syscall_64+0x44/0xd0
[ 1914.812468][T13665]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1914.818403][T13665] RIP: 0033:0x7f0da0d09ae9
[ 1914.822845][T13665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1914.842756][T13665] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1914.851413][T13665] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1914.859435][T13665] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1914.867636][T13665] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1914.875639][T13665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1914.883684][T13665] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1914.891715][T13665]  </TASK>
[ 1914.895083][T13665] ---[ end trace e45544a13c7e47ab ]---
18:52:00 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x1c00}}, {0x4}}]}]}, 0x68}}, 0x0)

18:52:00 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffffff]}]}}]}, 0x434}}, 0x0)

[ 1919.942771][T13986] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1927.219311][T13986] syz-executor.3: vmalloc error: size 8192, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0
[ 1927.235783][T13986] CPU: 1 PID: 13986 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 1927.245591][T13986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1927.255676][T13986] Call Trace:
[ 1927.258953][T13986]  <TASK>
[ 1927.261885][T13986]  dump_stack_lvl+0xd6/0x122
[ 1927.266525][T13986]  dump_stack+0x11/0x1b
[ 1927.270679][T13986]  warn_alloc+0x132/0x190
[ 1927.275105][T13986]  __vmalloc_node_range+0x58b/0x690
[ 1927.280363][T13986]  ? cake_init+0x20d/0x640
[ 1927.284815][T13986]  __vmalloc_node+0x61/0x70
[ 1927.289301][T13986]  ? cake_init+0x20d/0x640
[ 1927.293770][T13986]  kvmalloc_node+0xd2/0x110
[ 1927.298263][T13986]  cake_init+0x20d/0x640
[ 1927.302586][T13986]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 1927.308362][T13986]  ? qdisc_alloc+0x334/0x3c0
[ 1927.312930][T13986]  ? qdisc_lookup+0x20c/0x2e0
[ 1927.317585][T13986]  ? qdisc_peek_dequeued+0x140/0x140
[ 1927.322901][T13986]  qdisc_create+0x5f4/0xd10
[ 1927.327381][T13986]  ? __nla_parse+0x3c/0x50
[ 1927.331779][T13986]  tc_modify_qdisc+0x64a/0x10b0
[ 1927.336646][T13986]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1927.342555][T13986]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1927.347561][T13986]  ? ___cache_free+0x46/0x300
[ 1927.352231][T13986]  ? packet_rcv+0x3d6/0x9d0
[ 1927.356727][T13986]  ? __kfree_skb+0xfe/0x150
[ 1927.361212][T13986]  ? kmem_cache_free+0x5e/0x100
[ 1927.366046][T13986]  ? __kfree_skb+0xfe/0x150
[ 1927.370530][T13986]  ? consume_skb+0x48/0x160
[ 1927.375102][T13986]  ? nlmon_xmit+0x5f/0x70
[ 1927.379549][T13986]  ? __this_cpu_preempt_check+0x18/0x20
[ 1927.385163][T13986]  ? __local_bh_enable_ip+0x4d/0x70
[ 1927.390462][T13986]  ? local_bh_enable+0x1b/0x20
[ 1927.395209][T13986]  ? __dev_queue_xmit+0x597/0xf70
[ 1927.400758][T13986]  ? __skb_clone+0x2db/0x300
[ 1927.405372][T13986]  ? __rcu_read_unlock+0x5c/0x290
[ 1927.410398][T13986]  netlink_rcv_skb+0x14e/0x250
[ 1927.415252][T13986]  ? rtnetlink_bind+0x60/0x60
[ 1927.419925][T13986]  rtnetlink_rcv+0x18/0x20
[ 1927.424465][T13986]  netlink_unicast+0x5fc/0x6c0
[ 1927.429208][T13986]  netlink_sendmsg+0x6e1/0x7d0
[ 1927.434068][T13986]  ? netlink_getsockopt+0x720/0x720
[ 1927.439287][T13986]  ____sys_sendmsg+0x39a/0x510
[ 1927.444037][T13986]  __sys_sendmsg+0x195/0x230
[ 1927.448693][T13986]  ? __xfrm_init_state+0x350/0x820
[ 1927.453828][T13986]  __x64_sys_sendmsg+0x42/0x50
[ 1927.458816][T13986]  do_syscall_64+0x44/0xd0
[ 1927.463314][T13986]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1927.469254][T13986] RIP: 0033:0x7fd36aa9bae9
[ 1927.473646][T13986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1927.493231][T13986] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1927.501641][T13986] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 1927.509591][T13986] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1927.517547][T13986] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 1927.525510][T13986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1927.533460][T13986] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 1927.541582][T13986]  </TASK>
[ 1927.544729][T13986] Mem-Info:
[ 1927.547815][T13986] active_anon:10692 inactive_anon:100657 isolated_anon:0
[ 1927.547815][T13986]  active_file:318 inactive_file:212 isolated_file:0
[ 1927.547815][T13986]  unevictable:0 dirty:14 writeback:0
[ 1927.547815][T13986]  slab_reclaimable:8105 slab_unreclaimable:1741359
[ 1927.547815][T13986]  mapped:52484 shmem:381 pagetables:5275 bounce:0
[ 1927.547815][T13986]  kernel_misc_reclaimable:0
[ 1927.547815][T13986]  free:14165 free_pcp:97 free_cma:0
[ 1927.588917][T13986] Node 0 active_anon:42768kB inactive_anon:402628kB active_file:1220kB inactive_file:904kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209912kB dirty:56kB writeback:0kB shmem:1524kB writeback_tmp:0kB kernel_stack:5312kB pagetables:21100kB all_unreclaimable? yes
[ 1927.615378][T13986] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1927.642294][T13986] lowmem_reserve[]: 0 2896 7874 7874
[ 1927.647568][T13986] Node 0 DMA32 free:23956kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1927.675688][T13986] lowmem_reserve[]: 0 0 4978 4978
[ 1927.680726][T13986] Node 0 Normal free:17596kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:4096KB active_anon:42768kB inactive_anon:401708kB active_file:1216kB inactive_file:904kB unevictable:0kB writepending:56kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:552kB local_pcp:248kB free_cma:0kB
[ 1927.710893][T13986] lowmem_reserve[]: 0 0 0 0
[ 1927.715386][T13986] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1927.728057][T13986] Node 0 DMA32: 215*4kB (UME) 120*8kB (UME) 56*16kB (UME) 49*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 4*2048kB (UME) 1*4096kB (M) = 23996kB
[ 1927.745601][T13986] Node 0 Normal: 2179*4kB (UMEH) 718*8kB (UMEH) 190*16kB (UMEH) 3*32kB (UH) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17596kB
[ 1927.760342][T13986] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1927.769773][T13986] 914 total pagecache pages
[ 1927.774268][T13986] 0 pages in swap cache
[ 1927.778399][T13986] Swap cache stats: add 0, delete 0, find 0/0
[ 1927.784588][T13986] Free swap  = 0kB
[ 1927.788280][T13986] Total swap = 0kB
[ 1927.792012][T13986] 2097051 pages RAM
[ 1927.795793][T13986] 0 pages HighMem/MovableOnly
[ 1927.800472][T13986] 75955 pages reserved
[ 1927.805146][T13986] ------------[ cut here ]------------
[ 1927.810655][T13986] WARNING: CPU: 0 PID: 13986 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1927.821177][T13986] Modules linked in:
[ 1927.825058][T13986] CPU: 0 PID: 13986 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 1927.835072][T13986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1927.845128][T13986] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1927.851819][T13986] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1927.871515][T13986] RSP: 0000:ffffc90000ae75f0 EFLAGS: 00010246
[ 1927.877572][T13986] RAX: ffff88811de68000 RBX: ffff88811d0bd8b0 RCX: 0000000000000000
[ 1927.885647][T13986] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: ffff88811d0bd800
[ 1927.893648][T13986] RBP: ffffc90000ae7738 R08: 000188811d0bd8b7 R09: 0000000000000000
[ 1927.901650][T13986] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811d0bd8b0
[ 1927.909652][T13986] R13: ffffffff85ec3720 R14: ffff88811d0bd800 R15: ffffc90000ae7668
[ 1927.917630][T13986] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1927.926610][T13986] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1927.933217][T13986] CR2: 000000000046db5d CR3: 000000011ed06000 CR4: 00000000003506f0
[ 1927.941206][T13986] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1927.949211][T13986] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1927.957305][T13986] Call Trace:
[ 1927.960592][T13986]  <TASK>
[ 1927.963521][T13986]  tcf_block_put_ext+0x2d/0x180
[ 1927.968419][T13986]  tcf_block_put+0x4c/0x70
[ 1927.973051][T13986]  cake_destroy+0x2d/0x50
[ 1927.977390][T13986]  ? cake_reset+0x5d0/0x5d0
[ 1927.981954][T13986]  qdisc_create+0xa82/0xd10
[ 1927.986493][T13986]  ? __nla_parse+0x3c/0x50
[ 1927.990925][T13986]  tc_modify_qdisc+0x64a/0x10b0
[ 1927.995837][T13986]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1928.001747][T13986]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1928.006705][T13986]  ? ___cache_free+0x46/0x300
[ 1928.011602][T13986]  ? packet_rcv+0x3d6/0x9d0
[ 1928.016099][T13986]  ? __kfree_skb+0xfe/0x150
[ 1928.020633][T13986]  ? kmem_cache_free+0x5e/0x100
[ 1928.025490][T13986]  ? __kfree_skb+0xfe/0x150
[ 1928.030027][T13986]  ? consume_skb+0x48/0x160
[ 1928.034593][T13986]  ? nlmon_xmit+0x5f/0x70
[ 1928.038918][T13986]  ? __this_cpu_preempt_check+0x18/0x20
[ 1928.044533][T13986]  ? __local_bh_enable_ip+0x4d/0x70
[ 1928.049804][T13986]  ? local_bh_enable+0x1b/0x20
[ 1928.054637][T13986]  ? __dev_queue_xmit+0x597/0xf70
[ 1928.059771][T13986]  ? __skb_clone+0x2db/0x300
[ 1928.064529][T13986]  ? __rcu_read_unlock+0x5c/0x290
[ 1928.069593][T13986]  netlink_rcv_skb+0x14e/0x250
[ 1928.074406][T13986]  ? rtnetlink_bind+0x60/0x60
[ 1928.079133][T13986]  rtnetlink_rcv+0x18/0x20
[ 1928.083633][T13986]  netlink_unicast+0x5fc/0x6c0
[ 1928.088507][T13986]  netlink_sendmsg+0x6e1/0x7d0
[ 1928.093394][T13986]  ? netlink_getsockopt+0x720/0x720
[ 1928.098611][T13986]  ____sys_sendmsg+0x39a/0x510
[ 1928.103479][T13986]  __sys_sendmsg+0x195/0x230
[ 1928.108107][T13986]  ? __xfrm_init_state+0x350/0x820
[ 1928.113265][T13986]  __x64_sys_sendmsg+0x42/0x50
[ 1928.118049][T13986]  do_syscall_64+0x44/0xd0
18:52:12 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

18:52:14 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x6000}}, {0x4}}]}]}, 0x68}}, 0x0)

18:52:14 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3936]}]}}]}, 0x434}}, 0x0)

[ 1928.122519][T13986]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1928.128666][T13986] RIP: 0033:0x7fd36aa9bae9
[ 1928.133123][T13986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1928.152934][T13986] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1928.161414][T13986] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 1928.169416][T13986] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1928.177413][T13986] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 1928.185422][T13986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1928.193437][T13986] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 1928.201431][T13986]  </TASK>
[ 1928.204471][T13986] ---[ end trace e45544a13c7e47ac ]---
[ 1928.210358][T13986] ------------[ cut here ]------------
[ 1928.215846][T13986] WARNING: CPU: 0 PID: 13986 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1928.225425][T13986] Modules linked in:
[ 1928.229387][T13986] CPU: 0 PID: 13986 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 1928.239269][T13986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1928.249371][T13986] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1928.255131][T13986] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1928.274892][T13986] RSP: 0000:ffffc90000ae7628 EFLAGS: 00010246
[ 1928.281041][T13986] RAX: ffffffff83b40f4c RBX: ffff88811d0bd888 RCX: 0000000000040000
[ 1928.289038][T13986] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1928.297027][T13986] RBP: ffffc90000ae7668 R08: 000188811d0bd88f R09: 0000000000000000
[ 1928.305030][T13986] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888120050000
[ 1928.313036][T13986] R13: 0000000000000000 R14: ffffc90000ae77f0 R15: ffff88811d0bd800
[ 1928.321035][T13986] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1928.329990][T13986] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1928.336593][T13986] CR2: 000000000046db5d CR3: 000000011ed06000 CR4: 00000000003506f0
[ 1928.344587][T13986] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1928.352579][T13986] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1928.360571][T13986] Call Trace:
[ 1928.363903][T13986]  <TASK>
[ 1928.366830][T13986]  tcf_block_put+0x4c/0x70
[ 1928.371278][T13986]  cake_destroy+0x2d/0x50
[ 1928.375890][T13986]  ? cake_reset+0x5d0/0x5d0
[ 1928.380502][T13986]  qdisc_create+0xa82/0xd10
[ 1928.385018][T13986]  ? __nla_parse+0x3c/0x50
[ 1928.389460][T13986]  tc_modify_qdisc+0x64a/0x10b0
[ 1928.394417][T13986]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1928.400533][T13986]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1928.405500][T13986]  ? ___cache_free+0x46/0x300
[ 1928.413132][T13986]  ? packet_rcv+0x3d6/0x9d0
[ 1928.417671][T13986]  ? __kfree_skb+0xfe/0x150
[ 1928.422200][T13986]  ? kmem_cache_free+0x5e/0x100
[ 1928.427052][T13986]  ? __kfree_skb+0xfe/0x150
[ 1928.431592][T13986]  ? consume_skb+0x48/0x160
[ 1928.436097][T13986]  ? nlmon_xmit+0x5f/0x70
[ 1928.440456][T13986]  ? __this_cpu_preempt_check+0x18/0x20
[ 1928.446005][T13986]  ? __local_bh_enable_ip+0x4d/0x70
[ 1928.451280][T13986]  ? local_bh_enable+0x1b/0x20
[ 1928.456053][T13986]  ? __dev_queue_xmit+0x597/0xf70
[ 1928.461120][T13986]  ? __skb_clone+0x2db/0x300
[ 1928.465779][T13986]  ? __rcu_read_unlock+0x5c/0x290
[ 1928.470982][T13986]  netlink_rcv_skb+0x14e/0x250
[ 1928.475779][T13986]  ? rtnetlink_bind+0x60/0x60
[ 1928.480605][T13986]  rtnetlink_rcv+0x18/0x20
[ 1928.485040][T13986]  netlink_unicast+0x5fc/0x6c0
[ 1928.489860][T13986]  netlink_sendmsg+0x6e1/0x7d0
[ 1928.494633][T13986]  ? netlink_getsockopt+0x720/0x720
[ 1928.499858][T13986]  ____sys_sendmsg+0x39a/0x510
[ 1928.504659][T13986]  __sys_sendmsg+0x195/0x230
[ 1928.509279][T13986]  ? __xfrm_init_state+0x350/0x820
[ 1928.514414][T13986]  __x64_sys_sendmsg+0x42/0x50
[ 1928.519223][T13986]  do_syscall_64+0x44/0xd0
[ 1928.523701][T13986]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1928.529619][T13986] RIP: 0033:0x7fd36aa9bae9
[ 1928.534144][T13986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1928.553776][T13986] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1928.562225][T13986] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 1928.570265][T13986] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1928.578362][T13986] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 1928.586366][T13986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1928.594440][T13986] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 1928.602470][T13986]  </TASK>
[ 1928.605485][T13986] ---[ end trace e45544a13c7e47ad ]---
[ 1928.612392][T13986] ------------[ cut here ]------------
[ 1928.617841][T13986] WARNING: CPU: 0 PID: 13986 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1928.627291][T13986] Modules linked in:
[ 1928.631194][T13986] CPU: 0 PID: 13986 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 1928.641065][T13986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1928.651163][T13986] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1928.656738][T13986] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1928.676382][T13986] RSP: 0000:ffffc90000ae75d8 EFLAGS: 00010246
[ 1928.682482][T13986] RAX: ffffffff83b414a7 RBX: ffff88811d0bd8a0 RCX: 0000000000040000
[ 1928.690662][T13986] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1928.698733][T13986] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1928.706751][T13986] R10: 0001ffffffffffff R11: 000188811d0bd8a0 R12: ffff88811d0bd850
[ 1928.714748][T13986] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811d0bd800
[ 1928.722740][T13986] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1928.731695][T13986] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1928.738277][T13986] CR2: 000000000046db5d CR3: 000000011ed06000 CR4: 00000000003506f0
[ 1928.746324][T13986] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1928.754315][T13986] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1928.762309][T13986] Call Trace:
[ 1928.765583][T13986]  <TASK>
[ 1928.768510][T13986]  tcf_block_put_ext+0xe5/0x180
[ 1928.773397][T13986]  tcf_block_put+0x4c/0x70
[ 1928.778177][T13986]  cake_destroy+0x2d/0x50
[ 1928.782575][T13986]  ? cake_reset+0x5d0/0x5d0
[ 1928.787138][T13986]  qdisc_create+0xa82/0xd10
[ 1928.791721][T13986]  ? __nla_parse+0x3c/0x50
[ 1928.796144][T13986]  tc_modify_qdisc+0x64a/0x10b0
[ 1928.801034][T13986]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1928.806933][T13986]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1928.811984][T13986]  ? ___cache_free+0x46/0x300
[ 1928.816721][T13986]  ? packet_rcv+0x3d6/0x9d0
[ 1928.821247][T13986]  ? __kfree_skb+0xfe/0x150
[ 1928.825753][T13986]  ? kmem_cache_free+0x5e/0x100
[ 1928.830629][T13986]  ? __kfree_skb+0xfe/0x150
[ 1928.835139][T13986]  ? consume_skb+0x48/0x160
[ 1928.839698][T13986]  ? nlmon_xmit+0x5f/0x70
[ 1928.844115][T13986]  ? __this_cpu_preempt_check+0x18/0x20
[ 1928.849830][T13986]  ? __local_bh_enable_ip+0x4d/0x70
[ 1928.855113][T13986]  ? local_bh_enable+0x1b/0x20
[ 1928.859918][T13986]  ? __dev_queue_xmit+0x597/0xf70
[ 1928.864950][T13986]  ? __skb_clone+0x2db/0x300
[ 1928.869560][T13986]  ? __rcu_read_unlock+0x5c/0x290
[ 1928.874593][T13986]  netlink_rcv_skb+0x14e/0x250
[ 1928.879378][T13986]  ? rtnetlink_bind+0x60/0x60
[ 1928.884061][T13986]  rtnetlink_rcv+0x18/0x20
[ 1928.888477][T13986]  netlink_unicast+0x5fc/0x6c0
[ 1928.893271][T13986]  netlink_sendmsg+0x6e1/0x7d0
[ 1928.898213][T13986]  ? netlink_getsockopt+0x720/0x720
[ 1928.903481][T13986]  ____sys_sendmsg+0x39a/0x510
[ 1928.908258][T13986]  __sys_sendmsg+0x195/0x230
[ 1928.912966][T13986]  ? __xfrm_init_state+0x350/0x820
[ 1928.918090][T13986]  __x64_sys_sendmsg+0x42/0x50
[ 1928.923052][T13986]  do_syscall_64+0x44/0xd0
[ 1928.927664][T13986]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1928.933609][T13986] RIP: 0033:0x7fd36aa9bae9
[ 1928.938040][T13986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1928.957844][T13986] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1928.966352][T13986] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 1928.974362][T13986] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1928.982361][T13986] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 1928.990478][T13986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1928.998449][T13986] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 1929.006584][T13986]  </TASK>
[ 1929.009614][T13986] ---[ end trace e45544a13c7e47ae ]---
[ 1931.503437][T13989] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1931.543782][T13989] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[ 1931.553341][T13991] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
18:52:18 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

[ 1934.556770][T13993] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1934.626535][T13993] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 1934.635164][T13993] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1934.646217][T13994] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1934.656791][T13994] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 1934.665457][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1938.335069][T13996] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1941.639755][T13996] syz-executor.0: vmalloc error: size 520192, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 1941.656388][T13996] CPU: 0 PID: 13996 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1941.666195][T13996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1941.676233][T13996] Call Trace:
[ 1941.679497][T13996]  <TASK>
[ 1941.682410][T13996]  dump_stack_lvl+0xd6/0x122
[ 1941.686980][T13996]  dump_stack+0x11/0x1b
[ 1941.691120][T13996]  warn_alloc+0x132/0x190
[ 1941.695493][T13996]  __vmalloc_node_range+0x58b/0x690
[ 1941.700667][T13996]  ? cake_init+0x20d/0x640
[ 1941.705127][T13996]  __vmalloc_node+0x61/0x70
[ 1941.709608][T13996]  ? cake_init+0x20d/0x640
[ 1941.714023][T13996]  kvmalloc_node+0xd2/0x110
[ 1941.718532][T13996]  cake_init+0x20d/0x640
[ 1941.722814][T13996]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 1941.728519][T13996]  ? qdisc_alloc+0x334/0x3c0
[ 1941.733154][T13996]  ? qdisc_lookup+0x20c/0x2e0
[ 1941.737817][T13996]  ? qdisc_peek_dequeued+0x140/0x140
[ 1941.743148][T13996]  qdisc_create+0x5f4/0xd10
[ 1941.747632][T13996]  ? __nla_parse+0x3c/0x50
[ 1941.752035][T13996]  tc_modify_qdisc+0x64a/0x10b0
[ 1941.756891][T13996]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1941.762776][T13996]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1941.767705][T13996]  ? ___cache_free+0x46/0x300
[ 1941.772365][T13996]  ? packet_rcv+0xc3/0x9d0
[ 1941.776756][T13996]  ? __kfree_skb+0xfe/0x150
[ 1941.781245][T13996]  ? kmem_cache_free+0x5e/0x100
[ 1941.786114][T13996]  ? __kfree_skb+0xfe/0x150
[ 1941.790598][T13996]  ? consume_skb+0x48/0x160
[ 1941.795090][T13996]  ? nlmon_xmit+0x5f/0x70
[ 1941.799402][T13996]  ? __this_cpu_preempt_check+0x18/0x20
[ 1941.804925][T13996]  ? __local_bh_enable_ip+0x4d/0x70
[ 1941.810112][T13996]  ? local_bh_enable+0x1b/0x20
[ 1941.814931][T13996]  ? __dev_queue_xmit+0x597/0xf70
[ 1941.820012][T13996]  ? __skb_clone+0x2db/0x300
[ 1941.824691][T13996]  ? __rcu_read_unlock+0x5c/0x290
[ 1941.829693][T13996]  netlink_rcv_skb+0x14e/0x250
[ 1941.834436][T13996]  ? rtnetlink_bind+0x60/0x60
[ 1941.839169][T13996]  rtnetlink_rcv+0x18/0x20
[ 1941.843604][T13996]  netlink_unicast+0x5fc/0x6c0
[ 1941.848454][T13996]  netlink_sendmsg+0x6e1/0x7d0
[ 1941.853198][T13996]  ? netlink_getsockopt+0x720/0x720
[ 1941.858375][T13996]  ____sys_sendmsg+0x39a/0x510
[ 1941.863130][T13996]  __sys_sendmsg+0x195/0x230
[ 1941.867730][T13996]  ? __xfrm_init_state+0x350/0x820
[ 1941.872880][T13996]  __x64_sys_sendmsg+0x42/0x50
[ 1941.877624][T13996]  do_syscall_64+0x44/0xd0
[ 1941.882077][T13996]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1941.888010][T13996] RIP: 0033:0x7f0da0d09ae9
[ 1941.892403][T13996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1941.911983][T13996] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1941.920379][T13996] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1941.928629][T13996] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1941.936588][T13996] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1941.944535][T13996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1941.952490][T13996] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1941.960452][T13996]  </TASK>
[ 1941.963727][T13996] Mem-Info:
[ 1941.966828][T13996] active_anon:10700 inactive_anon:100662 isolated_anon:0
[ 1941.966828][T13996]  active_file:332 inactive_file:178 isolated_file:0
[ 1941.966828][T13996]  unevictable:0 dirty:0 writeback:0
[ 1941.966828][T13996]  slab_reclaimable:8101 slab_unreclaimable:1741416
[ 1941.966828][T13996]  mapped:52533 shmem:389 pagetables:5277 bounce:0
[ 1941.966828][T13996]  kernel_misc_reclaimable:0
[ 1941.966828][T13996]  free:13254 free_pcp:519 free_cma:0
[ 1942.008207][T13996] Node 0 active_anon:42800kB inactive_anon:402648kB active_file:1852kB inactive_file:900kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210596kB dirty:0kB writeback:0kB shmem:1556kB writeback_tmp:0kB kernel_stack:5328kB pagetables:21108kB all_unreclaimable? no
[ 1942.034627][T13996] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1942.061502][T13996] lowmem_reserve[]: 0 2896 7874 7874
[ 1942.066831][T13996] Node 0 DMA32 free:23996kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1942.095492][T13996] lowmem_reserve[]: 0 0 4978 4978
[ 1942.100599][T13996] Node 0 Normal free:12652kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:4096KB active_anon:42800kB inactive_anon:401728kB active_file:1820kB inactive_file:1176kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1528kB local_pcp:1444kB free_cma:0kB
[ 1942.131269][T13996] lowmem_reserve[]: 0 0 0 0
[ 1942.135806][T13996] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1942.148488][T13996] Node 0 DMA32: 215*4kB (UME) 120*8kB (UME) 56*16kB (UME) 49*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 4*2048kB (UME) 1*4096kB (M) = 23996kB
[ 1942.166102][T13996] Node 0 Normal: 1599*4kB (UMEH) 594*8kB (UMEH) 155*16kB (UMEH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 13660kB
[ 1942.180939][T13996] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1942.190259][T13996] 1315 total pagecache pages
[ 1942.194841][T13996] 0 pages in swap cache
[ 1942.199022][T13996] Swap cache stats: add 0, delete 0, find 0/0
[ 1942.205120][T13996] Free swap  = 0kB
[ 1942.208907][T13996] Total swap = 0kB
[ 1942.212652][T13996] 2097051 pages RAM
[ 1942.216442][T13996] 0 pages HighMem/MovableOnly
[ 1942.221125][T13996] 75955 pages reserved
[ 1942.227473][T13996] ------------[ cut here ]------------
[ 1942.232962][T13996] WARNING: CPU: 0 PID: 13996 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1942.243533][T13996] Modules linked in:
[ 1942.247423][T13996] CPU: 0 PID: 13996 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1942.257421][T13996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1942.267513][T13996] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
18:52:25 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 1942.274243][T13996] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1942.293962][T13996] RSP: 0018:ffffc900009375f0 EFLAGS: 00010246
[ 1942.300089][T13996] RAX: ffff8881237d4000 RBX: ffff88811d6fa8b0 RCX: 0000000000000000
[ 1942.308233][T13996] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: ffff88811d6fa800
[ 1942.316236][T13996] RBP: ffffc90000937738 R08: 000188811d6fa8b7 R09: 0000000000000000
[ 1942.324233][T13996] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811d6fa8b0
[ 1942.332276][T13996] R13: ffffffff85ec3720 R14: ffff88811d6fa800 R15: ffffc90000937668
[ 1942.340376][T13996] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1942.349385][T13996] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1942.356039][T13996] CR2: 00005555563f63bc CR3: 000000011f102000 CR4: 00000000003506f0
[ 1942.364050][T13996] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1942.372047][T13996] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1942.380056][T13996] Call Trace:
[ 1942.383403][T13996]  <TASK>
[ 1942.386325][T13996]  tcf_block_put_ext+0x2d/0x180
[ 1942.391210][T13996]  tcf_block_put+0x4c/0x70
[ 1942.395626][T13996]  cake_destroy+0x2d/0x50
[ 1942.400035][T13996]  ? cake_reset+0x5d0/0x5d0
[ 1942.404537][T13996]  qdisc_create+0xa82/0xd10
[ 1942.409153][T13996]  ? __nla_parse+0x3c/0x50
[ 1942.413615][T13996]  tc_modify_qdisc+0x64a/0x10b0
[ 1942.418474][T13996]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1942.424480][T13996]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1942.429448][T13996]  ? ___cache_free+0x46/0x300
[ 1942.434162][T13996]  ? packet_rcv+0xc3/0x9d0
[ 1942.438658][T13996]  ? __kfree_skb+0xfe/0x150
[ 1942.443200][T13996]  ? kmem_cache_free+0x5e/0x100
[ 1942.448078][T13996]  ? __kfree_skb+0xfe/0x150
[ 1942.452684][T13996]  ? consume_skb+0x48/0x160
[ 1942.457223][T13996]  ? nlmon_xmit+0x5f/0x70
[ 1942.461584][T13996]  ? __this_cpu_preempt_check+0x18/0x20
[ 1942.467208][T13996]  ? __local_bh_enable_ip+0x4d/0x70
[ 1942.472472][T13996]  ? local_bh_enable+0x1b/0x20
[ 1942.477250][T13996]  ? __dev_queue_xmit+0x597/0xf70
[ 1942.482306][T13996]  ? __skb_clone+0x2db/0x300
[ 1942.486896][T13996]  ? __rcu_read_unlock+0x5c/0x290
[ 1942.492051][T13996]  netlink_rcv_skb+0x14e/0x250
[ 1942.496825][T13996]  ? rtnetlink_bind+0x60/0x60
[ 1942.501558][T13996]  rtnetlink_rcv+0x18/0x20
[ 1942.505988][T13996]  netlink_unicast+0x5fc/0x6c0
[ 1942.510794][T13996]  netlink_sendmsg+0x6e1/0x7d0
[ 1942.515595][T13996]  ? netlink_getsockopt+0x720/0x720
[ 1942.520951][T13996]  ____sys_sendmsg+0x39a/0x510
[ 1942.525754][T13996]  __sys_sendmsg+0x195/0x230
[ 1942.530437][T13996]  ? __xfrm_init_state+0x350/0x820
[ 1942.535629][T13996]  __x64_sys_sendmsg+0x42/0x50
[ 1942.540445][T13996]  do_syscall_64+0x44/0xd0
[ 1942.544867][T13996]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1942.550799][T13996] RIP: 0033:0x7f0da0d09ae9
[ 1942.555204][T13996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1942.574895][T13996] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1942.583373][T13996] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1942.591382][T13996] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1942.599374][T13996] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1942.607342][T13996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1942.615342][T13996] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1942.623345][T13996]  </TASK>
[ 1942.626357][T13996] ---[ end trace e45544a13c7e47af ]---
[ 1942.632422][T13996] ------------[ cut here ]------------
[ 1942.637871][T13996] WARNING: CPU: 0 PID: 13996 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1942.647538][T13996] Modules linked in:
[ 1942.651443][T13996] CPU: 0 PID: 13996 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1942.661351][T13996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1942.671505][T13996] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1942.677220][T13996] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1942.696861][T13996] RSP: 0018:ffffc90000937628 EFLAGS: 00010246
[ 1942.702939][T13996] RAX: ffffffff83b40f4c RBX: ffff88811d6fa888 RCX: 0000000000040000
[ 1942.710942][T13996] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1942.718917][T13996] RBP: ffffc90000937668 R08: 000188811d6fa88f R09: 0000000000000000
[ 1942.727040][T13996] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811d740000
[ 1942.735028][T13996] R13: 0000000000000000 R14: ffffc900009377f0 R15: ffff88811d6fa800
[ 1942.743038][T13996] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1942.752048][T13996] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1942.758627][T13996] CR2: 00005555563f63bc CR3: 000000011f102000 CR4: 00000000003506f0
[ 1942.766711][T13996] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1942.774727][T13996] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1942.782880][T13996] Call Trace:
[ 1942.786157][T13996]  <TASK>
[ 1942.789120][T13996]  tcf_block_put+0x4c/0x70
[ 1942.793548][T13996]  cake_destroy+0x2d/0x50
[ 1942.797914][T13996]  ? cake_reset+0x5d0/0x5d0
[ 1942.802525][T13996]  qdisc_create+0xa82/0xd10
[ 1942.807120][T13996]  ? __nla_parse+0x3c/0x50
[ 1942.811566][T13996]  tc_modify_qdisc+0x64a/0x10b0
[ 1942.816478][T13996]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1942.822408][T13996]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1942.827362][T13996]  ? ___cache_free+0x46/0x300
[ 1942.832075][T13996]  ? packet_rcv+0xc3/0x9d0
[ 1942.836486][T13996]  ? __kfree_skb+0xfe/0x150
[ 1942.841104][T13996]  ? kmem_cache_free+0x5e/0x100
[ 1942.845956][T13996]  ? __kfree_skb+0xfe/0x150
[ 1942.850556][T13996]  ? consume_skb+0x48/0x160
[ 1942.855062][T13996]  ? nlmon_xmit+0x5f/0x70
[ 1942.859423][T13996]  ? __this_cpu_preempt_check+0x18/0x20
[ 1942.864980][T13996]  ? __local_bh_enable_ip+0x4d/0x70
[ 1942.870328][T13996]  ? local_bh_enable+0x1b/0x20
[ 1942.875142][T13996]  ? __dev_queue_xmit+0x597/0xf70
[ 1942.880284][T13996]  ? __skb_clone+0x2db/0x300
[ 1942.884881][T13996]  ? __rcu_read_unlock+0x5c/0x290
[ 1942.889938][T13996]  netlink_rcv_skb+0x14e/0x250
[ 1942.894748][T13996]  ? rtnetlink_bind+0x60/0x60
[ 1942.899460][T13996]  rtnetlink_rcv+0x18/0x20
[ 1942.903877][T13996]  netlink_unicast+0x5fc/0x6c0
[ 1942.908660][T13996]  netlink_sendmsg+0x6e1/0x7d0
[ 1942.913501][T13996]  ? netlink_getsockopt+0x720/0x720
[ 1942.918971][T13996]  ____sys_sendmsg+0x39a/0x510
[ 1942.923783][T13996]  __sys_sendmsg+0x195/0x230
[ 1942.928377][T13996]  ? __xfrm_init_state+0x350/0x820
[ 1942.933527][T13996]  __x64_sys_sendmsg+0x42/0x50
[ 1942.938300][T13996]  do_syscall_64+0x44/0xd0
[ 1942.942946][T13996]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1942.948889][T13996] RIP: 0033:0x7f0da0d09ae9
[ 1942.953357][T13996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1942.973298][T13996] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1942.981749][T13996] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1942.989800][T13996] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1942.997771][T13996] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1943.005776][T13996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1943.013843][T13996] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1943.021917][T13996]  </TASK>
[ 1943.024938][T13996] ---[ end trace e45544a13c7e47b0 ]---
[ 1943.032072][T13996] ------------[ cut here ]------------
[ 1943.037616][T13996] WARNING: CPU: 0 PID: 13996 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1943.047187][T13996] Modules linked in:
[ 1943.051108][T13996] CPU: 0 PID: 13996 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 1943.060966][T13996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1943.071054][T13996] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1943.076669][T13996] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1943.096317][T13996] RSP: 0018:ffffc900009375d8 EFLAGS: 00010246
[ 1943.102439][T13996] RAX: ffffffff83b414a7 RBX: ffff88811d6fa8a0 RCX: 0000000000040000
[ 1943.110704][T13996] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1943.118724][T13996] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1943.126779][T13996] R10: 0001ffffffffffff R11: 000188811d6fa8a0 R12: ffff88811d6fa850
[ 1943.134804][T13996] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811d6fa800
[ 1943.142806][T13996] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1943.151893][T13996] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1943.158484][T13996] CR2: 00005555563f63bc CR3: 000000011f102000 CR4: 00000000003506f0
[ 1943.166510][T13996] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1943.174509][T13996] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1943.182634][T13996] Call Trace:
[ 1943.185908][T13996]  <TASK>
[ 1943.188878][T13996]  tcf_block_put_ext+0xe5/0x180
[ 1943.193874][T13996]  tcf_block_put+0x4c/0x70
[ 1943.198301][T13996]  cake_destroy+0x2d/0x50
[ 1943.202847][T13996]  ? cake_reset+0x5d0/0x5d0
[ 1943.207446][T13996]  qdisc_create+0xa82/0xd10
[ 1943.211998][T13996]  ? __nla_parse+0x3c/0x50
[ 1943.216422][T13996]  tc_modify_qdisc+0x64a/0x10b0
[ 1943.221324][T13996]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1943.227397][T13996]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1943.232421][T13996]  ? ___cache_free+0x46/0x300
[ 1943.237115][T13996]  ? packet_rcv+0xc3/0x9d0
[ 1943.241584][T13996]  ? __kfree_skb+0xfe/0x150
[ 1943.246160][T13996]  ? kmem_cache_free+0x5e/0x100
[ 1943.251063][T13996]  ? __kfree_skb+0xfe/0x150
[ 1943.255569][T13996]  ? consume_skb+0x48/0x160
[ 1943.260116][T13996]  ? nlmon_xmit+0x5f/0x70
[ 1943.264448][T13996]  ? __this_cpu_preempt_check+0x18/0x20
[ 1943.270043][T13996]  ? __local_bh_enable_ip+0x4d/0x70
[ 1943.275262][T13996]  ? local_bh_enable+0x1b/0x20
[ 1943.280127][T13996]  ? __dev_queue_xmit+0x597/0xf70
[ 1943.285231][T13996]  ? __skb_clone+0x2db/0x300
[ 1943.289878][T13996]  ? __rcu_read_unlock+0x5c/0x290
[ 1943.294942][T13996]  netlink_rcv_skb+0x14e/0x250
[ 1943.299743][T13996]  ? rtnetlink_bind+0x60/0x60
[ 1943.304505][T13996]  rtnetlink_rcv+0x18/0x20
[ 1943.309022][T13996]  netlink_unicast+0x5fc/0x6c0
[ 1943.313872][T13996]  netlink_sendmsg+0x6e1/0x7d0
[ 1943.318717][T13996]  ? netlink_getsockopt+0x720/0x720
[ 1943.323967][T13996]  ____sys_sendmsg+0x39a/0x510
[ 1943.328793][T13996]  __sys_sendmsg+0x195/0x230
[ 1943.333467][T13996]  ? __xfrm_init_state+0x350/0x820
[ 1943.338607][T13996]  __x64_sys_sendmsg+0x42/0x50
[ 1943.343517][T13996]  do_syscall_64+0x44/0xd0
[ 1943.348111][T13996]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1943.354046][T13996] RIP: 0033:0x7f0da0d09ae9
[ 1943.358462][T13996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1943.378414][T13996] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1943.386892][T13996] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 1943.394883][T13996] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1943.402901][T13996] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 1943.410903][T13996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1943.418928][T13996] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 1943.426992][T13996]  </TASK>
[ 1943.430055][T13996] ---[ end trace e45544a13c7e47b1 ]---
18:52:25 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeffffff]}]}}]}, 0x434}}, 0x0)

18:52:25 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x63c8}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 1953.062562][T14210] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
18:52:35 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000001bd168e7261fcc4dcffdfdfc853e50000000000000000000004680d32c978051d4f59846ac70dbd3bf08298a8427424b9baf637db7a159e1364116885490b556852544e62267dc0d3f784498c515d8e9df158cfa3427f059cc2e661d686efe9e107a3d6943c4d5ce88d15eb549da65df9e93ef7372486f86007b8ac186e300"/148], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x60, 0x10, 0x0}, 0x78)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x4da}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f0000000040)='GPL\x00', 0x3ff, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x5, 0x2}, 0x8, 0x10, &(0x7f00000000c0)={0x1, 0xf, 0x6, 0x2}, 0x10}, 0x78)

[ 1955.549254][T14210] syz-executor.1: vmalloc error: size 311296, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 1955.565801][T14210] CPU: 1 PID: 14210 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 1955.575705][T14210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1955.585781][T14210] Call Trace:
[ 1955.589052][T14210]  <TASK>
[ 1955.591980][T14210]  dump_stack_lvl+0xd6/0x122
[ 1955.596603][T14210]  dump_stack+0x11/0x1b
[ 1955.600786][T14210]  warn_alloc+0x132/0x190
[ 1955.605113][T14210]  __vmalloc_node_range+0x58b/0x690
[ 1955.610431][T14210]  ? cake_init+0x20d/0x640
[ 1955.614855][T14210]  __vmalloc_node+0x61/0x70
[ 1955.619355][T14210]  ? cake_init+0x20d/0x640
[ 1955.623792][T14210]  kvmalloc_node+0xd2/0x110
[ 1955.628357][T14210]  cake_init+0x20d/0x640
[ 1955.632642][T14210]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 1955.638340][T14210]  ? qdisc_alloc+0x334/0x3c0
[ 1955.642958][T14210]  ? qdisc_lookup+0x20c/0x2e0
[ 1955.647616][T14210]  ? qdisc_peek_dequeued+0x140/0x140
[ 1955.652887][T14210]  qdisc_create+0x5f4/0xd10
[ 1955.657383][T14210]  ? __nla_parse+0x3c/0x50
[ 1955.661803][T14210]  tc_modify_qdisc+0x64a/0x10b0
[ 1955.666660][T14210]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1955.672558][T14210]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1955.677547][T14210]  ? ___cache_free+0x46/0x300
[ 1955.682203][T14210]  ? packet_rcv+0xc3/0x9d0
[ 1955.686677][T14210]  ? __kfree_skb+0xfe/0x150
[ 1955.691164][T14210]  ? kmem_cache_free+0x5e/0x100
[ 1955.696068][T14210]  ? __kfree_skb+0xfe/0x150
[ 1955.700572][T14210]  ? consume_skb+0x48/0x160
[ 1955.705052][T14210]  ? nlmon_xmit+0x5f/0x70
[ 1955.709364][T14210]  ? __this_cpu_preempt_check+0x18/0x20
[ 1955.714948][T14210]  ? __local_bh_enable_ip+0x4d/0x70
[ 1955.720241][T14210]  ? local_bh_enable+0x1b/0x20
[ 1955.725039][T14210]  ? __dev_queue_xmit+0x597/0xf70
[ 1955.730169][T14210]  ? __skb_clone+0x2db/0x300
[ 1955.734741][T14210]  ? __rcu_read_unlock+0x5c/0x290
[ 1955.739765][T14210]  netlink_rcv_skb+0x14e/0x250
[ 1955.744531][T14210]  ? rtnetlink_bind+0x60/0x60
[ 1955.749197][T14210]  rtnetlink_rcv+0x18/0x20
[ 1955.753591][T14210]  netlink_unicast+0x5fc/0x6c0
[ 1955.758381][T14210]  netlink_sendmsg+0x6e1/0x7d0
[ 1955.763139][T14210]  ? netlink_getsockopt+0x720/0x720
[ 1955.768402][T14210]  ____sys_sendmsg+0x39a/0x510
[ 1955.773214][T14210]  __sys_sendmsg+0x195/0x230
[ 1955.777893][T14210]  ? __xfrm_init_state+0x350/0x820
[ 1955.783032][T14210]  __x64_sys_sendmsg+0x42/0x50
[ 1955.787809][T14210]  do_syscall_64+0x44/0xd0
[ 1955.792423][T14210]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1955.798383][T14210] RIP: 0033:0x7f7b56f48ae9
[ 1955.802818][T14210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1955.822410][T14210] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1955.830876][T14210] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 1955.839009][T14210] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 1955.847128][T14210] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 1955.855084][T14210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1955.863075][T14210] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 1955.871035][T14210]  </TASK>
[ 1955.874098][T14210] Mem-Info:
[ 1955.877186][T14210] active_anon:10708 inactive_anon:100683 isolated_anon:0
[ 1955.877186][T14210]  active_file:360 inactive_file:196 isolated_file:0
[ 1955.877186][T14210]  unevictable:0 dirty:0 writeback:0
[ 1955.877186][T14210]  slab_reclaimable:8097 slab_unreclaimable:1741419
[ 1955.877186][T14210]  mapped:52476 shmem:397 pagetables:5276 bounce:0
[ 1955.877186][T14210]  kernel_misc_reclaimable:0
[ 1955.877186][T14210]  free:13532 free_pcp:216 free_cma:0
[ 1955.918443][T14210] Node 0 active_anon:42832kB inactive_anon:402732kB active_file:1440kB inactive_file:784kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209904kB dirty:0kB writeback:0kB shmem:1588kB writeback_tmp:0kB kernel_stack:5312kB pagetables:21104kB all_unreclaimable? yes
[ 1955.944815][T14210] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1955.971847][T14210] lowmem_reserve[]: 0 2896 7874 7874
[ 1955.977125][T14210] Node 0 DMA32 free:23996kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1956.005309][T14210] lowmem_reserve[]: 0 0 4978 4978
[ 1956.010399][T14210] Node 0 Normal free:14772kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42832kB inactive_anon:401812kB active_file:1320kB inactive_file:880kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:864kB local_pcp:424kB free_cma:0kB
[ 1956.040475][T14210] lowmem_reserve[]: 0 0 0 0
[ 1956.044986][T14210] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1956.057723][T14210] Node 0 DMA32: 215*4kB (UME) 120*8kB (UME) 56*16kB (UME) 49*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 4*2048kB (UME) 1*4096kB (M) = 23996kB
[ 1956.075324][T14210] Node 0 Normal: 1744*4kB (UMEH) 605*8kB (UMEH) 167*16kB (UMEH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 14520kB
[ 1956.090421][T14210] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1956.099718][T14210] 998 total pagecache pages
[ 1956.104279][T14210] 0 pages in swap cache
[ 1956.108453][T14210] Swap cache stats: add 0, delete 0, find 0/0
[ 1956.114514][T14210] Free swap  = 0kB
[ 1956.118211][T14210] Total swap = 0kB
[ 1956.121981][T14210] 2097051 pages RAM
[ 1956.125763][T14210] 0 pages HighMem/MovableOnly
[ 1956.130603][T14210] 75955 pages reserved
[ 1956.137677][T14210] ------------[ cut here ]------------
[ 1956.143209][T14210] WARNING: CPU: 1 PID: 14210 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1956.153772][T14210] Modules linked in:
[ 1956.157746][T14210] CPU: 1 PID: 14210 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 1956.167559][T14210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1956.177668][T14210] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1956.184450][T14210] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1956.204070][T14210] RSP: 0000:ffffc90000aff5f0 EFLAGS: 00010246
[ 1956.210343][T14210] RAX: ffff888123d06000 RBX: ffff8881d87e48b0 RCX: 0000000000000000
[ 1956.218498][T14210] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: ffff8881d87e4800
[ 1956.226554][T14210] RBP: ffffc90000aff738 R08: 00018881d87e48b7 R09: 0000000000000000
[ 1956.234773][T14210] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8881d87e48b0
[ 1956.242796][T14210] R13: ffffffff85ec3720 R14: ffff8881d87e4800 R15: ffffc90000aff668
[ 1956.250762][T14210] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1956.259687][T14210] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1956.266275][T14210] CR2: 0000000000402fc0 CR3: 00000001550ca000 CR4: 00000000003506e0
[ 1956.274310][T14210] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1956.282318][T14210] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1956.290343][T14210] Call Trace:
[ 1956.293690][T14210]  <TASK>
[ 1956.296615][T14210]  tcf_block_put_ext+0x2d/0x180
[ 1956.301473][T14210]  tcf_block_put+0x4c/0x70
[ 1956.305913][T14210]  cake_destroy+0x2d/0x50
[ 1956.310311][T14210]  ? cake_reset+0x5d0/0x5d0
[ 1956.314908][T14210]  qdisc_create+0xa82/0xd10
[ 1956.319463][T14210]  ? __nla_parse+0x3c/0x50
[ 1956.323893][T14210]  tc_modify_qdisc+0x64a/0x10b0
[ 1956.328729][T14210]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1956.334620][T14210]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1956.339691][T14210]  ? ___cache_free+0x46/0x300
[ 1956.344495][T14210]  ? packet_rcv+0xc3/0x9d0
[ 1956.349148][T14210]  ? __kfree_skb+0xfe/0x150
[ 1956.353653][T14210]  ? kmem_cache_free+0x5e/0x100
[ 1956.358484][T14210]  ? __kfree_skb+0xfe/0x150
[ 1956.362997][T14210]  ? consume_skb+0x48/0x160
[ 1956.367478][T14210]  ? nlmon_xmit+0x5f/0x70
[ 1956.371896][T14210]  ? __this_cpu_preempt_check+0x18/0x20
[ 1956.377426][T14210]  ? __local_bh_enable_ip+0x4d/0x70
[ 1956.382630][T14210]  ? local_bh_enable+0x1b/0x20
[ 1956.387479][T14210]  ? __dev_queue_xmit+0x597/0xf70
[ 1956.392562][T14210]  ? __skb_clone+0x2db/0x300
[ 1956.397131][T14210]  ? __rcu_read_unlock+0x5c/0x290
[ 1956.402217][T14210]  netlink_rcv_skb+0x14e/0x250
[ 1956.407041][T14210]  ? rtnetlink_bind+0x60/0x60
[ 1956.411712][T14210]  rtnetlink_rcv+0x18/0x20
[ 1956.416178][T14210]  netlink_unicast+0x5fc/0x6c0
[ 1956.420973][T14210]  netlink_sendmsg+0x6e1/0x7d0
[ 1956.425732][T14210]  ? netlink_getsockopt+0x720/0x720
[ 1956.431189][T14210]  ____sys_sendmsg+0x39a/0x510
[ 1956.436282][T14210]  __sys_sendmsg+0x195/0x230
[ 1956.440861][T14210]  ? __xfrm_init_state+0x350/0x820
[ 1956.446024][T14210]  __x64_sys_sendmsg+0x42/0x50
[ 1956.450901][T14210]  do_syscall_64+0x44/0xd0
[ 1956.455304][T14210]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1956.461224][T14210] RIP: 0033:0x7f7b56f48ae9
[ 1956.465619][T14210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1956.485279][T14210] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1956.493768][T14210] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 1956.501828][T14210] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 1956.509786][T14210] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 1956.517735][T14210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1956.525712][T14210] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 1956.533676][T14210]  </TASK>
[ 1956.536679][T14210] ---[ end trace e45544a13c7e47b2 ]---
[ 1956.542541][T14210] ------------[ cut here ]------------
[ 1956.547986][T14210] WARNING: CPU: 1 PID: 14210 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1956.557525][T14210] Modules linked in:
[ 1956.561427][T14210] CPU: 1 PID: 14210 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 1956.571214][T14210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1956.581376][T14210] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1956.587169][T14210] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1956.606933][T14210] RSP: 0000:ffffc90000aff628 EFLAGS: 00010246
[ 1956.613618][T14210] RAX: ffffffff83b40f4c RBX: ffff8881d87e4888 RCX: 0000000000040000
[ 1956.621792][T14210] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1956.629752][T14210] RBP: ffffc90000aff668 R08: 00018881d87e488f R09: 0000000000000000
[ 1956.637792][T14210] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811d740000
[ 1956.645871][T14210] R13: 0000000000000000 R14: ffffc90000aff7f0 R15: ffff8881d87e4800
[ 1956.653851][T14210] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1956.662857][T14210] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1956.669525][T14210] CR2: 0000000000402fc0 CR3: 00000001550ca000 CR4: 00000000003506e0
[ 1956.677480][T14210] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1956.685520][T14210] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1956.693478][T14210] Call Trace:
[ 1956.696737][T14210]  <TASK>
[ 1956.699712][T14210]  tcf_block_put+0x4c/0x70
[ 1956.704129][T14210]  cake_destroy+0x2d/0x50
[ 1956.708493][T14210]  ? cake_reset+0x5d0/0x5d0
[ 1956.713039][T14210]  qdisc_create+0xa82/0xd10
[ 1956.717524][T14210]  ? __nla_parse+0x3c/0x50
[ 1956.721935][T14210]  tc_modify_qdisc+0x64a/0x10b0
[ 1956.726771][T14210]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1956.732843][T14210]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1956.737762][T14210]  ? ___cache_free+0x46/0x300
[ 1956.742475][T14210]  ? packet_rcv+0xc3/0x9d0
[ 1956.746881][T14210]  ? __kfree_skb+0xfe/0x150
[ 1956.751387][T14210]  ? kmem_cache_free+0x5e/0x100
[ 1956.756318][T14210]  ? __kfree_skb+0xfe/0x150
[ 1956.760820][T14210]  ? consume_skb+0x48/0x160
[ 1956.765312][T14210]  ? nlmon_xmit+0x5f/0x70
[ 1956.769635][T14210]  ? __this_cpu_preempt_check+0x18/0x20
[ 1956.775179][T14210]  ? __local_bh_enable_ip+0x4d/0x70
[ 1956.780395][T14210]  ? local_bh_enable+0x1b/0x20
[ 1956.785143][T14210]  ? __dev_queue_xmit+0x597/0xf70
[ 1956.790226][T14210]  ? __skb_clone+0x2db/0x300
[ 1956.794893][T14210]  ? __rcu_read_unlock+0x5c/0x290
[ 1956.799911][T14210]  netlink_rcv_skb+0x14e/0x250
[ 1956.804694][T14210]  ? rtnetlink_bind+0x60/0x60
[ 1956.809374][T14210]  rtnetlink_rcv+0x18/0x20
[ 1956.813788][T14210]  netlink_unicast+0x5fc/0x6c0
[ 1956.818550][T14210]  netlink_sendmsg+0x6e1/0x7d0
[ 1956.823413][T14210]  ? netlink_getsockopt+0x720/0x720
[ 1956.828682][T14210]  ____sys_sendmsg+0x39a/0x510
[ 1956.833448][T14210]  __sys_sendmsg+0x195/0x230
[ 1956.838019][T14210]  ? __xfrm_init_state+0x350/0x820
[ 1956.843150][T14210]  __x64_sys_sendmsg+0x42/0x50
[ 1956.847894][T14210]  do_syscall_64+0x44/0xd0
[ 1956.852314][T14210]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1956.858536][T14210] RIP: 0033:0x7f7b56f48ae9
[ 1956.862944][T14210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1956.882659][T14210] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1956.891057][T14210] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 1956.899117][T14210] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 1956.907147][T14210] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 1956.915195][T14210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1956.923168][T14210] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 1956.931167][T14210]  </TASK>
[ 1956.934201][T14210] ---[ end trace e45544a13c7e47b3 ]---
[ 1956.941116][T14210] ------------[ cut here ]------------
[ 1956.946629][T14210] WARNING: CPU: 1 PID: 14210 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1956.956042][T14210] Modules linked in:
[ 1956.959985][T14210] CPU: 1 PID: 14210 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 1956.969807][T14210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1956.979869][T14210] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1956.985580][T14210] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1957.005386][T14210] RSP: 0000:ffffc90000aff5d8 EFLAGS: 00010246
[ 1957.011443][T14210] RAX: ffffffff83b414a7 RBX: ffff8881d87e48a0 RCX: 0000000000040000
[ 1957.019581][T14210] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1957.027549][T14210] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1957.035512][T14210] R10: 0001ffffffffffff R11: 00018881d87e48a0 R12: ffff8881d87e4850
[ 1957.043497][T14210] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff8881d87e4800
[ 1957.051455][T14210] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1957.060703][T14210] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1957.067329][T14210] CR2: 0000000000402fc0 CR3: 00000001550ca000 CR4: 00000000003506e0
[ 1957.075312][T14210] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1957.083307][T14210] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1957.091266][T14210] Call Trace:
[ 1957.094525][T14210]  <TASK>
[ 1957.097439][T14210]  tcf_block_put_ext+0xe5/0x180
[ 1957.102299][T14210]  tcf_block_put+0x4c/0x70
[ 1957.106776][T14210]  cake_destroy+0x2d/0x50
[ 1957.111185][T14210]  ? cake_reset+0x5d0/0x5d0
[ 1957.115704][T14210]  qdisc_create+0xa82/0xd10
[ 1957.120215][T14210]  ? __nla_parse+0x3c/0x50
[ 1957.124699][T14210]  tc_modify_qdisc+0x64a/0x10b0
[ 1957.129554][T14210]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1957.135435][T14210]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1957.140372][T14210]  ? ___cache_free+0x46/0x300
[ 1957.145048][T14210]  ? packet_rcv+0xc3/0x9d0
[ 1957.149465][T14210]  ? __kfree_skb+0xfe/0x150
[ 1957.154067][T14210]  ? kmem_cache_free+0x5e/0x100
[ 1957.158906][T14210]  ? __kfree_skb+0xfe/0x150
[ 1957.163410][T14210]  ? consume_skb+0x48/0x160
[ 1957.167904][T14210]  ? nlmon_xmit+0x5f/0x70
[ 1957.172233][T14210]  ? __this_cpu_preempt_check+0x18/0x20
[ 1957.177801][T14210]  ? __local_bh_enable_ip+0x4d/0x70
[ 1957.183037][T14210]  ? local_bh_enable+0x1b/0x20
[ 1957.187793][T14210]  ? __dev_queue_xmit+0x597/0xf70
[ 1957.192895][T14210]  ? __skb_clone+0x2db/0x300
[ 1957.197584][T14210]  ? __rcu_read_unlock+0x5c/0x290
[ 1957.202606][T14210]  netlink_rcv_skb+0x14e/0x250
[ 1957.207368][T14210]  ? rtnetlink_bind+0x60/0x60
[ 1957.212118][T14210]  rtnetlink_rcv+0x18/0x20
[ 1957.216515][T14210]  netlink_unicast+0x5fc/0x6c0
[ 1957.221347][T14210]  netlink_sendmsg+0x6e1/0x7d0
[ 1957.226172][T14210]  ? netlink_getsockopt+0x720/0x720
[ 1957.231371][T14210]  ____sys_sendmsg+0x39a/0x510
[ 1957.236288][T14210]  __sys_sendmsg+0x195/0x230
[ 1957.240971][T14210]  ? __xfrm_init_state+0x350/0x820
[ 1957.246071][T14210]  __x64_sys_sendmsg+0x42/0x50
[ 1957.250910][T14210]  do_syscall_64+0x44/0xd0
[ 1957.255484][T14210]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1957.261387][T14210] RIP: 0033:0x7f7b56f48ae9
[ 1957.265791][T14210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1957.285442][T14210] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1957.293844][T14210] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 1957.301818][T14210] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 1957.309777][T14210] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 1957.317727][T14210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1957.325697][T14210] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 1957.333662][T14210]  </TASK>
[ 1957.336664][T14210] ---[ end trace e45544a13c7e47b4 ]---
[ 1957.383606][T14316] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
18:52:44 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

18:52:44 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4788]}]}}]}, 0x434}}, 0x0)

[ 1958.613978][T14316] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 1958.622603][T14316] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1958.635384][T14317] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 1958.645155][T14317] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 1958.653663][T14317] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
18:52:45 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffa888]}]}}]}, 0x434}}, 0x0)

[ 1960.272226][T14319] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1963.711933][   T25] oom_reaper: reaped process 14319 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1963.723390][T14322] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[ 1963.731818][T14325] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1964.143535][T14327] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
18:52:50 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0xc863}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 1981.695316][T14534] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
18:53:08 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

18:53:08 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4888]}]}}]}, 0x434}}, 0x0)

18:53:08 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff7f]}]}}]}, 0x434}}, 0x0)

[ 1983.684653][T14536] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 1988.294521][T14738] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1990.389167][T14738] syz-executor.2: vmalloc error: size 782336, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[ 1990.405974][T14738] CPU: 0 PID: 14738 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1990.415823][T14738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1990.425884][T14738] Call Trace:
[ 1990.429161][T14738]  <TASK>
[ 1990.432086][T14738]  dump_stack_lvl+0xd6/0x122
[ 1990.436677][T14738]  dump_stack+0x11/0x1b
[ 1990.440918][T14738]  warn_alloc+0x132/0x190
[ 1990.445262][T14738]  __vmalloc_node_range+0x58b/0x690
[ 1990.450461][T14738]  ? cake_init+0x20d/0x640
[ 1990.454933][T14738]  __vmalloc_node+0x61/0x70
[ 1990.459836][T14738]  ? cake_init+0x20d/0x640
[ 1990.464256][T14738]  kvmalloc_node+0xd2/0x110
[ 1990.468803][T14738]  cake_init+0x20d/0x640
[ 1990.473138][T14738]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 1990.478957][T14738]  ? qdisc_alloc+0x334/0x3c0
[ 1990.483614][T14738]  ? qdisc_lookup+0x20c/0x2e0
[ 1990.488355][T14738]  ? qdisc_peek_dequeued+0x140/0x140
[ 1990.493698][T14738]  qdisc_create+0x5f4/0xd10
[ 1990.498288][T14738]  ? __nla_parse+0x3c/0x50
[ 1990.502710][T14738]  tc_modify_qdisc+0x64a/0x10b0
[ 1990.507568][T14738]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1990.513494][T14738]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1990.518508][T14738]  ? ___cache_free+0x46/0x300
[ 1990.523330][T14738]  ? packet_rcv+0xc3/0x9d0
[ 1990.527818][T14738]  ? __kfree_skb+0xfe/0x150
[ 1990.532394][T14738]  ? kmem_cache_free+0x5e/0x100
[ 1990.537245][T14738]  ? __kfree_skb+0xfe/0x150
[ 1990.541854][T14738]  ? consume_skb+0x48/0x160
[ 1990.546441][T14738]  ? nlmon_xmit+0x5f/0x70
[ 1990.550805][T14738]  ? __this_cpu_preempt_check+0x18/0x20
[ 1990.556355][T14738]  ? __local_bh_enable_ip+0x4d/0x70
[ 1990.561551][T14738]  ? local_bh_enable+0x1b/0x20
[ 1990.566363][T14738]  ? __dev_queue_xmit+0x597/0xf70
[ 1990.571415][T14738]  ? __skb_clone+0x2db/0x300
[ 1990.576076][T14738]  ? __rcu_read_unlock+0x5c/0x290
[ 1990.581268][T14738]  netlink_rcv_skb+0x14e/0x250
[ 1990.586034][T14738]  ? rtnetlink_bind+0x60/0x60
[ 1990.590707][T14738]  rtnetlink_rcv+0x18/0x20
[ 1990.595196][T14738]  netlink_unicast+0x5fc/0x6c0
[ 1990.599961][T14738]  netlink_sendmsg+0x6e1/0x7d0
[ 1990.604729][T14738]  ? netlink_getsockopt+0x720/0x720
[ 1990.609940][T14738]  ____sys_sendmsg+0x39a/0x510
[ 1990.614703][T14738]  __sys_sendmsg+0x195/0x230
[ 1990.619329][T14738]  __x64_sys_sendmsg+0x42/0x50
[ 1990.624137][T14738]  do_syscall_64+0x44/0xd0
[ 1990.628578][T14738]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1990.634469][T14738] RIP: 0033:0x7f2ab072eae9
[ 1990.638879][T14738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1990.658481][T14738] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1990.666890][T14738] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 1990.674878][T14738] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1990.682863][T14738] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1990.690891][T14738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1990.699037][T14738] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 1990.707012][T14738]  </TASK>
[ 1990.710134][T14738] Mem-Info:
[ 1990.713279][T14738] active_anon:10666 inactive_anon:100661 isolated_anon:0
[ 1990.713279][T14738]  active_file:393 inactive_file:327 isolated_file:1
[ 1990.713279][T14738]  unevictable:0 dirty:53 writeback:0
[ 1990.713279][T14738]  slab_reclaimable:8094 slab_unreclaimable:1741810
[ 1990.713279][T14738]  mapped:52587 shmem:355 pagetables:5275 bounce:0
[ 1990.713279][T14738]  kernel_misc_reclaimable:0
[ 1990.713279][T14738]  free:12403 free_pcp:348 free_cma:0
[ 1990.754706][T14738] Node 0 active_anon:42664kB inactive_anon:402644kB active_file:1656kB inactive_file:1488kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:210812kB dirty:212kB writeback:0kB shmem:1420kB writeback_tmp:0kB kernel_stack:5360kB pagetables:21100kB all_unreclaimable? no
[ 1990.781147][T14738] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1990.808324][T14738] lowmem_reserve[]: 0 2896 7874 7874
[ 1990.813701][T14738] Node 0 DMA32 free:22940kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1990.841845][T14738] lowmem_reserve[]: 0 0 4978 4978
[ 1990.846950][T14738] Node 0 Normal free:11312kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42664kB inactive_anon:401724kB active_file:1576kB inactive_file:1232kB unevictable:0kB writepending:212kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1252kB local_pcp:1192kB free_cma:0kB
[ 1990.877442][T14738] lowmem_reserve[]: 0 0 0 0
[ 1990.882043][T14738] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1990.894680][T14738] Node 0 DMA32: 215*4kB (UME) 120*8kB (UME) 56*16kB (UME) 48*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 4*1024kB (UM) 3*2048kB (ME) 1*4096kB (M) = 22940kB
[ 1990.912671][T14738] Node 0 Normal: 1130*4kB (UMEH) 440*8kB (MEH) 108*16kB (UMH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9800kB
[ 1990.927246][T14738] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1990.936666][T14738] 1152 total pagecache pages
[ 1990.941273][T14738] 0 pages in swap cache
[ 1990.945424][T14738] Swap cache stats: add 0, delete 0, find 0/0
[ 1990.951497][T14738] Free swap  = 0kB
[ 1990.955198][T14738] Total swap = 0kB
[ 1990.958996][T14738] 2097051 pages RAM
[ 1990.962826][T14738] 0 pages HighMem/MovableOnly
[ 1990.967492][T14738] 75955 pages reserved
[ 1990.974391][T14738] ------------[ cut here ]------------
[ 1990.979887][T14738] WARNING: CPU: 0 PID: 14738 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1990.990430][T14738] Modules linked in:
[ 1990.994319][T14738] CPU: 0 PID: 14738 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1991.004148][T14738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1991.014294][T14738] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1991.021073][T14738] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1991.040753][T14738] RSP: 0018:ffffc90000f6b5f0 EFLAGS: 00010246
[ 1991.046832][T14738] RAX: ffff88813a9c0000 RBX: ffff88811c8f78b0 RCX: 0000000000000000
[ 1991.054823][T14738] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: ffff88811c8f7800
[ 1991.062918][T14738] RBP: ffffc90000f6b738 R08: 000188811c8f78b7 R09: 0000000000000000
[ 1991.070920][T14738] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811c8f78b0
[ 1991.078987][T14738] R13: ffffffff85ec3720 R14: ffff88811c8f7800 R15: ffffc90000f6b668
[ 1991.087065][T14738] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1991.096055][T14738] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1991.102813][T14738] CR2: 00007f1b144566af CR3: 000000011e8ab000 CR4: 00000000003506f0
[ 1991.110824][T14738] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1991.118870][T14738] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1991.126900][T14738] Call Trace:
[ 1991.130206][T14738]  <TASK>
[ 1991.133136][T14738]  tcf_block_put_ext+0x2d/0x180
[ 1991.137992][T14738]  tcf_block_put+0x4c/0x70
[ 1991.142491][T14738]  cake_destroy+0x2d/0x50
[ 1991.146826][T14738]  ? cake_reset+0x5d0/0x5d0
[ 1991.151363][T14738]  qdisc_create+0xa82/0xd10
[ 1991.155872][T14738]  ? __nla_parse+0x3c/0x50
[ 1991.160364][T14738]  tc_modify_qdisc+0x64a/0x10b0
[ 1991.165460][T14738]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1991.171480][T14738]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1991.176421][T14738]  ? ___cache_free+0x46/0x300
[ 1991.181347][T14738]  ? packet_rcv+0xc3/0x9d0
[ 1991.185763][T14738]  ? __kfree_skb+0xfe/0x150
[ 1991.190334][T14738]  ? kmem_cache_free+0x5e/0x100
[ 1991.195786][T14738]  ? __kfree_skb+0xfe/0x150
[ 1991.200392][T14738]  ? consume_skb+0x48/0x160
[ 1991.204916][T14738]  ? nlmon_xmit+0x5f/0x70
[ 1991.209266][T14738]  ? __this_cpu_preempt_check+0x18/0x20
[ 1991.214813][T14738]  ? __local_bh_enable_ip+0x4d/0x70
[ 1991.220075][T14738]  ? local_bh_enable+0x1b/0x20
[ 1991.224840][T14738]  ? __dev_queue_xmit+0x597/0xf70
[ 1991.229937][T14738]  ? __skb_clone+0x2db/0x300
[ 1991.234528][T14738]  ? __rcu_read_unlock+0x5c/0x290
[ 1991.239585][T14738]  netlink_rcv_skb+0x14e/0x250
[ 1991.244355][T14738]  ? rtnetlink_bind+0x60/0x60
[ 1991.249039][T14738]  rtnetlink_rcv+0x18/0x20
[ 1991.253537][T14738]  netlink_unicast+0x5fc/0x6c0
[ 1991.258326][T14738]  netlink_sendmsg+0x6e1/0x7d0
[ 1991.263186][T14738]  ? netlink_getsockopt+0x720/0x720
[ 1991.268407][T14738]  ____sys_sendmsg+0x39a/0x510
[ 1991.273208][T14738]  __sys_sendmsg+0x195/0x230
[ 1991.277872][T14738]  __x64_sys_sendmsg+0x42/0x50
[ 1991.282663][T14738]  do_syscall_64+0x44/0xd0
[ 1991.287090][T14738]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1991.293038][T14738] RIP: 0033:0x7f2ab072eae9
[ 1991.297450][T14738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1991.317136][T14738] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1991.325588][T14738] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 1991.333577][T14738] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1991.341570][T14738] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1991.349631][T14738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1991.357604][T14738] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 1991.365664][T14738]  </TASK>
[ 1991.368745][T14738] ---[ end trace e45544a13c7e47b5 ]---
[ 1991.375035][T14738] ------------[ cut here ]------------
[ 1991.380497][T14738] WARNING: CPU: 0 PID: 14738 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1991.390077][T14738] Modules linked in:
[ 1991.394039][T14738] CPU: 0 PID: 14738 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1991.403958][T14738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1991.414090][T14738] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1991.419764][T14738] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1991.439468][T14738] RSP: 0018:ffffc90000f6b628 EFLAGS: 00010246
[ 1991.445539][T14738] RAX: ffffffff83b40f4c RBX: ffff88811c8f7888 RCX: 0000000000040000
[ 1991.453545][T14738] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1991.461550][T14738] RBP: ffffc90000f6b668 R08: 000188811c8f788f R09: 0000000000000000
[ 1991.469535][T14738] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888107d68000
[ 1991.477505][T14738] R13: 0000000000000000 R14: ffffc90000f6b7f0 R15: ffff88811c8f7800
[ 1991.485531][T14738] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1991.494484][T14738] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1991.501568][T14738] CR2: 00007f1b144566af CR3: 000000011e8ab000 CR4: 00000000003506f0
[ 1991.509584][T14738] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1991.517686][T14738] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1991.525696][T14738] Call Trace:
[ 1991.528976][T14738]  <TASK>
[ 1991.531925][T14738]  tcf_block_put+0x4c/0x70
[ 1991.536356][T14738]  cake_destroy+0x2d/0x50
[ 1991.540712][T14738]  ? cake_reset+0x5d0/0x5d0
[ 1991.545222][T14738]  qdisc_create+0xa82/0xd10
[ 1991.549822][T14738]  ? __nla_parse+0x3c/0x50
[ 1991.554295][T14738]  tc_modify_qdisc+0x64a/0x10b0
[ 1991.559243][T14738]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1991.565136][T14738]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1991.570110][T14738]  ? ___cache_free+0x46/0x300
[ 1991.574864][T14738]  ? packet_rcv+0xc3/0x9d0
[ 1991.579310][T14738]  ? __kfree_skb+0xfe/0x150
[ 1991.583868][T14738]  ? kmem_cache_free+0x5e/0x100
[ 1991.588727][T14738]  ? __kfree_skb+0xfe/0x150
[ 1991.593331][T14738]  ? consume_skb+0x48/0x160
[ 1991.597881][T14738]  ? nlmon_xmit+0x5f/0x70
[ 1991.602278][T14738]  ? __this_cpu_preempt_check+0x18/0x20
[ 1991.607835][T14738]  ? __local_bh_enable_ip+0x4d/0x70
[ 1991.613124][T14738]  ? local_bh_enable+0x1b/0x20
[ 1991.617891][T14738]  ? __dev_queue_xmit+0x597/0xf70
[ 1991.623133][T14738]  ? __skb_clone+0x2db/0x300
[ 1991.627718][T14738]  ? __rcu_read_unlock+0x5c/0x290
[ 1991.632765][T14738]  netlink_rcv_skb+0x14e/0x250
[ 1991.637585][T14738]  ? rtnetlink_bind+0x60/0x60
[ 1991.642369][T14738]  rtnetlink_rcv+0x18/0x20
[ 1991.646792][T14738]  netlink_unicast+0x5fc/0x6c0
[ 1991.651657][T14738]  netlink_sendmsg+0x6e1/0x7d0
[ 1991.656445][T14738]  ? netlink_getsockopt+0x720/0x720
[ 1991.661743][T14738]  ____sys_sendmsg+0x39a/0x510
[ 1991.666570][T14738]  __sys_sendmsg+0x195/0x230
[ 1991.671235][T14738]  __x64_sys_sendmsg+0x42/0x50
[ 1991.676002][T14738]  do_syscall_64+0x44/0xd0
[ 1991.680519][T14738]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1991.686413][T14738] RIP: 0033:0x7f2ab072eae9
[ 1991.690842][T14738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1991.710467][T14738] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1991.718978][T14738] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 1991.726977][T14738] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1991.734990][T14738] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1991.742979][T14738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1991.750990][T14738] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 1991.758976][T14738]  </TASK>
[ 1991.762014][T14738] ---[ end trace e45544a13c7e47b6 ]---
[ 1991.768989][T14738] ------------[ cut here ]------------
[ 1991.774463][T14738] WARNING: CPU: 0 PID: 14738 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1991.784042][T14738] Modules linked in:
[ 1991.787979][T14738] CPU: 0 PID: 14738 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1991.797804][T14738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1991.807880][T14738] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1991.813543][T14738] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1991.833174][T14738] RSP: 0018:ffffc90000f6b5d8 EFLAGS: 00010246
[ 1991.839263][T14738] RAX: ffffffff83b414a7 RBX: ffff88811c8f78a0 RCX: 0000000000040000
[ 1991.847300][T14738] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1991.855291][T14738] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1991.863290][T14738] R10: 0001ffffffffffff R11: 000188811c8f78a0 R12: ffff88811c8f7850
[ 1991.871290][T14738] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811c8f7800
[ 1991.879297][T14738] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 1991.888368][T14738] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1991.895035][T14738] CR2: 00007f1b144566af CR3: 000000011e8ab000 CR4: 00000000003506f0
[ 1991.903199][T14738] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1991.911283][T14738] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1991.919339][T14738] Call Trace:
[ 1991.922760][T14738]  <TASK>
[ 1991.925686][T14738]  tcf_block_put_ext+0xe5/0x180
[ 1991.930661][T14738]  tcf_block_put+0x4c/0x70
[ 1991.935088][T14738]  cake_destroy+0x2d/0x50
[ 1991.939443][T14738]  ? cake_reset+0x5d0/0x5d0
[ 1991.943999][T14738]  qdisc_create+0xa82/0xd10
[ 1991.948510][T14738]  ? __nla_parse+0x3c/0x50
[ 1991.952953][T14738]  tc_modify_qdisc+0x64a/0x10b0
[ 1991.957816][T14738]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1991.963762][T14738]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1991.968703][T14738]  ? ___cache_free+0x46/0x300
[ 1991.973404][T14738]  ? packet_rcv+0xc3/0x9d0
[ 1991.977864][T14738]  ? __kfree_skb+0xfe/0x150
[ 1991.982471][T14738]  ? kmem_cache_free+0x5e/0x100
[ 1991.987419][T14738]  ? __kfree_skb+0xfe/0x150
[ 1991.992027][T14738]  ? consume_skb+0x48/0x160
[ 1991.996608][T14738]  ? nlmon_xmit+0x5f/0x70
[ 1992.001000][T14738]  ? __this_cpu_preempt_check+0x18/0x20
[ 1992.006582][T14738]  ? __local_bh_enable_ip+0x4d/0x70
[ 1992.011923][T14738]  ? local_bh_enable+0x1b/0x20
[ 1992.016822][T14738]  ? __dev_queue_xmit+0x597/0xf70
[ 1992.021974][T14738]  ? __skb_clone+0x2db/0x300
[ 1992.026632][T14738]  ? __rcu_read_unlock+0x5c/0x290
[ 1992.031672][T14738]  netlink_rcv_skb+0x14e/0x250
[ 1992.036522][T14738]  ? rtnetlink_bind+0x60/0x60
[ 1992.041227][T14738]  rtnetlink_rcv+0x18/0x20
[ 1992.045644][T14738]  netlink_unicast+0x5fc/0x6c0
[ 1992.050574][T14738]  netlink_sendmsg+0x6e1/0x7d0
[ 1992.055366][T14738]  ? netlink_getsockopt+0x720/0x720
[ 1992.060616][T14738]  ____sys_sendmsg+0x39a/0x510
[ 1992.065422][T14738]  __sys_sendmsg+0x195/0x230
[ 1992.070044][T14738]  __x64_sys_sendmsg+0x42/0x50
[ 1992.074883][T14738]  do_syscall_64+0x44/0xd0
[ 1992.079371][T14738]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1992.085409][T14738] RIP: 0033:0x7f2ab072eae9
[ 1992.089839][T14738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1992.109601][T14738] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1992.118023][T14738] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 1992.126033][T14738] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1992.134034][T14738] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1992.142053][T14738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1992.150049][T14738] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 1992.158064][T14738]  </TASK>
[ 1992.161099][T14738] ---[ end trace e45544a13c7e47b7 ]---
[ 1992.170239][T14742] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 1994.722559][   T25] oom_reaper: reaped process 14740 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB
[ 1997.999965][T14740] ------------[ cut here ]------------
[ 1998.005453][T14740] WARNING: CPU: 1 PID: 14740 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1998.016086][T14740] Modules linked in:
[ 1998.019993][T14740] CPU: 1 PID: 14740 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1998.029914][T14740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1998.039987][T14740] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 1998.046751][T14740] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 1998.066443][T14740] RSP: 0018:ffffc90000ba75f0 EFLAGS: 00010246
[ 1998.072534][T14740] RAX: ffff88813a995000 RBX: ffff8881206688b0 RCX: 0000000000000000
[ 1998.080533][T14740] RDX: ffffc90007ee9000 RSI: 000000000000a678 RDI: ffff888120668800
[ 1998.088542][T14740] RBP: ffffc90000ba7738 R08: 00018881206688b7 R09: 0000000000000000
[ 1998.096517][T14740] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8881206688b0
[ 1998.104505][T14740] R13: ffffffff85ec3720 R14: ffff888120668800 R15: ffffc90000ba7668
[ 1998.112487][T14740] FS:  00007f2aae463700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1998.121477][T14740] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1998.128048][T14740] CR2: 0000000000826d4a CR3: 000000011e8ab000 CR4: 00000000003506e0
[ 1998.136155][T14740] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1998.144231][T14740] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1998.152295][T14740] Call Trace:
[ 1998.155579][T14740]  <TASK>
[ 1998.158490][T14740]  tcf_block_put_ext+0x2d/0x180
[ 1998.163354][T14740]  tcf_block_put+0x4c/0x70
[ 1998.167753][T14740]  cake_destroy+0x2d/0x50
[ 1998.172094][T14740]  ? cake_reset+0x5d0/0x5d0
[ 1998.176585][T14740]  qdisc_create+0xa82/0xd10
[ 1998.181085][T14740]  ? __nla_parse+0x3c/0x50
[ 1998.185599][T14740]  tc_modify_qdisc+0x64a/0x10b0
[ 1998.190478][T14740]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1998.196353][T14740]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1998.201299][T14740]  ? ___cache_free+0x46/0x300
[ 1998.205975][T14740]  ? packet_rcv+0xc3/0x9d0
[ 1998.210517][T14740]  ? __kfree_skb+0xfe/0x150
[ 1998.215036][T14740]  ? kmem_cache_free+0x5e/0x100
[ 1998.219897][T14740]  ? __kfree_skb+0xfe/0x150
[ 1998.224385][T14740]  ? consume_skb+0x48/0x160
[ 1998.228885][T14740]  ? nlmon_xmit+0x5f/0x70
[ 1998.233209][T14740]  ? __this_cpu_preempt_check+0x18/0x20
[ 1998.238737][T14740]  ? __local_bh_enable_ip+0x4d/0x70
[ 1998.244010][T14740]  ? local_bh_enable+0x1b/0x20
[ 1998.248754][T14740]  ? __dev_queue_xmit+0x597/0xf70
[ 1998.253861][T14740]  ? __skb_clone+0x2db/0x300
[ 1998.258514][T14740]  ? __rcu_read_unlock+0x5c/0x290
[ 1998.263551][T14740]  netlink_rcv_skb+0x14e/0x250
[ 1998.268336][T14740]  ? rtnetlink_bind+0x60/0x60
[ 1998.273063][T14740]  rtnetlink_rcv+0x18/0x20
[ 1998.277460][T14740]  netlink_unicast+0x5fc/0x6c0
[ 1998.282241][T14740]  netlink_sendmsg+0x6e1/0x7d0
[ 1998.287013][T14740]  ? netlink_getsockopt+0x720/0x720
[ 1998.292202][T14740]  ____sys_sendmsg+0x39a/0x510
[ 1998.296996][T14740]  __sys_sendmsg+0x195/0x230
[ 1998.301584][T14740]  ? __xfrm_init_state+0x350/0x820
[ 1998.306681][T14740]  __x64_sys_sendmsg+0x42/0x50
[ 1998.311451][T14740]  do_syscall_64+0x44/0xd0
[ 1998.315863][T14740]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1998.321815][T14740] RIP: 0033:0x7f2ab072eae9
[ 1998.326215][T14740] Code: Unable to access opcode bytes at RIP 0x7f2ab072eabf.
[ 1998.333567][T14740] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1998.341976][T14740] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 1998.349963][T14740] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1998.358294][T14740] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1998.366317][T14740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1998.374348][T14740] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 1998.382328][T14740]  </TASK>
[ 1998.385411][T14740] ---[ end trace e45544a13c7e47b8 ]---
[ 1998.391324][T14740] ------------[ cut here ]------------
[ 1998.396770][T14740] WARNING: CPU: 1 PID: 14740 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 1998.406499][T14740] Modules linked in:
[ 1998.410394][T14740] CPU: 1 PID: 14740 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1998.420367][T14740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1998.430484][T14740] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 1998.436109][T14740] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 1998.455878][T14740] RSP: 0018:ffffc90000ba7628 EFLAGS: 00010246
[ 1998.461944][T14740] RAX: ffffffff83b40f4c RBX: ffff888120668888 RCX: 0000000000040000
[ 1998.470008][T14740] RDX: ffffc90007ee9000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1998.477978][T14740] RBP: ffffc90000ba7668 R08: 000188812066888f R09: 0000000000000000
[ 1998.485947][T14740] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888107d68000
[ 1998.494045][T14740] R13: 0000000000000000 R14: ffffc90000ba77f0 R15: ffff888120668800
[ 1998.502013][T14740] FS:  00007f2aae463700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1998.511058][T14740] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1998.517618][T14740] CR2: 00007f2ab072eabf CR3: 000000011e8ab000 CR4: 00000000003506e0
[ 1998.525626][T14740] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1998.533604][T14740] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1998.541582][T14740] Call Trace:
[ 1998.544841][T14740]  <TASK>
[ 1998.547852][T14740]  tcf_block_put+0x4c/0x70
[ 1998.552266][T14740]  cake_destroy+0x2d/0x50
[ 1998.556680][T14740]  ? cake_reset+0x5d0/0x5d0
[ 1998.561243][T14740]  qdisc_create+0xa82/0xd10
[ 1998.565764][T14740]  ? __nla_parse+0x3c/0x50
[ 1998.570211][T14740]  tc_modify_qdisc+0x64a/0x10b0
[ 1998.575083][T14740]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1998.581037][T14740]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1998.585964][T14740]  ? ___cache_free+0x46/0x300
[ 1998.590648][T14740]  ? packet_rcv+0xc3/0x9d0
[ 1998.595045][T14740]  ? __kfree_skb+0xfe/0x150
[ 1998.599549][T14740]  ? kmem_cache_free+0x5e/0x100
[ 1998.604616][T14740]  ? __kfree_skb+0xfe/0x150
[ 1998.609135][T14740]  ? consume_skb+0x48/0x160
[ 1998.613698][T14740]  ? nlmon_xmit+0x5f/0x70
[ 1998.618004][T14740]  ? __this_cpu_preempt_check+0x18/0x20
[ 1998.623627][T14740]  ? __local_bh_enable_ip+0x4d/0x70
[ 1998.628835][T14740]  ? local_bh_enable+0x1b/0x20
[ 1998.633595][T14740]  ? __dev_queue_xmit+0x597/0xf70
[ 1998.638601][T14740]  ? __skb_clone+0x2db/0x300
[ 1998.643185][T14740]  ? __rcu_read_unlock+0x5c/0x290
[ 1998.648277][T14740]  netlink_rcv_skb+0x14e/0x250
[ 1998.653091][T14740]  ? rtnetlink_bind+0x60/0x60
[ 1998.657827][T14740]  rtnetlink_rcv+0x18/0x20
[ 1998.662241][T14740]  netlink_unicast+0x5fc/0x6c0
[ 1998.667032][T14740]  netlink_sendmsg+0x6e1/0x7d0
[ 1998.671842][T14740]  ? netlink_getsockopt+0x720/0x720
[ 1998.677036][T14740]  ____sys_sendmsg+0x39a/0x510
[ 1998.681879][T14740]  __sys_sendmsg+0x195/0x230
[ 1998.686886][T14740]  ? __xfrm_init_state+0x350/0x820
[ 1998.692043][T14740]  __x64_sys_sendmsg+0x42/0x50
[ 1998.696954][T14740]  do_syscall_64+0x44/0xd0
[ 1998.701365][T14740]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1998.707237][T14740] RIP: 0033:0x7f2ab072eae9
[ 1998.711672][T14740] Code: Unable to access opcode bytes at RIP 0x7f2ab072eabf.
[ 1998.719013][T14740] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1998.727418][T14740] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 1998.735481][T14740] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1998.743470][T14740] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1998.751438][T14740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1998.759478][T14740] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 1998.767449][T14740]  </TASK>
[ 1998.770458][T14740] ---[ end trace e45544a13c7e47b9 ]---
[ 1998.777198][T14740] ------------[ cut here ]------------
[ 1998.782651][T14740] WARNING: CPU: 1 PID: 14740 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 1998.792116][T14740] Modules linked in:
[ 1998.795985][T14740] CPU: 1 PID: 14740 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 1998.805871][T14740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1998.815918][T14740] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 1998.821481][T14740] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 1998.841198][T14740] RSP: 0018:ffffc90000ba75d8 EFLAGS: 00010246
[ 1998.847250][T14740] RAX: ffffffff83b414a7 RBX: ffff8881206688a0 RCX: 0000000000040000
[ 1998.855217][T14740] RDX: ffffc90007ee9000 RSI: 000000000003ffff RDI: 0000000000040000
[ 1998.863209][T14740] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 1998.871269][T14740] R10: 0001ffffffffffff R11: 00018881206688a0 R12: ffff888120668850
[ 1998.879437][T14740] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888120668800
[ 1998.887408][T14740] FS:  00007f2aae463700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 1998.896474][T14740] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1998.903086][T14740] CR2: 00007f2ab072eabf CR3: 000000011e8ab000 CR4: 00000000003506e0
[ 1998.911095][T14740] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1998.919055][T14740] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1998.927039][T14740] Call Trace:
[ 1998.930312][T14740]  <TASK>
[ 1998.933248][T14740]  tcf_block_put_ext+0xe5/0x180
[ 1998.938139][T14740]  tcf_block_put+0x4c/0x70
[ 1998.942567][T14740]  cake_destroy+0x2d/0x50
[ 1998.946986][T14740]  ? cake_reset+0x5d0/0x5d0
[ 1998.951669][T14740]  qdisc_create+0xa82/0xd10
[ 1998.956203][T14740]  ? __nla_parse+0x3c/0x50
[ 1998.960699][T14740]  tc_modify_qdisc+0x64a/0x10b0
[ 1998.965569][T14740]  ? qdisc_offload_graft_helper+0x190/0x190
[ 1998.971543][T14740]  rtnetlink_rcv_msg+0x745/0x7e0
[ 1998.976468][T14740]  ? ___cache_free+0x46/0x300
[ 1998.981140][T14740]  ? packet_rcv+0xc3/0x9d0
[ 1998.985540][T14740]  ? __kfree_skb+0xfe/0x150
[ 1998.990039][T14740]  ? kmem_cache_free+0x5e/0x100
[ 1998.994956][T14740]  ? __kfree_skb+0xfe/0x150
[ 1998.999487][T14740]  ? consume_skb+0x48/0x160
[ 1999.004071][T14740]  ? nlmon_xmit+0x5f/0x70
[ 1999.008384][T14740]  ? __this_cpu_preempt_check+0x18/0x20
[ 1999.014014][T14740]  ? __local_bh_enable_ip+0x4d/0x70
[ 1999.019323][T14740]  ? local_bh_enable+0x1b/0x20
[ 1999.024085][T14740]  ? __dev_queue_xmit+0x597/0xf70
[ 1999.029191][T14740]  ? __skb_clone+0x2db/0x300
[ 1999.033841][T14740]  ? __rcu_read_unlock+0x5c/0x290
[ 1999.038846][T14740]  netlink_rcv_skb+0x14e/0x250
[ 1999.043666][T14740]  ? rtnetlink_bind+0x60/0x60
[ 1999.048323][T14740]  rtnetlink_rcv+0x18/0x20
[ 1999.052738][T14740]  netlink_unicast+0x5fc/0x6c0
[ 1999.057480][T14740]  netlink_sendmsg+0x6e1/0x7d0
[ 1999.062247][T14740]  ? netlink_getsockopt+0x720/0x720
[ 1999.067425][T14740]  ____sys_sendmsg+0x39a/0x510
[ 1999.072228][T14740]  __sys_sendmsg+0x195/0x230
[ 1999.076805][T14740]  ? __xfrm_init_state+0x350/0x820
[ 1999.081914][T14740]  __x64_sys_sendmsg+0x42/0x50
[ 1999.086722][T14740]  do_syscall_64+0x44/0xd0
[ 1999.091142][T14740]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1999.097070][T14740] RIP: 0033:0x7f2ab072eae9
[ 1999.101511][T14740] Code: Unable to access opcode bytes at RIP 0x7f2ab072eabf.
[ 1999.108901][T14740] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1999.117391][T14740] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 1999.125470][T14740] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 1999.133439][T14740] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 1999.141480][T14740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1999.149485][T14740] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 1999.157444][T14740]  </TASK>
[ 1999.160478][T14740] ---[ end trace e45544a13c7e47ba ]---
[ 2005.667185][T14746] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2005.719045][T14746] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 2005.727569][T14746] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
18:53:31 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

18:53:31 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 2007.741756][T14796] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2007.751676][T14747] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 2007.760057][T14747] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2017.944870][T14855] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2021.860637][T14855] warn_alloc: 1 callbacks suppressed
[ 2021.860654][T14855] syz-executor.1: vmalloc error: size 577536, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 2021.882486][T14855] CPU: 0 PID: 14855 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2021.892317][T14855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2021.902355][T14855] Call Trace:
[ 2021.905626][T14855]  <TASK>
18:53:36 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff81]}]}}]}, 0x434}}, 0x0)

18:53:40 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

[ 2021.908664][T14855]  dump_stack_lvl+0xd6/0x122
[ 2021.913241][T14855]  dump_stack+0x11/0x1b
[ 2021.917374][T14855]  warn_alloc+0x132/0x190
[ 2021.921751][T14855]  __vmalloc_node_range+0x58b/0x690
[ 2021.926991][T14855]  ? cake_init+0x20d/0x640
[ 2021.931393][T14855]  __vmalloc_node+0x61/0x70
[ 2021.935899][T14855]  ? cake_init+0x20d/0x640
[ 2021.940328][T14855]  kvmalloc_node+0xd2/0x110
[ 2021.944885][T14855]  cake_init+0x20d/0x640
[ 2021.949121][T14855]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2021.954831][T14855]  ? qdisc_alloc+0x334/0x3c0
[ 2021.959415][T14855]  ? qdisc_lookup+0x20c/0x2e0
[ 2021.964095][T14855]  ? qdisc_peek_dequeued+0x140/0x140
[ 2021.969365][T14855]  qdisc_create+0x5f4/0xd10
[ 2021.973867][T14855]  ? __nla_parse+0x3c/0x50
[ 2021.978369][T14855]  tc_modify_qdisc+0x64a/0x10b0
[ 2021.983205][T14855]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2021.989084][T14855]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2021.994014][T14855]  ? ___cache_free+0x46/0x300
[ 2021.998747][T14855]  ? packet_rcv+0xc3/0x9d0
[ 2022.003173][T14855]  ? __kfree_skb+0xfe/0x150
[ 2022.007657][T14855]  ? kmem_cache_free+0x5e/0x100
[ 2022.012484][T14855]  ? __kfree_skb+0xfe/0x150
[ 2022.016968][T14855]  ? consume_skb+0x48/0x160
[ 2022.021524][T14855]  ? nlmon_xmit+0x5f/0x70
[ 2022.025829][T14855]  ? __this_cpu_preempt_check+0x18/0x20
[ 2022.031362][T14855]  ? __local_bh_enable_ip+0x4d/0x70
[ 2022.036544][T14855]  ? local_bh_enable+0x1b/0x20
[ 2022.041314][T14855]  ? __dev_queue_xmit+0x597/0xf70
[ 2022.046427][T14855]  ? __skb_clone+0x2db/0x300
[ 2022.051016][T14855]  ? __rcu_read_unlock+0x5c/0x290
[ 2022.056028][T14855]  netlink_rcv_skb+0x14e/0x250
[ 2022.060775][T14855]  ? rtnetlink_bind+0x60/0x60
[ 2022.065474][T14855]  rtnetlink_rcv+0x18/0x20
[ 2022.069868][T14855]  netlink_unicast+0x5fc/0x6c0
[ 2022.074628][T14855]  netlink_sendmsg+0x6e1/0x7d0
[ 2022.079378][T14855]  ? netlink_getsockopt+0x720/0x720
[ 2022.084569][T14855]  ____sys_sendmsg+0x39a/0x510
[ 2022.089317][T14855]  __sys_sendmsg+0x195/0x230
[ 2022.093920][T14855]  __x64_sys_sendmsg+0x42/0x50
[ 2022.098671][T14855]  do_syscall_64+0x44/0xd0
[ 2022.103069][T14855]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2022.109016][T14855] RIP: 0033:0x7f7b56f48ae9
[ 2022.113452][T14855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2022.133084][T14855] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2022.141535][T14855] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2022.149488][T14855] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2022.157439][T14855] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2022.165391][T14855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2022.173339][T14855] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2022.181292][T14855]  </TASK>
[ 2022.184378][T14855] Mem-Info:
[ 2022.187481][T14855] active_anon:10680 inactive_anon:100659 isolated_anon:0
[ 2022.187481][T14855]  active_file:492 inactive_file:744 isolated_file:0
[ 2022.187481][T14855]  unevictable:0 dirty:20 writeback:0
[ 2022.187481][T14855]  slab_reclaimable:8093 slab_unreclaimable:1741801
[ 2022.187481][T14855]  mapped:52992 shmem:369 pagetables:5275 bounce:0
[ 2022.187481][T14855]  kernel_misc_reclaimable:0
[ 2022.187481][T14855]  free:11875 free_pcp:124 free_cma:0
[ 2022.229039][T14855] Node 0 active_anon:42720kB inactive_anon:402636kB active_file:2084kB inactive_file:2976kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:211968kB dirty:80kB writeback:0kB shmem:1476kB writeback_tmp:0kB kernel_stack:5296kB pagetables:21100kB all_unreclaimable? no
[ 2022.255417][T14855] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2022.282210][T14855] lowmem_reserve[]: 0 2896 7874 7874
[ 2022.287611][T14855] Node 0 DMA32 free:22940kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2022.315673][T14855] lowmem_reserve[]: 0 0 4978 4978
[ 2022.320769][T14855] Node 0 Normal free:9432kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42720kB inactive_anon:401716kB active_file:2236kB inactive_file:2664kB unevictable:0kB writepending:80kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:356kB local_pcp:248kB free_cma:0kB
[ 2022.350781][T14855] lowmem_reserve[]: 0 0 0 0
[ 2022.355269][T14855] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2022.367862][T14855] Node 0 DMA32: 215*4kB (UME) 120*8kB (UME) 56*16kB (UME) 48*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 4*1024kB (UM) 3*2048kB (ME) 1*4096kB (M) = 22940kB
[ 2022.385537][T14855] Node 0 Normal: 1148*4kB (UMEH) 463*8kB (UMEH) 80*16kB (UMH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9608kB
[ 2022.399943][T14855] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2022.409292][T14855] 1602 total pagecache pages
[ 2022.413874][T14855] 0 pages in swap cache
[ 2022.417997][T14855] Swap cache stats: add 0, delete 0, find 0/0
[ 2022.424049][T14855] Free swap  = 0kB
[ 2022.427739][T14855] Total swap = 0kB
[ 2022.431438][T14855] 2097051 pages RAM
[ 2022.435222][T14855] 0 pages HighMem/MovableOnly
[ 2022.439886][T14855] 75955 pages reserved
[ 2022.444649][T14855] ------------[ cut here ]------------
[ 2022.450188][T14855] WARNING: CPU: 1 PID: 14855 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2022.460773][T14855] Modules linked in:
[ 2022.464658][T14855] CPU: 1 PID: 14855 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2022.474467][T14855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2022.484635][T14855] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2022.491343][T14855] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2022.511089][T14855] RSP: 0018:ffffc90000ec35f0 EFLAGS: 00010246
[ 2022.517131][T14855] RAX: ffff88811c858000 RBX: ffff88811e7718b0 RCX: 0000000000000000
[ 2022.525202][T14855] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: ffff88811e771800
[ 2022.533194][T14855] RBP: ffffc90000ec3738 R08: 000188811e7718b7 R09: 0000000000000000
[ 2022.541188][T14855] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811e7718b0
[ 2022.549152][T14855] R13: ffffffff85ec3720 R14: ffff88811e771800 R15: ffffc90000ec3668
[ 2022.557155][T14855] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2022.566084][T14855] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2022.572750][T14855] CR2: 0000555555d283bc CR3: 000000011e3f4000 CR4: 00000000003506e0
[ 2022.580732][T14855] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2022.588696][T14855] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2022.596681][T14855] Call Trace:
[ 2022.599945][T14855]  <TASK>
[ 2022.602955][T14855]  tcf_block_put_ext+0x2d/0x180
[ 2022.607787][T14855]  tcf_block_put+0x4c/0x70
[ 2022.612272][T14855]  cake_destroy+0x2d/0x50
[ 2022.616581][T14855]  ? cake_reset+0x5d0/0x5d0
[ 2022.621074][T14855]  qdisc_create+0xa82/0xd10
[ 2022.625626][T14855]  ? __nla_parse+0x3c/0x50
[ 2022.630032][T14855]  tc_modify_qdisc+0x64a/0x10b0
[ 2022.634903][T14855]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2022.640785][T14855]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2022.645704][T14855]  ? ___cache_free+0x46/0x300
[ 2022.650382][T14855]  ? packet_rcv+0xc3/0x9d0
[ 2022.654781][T14855]  ? __kfree_skb+0xfe/0x150
[ 2022.659289][T14855]  ? kmem_cache_free+0x5e/0x100
[ 2022.664177][T14855]  ? __kfree_skb+0xfe/0x150
[ 2022.668669][T14855]  ? consume_skb+0x48/0x160
[ 2022.673208][T14855]  ? nlmon_xmit+0x5f/0x70
[ 2022.677535][T14855]  ? __this_cpu_preempt_check+0x18/0x20
[ 2022.683163][T14855]  ? __local_bh_enable_ip+0x4d/0x70
[ 2022.688387][T14855]  ? local_bh_enable+0x1b/0x20
[ 2022.693190][T14855]  ? __dev_queue_xmit+0x597/0xf70
[ 2022.698443][T14855]  ? __skb_clone+0x2db/0x300
[ 2022.703022][T14855]  ? __rcu_read_unlock+0x5c/0x290
[ 2022.708044][T14855]  netlink_rcv_skb+0x14e/0x250
[ 2022.712890][T14855]  ? rtnetlink_bind+0x60/0x60
[ 2022.717543][T14855]  rtnetlink_rcv+0x18/0x20
[ 2022.721949][T14855]  netlink_unicast+0x5fc/0x6c0
[ 2022.726709][T14855]  netlink_sendmsg+0x6e1/0x7d0
[ 2022.731466][T14855]  ? netlink_getsockopt+0x720/0x720
[ 2022.736642][T14855]  ____sys_sendmsg+0x39a/0x510
[ 2022.741438][T14855]  __sys_sendmsg+0x195/0x230
[ 2022.746040][T14855]  __x64_sys_sendmsg+0x42/0x50
[ 2022.750808][T14855]  do_syscall_64+0x44/0xd0
[ 2022.755289][T14855]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2022.761402][T14855] RIP: 0033:0x7f7b56f48ae9
[ 2022.765901][T14855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2022.785500][T14855] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2022.793903][T14855] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2022.801915][T14855] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2022.809929][T14855] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2022.817877][T14855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2022.825853][T14855] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2022.833862][T14855]  </TASK>
[ 2022.836916][T14855] ---[ end trace e45544a13c7e47bb ]---
[ 2022.842683][T14855] ------------[ cut here ]------------
[ 2022.848152][T14855] WARNING: CPU: 1 PID: 14855 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2022.857693][T14855] Modules linked in:
[ 2022.861628][T14855] CPU: 1 PID: 14855 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2022.871562][T14855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2022.881640][T14855] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2022.887260][T14855] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2022.906866][T14855] RSP: 0018:ffffc90000ec3628 EFLAGS: 00010246
[ 2022.913095][T14855] RAX: ffffffff83b40f4c RBX: ffff88811e771888 RCX: 0000000000040000
[ 2022.921183][T14855] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2022.929143][T14855] RBP: ffffc90000ec3668 R08: 000188811e77188f R09: 0000000000000000
[ 2022.937092][T14855] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108a00000
[ 2022.945051][T14855] R13: 0000000000000000 R14: ffffc90000ec37f0 R15: ffff88811e771800
[ 2022.953059][T14855] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2022.961975][T14855] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2022.968533][T14855] CR2: 0000555555d283bc CR3: 000000011e3f4000 CR4: 00000000003506e0
[ 2022.976561][T14855] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2022.984554][T14855] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2022.992600][T14855] Call Trace:
[ 2022.995867][T14855]  <TASK>
[ 2022.998775][T14855]  tcf_block_put+0x4c/0x70
[ 2023.003187][T14855]  cake_destroy+0x2d/0x50
[ 2023.007518][T14855]  ? cake_reset+0x5d0/0x5d0
[ 2023.012038][T14855]  qdisc_create+0xa82/0xd10
[ 2023.016596][T14855]  ? __nla_parse+0x3c/0x50
[ 2023.021010][T14855]  tc_modify_qdisc+0x64a/0x10b0
[ 2023.025918][T14855]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2023.031803][T14855]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2023.036718][T14855]  ? ___cache_free+0x46/0x300
[ 2023.041383][T14855]  ? packet_rcv+0xc3/0x9d0
[ 2023.045827][T14855]  ? __kfree_skb+0xfe/0x150
[ 2023.050416][T14855]  ? kmem_cache_free+0x5e/0x100
[ 2023.055301][T14855]  ? __kfree_skb+0xfe/0x150
[ 2023.059948][T14855]  ? consume_skb+0x48/0x160
[ 2023.064501][T14855]  ? nlmon_xmit+0x5f/0x70
[ 2023.068856][T14855]  ? __this_cpu_preempt_check+0x18/0x20
[ 2023.074392][T14855]  ? __local_bh_enable_ip+0x4d/0x70
[ 2023.079587][T14855]  ? local_bh_enable+0x1b/0x20
[ 2023.084399][T14855]  ? __dev_queue_xmit+0x597/0xf70
[ 2023.089422][T14855]  ? __skb_clone+0x2db/0x300
[ 2023.094022][T14855]  ? __rcu_read_unlock+0x5c/0x290
[ 2023.099044][T14855]  netlink_rcv_skb+0x14e/0x250
[ 2023.103803][T14855]  ? rtnetlink_bind+0x60/0x60
[ 2023.108455][T14855]  rtnetlink_rcv+0x18/0x20
[ 2023.112859][T14855]  netlink_unicast+0x5fc/0x6c0
[ 2023.117690][T14855]  netlink_sendmsg+0x6e1/0x7d0
[ 2023.122534][T14855]  ? netlink_getsockopt+0x720/0x720
[ 2023.127708][T14855]  ____sys_sendmsg+0x39a/0x510
[ 2023.132505][T14855]  __sys_sendmsg+0x195/0x230
[ 2023.137086][T14855]  __x64_sys_sendmsg+0x42/0x50
[ 2023.141880][T14855]  do_syscall_64+0x44/0xd0
[ 2023.146284][T14855]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2023.152175][T14855] RIP: 0033:0x7f7b56f48ae9
[ 2023.156584][T14855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2023.176202][T14855] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2023.184611][T14855] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2023.192660][T14855] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2023.200644][T14855] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2023.208593][T14855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2023.216640][T14855] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2023.224615][T14855]  </TASK>
[ 2023.227610][T14855] ---[ end trace e45544a13c7e47bc ]---
[ 2023.234513][T14855] ------------[ cut here ]------------
[ 2023.240078][T14855] WARNING: CPU: 1 PID: 14855 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2023.249482][T14855] Modules linked in:
[ 2023.253414][T14855] CPU: 1 PID: 14855 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2023.263262][T14855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2023.273354][T14855] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2023.279484][T14855] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2023.299101][T14855] RSP: 0018:ffffc90000ec35d8 EFLAGS: 00010246
[ 2023.305162][T14855] RAX: ffffffff83b414a7 RBX: ffff88811e7718a0 RCX: 0000000000040000
[ 2023.313272][T14855] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2023.321247][T14855] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2023.329204][T14855] R10: 0001ffffffffffff R11: 000188811e7718a0 R12: ffff88811e771850
[ 2023.337161][T14855] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811e771800
[ 2023.345122][T14855] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2023.354048][T14855] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2023.360632][T14855] CR2: 0000555555d283bc CR3: 000000011e3f4000 CR4: 00000000003506e0
[ 2023.368690][T14855] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2023.376652][T14855] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2023.384610][T14855] Call Trace:
[ 2023.387866][T14855]  <TASK>
[ 2023.390812][T14855]  tcf_block_put_ext+0xe5/0x180
[ 2023.395732][T14855]  tcf_block_put+0x4c/0x70
[ 2023.400141][T14855]  cake_destroy+0x2d/0x50
[ 2023.404460][T14855]  ? cake_reset+0x5d0/0x5d0
[ 2023.408953][T14855]  qdisc_create+0xa82/0xd10
[ 2023.413450][T14855]  ? __nla_parse+0x3c/0x50
[ 2023.417845][T14855]  tc_modify_qdisc+0x64a/0x10b0
[ 2023.422696][T14855]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2023.428573][T14855]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2023.433503][T14855]  ? ___cache_free+0x46/0x300
[ 2023.438210][T14855]  ? packet_rcv+0xc3/0x9d0
[ 2023.442612][T14855]  ? __kfree_skb+0xfe/0x150
[ 2023.447102][T14855]  ? kmem_cache_free+0x5e/0x100
[ 2023.451980][T14855]  ? __kfree_skb+0xfe/0x150
[ 2023.456479][T14855]  ? consume_skb+0x48/0x160
[ 2023.460993][T14855]  ? nlmon_xmit+0x5f/0x70
[ 2023.465317][T14855]  ? __this_cpu_preempt_check+0x18/0x20
[ 2023.470864][T14855]  ? __local_bh_enable_ip+0x4d/0x70
[ 2023.476050][T14855]  ? local_bh_enable+0x1b/0x20
[ 2023.480937][T14855]  ? __dev_queue_xmit+0x597/0xf70
[ 2023.485999][T14855]  ? __skb_clone+0x2db/0x300
[ 2023.490600][T14855]  ? __rcu_read_unlock+0x5c/0x290
[ 2023.495603][T14855]  netlink_rcv_skb+0x14e/0x250
[ 2023.500358][T14855]  ? rtnetlink_bind+0x60/0x60
[ 2023.505029][T14855]  rtnetlink_rcv+0x18/0x20
[ 2023.509504][T14855]  netlink_unicast+0x5fc/0x6c0
[ 2023.514348][T14855]  netlink_sendmsg+0x6e1/0x7d0
[ 2023.519127][T14855]  ? netlink_getsockopt+0x720/0x720
[ 2023.524305][T14855]  ____sys_sendmsg+0x39a/0x510
[ 2023.529101][T14855]  __sys_sendmsg+0x195/0x230
[ 2023.533743][T14855]  __x64_sys_sendmsg+0x42/0x50
[ 2023.538485][T14855]  do_syscall_64+0x44/0xd0
[ 2023.542969][T14855]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2023.548905][T14855] RIP: 0033:0x7f7b56f48ae9
[ 2023.553308][T14855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2023.572926][T14855] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2023.581365][T14855] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2023.589328][T14855] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2023.597276][T14855] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2023.605306][T14855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2023.613282][T14855] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2023.621342][T14855]  </TASK>
[ 2023.624340][T14855] ---[ end trace e45544a13c7e47bd ]---
18:53:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

18:53:52 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

[ 2031.485264][T14957] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2036.501139][   T25] oom_reaper: reaped process 14958 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB
[ 2037.920377][T14958] syz-executor.0: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 2037.936818][T14958] CPU: 1 PID: 14958 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2037.946620][T14958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2037.956682][T14958] Call Trace:
[ 2037.959957][T14958]  <TASK>
[ 2037.962869][T14958]  dump_stack_lvl+0xd6/0x122
[ 2037.967559][T14958]  dump_stack+0x11/0x1b
[ 2037.971693][T14958]  warn_alloc+0x132/0x190
[ 2037.976084][T14958]  __vmalloc_node_range+0x58b/0x690
[ 2037.981347][T14958]  ? cake_init+0x20d/0x640
[ 2037.985750][T14958]  __vmalloc_node+0x61/0x70
[ 2037.990255][T14958]  ? cake_init+0x20d/0x640
[ 2037.994654][T14958]  kvmalloc_node+0xd2/0x110
[ 2037.999145][T14958]  cake_init+0x20d/0x640
[ 2038.003515][T14958]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2038.009230][T14958]  ? qdisc_alloc+0x334/0x3c0
[ 2038.013809][T14958]  ? qdisc_lookup+0x20c/0x2e0
[ 2038.018512][T14958]  ? qdisc_peek_dequeued+0x140/0x140
[ 2038.023838][T14958]  qdisc_create+0x5f4/0xd10
[ 2038.028334][T14958]  ? __nla_parse+0x3c/0x50
[ 2038.032772][T14958]  tc_modify_qdisc+0x64a/0x10b0
[ 2038.037607][T14958]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2038.043537][T14958]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2038.048454][T14958]  ? ___cache_free+0x46/0x300
[ 2038.053127][T14958]  ? packet_rcv+0xc3/0x9d0
[ 2038.057551][T14958]  ? __kfree_skb+0xfe/0x150
[ 2038.062034][T14958]  ? kmem_cache_free+0x5e/0x100
[ 2038.066894][T14958]  ? __kfree_skb+0xfe/0x150
[ 2038.071379][T14958]  ? consume_skb+0x48/0x160
[ 2038.075859][T14958]  ? nlmon_xmit+0x5f/0x70
[ 2038.080242][T14958]  ? __this_cpu_preempt_check+0x18/0x20
[ 2038.085778][T14958]  ? __local_bh_enable_ip+0x4d/0x70
[ 2038.091086][T14958]  ? local_bh_enable+0x1b/0x20
[ 2038.095859][T14958]  ? __dev_queue_xmit+0x597/0xf70
[ 2038.101023][T14958]  ? __skb_clone+0x2db/0x300
[ 2038.105600][T14958]  ? __rcu_read_unlock+0x5c/0x290
[ 2038.110605][T14958]  netlink_rcv_skb+0x14e/0x250
[ 2038.115405][T14958]  ? rtnetlink_bind+0x60/0x60
[ 2038.120064][T14958]  rtnetlink_rcv+0x18/0x20
[ 2038.124500][T14958]  netlink_unicast+0x5fc/0x6c0
[ 2038.129287][T14958]  netlink_sendmsg+0x6e1/0x7d0
[ 2038.134033][T14958]  ? netlink_getsockopt+0x720/0x720
[ 2038.139265][T14958]  ____sys_sendmsg+0x39a/0x510
[ 2038.144120][T14958]  __sys_sendmsg+0x195/0x230
[ 2038.148711][T14958]  __x64_sys_sendmsg+0x42/0x50
[ 2038.153474][T14958]  do_syscall_64+0x44/0xd0
[ 2038.157980][T14958]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2038.163970][T14958] RIP: 0033:0x7f0da0d09ae9
[ 2038.168452][T14958] Code: Unable to access opcode bytes at RIP 0x7f0da0d09abf.
[ 2038.175789][T14958] RSP: 002b:00007f0d9ea5f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2038.184192][T14958] RAX: ffffffffffffffda RBX: 00007f0da0e1d020 RCX: 00007f0da0d09ae9
[ 2038.192188][T14958] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2038.200133][T14958] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2038.208078][T14958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2038.216124][T14958] R13: 00007ffc810aceef R14: 00007f0d9ea5f300 R15: 0000000000022000
[ 2038.224150][T14958]  </TASK>
[ 2038.227451][T14958] Mem-Info:
[ 2038.230565][T14958] active_anon:10688 inactive_anon:100684 isolated_anon:0
[ 2038.230565][T14958]  active_file:357 inactive_file:257 isolated_file:29
[ 2038.230565][T14958]  unevictable:0 dirty:34 writeback:0
[ 2038.230565][T14958]  slab_reclaimable:8094 slab_unreclaimable:1741818
[ 2038.230565][T14958]  mapped:52536 shmem:376 pagetables:5312 bounce:0
[ 2038.230565][T14958]  kernel_misc_reclaimable:0
[ 2038.230565][T14958]  free:12514 free_pcp:102 free_cma:0
[ 2038.271903][T14958] Node 0 active_anon:42752kB inactive_anon:402736kB active_file:1428kB inactive_file:1236kB unevictable:0kB isolated(anon):0kB isolated(file):116kB mapped:210144kB dirty:136kB writeback:0kB shmem:1504kB writeback_tmp:0kB kernel_stack:5344kB pagetables:21248kB all_unreclaimable? yes
[ 2038.298596][T14958] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2038.325450][T14958] lowmem_reserve[]: 0 2896 7874 7874
[ 2038.330735][T14958] Node 0 DMA32 free:22716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2038.358810][T14958] lowmem_reserve[]: 0 0 4978 4978
[ 2038.363924][T14958] Node 0 Normal free:11468kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42752kB inactive_anon:401856kB active_file:928kB inactive_file:1280kB unevictable:0kB writepending:136kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:488kB local_pcp:244kB free_cma:0kB
[ 2038.394039][T14958] lowmem_reserve[]: 0 0 0 0
[ 2038.398547][T14958] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2038.411167][T14958] Node 0 DMA32: 215*4kB (UME) 120*8kB (UME) 56*16kB (UME) 47*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 4*1024kB (UM) 3*2048kB (ME) 1*4096kB (M) = 22908kB
[ 2038.428780][T14958] Node 0 Normal: 1524*4kB (MEH) 469*8kB (UMEH) 87*16kB (MH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11272kB
[ 2038.443134][T14958] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2038.452414][T14958] 1110 total pagecache pages
[ 2038.456976][T14958] 0 pages in swap cache
[ 2038.461181][T14958] Swap cache stats: add 0, delete 0, find 0/0
[ 2038.467279][T14958] Free swap  = 0kB
[ 2038.471021][T14958] Total swap = 0kB
[ 2038.474723][T14958] 2097051 pages RAM
[ 2038.478531][T14958] 0 pages HighMem/MovableOnly
[ 2038.483234][T14958] 75955 pages reserved
[ 2038.487880][T14958] ------------[ cut here ]------------
[ 2038.493438][T14958] WARNING: CPU: 0 PID: 14958 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2038.504036][T14958] Modules linked in:
[ 2038.508013][T14958] CPU: 0 PID: 14958 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2038.517908][T14958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2038.527976][T14958] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2038.535172][T14958] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2038.554780][T14958] RSP: 0018:ffffc90000fcb5f0 EFLAGS: 00010246
[ 2038.560843][T14958] RAX: ffff88811c83f000 RBX: ffff88811f1490b0 RCX: 0000000000000000
[ 2038.568808][T14958] RDX: ffffc900016b5000 RSI: 000000000003ffff RDI: ffff88811f149000
[ 2038.576837][T14958] RBP: ffffc90000fcb738 R08: 000188811f1490b7 R09: 0000000000000000
[ 2038.584798][T14958] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811f1490b0
[ 2038.592758][T14958] R13: ffffffff85ec3720 R14: ffff88811f149000 R15: ffffc90000fcb668
[ 2038.600730][T14958] FS:  00007f0d9ea5f700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2038.609647][T14958] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2038.616264][T14958] CR2: 000000000044b820 CR3: 00000001d736a000 CR4: 00000000003506f0
[ 2038.624234][T14958] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2038.632191][T14958] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2038.640156][T14958] Call Trace:
[ 2038.643420][T14958]  <TASK>
[ 2038.646598][T14958]  tcf_block_put_ext+0x2d/0x180
[ 2038.651502][T14958]  tcf_block_put+0x4c/0x70
[ 2038.655972][T14958]  cake_destroy+0x2d/0x50
[ 2038.660345][T14958]  ? cake_reset+0x5d0/0x5d0
[ 2038.664836][T14958]  qdisc_create+0xa82/0xd10
[ 2038.669333][T14958]  ? __nla_parse+0x3c/0x50
[ 2038.673731][T14958]  tc_modify_qdisc+0x64a/0x10b0
[ 2038.678632][T14958]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2038.684519][T14958]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2038.689462][T14958]  ? ___cache_free+0x46/0x300
[ 2038.694150][T14958]  ? packet_rcv+0xc3/0x9d0
[ 2038.698544][T14958]  ? __kfree_skb+0xfe/0x150
[ 2038.703125][T14958]  ? kmem_cache_free+0x5e/0x100
[ 2038.707954][T14958]  ? __kfree_skb+0xfe/0x150
[ 2038.712449][T14958]  ? consume_skb+0x48/0x160
[ 2038.716930][T14958]  ? nlmon_xmit+0x5f/0x70
[ 2038.721247][T14958]  ? __this_cpu_preempt_check+0x18/0x20
[ 2038.726770][T14958]  ? __local_bh_enable_ip+0x4d/0x70
[ 2038.731975][T14958]  ? local_bh_enable+0x1b/0x20
[ 2038.736817][T14958]  ? __dev_queue_xmit+0x597/0xf70
[ 2038.741939][T14958]  ? __skb_clone+0x2db/0x300
[ 2038.746520][T14958]  ? __rcu_read_unlock+0x5c/0x290
[ 2038.751572][T14958]  netlink_rcv_skb+0x14e/0x250
[ 2038.756316][T14958]  ? rtnetlink_bind+0x60/0x60
[ 2038.761064][T14958]  rtnetlink_rcv+0x18/0x20
[ 2038.765456][T14958]  netlink_unicast+0x5fc/0x6c0
[ 2038.770220][T14958]  netlink_sendmsg+0x6e1/0x7d0
[ 2038.774964][T14958]  ? netlink_getsockopt+0x720/0x720
[ 2038.780157][T14958]  ____sys_sendmsg+0x39a/0x510
[ 2038.784906][T14958]  __sys_sendmsg+0x195/0x230
[ 2038.789487][T14958]  __x64_sys_sendmsg+0x42/0x50
[ 2038.794281][T14958]  do_syscall_64+0x44/0xd0
[ 2038.798718][T14958]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2038.804602][T14958] RIP: 0033:0x7f0da0d09ae9
[ 2038.809070][T14958] Code: Unable to access opcode bytes at RIP 0x7f0da0d09abf.
[ 2038.816431][T14958] RSP: 002b:00007f0d9ea5f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2038.824875][T14958] RAX: ffffffffffffffda RBX: 00007f0da0e1d020 RCX: 00007f0da0d09ae9
[ 2038.832879][T14958] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2038.840881][T14958] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2038.848856][T14958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2038.856918][T14958] R13: 00007ffc810aceef R14: 00007f0d9ea5f300 R15: 0000000000022000
[ 2038.864880][T14958]  </TASK>
[ 2038.867876][T14958] ---[ end trace e45544a13c7e47be ]---
[ 2038.873712][T14958] ------------[ cut here ]------------
[ 2038.879152][T14958] WARNING: CPU: 0 PID: 14958 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2038.888707][T14958] Modules linked in:
[ 2038.892609][T14958] CPU: 0 PID: 14958 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2038.902560][T14958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2038.912617][T14958] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2038.918241][T14958] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2038.937920][T14958] RSP: 0018:ffffc90000fcb628 EFLAGS: 00010246
[ 2038.944004][T14958] RAX: ffffffff83b40f4c RBX: ffff88811f149088 RCX: 0000000000040000
[ 2038.951969][T14958] RDX: ffffc900016b5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2038.959938][T14958] RBP: ffffc90000fcb668 R08: 000188811f14908f R09: 0000000000000000
[ 2038.967943][T14958] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888077e80000
[ 2038.975904][T14958] R13: 0000000000000000 R14: ffffc90000fcb7f0 R15: ffff88811f149000
[ 2038.984032][T14958] FS:  00007f0d9ea5f700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2038.992959][T14958] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2038.999559][T14958] CR2: 00007f0da0d09abf CR3: 00000001d736a000 CR4: 00000000003506f0
[ 2039.007544][T14958] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2039.015524][T14958] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2039.023552][T14958] Call Trace:
[ 2039.026867][T14958]  <TASK>
[ 2039.029792][T14958]  tcf_block_put+0x4c/0x70
[ 2039.034233][T14958]  cake_destroy+0x2d/0x50
[ 2039.038558][T14958]  ? cake_reset+0x5d0/0x5d0
[ 2039.043431][T14958]  qdisc_create+0xa82/0xd10
[ 2039.047935][T14958]  ? __nla_parse+0x3c/0x50
[ 2039.052358][T14958]  tc_modify_qdisc+0x64a/0x10b0
[ 2039.057209][T14958]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2039.063092][T14958]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2039.068011][T14958]  ? ___cache_free+0x46/0x300
[ 2039.072681][T14958]  ? packet_rcv+0xc3/0x9d0
[ 2039.077132][T14958]  ? __kfree_skb+0xfe/0x150
[ 2039.081729][T14958]  ? kmem_cache_free+0x5e/0x100
[ 2039.086638][T14958]  ? __kfree_skb+0xfe/0x150
[ 2039.091243][T14958]  ? consume_skb+0x48/0x160
[ 2039.096091][T14958]  ? nlmon_xmit+0x5f/0x70
[ 2039.100494][T14958]  ? __this_cpu_preempt_check+0x18/0x20
[ 2039.106107][T14958]  ? __local_bh_enable_ip+0x4d/0x70
[ 2039.111318][T14958]  ? local_bh_enable+0x1b/0x20
[ 2039.116205][T14958]  ? __dev_queue_xmit+0x597/0xf70
[ 2039.121238][T14958]  ? __skb_clone+0x2db/0x300
[ 2039.125931][T14958]  ? __rcu_read_unlock+0x5c/0x290
[ 2039.130980][T14958]  netlink_rcv_skb+0x14e/0x250
[ 2039.135846][T14958]  ? rtnetlink_bind+0x60/0x60
[ 2039.140572][T14958]  rtnetlink_rcv+0x18/0x20
[ 2039.145019][T14958]  netlink_unicast+0x5fc/0x6c0
[ 2039.149779][T14958]  netlink_sendmsg+0x6e1/0x7d0
[ 2039.154581][T14958]  ? netlink_getsockopt+0x720/0x720
[ 2039.159864][T14958]  ____sys_sendmsg+0x39a/0x510
[ 2039.164880][T14958]  __sys_sendmsg+0x195/0x230
[ 2039.169477][T14958]  __x64_sys_sendmsg+0x42/0x50
[ 2039.174352][T14958]  do_syscall_64+0x44/0xd0
[ 2039.178818][T14958]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2039.184717][T14958] RIP: 0033:0x7f0da0d09ae9
[ 2039.189148][T14958] Code: Unable to access opcode bytes at RIP 0x7f0da0d09abf.
[ 2039.196575][T14958] RSP: 002b:00007f0d9ea5f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2039.205033][T14958] RAX: ffffffffffffffda RBX: 00007f0da0e1d020 RCX: 00007f0da0d09ae9
[ 2039.212992][T14958] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2039.220956][T14958] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2039.228924][T14958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2039.237071][T14958] R13: 00007ffc810aceef R14: 00007f0d9ea5f300 R15: 0000000000022000
[ 2039.245034][T14958]  </TASK>
[ 2039.248039][T14958] ---[ end trace e45544a13c7e47bf ]---
[ 2039.254883][T14958] ------------[ cut here ]------------
[ 2039.260347][T14958] WARNING: CPU: 0 PID: 14958 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2039.269747][T14958] Modules linked in:
[ 2039.273626][T14958] CPU: 0 PID: 14958 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2039.283492][T14958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2039.293621][T14958] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2039.299260][T14958] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2039.318891][T14958] RSP: 0018:ffffc90000fcb5d8 EFLAGS: 00010246
[ 2039.324963][T14958] RAX: ffffffff83b414a7 RBX: ffff88811f1490a0 RCX: 0000000000040000
[ 2039.332924][T14958] RDX: ffffc900016b5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2039.340897][T14958] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2039.348847][T14958] R10: 0001ffffffffffff R11: 000188811f1490a0 R12: ffff88811f149050
[ 2039.356840][T14958] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811f149000
[ 2039.364807][T14958] FS:  00007f0d9ea5f700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2039.373743][T14958] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2039.380383][T14958] CR2: 00007f0da0d09abf CR3: 00000001d736a000 CR4: 00000000003506f0
[ 2039.388337][T14958] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2039.396295][T14958] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2039.404303][T14958] Call Trace:
[ 2039.407558][T14958]  <TASK>
[ 2039.410497][T14958]  tcf_block_put_ext+0xe5/0x180
[ 2039.415330][T14958]  tcf_block_put+0x4c/0x70
[ 2039.419812][T14958]  cake_destroy+0x2d/0x50
[ 2039.424141][T14958]  ? cake_reset+0x5d0/0x5d0
[ 2039.428624][T14958]  qdisc_create+0xa82/0xd10
[ 2039.433165][T14958]  ? __nla_parse+0x3c/0x50
[ 2039.437576][T14958]  tc_modify_qdisc+0x64a/0x10b0
[ 2039.442484][T14958]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2039.448382][T14958]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2039.453308][T14958]  ? ___cache_free+0x46/0x300
[ 2039.457966][T14958]  ? packet_rcv+0xc3/0x9d0
[ 2039.462407][T14958]  ? __kfree_skb+0xfe/0x150
[ 2039.466889][T14958]  ? kmem_cache_free+0x5e/0x100
[ 2039.471740][T14958]  ? __kfree_skb+0xfe/0x150
[ 2039.476223][T14958]  ? consume_skb+0x48/0x160
[ 2039.480723][T14958]  ? nlmon_xmit+0x5f/0x70
[ 2039.485030][T14958]  ? __this_cpu_preempt_check+0x18/0x20
[ 2039.490639][T14958]  ? __local_bh_enable_ip+0x4d/0x70
[ 2039.495879][T14958]  ? local_bh_enable+0x1b/0x20
[ 2039.500640][T14958]  ? __dev_queue_xmit+0x597/0xf70
[ 2039.505643][T14958]  ? __skb_clone+0x2db/0x300
[ 2039.510218][T14958]  ? __rcu_read_unlock+0x5c/0x290
[ 2039.515233][T14958]  netlink_rcv_skb+0x14e/0x250
[ 2039.520072][T14958]  ? rtnetlink_bind+0x60/0x60
[ 2039.524814][T14958]  rtnetlink_rcv+0x18/0x20
[ 2039.529232][T14958]  netlink_unicast+0x5fc/0x6c0
[ 2039.534072][T14958]  netlink_sendmsg+0x6e1/0x7d0
[ 2039.538884][T14958]  ? netlink_getsockopt+0x720/0x720
[ 2039.544121][T14958]  ____sys_sendmsg+0x39a/0x510
[ 2039.548867][T14958]  __sys_sendmsg+0x195/0x230
[ 2039.553466][T14958]  __x64_sys_sendmsg+0x42/0x50
[ 2039.558211][T14958]  do_syscall_64+0x44/0xd0
[ 2039.562662][T14958]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2039.568533][T14958] RIP: 0033:0x7f0da0d09ae9
[ 2039.572960][T14958] Code: Unable to access opcode bytes at RIP 0x7f0da0d09abf.
[ 2039.580318][T14958] RSP: 002b:00007f0d9ea5f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2039.588739][T14958] RAX: ffffffffffffffda RBX: 00007f0da0e1d020 RCX: 00007f0da0d09ae9
[ 2039.596710][T14958] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2039.604671][T14958] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2039.612717][T14958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2039.620686][T14958] R13: 00007ffc810aceef R14: 00007f0d9ea5f300 R15: 0000000000022000
[ 2039.628681][T14958]  </TASK>
[ 2039.631688][T14958] ---[ end trace e45544a13c7e47c0 ]---
[ 2039.639007][T15063] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
18:53:52 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5865]}]}}]}, 0x434}}, 0x0)

18:53:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x2}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 2053.887946][T15167] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2057.040034][   T25] oom_reaper: reaped process 15167 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB
[ 2058.341223][T15167] syz-executor.1: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 2058.357647][T15167] CPU: 0 PID: 15167 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2058.367452][T15167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2058.377533][T15167] Call Trace:
[ 2058.380807][T15167]  <TASK>
[ 2058.383724][T15167]  dump_stack_lvl+0xd6/0x122
[ 2058.388344][T15167]  dump_stack+0x11/0x1b
[ 2058.392537][T15167]  warn_alloc+0x132/0x190
[ 2058.396875][T15167]  __vmalloc_node_range+0x58b/0x690
[ 2058.402085][T15167]  ? cake_init+0x20d/0x640
[ 2058.406566][T15167]  __vmalloc_node+0x61/0x70
[ 2058.411088][T15167]  ? cake_init+0x20d/0x640
[ 2058.415544][T15167]  kvmalloc_node+0xd2/0x110
[ 2058.420054][T15167]  cake_init+0x20d/0x640
[ 2058.424389][T15167]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2058.430121][T15167]  ? qdisc_alloc+0x334/0x3c0
[ 2058.434708][T15167]  ? qdisc_lookup+0x20c/0x2e0
[ 2058.439390][T15167]  ? qdisc_peek_dequeued+0x140/0x140
[ 2058.444687][T15167]  qdisc_create+0x5f4/0xd10
[ 2058.449261][T15167]  ? __nla_parse+0x3c/0x50
[ 2058.453680][T15167]  tc_modify_qdisc+0x64a/0x10b0
[ 2058.458544][T15167]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2058.464505][T15167]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2058.469512][T15167]  ? ___cache_free+0x46/0x300
[ 2058.474251][T15167]  ? packet_rcv+0xc3/0x9d0
[ 2058.478670][T15167]  ? __kfree_skb+0xfe/0x150
[ 2058.483173][T15167]  ? kmem_cache_free+0x5e/0x100
[ 2058.488128][T15167]  ? __kfree_skb+0xfe/0x150
[ 2058.492630][T15167]  ? consume_skb+0x48/0x160
[ 2058.497138][T15167]  ? nlmon_xmit+0x5f/0x70
[ 2058.501498][T15167]  ? __this_cpu_preempt_check+0x18/0x20
[ 2058.507045][T15167]  ? __local_bh_enable_ip+0x4d/0x70
[ 2058.512350][T15167]  ? local_bh_enable+0x1b/0x20
[ 2058.517148][T15167]  ? __dev_queue_xmit+0x597/0xf70
[ 2058.522183][T15167]  ? __skb_clone+0x2db/0x300
[ 2058.526773][T15167]  ? __rcu_read_unlock+0x5c/0x290
[ 2058.531799][T15167]  netlink_rcv_skb+0x14e/0x250
[ 2058.536579][T15167]  ? rtnetlink_bind+0x60/0x60
[ 2058.541296][T15167]  rtnetlink_rcv+0x18/0x20
[ 2058.545708][T15167]  netlink_unicast+0x5fc/0x6c0
[ 2058.550475][T15167]  netlink_sendmsg+0x6e1/0x7d0
[ 2058.555254][T15167]  ? netlink_getsockopt+0x720/0x720
[ 2058.560496][T15167]  ____sys_sendmsg+0x39a/0x510
[ 2058.565260][T15167]  __sys_sendmsg+0x195/0x230
[ 2058.569831][T15167]  __x64_sys_sendmsg+0x42/0x50
[ 2058.574575][T15167]  do_syscall_64+0x44/0xd0
[ 2058.579236][T15167]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2058.585123][T15167] RIP: 0033:0x7f7b56f48ae9
[ 2058.589578][T15167] Code: Unable to access opcode bytes at RIP 0x7f7b56f48abf.
[ 2058.596930][T15167] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2058.605355][T15167] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2058.613303][T15167] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2058.621256][T15167] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2058.629208][T15167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2058.637163][T15167] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2058.645118][T15167]  </TASK>
[ 2058.648279][T15167] Mem-Info:
[ 2058.651429][T15167] active_anon:10695 inactive_anon:100633 isolated_anon:0
[ 2058.651429][T15167]  active_file:370 inactive_file:247 isolated_file:10
[ 2058.651429][T15167]  unevictable:0 dirty:32 writeback:0
[ 2058.651429][T15167]  slab_reclaimable:8095 slab_unreclaimable:1741835
[ 2058.651429][T15167]  mapped:52538 shmem:384 pagetables:5304 bounce:0
[ 2058.651429][T15167]  kernel_misc_reclaimable:0
[ 2058.651429][T15167]  free:12491 free_pcp:105 free_cma:0
[ 2058.692763][T15167] Node 0 active_anon:42780kB inactive_anon:402532kB active_file:1676kB inactive_file:1096kB unevictable:0kB isolated(anon):0kB isolated(file):40kB mapped:210384kB dirty:128kB writeback:0kB shmem:1536kB writeback_tmp:0kB kernel_stack:5328kB pagetables:21216kB all_unreclaimable? no
[ 2058.719328][T15167] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2058.746208][T15167] lowmem_reserve[]: 0 2896 7874 7874
[ 2058.751532][T15167] Node 0 DMA32 free:22716kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2058.779719][T15167] lowmem_reserve[]: 0 0 4978 4978
[ 2058.784759][T15167] Node 0 Normal free:9368kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42780kB inactive_anon:401612kB active_file:2468kB inactive_file:3604kB unevictable:0kB writepending:128kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:340kB local_pcp:248kB free_cma:0kB
[ 2058.815007][T15167] lowmem_reserve[]: 0 0 0 0
[ 2058.819598][T15167] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2058.832286][T15167] Node 0 DMA32: 215*4kB (UME) 120*8kB (UME) 56*16kB (UME) 47*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 4*1024kB (UM) 3*2048kB (ME) 1*4096kB (M) = 22908kB
[ 2058.849982][T15167] Node 0 Normal: 1540*4kB (UMEH) 476*8kB (UMEH) 92*16kB (UMH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11472kB
[ 2058.864615][T15167] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2058.873980][T15167] 1175 total pagecache pages
[ 2058.878559][T15167] 0 pages in swap cache
[ 2058.882716][T15167] Swap cache stats: add 0, delete 0, find 0/0
[ 2058.888773][T15167] Free swap  = 0kB
[ 2058.892948][T15167] Total swap = 0kB
[ 2058.896741][T15167] 2097051 pages RAM
[ 2058.900555][T15167] 0 pages HighMem/MovableOnly
[ 2058.905250][T15167] 75955 pages reserved
[ 2058.910444][T15167] ------------[ cut here ]------------
[ 2058.915899][T15167] WARNING: CPU: 1 PID: 15167 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2058.926761][T15167] Modules linked in:
[ 2058.930648][T15167] CPU: 1 PID: 15167 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2058.940566][T15167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2058.950694][T15167] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2058.957367][T15167] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2058.976987][T15167] RSP: 0000:ffffc900010cf5f0 EFLAGS: 00010246
[ 2058.983048][T15167] RAX: ffff88811c83e000 RBX: ffff88811e69a8b0 RCX: 0000000000000000
[ 2058.991094][T15167] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: ffff88811e69a800
[ 2058.999207][T15167] RBP: ffffc900010cf738 R08: 000188811e69a8b7 R09: 0000000000000000
[ 2059.007231][T15167] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811e69a8b0
[ 2059.015214][T15167] R13: ffffffff85ec3720 R14: ffff88811e69a800 R15: ffffc900010cf668
[ 2059.023179][T15167] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2059.032098][T15167] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2059.038754][T15167] CR2: 00007f1b1433b8b7 CR3: 000000011ece1000 CR4: 00000000003506e0
[ 2059.046719][T15167] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2059.054746][T15167] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2059.062821][T15167] Call Trace:
[ 2059.066080][T15167]  <TASK>
[ 2059.068988][T15167]  tcf_block_put_ext+0x2d/0x180
[ 2059.074056][T15167]  tcf_block_put+0x4c/0x70
[ 2059.078606][T15167]  cake_destroy+0x2d/0x50
[ 2059.082946][T15167]  ? cake_reset+0x5d0/0x5d0
[ 2059.087488][T15167]  qdisc_create+0xa82/0xd10
[ 2059.091993][T15167]  ? __nla_parse+0x3c/0x50
[ 2059.096417][T15167]  tc_modify_qdisc+0x64a/0x10b0
[ 2059.101278][T15167]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2059.107166][T15167]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2059.112137][T15167]  ? ___cache_free+0x46/0x300
[ 2059.116841][T15167]  ? packet_rcv+0xc3/0x9d0
[ 2059.121294][T15167]  ? __kfree_skb+0xfe/0x150
[ 2059.125801][T15167]  ? kmem_cache_free+0x5e/0x100
[ 2059.130703][T15167]  ? __kfree_skb+0xfe/0x150
[ 2059.135268][T15167]  ? consume_skb+0x48/0x160
[ 2059.139776][T15167]  ? nlmon_xmit+0x5f/0x70
[ 2059.144202][T15167]  ? __this_cpu_preempt_check+0x18/0x20
[ 2059.149754][T15167]  ? __local_bh_enable_ip+0x4d/0x70
[ 2059.155012][T15167]  ? local_bh_enable+0x1b/0x20
[ 2059.159775][T15167]  ? __dev_queue_xmit+0x597/0xf70
[ 2059.164782][T15167]  ? __skb_clone+0x2db/0x300
[ 2059.169426][T15167]  ? __rcu_read_unlock+0x5c/0x290
[ 2059.174451][T15167]  netlink_rcv_skb+0x14e/0x250
[ 2059.179229][T15167]  ? rtnetlink_bind+0x60/0x60
[ 2059.183924][T15167]  rtnetlink_rcv+0x18/0x20
[ 2059.188395][T15167]  netlink_unicast+0x5fc/0x6c0
[ 2059.193505][T15167]  netlink_sendmsg+0x6e1/0x7d0
[ 2059.198351][T15167]  ? netlink_getsockopt+0x720/0x720
[ 2059.203570][T15167]  ____sys_sendmsg+0x39a/0x510
[ 2059.208399][T15167]  __sys_sendmsg+0x195/0x230
[ 2059.213005][T15167]  __x64_sys_sendmsg+0x42/0x50
[ 2059.217764][T15167]  do_syscall_64+0x44/0xd0
[ 2059.222256][T15167]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2059.228147][T15167] RIP: 0033:0x7f7b56f48ae9
[ 2059.232559][T15167] Code: Unable to access opcode bytes at RIP 0x7f7b56f48abf.
[ 2059.240087][T15167] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2059.248532][T15167] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2059.256494][T15167] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2059.264456][T15167] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2059.272428][T15167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2059.280390][T15167] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2059.288370][T15167]  </TASK>
[ 2059.291382][T15167] ---[ end trace e45544a13c7e47c1 ]---
[ 2059.297570][T15167] ------------[ cut here ]------------
[ 2059.303027][T15167] WARNING: CPU: 1 PID: 15167 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2059.312660][T15167] Modules linked in:
[ 2059.316529][T15167] CPU: 1 PID: 15167 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2059.326430][T15167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2059.336478][T15167] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2059.342186][T15167] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2059.361993][T15167] RSP: 0000:ffffc900010cf628 EFLAGS: 00010246
[ 2059.368043][T15167] RAX: ffffffff83b40f4c RBX: ffff88811e69a888 RCX: 0000000000040000
[ 2059.376020][T15167] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2059.383991][T15167] RBP: ffffc900010cf668 R08: 000188811e69a88f R09: 0000000000000000
[ 2059.391985][T15167] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888077e80000
[ 2059.400294][T15167] R13: 0000000000000000 R14: ffffc900010cf7f0 R15: ffff88811e69a800
[ 2059.408258][T15167] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2059.417228][T15167] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2059.423820][T15167] CR2: 00007f7b56f48abf CR3: 000000011ece1000 CR4: 00000000003506e0
[ 2059.431821][T15167] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2059.439799][T15167] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2059.447773][T15167] Call Trace:
[ 2059.451047][T15167]  <TASK>
[ 2059.453957][T15167]  tcf_block_put+0x4c/0x70
[ 2059.458427][T15167]  cake_destroy+0x2d/0x50
[ 2059.462752][T15167]  ? cake_reset+0x5d0/0x5d0
[ 2059.467260][T15167]  qdisc_create+0xa82/0xd10
[ 2059.471773][T15167]  ? __nla_parse+0x3c/0x50
[ 2059.476214][T15167]  tc_modify_qdisc+0x64a/0x10b0
[ 2059.481137][T15167]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2059.487069][T15167]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2059.492012][T15167]  ? ___cache_free+0x46/0x300
[ 2059.496669][T15167]  ? packet_rcv+0xc3/0x9d0
[ 2059.501089][T15167]  ? __kfree_skb+0xfe/0x150
[ 2059.505584][T15167]  ? kmem_cache_free+0x5e/0x100
[ 2059.510457][T15167]  ? __kfree_skb+0xfe/0x150
[ 2059.515031][T15167]  ? consume_skb+0x48/0x160
[ 2059.519532][T15167]  ? nlmon_xmit+0x5f/0x70
[ 2059.523900][T15167]  ? __this_cpu_preempt_check+0x18/0x20
[ 2059.529491][T15167]  ? __local_bh_enable_ip+0x4d/0x70
[ 2059.534767][T15167]  ? local_bh_enable+0x1b/0x20
[ 2059.539570][T15167]  ? __dev_queue_xmit+0x597/0xf70
[ 2059.544660][T15167]  ? __skb_clone+0x2db/0x300
[ 2059.549427][T15167]  ? __rcu_read_unlock+0x5c/0x290
[ 2059.554465][T15167]  netlink_rcv_skb+0x14e/0x250
[ 2059.559291][T15167]  ? rtnetlink_bind+0x60/0x60
[ 2059.564037][T15167]  rtnetlink_rcv+0x18/0x20
[ 2059.568493][T15167]  netlink_unicast+0x5fc/0x6c0
[ 2059.573354][T15167]  netlink_sendmsg+0x6e1/0x7d0
[ 2059.578177][T15167]  ? netlink_getsockopt+0x720/0x720
[ 2059.583462][T15167]  ____sys_sendmsg+0x39a/0x510
[ 2059.588217][T15167]  __sys_sendmsg+0x195/0x230
[ 2059.592877][T15167]  __x64_sys_sendmsg+0x42/0x50
[ 2059.597625][T15167]  do_syscall_64+0x44/0xd0
[ 2059.602040][T15167]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2059.607914][T15167] RIP: 0033:0x7f7b56f48ae9
[ 2059.612353][T15167] Code: Unable to access opcode bytes at RIP 0x7f7b56f48abf.
[ 2059.619723][T15167] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2059.628114][T15167] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2059.636123][T15167] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2059.644122][T15167] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2059.652123][T15167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2059.660102][T15167] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2059.668058][T15167]  </TASK>
[ 2059.671079][T15167] ---[ end trace e45544a13c7e47c2 ]---
[ 2059.678201][T15167] ------------[ cut here ]------------
[ 2059.683656][T15167] WARNING: CPU: 1 PID: 15167 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2059.693465][T15167] Modules linked in:
[ 2059.697333][T15167] CPU: 1 PID: 15167 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2059.707134][T15167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2059.717219][T15167] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2059.722786][T15167] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2059.742402][T15167] RSP: 0000:ffffc900010cf5d8 EFLAGS: 00010246
[ 2059.748449][T15167] RAX: ffffffff83b414a7 RBX: ffff88811e69a8a0 RCX: 0000000000040000
[ 2059.756467][T15167] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2059.764439][T15167] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2059.772403][T15167] R10: 0001ffffffffffff R11: 000188811e69a8a0 R12: ffff88811e69a850
[ 2059.780480][T15167] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811e69a800
[ 2059.788431][T15167] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2059.797361][T15167] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2059.803968][T15167] CR2: 00007f7b56f48abf CR3: 000000011ece1000 CR4: 00000000003506e0
[ 2059.811932][T15167] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2059.819964][T15167] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2059.827923][T15167] Call Trace:
[ 2059.831191][T15167]  <TASK>
[ 2059.834156][T15167]  tcf_block_put_ext+0xe5/0x180
[ 2059.839003][T15167]  tcf_block_put+0x4c/0x70
[ 2059.843470][T15167]  cake_destroy+0x2d/0x50
[ 2059.847814][T15167]  ? cake_reset+0x5d0/0x5d0
[ 2059.852377][T15167]  qdisc_create+0xa82/0xd10
[ 2059.856877][T15167]  ? __nla_parse+0x3c/0x50
[ 2059.861297][T15167]  tc_modify_qdisc+0x64a/0x10b0
[ 2059.866209][T15167]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2059.872108][T15167]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2059.877060][T15167]  ? ___cache_free+0x46/0x300
[ 2059.881740][T15167]  ? packet_rcv+0xc3/0x9d0
[ 2059.886220][T15167]  ? __kfree_skb+0xfe/0x150
[ 2059.890741][T15167]  ? kmem_cache_free+0x5e/0x100
[ 2059.895580][T15167]  ? __kfree_skb+0xfe/0x150
[ 2059.900153][T15167]  ? consume_skb+0x48/0x160
[ 2059.904695][T15167]  ? nlmon_xmit+0x5f/0x70
[ 2059.909014][T15167]  ? __this_cpu_preempt_check+0x18/0x20
[ 2059.914574][T15167]  ? __local_bh_enable_ip+0x4d/0x70
[ 2059.919777][T15167]  ? local_bh_enable+0x1b/0x20
[ 2059.924539][T15167]  ? __dev_queue_xmit+0x597/0xf70
[ 2059.929578][T15167]  ? __skb_clone+0x2db/0x300
[ 2059.934244][T15167]  ? __rcu_read_unlock+0x5c/0x290
[ 2059.939299][T15167]  netlink_rcv_skb+0x14e/0x250
[ 2059.944085][T15167]  ? rtnetlink_bind+0x60/0x60
[ 2059.948745][T15167]  rtnetlink_rcv+0x18/0x20
[ 2059.953189][T15167]  netlink_unicast+0x5fc/0x6c0
[ 2059.957983][T15167]  netlink_sendmsg+0x6e1/0x7d0
[ 2059.962770][T15167]  ? netlink_getsockopt+0x720/0x720
[ 2059.967956][T15167]  ____sys_sendmsg+0x39a/0x510
[ 2059.972783][T15167]  __sys_sendmsg+0x195/0x230
[ 2059.977374][T15167]  __x64_sys_sendmsg+0x42/0x50
[ 2059.982213][T15167]  do_syscall_64+0x44/0xd0
[ 2059.986627][T15167]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2059.992519][T15167] RIP: 0033:0x7f7b56f48ae9
[ 2059.996925][T15167] Code: Unable to access opcode bytes at RIP 0x7f7b56f48abf.
[ 2060.004285][T15167] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2060.012684][T15167] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2060.020647][T15167] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2060.028594][T15167] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2060.036571][T15167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2060.044533][T15167] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2060.052498][T15167]  </TASK>
[ 2060.055498][T15167] ---[ end trace e45544a13c7e47c3 ]---
[ 2060.064710][T15275] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
18:54:12 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff9e]}]}}]}, 0x434}}, 0x0)

[ 2086.246377][T15279] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2088.339402][T15279] warn_alloc: 1 callbacks suppressed
[ 2088.339449][T15279] syz-executor.3: vmalloc error: size 778240, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0
[ 2088.361394][T15279] CPU: 0 PID: 15279 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2088.371292][T15279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2088.381370][T15279] Call Trace:
[ 2088.384628][T15279]  <TASK>
[ 2088.387617][T15279]  dump_stack_lvl+0xd6/0x122
[ 2088.392194][T15279]  dump_stack+0x11/0x1b
[ 2088.396328][T15279]  warn_alloc+0x132/0x190
[ 2088.400700][T15279]  __vmalloc_node_range+0x58b/0x690
[ 2088.405888][T15279]  ? cake_init+0x20d/0x640
[ 2088.410290][T15279]  __vmalloc_node+0x61/0x70
[ 2088.414791][T15279]  ? cake_init+0x20d/0x640
[ 2088.419237][T15279]  kvmalloc_node+0xd2/0x110
[ 2088.423840][T15279]  cake_init+0x20d/0x640
[ 2088.428064][T15279]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2088.433762][T15279]  ? qdisc_alloc+0x334/0x3c0
[ 2088.438358][T15279]  ? qdisc_lookup+0x20c/0x2e0
[ 2088.443089][T15279]  ? qdisc_peek_dequeued+0x140/0x140
[ 2088.448449][T15279]  qdisc_create+0x5f4/0xd10
[ 2088.452949][T15279]  ? __nla_parse+0x3c/0x50
[ 2088.457360][T15279]  tc_modify_qdisc+0x64a/0x10b0
[ 2088.462211][T15279]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2088.468114][T15279]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2088.473033][T15279]  ? ___cache_free+0x46/0x300
[ 2088.477750][T15279]  ? packet_rcv+0x3d6/0x9d0
[ 2088.482266][T15279]  ? __kfree_skb+0xfe/0x150
[ 2088.486749][T15279]  ? kmem_cache_free+0x5e/0x100
[ 2088.491598][T15279]  ? __kfree_skb+0xfe/0x150
[ 2088.496084][T15279]  ? consume_skb+0x48/0x160
[ 2088.500590][T15279]  ? nlmon_xmit+0x5f/0x70
[ 2088.504908][T15279]  ? __this_cpu_preempt_check+0x18/0x20
[ 2088.510441][T15279]  ? __local_bh_enable_ip+0x4d/0x70
[ 2088.515848][T15279]  ? local_bh_enable+0x1b/0x20
[ 2088.520682][T15279]  ? __dev_queue_xmit+0x597/0xf70
[ 2088.525772][T15279]  ? __skb_clone+0x2db/0x300
[ 2088.530378][T15279]  ? __rcu_read_unlock+0x5c/0x290
[ 2088.535402][T15279]  netlink_rcv_skb+0x14e/0x250
[ 2088.540461][T15279]  ? rtnetlink_bind+0x60/0x60
[ 2088.545204][T15279]  rtnetlink_rcv+0x18/0x20
[ 2088.549599][T15279]  netlink_unicast+0x5fc/0x6c0
[ 2088.554348][T15279]  netlink_sendmsg+0x6e1/0x7d0
[ 2088.559177][T15279]  ? netlink_getsockopt+0x720/0x720
[ 2088.564427][T15279]  ____sys_sendmsg+0x39a/0x510
[ 2088.569254][T15279]  __sys_sendmsg+0x195/0x230
[ 2088.573830][T15279]  __x64_sys_sendmsg+0x42/0x50
[ 2088.578620][T15279]  do_syscall_64+0x44/0xd0
[ 2088.583028][T15279]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2088.588943][T15279] RIP: 0033:0x7fd36aa9bae9
[ 2088.593344][T15279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2088.612929][T15279] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2088.621379][T15279] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2088.629397][T15279] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2088.637383][T15279] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2088.645422][T15279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2088.653376][T15279] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2088.661332][T15279]  </TASK>
[ 2088.664349][T15279] Mem-Info:
[ 2088.667435][T15279] active_anon:10703 inactive_anon:100659 isolated_anon:0
[ 2088.667435][T15279]  active_file:402 inactive_file:759 isolated_file:0
[ 2088.667435][T15279]  unevictable:0 dirty:11 writeback:0
[ 2088.667435][T15279]  slab_reclaimable:8092 slab_unreclaimable:1741836
[ 2088.667435][T15279]  mapped:52857 shmem:392 pagetables:5276 bounce:0
[ 2088.667435][T15279]  kernel_misc_reclaimable:0
[ 2088.667435][T15279]  free:11928 free_pcp:62 free_cma:0
[ 2088.708711][T15279] Node 0 active_anon:42812kB inactive_anon:402636kB active_file:1608kB inactive_file:3036kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:211428kB dirty:44kB writeback:0kB shmem:1568kB writeback_tmp:0kB kernel_stack:5296kB pagetables:21104kB all_unreclaimable? yes
[ 2088.735244][T15279] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2088.762119][T15279] lowmem_reserve[]: 0 2896 7874 7874
[ 2088.767392][T15279] Node 0 DMA32 free:22944kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2088.795541][T15279] lowmem_reserve[]: 0 0 4978 4978
[ 2088.800585][T15279] Node 0 Normal free:9408kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42812kB inactive_anon:401716kB active_file:1604kB inactive_file:3036kB unevictable:0kB writepending:44kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 2088.830642][T15279] lowmem_reserve[]: 0 0 0 0
[ 2088.835133][T15279] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2088.847845][T15279] Node 0 DMA32: 214*4kB (UME) 119*8kB (UME) 55*16kB (UME) 49*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 4*1024kB (UM) 3*2048kB (ME) 1*4096kB (M) = 22944kB
[ 2088.865428][T15279] Node 0 Normal: 1078*4kB (UMEH) 477*8kB (UMEH) 79*16kB (UMH) 1*32kB (H) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9424kB
[ 2088.879819][T15279] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2088.889174][T15279] 1561 total pagecache pages
[ 2088.893820][T15279] 0 pages in swap cache
[ 2088.897981][T15279] Swap cache stats: add 0, delete 0, find 0/0
[ 2088.904073][T15279] Free swap  = 0kB
[ 2088.907874][T15279] Total swap = 0kB
[ 2088.911585][T15279] 2097051 pages RAM
[ 2088.915465][T15279] 0 pages HighMem/MovableOnly
[ 2088.920208][T15279] 75955 pages reserved
[ 2088.924941][T15279] ------------[ cut here ]------------
[ 2088.930464][T15279] WARNING: CPU: 1 PID: 15279 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2088.941131][T15279] Modules linked in:
[ 2088.945067][T15279] CPU: 1 PID: 15279 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2088.954938][T15279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2088.965057][T15279] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2088.971801][T15279] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2088.991549][T15279] RSP: 0018:ffffc9000119f5f0 EFLAGS: 00010246
[ 2088.997597][T15279] RAX: ffff88811e742000 RBX: ffff88811fd690b0 RCX: 0000000000000000
[ 2089.005568][T15279] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: ffff88811fd69000
[ 2089.013535][T15279] RBP: ffffc9000119f738 R08: 000188811fd690b7 R09: 0000000000000000
[ 2089.021607][T15279] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811fd690b0
[ 2089.029572][T15279] R13: ffffffff85ec3720 R14: ffff88811fd69000 R15: ffffc9000119f668
[ 2089.037646][T15279] FS:  00007fd368812700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2089.046848][T15279] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2089.053474][T15279] CR2: 00007f1b142abdd0 CR3: 000000011f754000 CR4: 00000000003506e0
[ 2089.061487][T15279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2089.069757][T15279] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2089.077720][T15279] Call Trace:
[ 2089.081064][T15279]  <TASK>
[ 2089.083975][T15279]  tcf_block_put_ext+0x2d/0x180
[ 2089.088818][T15279]  tcf_block_put+0x4c/0x70
[ 2089.093312][T15279]  cake_destroy+0x2d/0x50
[ 2089.097672][T15279]  ? cake_reset+0x5d0/0x5d0
[ 2089.102259][T15279]  qdisc_create+0xa82/0xd10
[ 2089.106829][T15279]  ? __nla_parse+0x3c/0x50
[ 2089.111241][T15279]  tc_modify_qdisc+0x64a/0x10b0
[ 2089.116185][T15279]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2089.122215][T15279]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2089.127150][T15279]  ? ___cache_free+0x46/0x300
[ 2089.131853][T15279]  ? packet_rcv+0x3d6/0x9d0
[ 2089.136336][T15279]  ? __kfree_skb+0xfe/0x150
[ 2089.140869][T15279]  ? kmem_cache_free+0x5e/0x100
[ 2089.145711][T15279]  ? __kfree_skb+0xfe/0x150
[ 2089.150216][T15279]  ? consume_skb+0x48/0x160
[ 2089.154721][T15279]  ? nlmon_xmit+0x5f/0x70
[ 2089.159107][T15279]  ? __this_cpu_preempt_check+0x18/0x20
[ 2089.164666][T15279]  ? __local_bh_enable_ip+0x4d/0x70
[ 2089.169863][T15279]  ? local_bh_enable+0x1b/0x20
[ 2089.174612][T15279]  ? __dev_queue_xmit+0x597/0xf70
[ 2089.179635][T15279]  ? __skb_clone+0x2db/0x300
[ 2089.184209][T15279]  ? __rcu_read_unlock+0x5c/0x290
[ 2089.189250][T15279]  netlink_rcv_skb+0x14e/0x250
[ 2089.194011][T15279]  ? rtnetlink_bind+0x60/0x60
[ 2089.198779][T15279]  rtnetlink_rcv+0x18/0x20
[ 2089.203199][T15279]  netlink_unicast+0x5fc/0x6c0
[ 2089.208013][T15279]  netlink_sendmsg+0x6e1/0x7d0
[ 2089.212786][T15279]  ? netlink_getsockopt+0x720/0x720
[ 2089.217992][T15279]  ____sys_sendmsg+0x39a/0x510
[ 2089.222806][T15279]  __sys_sendmsg+0x195/0x230
[ 2089.227482][T15279]  __x64_sys_sendmsg+0x42/0x50
[ 2089.232286][T15279]  do_syscall_64+0x44/0xd0
[ 2089.236729][T15279]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2089.242618][T15279] RIP: 0033:0x7fd36aa9bae9
[ 2089.247011][T15279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2089.266745][T15279] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2089.275188][T15279] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2089.283211][T15279] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2089.291321][T15279] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2089.299413][T15279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2089.307364][T15279] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2089.315530][T15279]  </TASK>
[ 2089.318575][T15279] ---[ end trace e45544a13c7e47c4 ]---
[ 2089.324541][T15279] ------------[ cut here ]------------
[ 2089.329989][T15279] WARNING: CPU: 1 PID: 15279 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2089.339890][T15279] Modules linked in:
[ 2089.343759][T15279] CPU: 1 PID: 15279 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2089.353551][T15279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2089.363602][T15279] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2089.369237][T15279] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2089.388950][T15279] RSP: 0018:ffffc9000119f628 EFLAGS: 00010246
[ 2089.395079][T15279] RAX: ffffffff83b40f4c RBX: ffff88811fd69088 RCX: 0000000000040000
[ 2089.403044][T15279] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2089.411085][T15279] RBP: ffffc9000119f668 R08: 000188811fd6908f R09: 0000000000000000
[ 2089.419122][T15279] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108400000
[ 2089.427087][T15279] R13: 0000000000000000 R14: ffffc9000119f7f0 R15: ffff88811fd69000
[ 2089.435142][T15279] FS:  00007fd368812700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2089.444318][T15279] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2089.450916][T15279] CR2: 00007f1b142abdd0 CR3: 000000011f754000 CR4: 00000000003506e0
[ 2089.458871][T15279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2089.466838][T15279] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2089.474948][T15279] Call Trace:
[ 2089.478208][T15279]  <TASK>
[ 2089.481128][T15279]  tcf_block_put+0x4c/0x70
[ 2089.485531][T15279]  cake_destroy+0x2d/0x50
[ 2089.489871][T15279]  ? cake_reset+0x5d0/0x5d0
[ 2089.494388][T15279]  qdisc_create+0xa82/0xd10
[ 2089.499043][T15279]  ? __nla_parse+0x3c/0x50
[ 2089.503461][T15279]  tc_modify_qdisc+0x64a/0x10b0
[ 2089.508298][T15279]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2089.514247][T15279]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2089.519226][T15279]  ? ___cache_free+0x46/0x300
[ 2089.523903][T15279]  ? packet_rcv+0x3d6/0x9d0
[ 2089.528511][T15279]  ? __kfree_skb+0xfe/0x150
[ 2089.533070][T15279]  ? kmem_cache_free+0x5e/0x100
[ 2089.538091][T15279]  ? __kfree_skb+0xfe/0x150
[ 2089.542678][T15279]  ? consume_skb+0x48/0x160
[ 2089.547172][T15279]  ? nlmon_xmit+0x5f/0x70
[ 2089.551511][T15279]  ? __this_cpu_preempt_check+0x18/0x20
[ 2089.557038][T15279]  ? __local_bh_enable_ip+0x4d/0x70
[ 2089.562238][T15279]  ? local_bh_enable+0x1b/0x20
[ 2089.566984][T15279]  ? __dev_queue_xmit+0x597/0xf70
[ 2089.572122][T15279]  ? __skb_clone+0x2db/0x300
[ 2089.576694][T15279]  ? __rcu_read_unlock+0x5c/0x290
[ 2089.581808][T15279]  netlink_rcv_skb+0x14e/0x250
[ 2089.586559][T15279]  ? rtnetlink_bind+0x60/0x60
[ 2089.591235][T15279]  rtnetlink_rcv+0x18/0x20
[ 2089.595641][T15279]  netlink_unicast+0x5fc/0x6c0
[ 2089.600500][T15279]  netlink_sendmsg+0x6e1/0x7d0
[ 2089.605317][T15279]  ? netlink_getsockopt+0x720/0x720
[ 2089.610519][T15279]  ____sys_sendmsg+0x39a/0x510
[ 2089.615386][T15279]  __sys_sendmsg+0x195/0x230
[ 2089.619983][T15279]  __x64_sys_sendmsg+0x42/0x50
[ 2089.624780][T15279]  do_syscall_64+0x44/0xd0
[ 2089.629340][T15279]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2089.635317][T15279] RIP: 0033:0x7fd36aa9bae9
[ 2089.639750][T15279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2089.659365][T15279] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2089.667761][T15279] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2089.675759][T15279] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2089.683734][T15279] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2089.691706][T15279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2089.699718][T15279] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2089.707701][T15279]  </TASK>
[ 2089.710713][T15279] ---[ end trace e45544a13c7e47c5 ]---
[ 2089.717723][T15279] ------------[ cut here ]------------
[ 2089.723253][T15279] WARNING: CPU: 1 PID: 15279 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2089.732709][T15279] Modules linked in:
[ 2089.736597][T15279] CPU: 1 PID: 15279 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2089.746392][T15279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2089.756451][T15279] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2089.762103][T15279] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2089.781702][T15279] RSP: 0018:ffffc9000119f5d8 EFLAGS: 00010246
[ 2089.787801][T15279] RAX: ffffffff83b414a7 RBX: ffff88811fd690a0 RCX: 0000000000040000
[ 2089.795846][T15279] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2089.803848][T15279] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2089.811826][T15279] R10: 0001ffffffffffff R11: 000188811fd690a0 R12: ffff88811fd69050
[ 2089.820021][T15279] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811fd69000
[ 2089.828025][T15279] FS:  00007fd368812700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2089.836963][T15279] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2089.843553][T15279] CR2: 00007f1b142abdd0 CR3: 000000011f754000 CR4: 00000000003506e0
[ 2089.851521][T15279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2089.859539][T15279] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2089.867488][T15279] Call Trace:
[ 2089.870767][T15279]  <TASK>
[ 2089.873677][T15279]  tcf_block_put_ext+0xe5/0x180
[ 2089.878579][T15279]  tcf_block_put+0x4c/0x70
[ 2089.882991][T15279]  cake_destroy+0x2d/0x50
[ 2089.887325][T15279]  ? cake_reset+0x5d0/0x5d0
[ 2089.891888][T15279]  qdisc_create+0xa82/0xd10
[ 2089.896373][T15279]  ? __nla_parse+0x3c/0x50
[ 2089.900940][T15279]  tc_modify_qdisc+0x64a/0x10b0
[ 2089.905839][T15279]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2089.911807][T15279]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2089.916769][T15279]  ? ___cache_free+0x46/0x300
[ 2089.921506][T15279]  ? packet_rcv+0x3d6/0x9d0
[ 2089.926001][T15279]  ? __kfree_skb+0xfe/0x150
[ 2089.930534][T15279]  ? kmem_cache_free+0x5e/0x100
[ 2089.935385][T15279]  ? __kfree_skb+0xfe/0x150
[ 2089.939930][T15279]  ? consume_skb+0x48/0x160
[ 2089.944434][T15279]  ? nlmon_xmit+0x5f/0x70
[ 2089.948761][T15279]  ? __this_cpu_preempt_check+0x18/0x20
[ 2089.954310][T15279]  ? __local_bh_enable_ip+0x4d/0x70
[ 2089.959501][T15279]  ? local_bh_enable+0x1b/0x20
[ 2089.964324][T15279]  ? __dev_queue_xmit+0x597/0xf70
[ 2089.969615][T15279]  ? __skb_clone+0x2db/0x300
[ 2089.974205][T15279]  ? __rcu_read_unlock+0x5c/0x290
[ 2089.979229][T15279]  netlink_rcv_skb+0x14e/0x250
[ 2089.984075][T15279]  ? rtnetlink_bind+0x60/0x60
[ 2089.988790][T15279]  rtnetlink_rcv+0x18/0x20
[ 2089.993197][T15279]  netlink_unicast+0x5fc/0x6c0
[ 2089.997946][T15279]  netlink_sendmsg+0x6e1/0x7d0
[ 2090.002702][T15279]  ? netlink_getsockopt+0x720/0x720
[ 2090.007881][T15279]  ____sys_sendmsg+0x39a/0x510
[ 2090.012734][T15279]  __sys_sendmsg+0x195/0x230
[ 2090.017391][T15279]  __x64_sys_sendmsg+0x42/0x50
[ 2090.022145][T15279]  do_syscall_64+0x44/0xd0
[ 2090.026646][T15279]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2090.032549][T15279] RIP: 0033:0x7fd36aa9bae9
[ 2090.036954][T15279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2090.056579][T15279] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2090.064998][T15279] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2090.072960][T15279] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2090.080989][T15279] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2090.088945][T15279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2090.096949][T15279] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2090.104924][T15279]  </TASK>
[ 2090.107924][T15279] ---[ end trace e45544a13c7e47c6 ]---
18:54:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x3}}, {0x4}}]}]}, 0x68}}, 0x0)

18:56:08 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffea]}]}}]}, 0x434}}, 0x0)

[ 2176.740345][T15494] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
18:56:08 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

18:56:23 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8847, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 2186.363654][T15496] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2189.349169][T15496] syz-executor.1: vmalloc error: size 491520, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 2189.365626][T15496] CPU: 1 PID: 15496 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2189.375695][T15496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2189.386006][T15496] Call Trace:
[ 2189.389274][T15496]  <TASK>
[ 2189.392187][T15496]  dump_stack_lvl+0xd6/0x122
[ 2189.396762][T15496]  dump_stack+0x11/0x1b
[ 2189.400958][T15496]  warn_alloc+0x132/0x190
[ 2189.405281][T15496]  __vmalloc_node_range+0x58b/0x690
[ 2189.410524][T15496]  ? cake_init+0x20d/0x640
[ 2189.414957][T15496]  __vmalloc_node+0x61/0x70
[ 2189.419582][T15496]  ? cake_init+0x20d/0x640
[ 2189.424020][T15496]  kvmalloc_node+0xd2/0x110
[ 2189.428510][T15496]  cake_init+0x20d/0x640
[ 2189.432803][T15496]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2189.438535][T15496]  ? qdisc_alloc+0x334/0x3c0
[ 2189.443276][T15496]  ? qdisc_lookup+0x20c/0x2e0
[ 2189.447949][T15496]  ? qdisc_peek_dequeued+0x140/0x140
[ 2189.453328][T15496]  qdisc_create+0x5f4/0xd10
[ 2189.457852][T15496]  ? __nla_parse+0x3c/0x50
[ 2189.462252][T15496]  tc_modify_qdisc+0x64a/0x10b0
[ 2189.467167][T15496]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2189.473077][T15496]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2189.477997][T15496]  ? ___cache_free+0x46/0x300
[ 2189.482686][T15496]  ? packet_rcv+0xc3/0x9d0
[ 2189.487230][T15496]  ? __kfree_skb+0xfe/0x150
[ 2189.491793][T15496]  ? kmem_cache_free+0x5e/0x100
[ 2189.496705][T15496]  ? __kfree_skb+0xfe/0x150
[ 2189.501455][T15496]  ? consume_skb+0x48/0x160
[ 2189.505948][T15496]  ? nlmon_xmit+0x5f/0x70
[ 2189.510268][T15496]  ? __this_cpu_preempt_check+0x18/0x20
[ 2189.515825][T15496]  ? __local_bh_enable_ip+0x4d/0x70
[ 2189.521035][T15496]  ? local_bh_enable+0x1b/0x20
[ 2189.525810][T15496]  ? __dev_queue_xmit+0x597/0xf70
[ 2189.530821][T15496]  ? __skb_clone+0x2db/0x300
[ 2189.535401][T15496]  ? __rcu_read_unlock+0x5c/0x290
[ 2189.540416][T15496]  netlink_rcv_skb+0x14e/0x250
[ 2189.545169][T15496]  ? rtnetlink_bind+0x60/0x60
[ 2189.549848][T15496]  rtnetlink_rcv+0x18/0x20
[ 2189.554270][T15496]  netlink_unicast+0x5fc/0x6c0
[ 2189.559141][T15496]  netlink_sendmsg+0x6e1/0x7d0
[ 2189.563887][T15496]  ? netlink_getsockopt+0x720/0x720
[ 2189.569063][T15496]  ____sys_sendmsg+0x39a/0x510
[ 2189.573865][T15496]  __sys_sendmsg+0x195/0x230
[ 2189.578440][T15496]  __x64_sys_sendmsg+0x42/0x50
[ 2189.583184][T15496]  do_syscall_64+0x44/0xd0
[ 2189.587665][T15496]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2189.593579][T15496] RIP: 0033:0x7f7b56f48ae9
[ 2189.597975][T15496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2189.617591][T15496] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2189.626026][T15496] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2189.633973][T15496] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2189.642190][T15496] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2189.650149][T15496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2189.658108][T15496] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2189.666059][T15496]  </TASK>
[ 2189.669108][T15496] Mem-Info:
[ 2189.672280][T15496] active_anon:10709 inactive_anon:100617 isolated_anon:0
[ 2189.672280][T15496]  active_file:306 inactive_file:242 isolated_file:0
[ 2189.672280][T15496]  unevictable:0 dirty:11 writeback:0
[ 2189.672280][T15496]  slab_reclaimable:7750 slab_unreclaimable:1741894
[ 2189.672280][T15496]  mapped:52471 shmem:400 pagetables:5275 bounce:0
[ 2189.672280][T15496]  kernel_misc_reclaimable:0
[ 2189.672280][T15496]  free:12624 free_pcp:261 free_cma:0
[ 2189.713537][T15496] Node 0 active_anon:42836kB inactive_anon:402468kB active_file:1224kB inactive_file:968kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:209884kB dirty:44kB writeback:0kB shmem:1600kB writeback_tmp:0kB kernel_stack:5248kB pagetables:21100kB all_unreclaimable? yes
[ 2189.739849][T15496] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2189.766736][T15496] lowmem_reserve[]: 0 2896 7874 7874
[ 2189.772023][T15496] Node 0 DMA32 free:23284kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2189.800074][T15496] lowmem_reserve[]: 0 0 4978 4978
[ 2189.805083][T15496] Node 0 Normal free:11852kB boost:2048kB min:9220kB low:14316kB high:19412kB reserved_highatomic:2048KB active_anon:42836kB inactive_anon:401548kB active_file:1108kB inactive_file:660kB unevictable:0kB writepending:44kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1044kB local_pcp:388kB free_cma:0kB
[ 2189.835434][T15496] lowmem_reserve[]: 0 0 0 0
[ 2189.840107][T15496] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2189.852691][T15496] Node 0 DMA32: 249*4kB (UME) 138*8kB (UME) 56*16kB (UME) 50*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 4*1024kB (UM) 3*2048kB (ME) 1*4096kB (M) = 23284kB
[ 2189.870260][T15496] Node 0 Normal: 1606*4kB (UMEH) 477*8kB (UMEH) 85*16kB (UMH) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11600kB
[ 2189.884341][T15496] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2189.893610][T15496] 935 total pagecache pages
[ 2189.898174][T15496] 0 pages in swap cache
[ 2189.902400][T15496] Swap cache stats: add 0, delete 0, find 0/0
[ 2189.908522][T15496] Free swap  = 0kB
[ 2189.912224][T15496] Total swap = 0kB
[ 2189.916030][T15496] 2097051 pages RAM
[ 2189.919854][T15496] 0 pages HighMem/MovableOnly
[ 2189.924509][T15496] 75955 pages reserved
[ 2189.934267][T15496] ------------[ cut here ]------------
[ 2189.939774][T15496] WARNING: CPU: 1 PID: 15496 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2189.950288][T15496] Modules linked in:
[ 2189.954231][T15496] CPU: 1 PID: 15496 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2189.964140][T15496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2189.974234][T15496] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2189.980913][T15496] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2190.000683][T15496] RSP: 0000:ffffc900014e75f0 EFLAGS: 00010246
[ 2190.006861][T15496] RAX: ffff888128144000 RBX: ffff88818e7250b0 RCX: 0000000000000000
[ 2190.014945][T15496] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: ffff88818e725000
[ 2190.022989][T15496] RBP: ffffc900014e7738 R08: 000188818e7250b7 R09: 0000000000000000
[ 2190.031002][T15496] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88818e7250b0
[ 2190.038962][T15496] R13: ffffffff85ec3720 R14: ffff88818e725000 R15: ffffc900014e7668
[ 2190.047001][T15496] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2190.056011][T15496] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2190.062678][T15496] CR2: 0000000000d592c7 CR3: 00000001419f6000 CR4: 00000000003506e0
[ 2190.070693][T15496] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2190.078727][T15496] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2190.086773][T15496] Call Trace:
[ 2190.090058][T15496]  <TASK>
[ 2190.093017][T15496]  tcf_block_put_ext+0x2d/0x180
[ 2190.097875][T15496]  tcf_block_put+0x4c/0x70
[ 2190.102310][T15496]  cake_destroy+0x2d/0x50
[ 2190.106661][T15496]  ? cake_reset+0x5d0/0x5d0
[ 2190.111171][T15496]  qdisc_create+0xa82/0xd10
[ 2190.115677][T15496]  ? __nla_parse+0x3c/0x50
[ 2190.120147][T15496]  tc_modify_qdisc+0x64a/0x10b0
[ 2190.125022][T15496]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2190.130919][T15496]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2190.135843][T15496]  ? ___cache_free+0x46/0x300
[ 2190.140532][T15496]  ? packet_rcv+0xc3/0x9d0
[ 2190.144941][T15496]  ? __kfree_skb+0xfe/0x150
[ 2190.149490][T15496]  ? kmem_cache_free+0x5e/0x100
[ 2190.154341][T15496]  ? __kfree_skb+0xfe/0x150
[ 2190.158830][T15496]  ? consume_skb+0x48/0x160
[ 2190.163346][T15496]  ? nlmon_xmit+0x5f/0x70
[ 2190.167690][T15496]  ? __this_cpu_preempt_check+0x18/0x20
[ 2190.173348][T15496]  ? __local_bh_enable_ip+0x4d/0x70
[ 2190.178572][T15496]  ? local_bh_enable+0x1b/0x20
[ 2190.183352][T15496]  ? __dev_queue_xmit+0x597/0xf70
[ 2190.188360][T15496]  ? __skb_clone+0x2db/0x300
[ 2190.192997][T15496]  ? __rcu_read_unlock+0x5c/0x290
[ 2190.197998][T15496]  netlink_rcv_skb+0x14e/0x250
[ 2190.203000][T15496]  ? rtnetlink_bind+0x60/0x60
[ 2190.207731][T15496]  rtnetlink_rcv+0x18/0x20
[ 2190.212145][T15496]  netlink_unicast+0x5fc/0x6c0
[ 2190.216957][T15496]  netlink_sendmsg+0x6e1/0x7d0
[ 2190.221731][T15496]  ? netlink_getsockopt+0x720/0x720
[ 2190.226986][T15496]  ____sys_sendmsg+0x39a/0x510
[ 2190.231748][T15496]  __sys_sendmsg+0x195/0x230
[ 2190.236354][T15496]  __x64_sys_sendmsg+0x42/0x50
[ 2190.241195][T15496]  do_syscall_64+0x44/0xd0
[ 2190.245636][T15496]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2190.251546][T15496] RIP: 0033:0x7f7b56f48ae9
[ 2190.256027][T15496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2190.275794][T15496] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2190.284212][T15496] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2190.292180][T15496] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2190.300249][T15496] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2190.308285][T15496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2190.316248][T15496] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2190.324230][T15496]  </TASK>
[ 2190.327241][T15496] ---[ end trace e45544a13c7e47c7 ]---
[ 2190.333112][T15496] ------------[ cut here ]------------
[ 2190.338569][T15496] WARNING: CPU: 1 PID: 15496 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2190.348149][T15496] Modules linked in:
[ 2190.352036][T15496] CPU: 1 PID: 15496 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2190.361917][T15496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2190.371973][T15496] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2190.377640][T15496] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2190.397250][T15496] RSP: 0000:ffffc900014e7628 EFLAGS: 00010246
[ 2190.403319][T15496] RAX: ffffffff83b40f4c RBX: ffff88818e725088 RCX: 0000000000040000
[ 2190.411283][T15496] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2190.419279][T15496] RBP: ffffc900014e7668 R08: 000188818e72508f R09: 0000000000000000
[ 2190.427252][T15496] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811f388000
[ 2190.435215][T15496] R13: 0000000000000000 R14: ffffc900014e77f0 R15: ffff88818e725000
[ 2190.443274][T15496] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2190.452262][T15496] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2190.458824][T15496] CR2: 0000000000d592c7 CR3: 00000001419f6000 CR4: 00000000003506e0
[ 2190.466788][T15496] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2190.474777][T15496] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2190.482739][T15496] Call Trace:
[ 2190.486007][T15496]  <TASK>
[ 2190.488915][T15496]  tcf_block_put+0x4c/0x70
[ 2190.493367][T15496]  cake_destroy+0x2d/0x50
[ 2190.497678][T15496]  ? cake_reset+0x5d0/0x5d0
[ 2190.502247][T15496]  qdisc_create+0xa82/0xd10
[ 2190.506811][T15496]  ? __nla_parse+0x3c/0x50
[ 2190.511254][T15496]  tc_modify_qdisc+0x64a/0x10b0
[ 2190.516179][T15496]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2190.522140][T15496]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2190.527135][T15496]  ? ___cache_free+0x46/0x300
[ 2190.531804][T15496]  ? packet_rcv+0xc3/0x9d0
[ 2190.536241][T15496]  ? __kfree_skb+0xfe/0x150
[ 2190.540797][T15496]  ? kmem_cache_free+0x5e/0x100
[ 2190.545626][T15496]  ? __kfree_skb+0xfe/0x150
[ 2190.550201][T15496]  ? consume_skb+0x48/0x160
[ 2190.554693][T15496]  ? nlmon_xmit+0x5f/0x70
[ 2190.559000][T15496]  ? __this_cpu_preempt_check+0x18/0x20
[ 2190.564611][T15496]  ? __local_bh_enable_ip+0x4d/0x70
[ 2190.569840][T15496]  ? local_bh_enable+0x1b/0x20
[ 2190.574654][T15496]  ? __dev_queue_xmit+0x597/0xf70
[ 2190.579750][T15496]  ? __skb_clone+0x2db/0x300
[ 2190.584333][T15496]  ? __rcu_read_unlock+0x5c/0x290
[ 2190.589408][T15496]  netlink_rcv_skb+0x14e/0x250
[ 2190.594171][T15496]  ? rtnetlink_bind+0x60/0x60
[ 2190.598872][T15496]  rtnetlink_rcv+0x18/0x20
[ 2190.603348][T15496]  netlink_unicast+0x5fc/0x6c0
[ 2190.608166][T15496]  netlink_sendmsg+0x6e1/0x7d0
[ 2190.612961][T15496]  ? netlink_getsockopt+0x720/0x720
[ 2190.618146][T15496]  ____sys_sendmsg+0x39a/0x510
[ 2190.622923][T15496]  __sys_sendmsg+0x195/0x230
[ 2190.627496][T15496]  __x64_sys_sendmsg+0x42/0x50
[ 2190.632251][T15496]  do_syscall_64+0x44/0xd0
[ 2190.636650][T15496]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2190.642603][T15496] RIP: 0033:0x7f7b56f48ae9
[ 2190.646997][T15496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2190.666750][T15496] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2190.675170][T15496] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2190.683136][T15496] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2190.691117][T15496] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2190.699090][T15496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2190.707110][T15496] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2190.715078][T15496]  </TASK>
[ 2190.718127][T15496] ---[ end trace e45544a13c7e47c8 ]---
[ 2190.725344][T15496] ------------[ cut here ]------------
[ 2190.730820][T15496] WARNING: CPU: 1 PID: 15496 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2190.740374][T15496] Modules linked in:
[ 2190.744254][T15496] CPU: 1 PID: 15496 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2190.754097][T15496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2190.764175][T15496] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2190.769819][T15496] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2190.789482][T15496] RSP: 0000:ffffc900014e75d8 EFLAGS: 00010246
[ 2190.795525][T15496] RAX: ffffffff83b414a7 RBX: ffff88818e7250a0 RCX: 0000000000040000
[ 2190.803546][T15496] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2190.813198][T15496] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2190.821184][T15496] R10: 0001ffffffffffff R11: 000188818e7250a0 R12: ffff88818e725050
[ 2190.829182][T15496] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88818e725000
[ 2190.837148][T15496] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2190.846125][T15496] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2190.852741][T15496] CR2: 0000000000d592c7 CR3: 00000001419f6000 CR4: 00000000003506e0
[ 2190.860707][T15496] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2190.868658][T15496] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2190.876671][T15496] Call Trace:
[ 2190.879939][T15496]  <TASK>
[ 2190.882851][T15496]  tcf_block_put_ext+0xe5/0x180
[ 2190.887693][T15496]  tcf_block_put+0x4c/0x70
[ 2190.892124][T15496]  cake_destroy+0x2d/0x50
[ 2190.896491][T15496]  ? cake_reset+0x5d0/0x5d0
[ 2190.900994][T15496]  qdisc_create+0xa82/0xd10
[ 2190.905483][T15496]  ? __nla_parse+0x3c/0x50
[ 2190.910009][T15496]  tc_modify_qdisc+0x64a/0x10b0
[ 2190.914893][T15496]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2190.920847][T15496]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2190.925781][T15496]  ? ___cache_free+0x46/0x300
[ 2190.930468][T15496]  ? packet_rcv+0xc3/0x9d0
[ 2190.934864][T15496]  ? __kfree_skb+0xfe/0x150
[ 2190.939384][T15496]  ? kmem_cache_free+0x5e/0x100
[ 2190.944237][T15496]  ? __kfree_skb+0xfe/0x150
[ 2190.948721][T15496]  ? consume_skb+0x48/0x160
[ 2190.953244][T15496]  ? nlmon_xmit+0x5f/0x70
[ 2190.957612][T15496]  ? __this_cpu_preempt_check+0x18/0x20
[ 2190.963166][T15496]  ? __local_bh_enable_ip+0x4d/0x70
[ 2190.968365][T15496]  ? local_bh_enable+0x1b/0x20
[ 2190.973196][T15496]  ? __dev_queue_xmit+0x597/0xf70
[ 2190.978210][T15496]  ? __skb_clone+0x2db/0x300
[ 2190.982873][T15496]  ? __rcu_read_unlock+0x5c/0x290
[ 2190.987988][T15496]  netlink_rcv_skb+0x14e/0x250
[ 2190.992787][T15496]  ? rtnetlink_bind+0x60/0x60
[ 2190.997449][T15496]  rtnetlink_rcv+0x18/0x20
[ 2191.001931][T15496]  netlink_unicast+0x5fc/0x6c0
[ 2191.006676][T15496]  netlink_sendmsg+0x6e1/0x7d0
[ 2191.011595][T15496]  ? netlink_getsockopt+0x720/0x720
[ 2191.016773][T15496]  ____sys_sendmsg+0x39a/0x510
[ 2191.021553][T15496]  __sys_sendmsg+0x195/0x230
[ 2191.026152][T15496]  __x64_sys_sendmsg+0x42/0x50
[ 2191.030960][T15496]  do_syscall_64+0x44/0xd0
[ 2191.035431][T15496]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2191.041317][T15496] RIP: 0033:0x7f7b56f48ae9
[ 2191.045711][T15496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2191.065316][T15496] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2191.073810][T15496] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2191.081794][T15496] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2191.089953][T15496] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2191.097922][T15496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2191.105898][T15496] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2191.113883][T15496]  </TASK>
[ 2191.116907][T15496] ---[ end trace e45544a13c7e47c9 ]---
[ 2197.541700][T15601] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
18:56:23 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000]}]}}]}, 0x434}}, 0x0)

[ 2201.649252][T15601] syz-executor.2: vmalloc error: size 774144, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[ 2201.665809][T15601] CPU: 1 PID: 15601 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2201.675737][T15601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2201.686146][T15601] Call Trace:
[ 2201.689465][T15601]  <TASK>
[ 2201.692407][T15601]  dump_stack_lvl+0xd6/0x122
[ 2201.697008][T15601]  dump_stack+0x11/0x1b
[ 2201.701156][T15601]  warn_alloc+0x132/0x190
[ 2201.705537][T15601]  __vmalloc_node_range+0x58b/0x690
[ 2201.710739][T15601]  ? cake_init+0x20d/0x640
[ 2201.715137][T15601]  __vmalloc_node+0x61/0x70
[ 2201.719628][T15601]  ? cake_init+0x20d/0x640
[ 2201.724116][T15601]  kvmalloc_node+0xd2/0x110
[ 2201.728604][T15601]  cake_init+0x20d/0x640
[ 2201.732849][T15601]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2201.738556][T15601]  ? qdisc_alloc+0x334/0x3c0
[ 2201.743125][T15601]  ? qdisc_lookup+0x20c/0x2e0
[ 2201.747782][T15601]  ? qdisc_peek_dequeued+0x140/0x140
[ 2201.753046][T15601]  qdisc_create+0x5f4/0xd10
[ 2201.757565][T15601]  ? __nla_parse+0x3c/0x50
[ 2201.761986][T15601]  tc_modify_qdisc+0x64a/0x10b0
[ 2201.766912][T15601]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2201.772797][T15601]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2201.777756][T15601]  ? ___cache_free+0x46/0x300
[ 2201.782463][T15601]  ? packet_rcv+0xc3/0x9d0
[ 2201.786908][T15601]  ? __kfree_skb+0xfe/0x150
[ 2201.791416][T15601]  ? kmem_cache_free+0x5e/0x100
[ 2201.796298][T15601]  ? __kfree_skb+0xfe/0x150
[ 2201.800780][T15601]  ? consume_skb+0x48/0x160
[ 2201.805285][T15601]  ? nlmon_xmit+0x5f/0x70
[ 2201.809591][T15601]  ? __this_cpu_preempt_check+0x18/0x20
[ 2201.815131][T15601]  ? __local_bh_enable_ip+0x4d/0x70
[ 2201.820336][T15601]  ? local_bh_enable+0x1b/0x20
[ 2201.825117][T15601]  ? __dev_queue_xmit+0x597/0xf70
[ 2201.830156][T15601]  ? __skb_clone+0x2db/0x300
[ 2201.834798][T15601]  ? __rcu_read_unlock+0x5c/0x290
[ 2201.839834][T15601]  netlink_rcv_skb+0x14e/0x250
[ 2201.844578][T15601]  ? rtnetlink_bind+0x60/0x60
[ 2201.849345][T15601]  rtnetlink_rcv+0x18/0x20
[ 2201.853738][T15601]  netlink_unicast+0x5fc/0x6c0
[ 2201.858520][T15601]  netlink_sendmsg+0x6e1/0x7d0
[ 2201.863321][T15601]  ? netlink_getsockopt+0x720/0x720
[ 2201.868508][T15601]  ____sys_sendmsg+0x39a/0x510
[ 2201.873265][T15601]  __sys_sendmsg+0x195/0x230
[ 2201.877851][T15601]  ? __xfrm_init_state+0x350/0x820
[ 2201.882985][T15601]  __x64_sys_sendmsg+0x42/0x50
[ 2201.887791][T15601]  do_syscall_64+0x44/0xd0
[ 2201.892201][T15601]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2201.898083][T15601] RIP: 0033:0x7f2ab072eae9
[ 2201.902484][T15601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2201.922253][T15601] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2201.930708][T15601] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2201.938707][T15601] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2201.946710][T15601] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2201.954663][T15601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2201.962614][T15601] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2201.970568][T15601]  </TASK>
[ 2201.973619][T15601] Mem-Info:
[ 2201.976702][T15601] active_anon:10666 inactive_anon:100618 isolated_anon:0
[ 2201.976702][T15601]  active_file:366 inactive_file:179 isolated_file:0
[ 2201.976702][T15601]  unevictable:0 dirty:23 writeback:0
[ 2201.976702][T15601]  slab_reclaimable:7747 slab_unreclaimable:1741851
[ 2201.976702][T15601]  mapped:52523 shmem:358 pagetables:5275 bounce:0
[ 2201.976702][T15601]  kernel_misc_reclaimable:0
[ 2201.976702][T15601]  free:12497 free_pcp:372 free_cma:0
[ 2202.018058][T15601] Node 0 active_anon:42664kB inactive_anon:402472kB active_file:1464kB inactive_file:948kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210092kB dirty:92kB writeback:0kB shmem:1432kB writeback_tmp:0kB kernel_stack:5312kB pagetables:21100kB all_unreclaimable? yes
[ 2202.044557][T15601] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2202.071436][T15601] lowmem_reserve[]: 0 2896 7874 7874
[ 2202.076717][T15601] Node 0 DMA32 free:23284kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:920kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2202.104822][T15601] lowmem_reserve[]: 0 0 4978 4978
[ 2202.109859][T15601] Node 0 Normal free:11344kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42664kB inactive_anon:401552kB active_file:1644kB inactive_file:812kB unevictable:0kB writepending:92kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1360kB local_pcp:1020kB free_cma:0kB
[ 2202.140088][T15601] lowmem_reserve[]: 0 0 0 0
[ 2202.144580][T15601] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2202.157270][T15601] Node 0 DMA32: 249*4kB (UME) 138*8kB (UME) 56*16kB (UME) 50*32kB (UME) 20*64kB (UME) 4*128kB (ME) 4*256kB (M) 3*512kB (UME) 4*1024kB (UM) 3*2048kB (ME) 1*4096kB (M) = 23284kB
[ 2202.174970][T15601] Node 0 Normal: 1502*4kB (UMEH) 489*8kB (UMEH) 89*16kB (UMH) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11344kB
[ 2202.189058][T15601] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2202.198413][T15601] 896 total pagecache pages
[ 2202.202900][T15601] 0 pages in swap cache
[ 2202.207024][T15601] Swap cache stats: add 0, delete 0, find 0/0
[ 2202.213134][T15601] Free swap  = 0kB
[ 2202.216825][T15601] Total swap = 0kB
[ 2202.220534][T15601] 2097051 pages RAM
[ 2202.224319][T15601] 0 pages HighMem/MovableOnly
[ 2202.229012][T15601] 75955 pages reserved
[ 2202.234527][T15601] ------------[ cut here ]------------
[ 2202.240030][T15601] WARNING: CPU: 0 PID: 15601 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2202.250579][T15601] Modules linked in:
[ 2202.254563][T15601] CPU: 0 PID: 15601 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2202.264398][T15601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2202.274491][T15601] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2202.281260][T15601] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2202.301030][T15601] RSP: 0000:ffffc9000148f5f0 EFLAGS: 00010246
[ 2202.307115][T15601] RAX: ffff88812526c000 RBX: ffff8881244bf0b0 RCX: 0000000000000000
[ 2202.315086][T15601] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: ffff8881244bf000
[ 2202.323141][T15601] RBP: ffffc9000148f738 R08: 00018881244bf0b7 R09: 0000000000000000
[ 2202.331148][T15601] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8881244bf0b0
[ 2202.339118][T15601] R13: ffffffff85ec3720 R14: ffff8881244bf000 R15: ffffc9000148f668
[ 2202.347081][T15601] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2202.356133][T15601] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2202.362707][T15601] CR2: 00007f6c97fff423 CR3: 00000001419f6000 CR4: 00000000003506f0
[ 2202.370675][T15601] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2202.378623][T15601] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2202.386601][T15601] Call Trace:
[ 2202.389905][T15601]  <TASK>
[ 2202.392815][T15601]  tcf_block_put_ext+0x2d/0x180
[ 2202.397651][T15601]  tcf_block_put+0x4c/0x70
[ 2202.402065][T15601]  cake_destroy+0x2d/0x50
[ 2202.406478][T15601]  ? cake_reset+0x5d0/0x5d0
[ 2202.410989][T15601]  qdisc_create+0xa82/0xd10
[ 2202.415535][T15601]  ? __nla_parse+0x3c/0x50
[ 2202.419974][T15601]  tc_modify_qdisc+0x64a/0x10b0
[ 2202.424900][T15601]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2202.430789][T15601]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2202.435775][T15601]  ? ___cache_free+0x46/0x300
[ 2202.440503][T15601]  ? packet_rcv+0xc3/0x9d0
[ 2202.444915][T15601]  ? __kfree_skb+0xfe/0x150
[ 2202.449478][T15601]  ? kmem_cache_free+0x5e/0x100
[ 2202.454326][T15601]  ? __kfree_skb+0xfe/0x150
[ 2202.458824][T15601]  ? consume_skb+0x48/0x160
[ 2202.463344][T15601]  ? nlmon_xmit+0x5f/0x70
[ 2202.467670][T15601]  ? __this_cpu_preempt_check+0x18/0x20
[ 2202.473241][T15601]  ? __local_bh_enable_ip+0x4d/0x70
[ 2202.478420][T15601]  ? local_bh_enable+0x1b/0x20
[ 2202.483172][T15601]  ? __dev_queue_xmit+0x597/0xf70
[ 2202.488234][T15601]  ? __skb_clone+0x2db/0x300
[ 2202.492855][T15601]  ? __rcu_read_unlock+0x5c/0x290
[ 2202.497908][T15601]  netlink_rcv_skb+0x14e/0x250
[ 2202.502666][T15601]  ? rtnetlink_bind+0x60/0x60
[ 2202.507371][T15601]  rtnetlink_rcv+0x18/0x20
[ 2202.511778][T15601]  netlink_unicast+0x5fc/0x6c0
[ 2202.516571][T15601]  netlink_sendmsg+0x6e1/0x7d0
[ 2202.521345][T15601]  ? netlink_getsockopt+0x720/0x720
[ 2202.526525][T15601]  ____sys_sendmsg+0x39a/0x510
[ 2202.531329][T15601]  __sys_sendmsg+0x195/0x230
[ 2202.535924][T15601]  ? __xfrm_init_state+0x350/0x820
[ 2202.541174][T15601]  __x64_sys_sendmsg+0x42/0x50
[ 2202.545959][T15601]  do_syscall_64+0x44/0xd0
[ 2202.550440][T15601]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2202.556317][T15601] RIP: 0033:0x7f2ab072eae9
[ 2202.560729][T15601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2202.580377][T15601] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2202.588774][T15601] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2202.596849][T15601] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2202.604896][T15601] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2202.612946][T15601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2202.620944][T15601] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2202.628908][T15601]  </TASK>
[ 2202.631917][T15601] ---[ end trace e45544a13c7e47ca ]---
[ 2202.637926][T15601] ------------[ cut here ]------------
[ 2202.643456][T15601] WARNING: CPU: 0 PID: 15601 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2202.653029][T15601] Modules linked in:
[ 2202.656974][T15601] CPU: 0 PID: 15601 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2202.666775][T15601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2202.676823][T15601] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2202.682456][T15601] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2202.702138][T15601] RSP: 0000:ffffc9000148f628 EFLAGS: 00010246
[ 2202.708199][T15601] RAX: ffffffff83b40f4c RBX: ffff8881244bf088 RCX: 0000000000040000
[ 2202.716297][T15601] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2202.724363][T15601] RBP: ffffc9000148f668 R08: 00018881244bf08f R09: 0000000000000000
[ 2202.732329][T15601] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811f388000
[ 2202.740342][T15601] R13: 0000000000000000 R14: ffffc9000148f7f0 R15: ffff8881244bf000
[ 2202.748307][T15601] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2202.757228][T15601] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2202.763801][T15601] CR2: 00007f6c97fff423 CR3: 00000001419f6000 CR4: 00000000003506f0
[ 2202.771767][T15601] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2202.780257][T15601] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2202.788229][T15601] Call Trace:
[ 2202.791503][T15601]  <TASK>
[ 2202.794414][T15601]  tcf_block_put+0x4c/0x70
[ 2202.798982][T15601]  cake_destroy+0x2d/0x50
[ 2202.803370][T15601]  ? cake_reset+0x5d0/0x5d0
[ 2202.808037][T15601]  qdisc_create+0xa82/0xd10
[ 2202.812585][T15601]  ? __nla_parse+0x3c/0x50
[ 2202.817038][T15601]  tc_modify_qdisc+0x64a/0x10b0
[ 2202.821911][T15601]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2202.827863][T15601]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2202.832838][T15601]  ? ___cache_free+0x46/0x300
[ 2202.837494][T15601]  ? packet_rcv+0xc3/0x9d0
[ 2202.841912][T15601]  ? __kfree_skb+0xfe/0x150
[ 2202.846401][T15601]  ? kmem_cache_free+0x5e/0x100
[ 2202.851269][T15601]  ? __kfree_skb+0xfe/0x150
[ 2202.855785][T15601]  ? consume_skb+0x48/0x160
[ 2202.860281][T15601]  ? nlmon_xmit+0x5f/0x70
[ 2202.864602][T15601]  ? __this_cpu_preempt_check+0x18/0x20
[ 2202.870138][T15601]  ? __local_bh_enable_ip+0x4d/0x70
[ 2202.875370][T15601]  ? local_bh_enable+0x1b/0x20
[ 2202.880260][T15601]  ? __dev_queue_xmit+0x597/0xf70
[ 2202.885295][T15601]  ? __skb_clone+0x2db/0x300
[ 2202.889951][T15601]  ? __rcu_read_unlock+0x5c/0x290
[ 2202.895020][T15601]  netlink_rcv_skb+0x14e/0x250
[ 2202.899785][T15601]  ? rtnetlink_bind+0x60/0x60
[ 2202.904457][T15601]  rtnetlink_rcv+0x18/0x20
[ 2202.908851][T15601]  netlink_unicast+0x5fc/0x6c0
[ 2202.913666][T15601]  netlink_sendmsg+0x6e1/0x7d0
[ 2202.918521][T15601]  ? netlink_getsockopt+0x720/0x720
[ 2202.923728][T15601]  ____sys_sendmsg+0x39a/0x510
[ 2202.928534][T15601]  __sys_sendmsg+0x195/0x230
[ 2202.933123][T15601]  ? __xfrm_init_state+0x350/0x820
[ 2202.938232][T15601]  __x64_sys_sendmsg+0x42/0x50
[ 2202.943056][T15601]  do_syscall_64+0x44/0xd0
[ 2202.947508][T15601]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2202.953455][T15601] RIP: 0033:0x7f2ab072eae9
[ 2202.957938][T15601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2202.977779][T15601] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2202.986259][T15601] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2202.994268][T15601] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2203.002232][T15601] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2203.010226][T15601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2203.018180][T15601] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2203.026184][T15601]  </TASK>
[ 2203.029240][T15601] ---[ end trace e45544a13c7e47cb ]---
[ 2203.036225][T15601] ------------[ cut here ]------------
[ 2203.041773][T15601] WARNING: CPU: 0 PID: 15601 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2203.051323][T15601] Modules linked in:
[ 2203.055202][T15601] CPU: 0 PID: 15601 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2203.065009][T15601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2203.075079][T15601] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2203.080695][T15601] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2203.100346][T15601] RSP: 0000:ffffc9000148f5d8 EFLAGS: 00010246
[ 2203.106518][T15601] RAX: ffffffff83b414a7 RBX: ffff8881244bf0a0 RCX: 0000000000040000
[ 2203.114548][T15601] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2203.122574][T15601] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2203.130608][T15601] R10: 0001ffffffffffff R11: 00018881244bf0a0 R12: ffff8881244bf050
[ 2203.138598][T15601] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff8881244bf000
[ 2203.146607][T15601] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2203.155617][T15601] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2203.162192][T15601] CR2: 00007f6c97fff423 CR3: 00000001419f6000 CR4: 00000000003506f0
[ 2203.170298][T15601] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2203.178595][T15601] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2203.186566][T15601] Call Trace:
[ 2203.189840][T15601]  <TASK>
[ 2203.192787][T15601]  tcf_block_put_ext+0xe5/0x180
[ 2203.197642][T15601]  tcf_block_put+0x4c/0x70
[ 2203.202092][T15601]  cake_destroy+0x2d/0x50
[ 2203.206520][T15601]  ? cake_reset+0x5d0/0x5d0
[ 2203.211032][T15601]  qdisc_create+0xa82/0xd10
[ 2203.215516][T15601]  ? __nla_parse+0x3c/0x50
[ 2203.219930][T15601]  tc_modify_qdisc+0x64a/0x10b0
[ 2203.224777][T15601]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2203.230743][T15601]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2203.235676][T15601]  ? ___cache_free+0x46/0x300
[ 2203.240398][T15601]  ? packet_rcv+0xc3/0x9d0
[ 2203.244792][T15601]  ? __kfree_skb+0xfe/0x150
[ 2203.249341][T15601]  ? kmem_cache_free+0x5e/0x100
[ 2203.254204][T15601]  ? __kfree_skb+0xfe/0x150
[ 2203.258776][T15601]  ? consume_skb+0x48/0x160
[ 2203.263304][T15601]  ? nlmon_xmit+0x5f/0x70
[ 2203.267686][T15601]  ? __this_cpu_preempt_check+0x18/0x20
[ 2203.273224][T15601]  ? __local_bh_enable_ip+0x4d/0x70
[ 2203.278553][T15601]  ? local_bh_enable+0x1b/0x20
[ 2203.283330][T15601]  ? __dev_queue_xmit+0x597/0xf70
[ 2203.288356][T15601]  ? __skb_clone+0x2db/0x300
[ 2203.292941][T15601]  ? __rcu_read_unlock+0x5c/0x290
[ 2203.297949][T15601]  netlink_rcv_skb+0x14e/0x250
[ 2203.302751][T15601]  ? rtnetlink_bind+0x60/0x60
[ 2203.307406][T15601]  rtnetlink_rcv+0x18/0x20
[ 2203.311812][T15601]  netlink_unicast+0x5fc/0x6c0
[ 2203.316625][T15601]  netlink_sendmsg+0x6e1/0x7d0
[ 2203.321380][T15601]  ? netlink_getsockopt+0x720/0x720
[ 2203.326589][T15601]  ____sys_sendmsg+0x39a/0x510
[ 2203.331349][T15601]  __sys_sendmsg+0x195/0x230
[ 2203.335920][T15601]  ? __xfrm_init_state+0x350/0x820
[ 2203.341040][T15601]  __x64_sys_sendmsg+0x42/0x50
[ 2203.345808][T15601]  do_syscall_64+0x44/0xd0
[ 2203.350249][T15601]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2203.356141][T15601] RIP: 0033:0x7f2ab072eae9
[ 2203.360580][T15601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2203.380233][T15601] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2203.388653][T15601] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2203.396693][T15601] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2203.404704][T15601] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2203.412688][T15601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2203.420734][T15601] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2203.428865][T15601]  </TASK>
[ 2203.431916][T15601] ---[ end trace e45544a13c7e47cc ]---
[ 2203.442000][T15604] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2203.453214][T15603] ------------[ cut here ]------------
[ 2203.458670][T15603] WARNING: CPU: 0 PID: 15603 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2203.469291][T15603] Modules linked in:
[ 2203.473182][T15603] CPU: 0 PID: 15603 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2203.483016][T15603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2203.493121][T15603] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2203.499902][T15603] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2203.519571][T15603] RSP: 0000:ffffc9000152f5f0 EFLAGS: 00010246
[ 2203.525700][T15603] RAX: ffff888120bde000 RBX: ffff88811d6fa8b0 RCX: 0000000000000000
[ 2203.533697][T15603] RDX: ffffc90007ee9000 RSI: 0000000000001ebf RDI: ffff88811d6fa800
[ 2203.541735][T15603] RBP: ffffc9000152f738 R08: 000188811d6fa8b7 R09: 0000000000000000
[ 2203.549746][T15603] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811d6fa8b0
[ 2203.557734][T15603] R13: ffffffff85ec3720 R14: ffff88811d6fa800 R15: ffffc9000152f668
[ 2203.565824][T15603] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2203.574770][T15603] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2203.581388][T15603] CR2: 00007f6c97fff423 CR3: 00000001419f6000 CR4: 00000000003506f0
[ 2203.589382][T15603] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2203.597361][T15603] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2203.605397][T15603] Call Trace:
[ 2203.608678][T15603]  <TASK>
[ 2203.611665][T15603]  tcf_block_put_ext+0x2d/0x180
[ 2203.616530][T15603]  tcf_block_put+0x4c/0x70
[ 2203.620991][T15603]  cake_destroy+0x2d/0x50
[ 2203.625325][T15603]  ? cake_reset+0x5d0/0x5d0
[ 2203.629889][T15603]  qdisc_create+0xa82/0xd10
[ 2203.634475][T15603]  ? __nla_parse+0x3c/0x50
[ 2203.638930][T15603]  tc_modify_qdisc+0x64a/0x10b0
[ 2203.643839][T15603]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2203.649838][T15603]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2203.654907][T15603]  ? ___cache_free+0x46/0x300
[ 2203.659613][T15603]  ? packet_rcv+0xc3/0x9d0
[ 2203.664029][T15603]  ? __kfree_skb+0xfe/0x150
[ 2203.668608][T15603]  ? kmem_cache_free+0x5e/0x100
[ 2203.673506][T15603]  ? __kfree_skb+0xfe/0x150
[ 2203.678016][T15603]  ? consume_skb+0x48/0x160
[ 2203.682642][T15603]  ? nlmon_xmit+0x5f/0x70
[ 2203.686999][T15603]  ? __this_cpu_preempt_check+0x18/0x20
[ 2203.692593][T15603]  ? __local_bh_enable_ip+0x4d/0x70
[ 2203.697794][T15603]  ? local_bh_enable+0x1b/0x20
[ 2203.702668][T15603]  ? __dev_queue_xmit+0x597/0xf70
[ 2203.707707][T15603]  ? __skb_clone+0x2db/0x300
[ 2203.712329][T15603]  ? __rcu_read_unlock+0x5c/0x290
[ 2203.717400][T15603]  netlink_rcv_skb+0x14e/0x250
[ 2203.722238][T15603]  ? rtnetlink_bind+0x60/0x60
[ 2203.727135][T15603]  rtnetlink_rcv+0x18/0x20
[ 2203.731672][T15603]  netlink_unicast+0x5fc/0x6c0
[ 2203.736487][T15603]  netlink_sendmsg+0x6e1/0x7d0
[ 2203.741293][T15603]  ? netlink_getsockopt+0x720/0x720
[ 2203.746527][T15603]  ____sys_sendmsg+0x39a/0x510
[ 2203.751327][T15603]  __sys_sendmsg+0x195/0x230
[ 2203.755923][T15603]  ? __xfrm_init_state+0x350/0x820
[ 2203.761158][T15603]  __x64_sys_sendmsg+0x42/0x50
[ 2203.766015][T15603]  do_syscall_64+0x44/0xd0
[ 2203.770511][T15603]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2203.776445][T15603] RIP: 0033:0x7f2ab072eae9
[ 2203.780881][T15603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2203.800511][T15603] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2203.808929][T15603] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 2203.816925][T15603] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2203.824931][T15603] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2203.833076][T15603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2203.841076][T15603] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 2203.849107][T15603]  </TASK>
[ 2203.852124][T15603] ---[ end trace e45544a13c7e47cd ]---
[ 2203.858273][T15603] ------------[ cut here ]------------
[ 2203.863846][T15603] WARNING: CPU: 0 PID: 15603 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2203.873431][T15603] Modules linked in:
[ 2203.877421][T15603] CPU: 0 PID: 15603 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2203.887254][T15603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2203.897390][T15603] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2203.903116][T15603] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2203.922760][T15603] RSP: 0000:ffffc9000152f628 EFLAGS: 00010283
[ 2203.928840][T15603] RAX: ffffffff83b40f4c RBX: ffff88811d6fa888 RCX: 0000000000040000
[ 2203.936863][T15603] RDX: ffffc90007ee9000 RSI: 00000000000374b9 RDI: 00000000000374ba
[ 2203.944857][T15603] RBP: ffffc9000152f668 R08: 000188811d6fa88f R09: 0000000000000000
[ 2203.952852][T15603] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811f388000
[ 2203.960878][T15603] R13: 0000000000000000 R14: ffffc9000152f7f0 R15: ffff88811d6fa800
[ 2203.968848][T15603] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2203.977877][T15603] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2203.984499][T15603] CR2: 00007f6c97fff423 CR3: 00000001419f6000 CR4: 00000000003506f0
[ 2203.992575][T15603] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2204.000579][T15603] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2204.008549][T15603] Call Trace:
[ 2204.011922][T15603]  <TASK>
[ 2204.014880][T15603]  tcf_block_put+0x4c/0x70
[ 2204.019337][T15603]  cake_destroy+0x2d/0x50
[ 2204.023687][T15603]  ? cake_reset+0x5d0/0x5d0
[ 2204.028204][T15603]  qdisc_create+0xa82/0xd10
[ 2204.032762][T15603]  ? __nla_parse+0x3c/0x50
[ 2204.037189][T15603]  tc_modify_qdisc+0x64a/0x10b0
[ 2204.042134][T15603]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2204.048034][T15603]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2204.053062][T15603]  ? ___cache_free+0x46/0x300
[ 2204.057820][T15603]  ? packet_rcv+0xc3/0x9d0
[ 2204.062357][T15603]  ? __kfree_skb+0xfe/0x150
[ 2204.066957][T15603]  ? kmem_cache_free+0x5e/0x100
[ 2204.071894][T15603]  ? __kfree_skb+0xfe/0x150
[ 2204.076412][T15603]  ? consume_skb+0x48/0x160
[ 2204.081056][T15603]  ? nlmon_xmit+0x5f/0x70
[ 2204.085389][T15603]  ? __this_cpu_preempt_check+0x18/0x20
[ 2204.090958][T15603]  ? __local_bh_enable_ip+0x4d/0x70
[ 2204.096185][T15603]  ? local_bh_enable+0x1b/0x20
[ 2204.101058][T15603]  ? __dev_queue_xmit+0x597/0xf70
[ 2204.106173][T15603]  ? __skb_clone+0x2db/0x300
[ 2204.110914][T15603]  ? __rcu_read_unlock+0x5c/0x290
[ 2204.115938][T15603]  netlink_rcv_skb+0x14e/0x250
[ 2204.120746][T15603]  ? rtnetlink_bind+0x60/0x60
[ 2204.125429][T15603]  rtnetlink_rcv+0x18/0x20
[ 2204.129870][T15603]  netlink_unicast+0x5fc/0x6c0
[ 2204.134709][T15603]  netlink_sendmsg+0x6e1/0x7d0
[ 2204.139511][T15603]  ? netlink_getsockopt+0x720/0x720
[ 2204.144944][T15603]  ____sys_sendmsg+0x39a/0x510
[ 2204.149742][T15603]  __sys_sendmsg+0x195/0x230
[ 2204.154334][T15603]  ? __xfrm_init_state+0x350/0x820
[ 2204.159540][T15603]  __x64_sys_sendmsg+0x42/0x50
[ 2204.164310][T15603]  do_syscall_64+0x44/0xd0
[ 2204.168734][T15603]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2204.174783][T15603] RIP: 0033:0x7f2ab072eae9
[ 2204.179213][T15603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2204.198901][T15603] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2204.207337][T15603] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 2204.215346][T15603] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2204.223338][T15603] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2204.231332][T15603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2204.239337][T15603] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 2204.247334][T15603]  </TASK>
[ 2204.250423][T15603] ---[ end trace e45544a13c7e47ce ]---
[ 2204.257392][T15603] ------------[ cut here ]------------
[ 2204.262866][T15603] WARNING: CPU: 0 PID: 15603 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2204.272378][T15603] Modules linked in:
[ 2204.276264][T15603] CPU: 0 PID: 15603 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2204.286081][T15603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2204.296198][T15603] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2204.301909][T15603] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2204.321548][T15603] RSP: 0000:ffffc9000152f5d8 EFLAGS: 00010246
[ 2204.327616][T15603] RAX: ffffffff83b414a7 RBX: ffff88811d6fa8a0 RCX: 0000000000040000
[ 2204.335688][T15603] RDX: ffffc90007ee9000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2204.343701][T15603] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2204.351702][T15603] R10: 0001ffffffffffff R11: 000188811d6fa8a0 R12: ffff88811d6fa850
[ 2204.359698][T15603] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811d6fa800
[ 2204.367673][T15603] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2204.376634][T15603] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2204.383292][T15603] CR2: 00007f6c97fff423 CR3: 00000001419f6000 CR4: 00000000003506f0
[ 2204.391289][T15603] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2204.399267][T15603] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2204.407239][T15603] Call Trace:
[ 2204.410535][T15603]  <TASK>
[ 2204.413462][T15603]  tcf_block_put_ext+0xe5/0x180
[ 2204.418358][T15603]  tcf_block_put+0x4c/0x70
[ 2204.422879][T15603]  cake_destroy+0x2d/0x50
[ 2204.427267][T15603]  ? cake_reset+0x5d0/0x5d0
[ 2204.431868][T15603]  qdisc_create+0xa82/0xd10
[ 2204.436456][T15603]  ? __nla_parse+0x3c/0x50
[ 2204.441014][T15603]  tc_modify_qdisc+0x64a/0x10b0
[ 2204.445919][T15603]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2204.451834][T15603]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2204.456792][T15603]  ? ___cache_free+0x46/0x300
[ 2204.461487][T15603]  ? packet_rcv+0xc3/0x9d0
[ 2204.465935][T15603]  ? __kfree_skb+0xfe/0x150
[ 2204.470527][T15603]  ? kmem_cache_free+0x5e/0x100
[ 2204.475474][T15603]  ? __kfree_skb+0xfe/0x150
[ 2204.480430][T15603]  ? consume_skb+0x48/0x160
[ 2204.485006][T15603]  ? nlmon_xmit+0x5f/0x70
[ 2204.489355][T15603]  ? __this_cpu_preempt_check+0x18/0x20
[ 2204.494937][T15603]  ? __local_bh_enable_ip+0x4d/0x70
[ 2204.500162][T15603]  ? local_bh_enable+0x1b/0x20
[ 2204.505091][T15603]  ? __dev_queue_xmit+0x597/0xf70
[ 2204.510192][T15603]  ? __skb_clone+0x2db/0x300
[ 2204.514867][T15603]  ? __rcu_read_unlock+0x5c/0x290
[ 2204.519949][T15603]  netlink_rcv_skb+0x14e/0x250
[ 2204.524716][T15603]  ? rtnetlink_bind+0x60/0x60
[ 2204.529417][T15603]  rtnetlink_rcv+0x18/0x20
[ 2204.533860][T15603]  netlink_unicast+0x5fc/0x6c0
[ 2204.538624][T15603]  netlink_sendmsg+0x6e1/0x7d0
[ 2204.543485][T15603]  ? netlink_getsockopt+0x720/0x720
[ 2204.548731][T15603]  ____sys_sendmsg+0x39a/0x510
[ 2204.553531][T15603]  __sys_sendmsg+0x195/0x230
[ 2204.558173][T15603]  ? __xfrm_init_state+0x350/0x820
[ 2204.563345][T15603]  __x64_sys_sendmsg+0x42/0x50
[ 2204.568180][T15603]  do_syscall_64+0x44/0xd0
[ 2204.572618][T15603]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2204.578526][T15603] RIP: 0033:0x7f2ab072eae9
[ 2204.582954][T15603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2204.602716][T15603] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2204.611154][T15603] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 2204.619311][T15603] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2204.627279][T15603] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2204.635297][T15603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2204.643328][T15603] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 2204.651317][T15603]  </TASK>
[ 2204.654331][T15603] ---[ end trace e45544a13c7e47cf ]---
[ 2214.355377][T15609] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
18:56:32 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x4}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 2217.953059][T15610] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 2217.961665][T15610] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2217.971376][T15612] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2273.470718][T15823] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2273.515226][T15825] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2277.039297][T15822] warn_alloc: 1 callbacks suppressed
[ 2277.039313][T15822] syz-executor.3: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0
[ 2277.061049][T15822] CPU: 1 PID: 15822 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2277.070938][T15822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2277.081025][T15822] Call Trace:
[ 2277.084378][T15822]  <TASK>
[ 2277.087343][T15822]  dump_stack_lvl+0xd6/0x122
[ 2277.091996][T15822]  dump_stack+0x11/0x1b
[ 2277.096217][T15822]  warn_alloc+0x132/0x190
[ 2277.100532][T15822]  __vmalloc_node_range+0x58b/0x690
[ 2277.105753][T15822]  dup_task_struct+0x496/0x680
[ 2277.110637][T15822]  ? copy_process+0x3f4/0x2fc0
[ 2277.115470][T15822]  copy_process+0x3f4/0x2fc0
[ 2277.120057][T15822]  ? do_nanosleep+0x2ff/0x3a0
[ 2277.124846][T15822]  kernel_clone+0x15c/0x6a0
[ 2277.129351][T15822]  __x64_sys_clone+0xc6/0xf0
[ 2277.133934][T15822]  do_syscall_64+0x44/0xd0
[ 2277.138473][T15822]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2277.144411][T15822] RIP: 0033:0x7fd36aa9cf11
[ 2277.148823][T15822] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 2277.168541][T15822] RSP: 002b:00007ffcf4adf178 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2277.176988][T15822] RAX: ffffffffffffffda RBX: 00007fd3687f1700 RCX: 00007fd36aa9cf11
[ 2277.184992][T15822] RDX: 00007fd3687f19d0 RSI: 00007fd3687f12f0 RDI: 00000000003d0f00
[ 2277.193062][T15822] RBP: 00007ffcf4adf3b0 R08: 00007fd3687f1700 R09: 00007fd3687f1700
[ 2277.201010][T15822] R10: 00007fd3687f19d0 R11: 0000000000000206 R12: 00007ffcf4adf22e
[ 2277.209314][T15822] R13: 00007ffcf4adf22f R14: 00007fd3687f1300 R15: 00005555555e8820
[ 2277.217390][T15822]  </TASK>
[ 2277.220425][T15822] Mem-Info:
[ 2277.223514][T15822] active_anon:10680 inactive_anon:100606 isolated_anon:0
[ 2277.223514][T15822]  active_file:355 inactive_file:171 isolated_file:0
[ 2277.223514][T15822]  unevictable:0 dirty:11 writeback:0
[ 2277.223514][T15822]  slab_reclaimable:7747 slab_unreclaimable:1741968
[ 2277.223514][T15822]  mapped:52598 shmem:371 pagetables:5315 bounce:0
[ 2277.223514][T15822]  kernel_misc_reclaimable:0
[ 2277.223514][T15822]  free:12367 free_pcp:243 free_cma:0
[ 2277.229727][T15902] ------------[ cut here ]------------
[ 2277.264731][T15822] Node 0 active_anon:42720kB inactive_anon:402424kB active_file:1420kB inactive_file:684kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210392kB dirty:44kB writeback:0kB shmem:1484kB writeback_tmp:0kB kernel_stack:5280kB pagetables:21260kB all_unreclaimable? yes
[ 2277.270197][T15902] WARNING: CPU: 0 PID: 15902 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2277.296475][T15822] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2277.306979][T15902] Modules linked in:
[ 2277.306991][T15902] CPU: 0 PID: 15902 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2277.333740][T15822] lowmem_reserve[]:
[ 2277.337596][T15902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2277.347444][T15822]  0
[ 2277.351232][T15902] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2277.351294][T15902] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2277.361342][T15822]  2896 7874
[ 2277.363817][T15902] RSP: 0000:ffffc900016235f0 EFLAGS: 00010246
[ 2277.370475][T15822]  7874
[ 2277.370518][T15822] Node 0 DMA32 free:23292kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:0KB active_anon:0kB inactive_anon:916kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2277.390146][T15902] 
[ 2277.390151][T15902] RAX: ffff88811ccbc000 RBX: ffff8881265e30b0 RCX: 0000000000000000
[ 2277.390166][T15902] RDX: ffffc900016b5000 RSI: 000000000000aba5 RDI: ffff8881265e3000
[ 2277.393345][T15822] lowmem_reserve[]: 0
[ 2277.399405][T15902] RBP: ffffc90001623738 R08: 00018881265e30b7 R09: 0000000000000000
[ 2277.399420][T15902] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8881265e30b0
[ 2277.402202][T15822]  0 4978 4978
[ 2277.402220][T15822] Node 0 Normal free:10816kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42720kB inactive_anon:401508kB active_file:1456kB inactive_file:724kB unevictable:0kB writepending:44kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:972kB local_pcp:464kB free_cma:0kB
[ 2277.430252][T15902] R13: ffffffff85ec3720 R14: ffff8881265e3000 R15: ffffc90001623668
[ 2277.432568][T15822] lowmem_reserve[]: 0 0
[ 2277.440565][T15902] FS:  00007f0d9ea5f700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2277.448598][T15822]  0 0
[ 2277.452600][T15902] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2277.452616][T15902] CR2: 00005611d2156a3f CR3: 000000011e60d000 CR4: 00000000003506f0
[ 2277.452633][T15902] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2277.452645][T15902] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2277.460615][T15822] 
[ 2277.460621][T15822] Node 0 DMA: 
[ 2277.468577][T15902] Call Trace:
[ 2277.468585][T15902]  <TASK>
[ 2277.471940][T15822] 0*4kB 0*8kB 0*16kB 
[ 2277.501888][T15902]  tcf_block_put_ext+0x2d/0x180
[ 2277.509833][T15822] 0*32kB 0*64kB 
[ 2277.513963][T15902]  tcf_block_put+0x4c/0x70
[ 2277.522935][T15822] 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2277.525669][T15902]  cake_destroy+0x2d/0x50
[ 2277.532255][T15822] Node 0 
[ 2277.540208][T15902]  ? cake_reset+0x5d0/0x5d0
[ 2277.540239][T15902]  qdisc_create+0xa82/0xd10
[ 2277.548179][T15822] DMA32: 249*4kB 
[ 2277.556142][T15902]  ? __nla_parse+0x3c/0x50
[ 2277.558457][T15822] (UME) 137*8kB 
[ 2277.561830][T15902]  tc_modify_qdisc+0x64a/0x10b0
[ 2277.565089][T15822] (UME) 55*16kB 
[ 2277.568007][T15902]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2277.571968][T15822] (UME) 49*32kB (UME) 19*64kB (UME) 5*128kB (ME) 
[ 2277.576867][T15902]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2277.580399][T15822] 4*256kB 
[ 2277.584795][T15902]  ? ___cache_free+0x46/0x300
[ 2277.593373][T15822] (M) 3*512kB 
[ 2277.597670][T15902]  ? packet_rcv+0xc3/0x9d0
[ 2277.600594][T15822] (UME) 4*1024kB 
[ 2277.605068][T15902]  ? __kfree_skb+0xfe/0x150
[ 2277.609584][T15822] (UM) 3*2048kB (ME) 1*4096kB (M) = 23292kB
[ 2277.609615][T15822] Node 0 Normal: 1564*4kB 
[ 2277.613224][T15902]  ? kmem_cache_free+0x5e/0x100
[ 2277.617618][T15822] (UMEH) 
[ 2277.621158][T15902]  ? __kfree_skb+0xfe/0x150
[ 2277.625977][T15822] 424*8kB 
[ 2277.629512][T15902]  ? consume_skb+0x48/0x160
[ 2277.635385][T15822] (UMEH) 73*16kB 
[ 2277.641788][T15902]  ? nlmon_xmit+0x5f/0x70
[ 2277.646694][T15822] (UMH) 0*32kB 
[ 2277.649718][T15902]  ? __this_cpu_preempt_check+0x18/0x20
[ 2277.654373][T15822] 0*64kB 
[ 2277.657718][T15902]  ? __local_bh_enable_ip+0x4d/0x70
[ 2277.662132][T15822] 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10816kB
[ 2277.662257][T15822] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2277.665862][T15902]  ? local_bh_enable+0x1b/0x20
[ 2277.670351][T15822] 953 total pagecache pages
[ 2277.676217][T15902]  ? __dev_queue_xmit+0x597/0xf70
[ 2277.680633][T15822] 0 pages in swap cache
[ 2277.680640][T15822] Swap cache stats: add 0, delete 0, find 0/0
[ 2277.685458][T15902]  ? __skb_clone+0x2db/0x300
[ 2277.688368][T15822] Free swap  = 0kB
[ 2277.688375][T15822] Total swap = 0kB
[ 2277.688431][T15822] 2097051 pages RAM
[ 2277.692894][T15902]  ? __rcu_read_unlock+0x5c/0x290
[ 2277.695891][T15822] 0 pages HighMem/MovableOnly
[ 2277.695898][T15822] 75955 pages reserved
[ 2277.700384][T15902]  netlink_rcv_skb+0x14e/0x250
[ 2277.801150][T15902]  ? rtnetlink_bind+0x60/0x60
[ 2277.805883][T15902]  rtnetlink_rcv+0x18/0x20
[ 2277.810446][T15902]  netlink_unicast+0x5fc/0x6c0
[ 2277.815218][T15902]  netlink_sendmsg+0x6e1/0x7d0
[ 2277.820003][T15902]  ? netlink_getsockopt+0x720/0x720
[ 2277.825270][T15902]  ____sys_sendmsg+0x39a/0x510
[ 2277.830113][T15902]  __sys_sendmsg+0x195/0x230
[ 2277.834717][T15902]  __x64_sys_sendmsg+0x42/0x50
18:58:00 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffef]}]}}]}, 0x434}}, 0x0)

18:58:00 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8848, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 2277.839614][T15902]  do_syscall_64+0x44/0xd0
[ 2277.844049][T15902]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2277.850055][T15902] RIP: 0033:0x7f0da0d09ae9
[ 2277.854499][T15902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2277.874143][T15902] RSP: 002b:00007f0d9ea5f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2277.882631][T15902] RAX: ffffffffffffffda RBX: 00007f0da0e1d020 RCX: 00007f0da0d09ae9
[ 2277.890678][T15902] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2277.898646][T15902] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2277.906655][T15902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2277.914762][T15902] R13: 00007ffc810aceef R14: 00007f0d9ea5f300 R15: 0000000000022000
[ 2277.922843][T15902]  </TASK>
[ 2277.925856][T15902] ---[ end trace e45544a13c7e47d0 ]---
[ 2277.931915][T15902] ------------[ cut here ]------------
[ 2277.937455][T15902] WARNING: CPU: 0 PID: 15902 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2277.947042][T15902] Modules linked in:
[ 2277.951020][T15902] CPU: 0 PID: 15902 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2277.960878][T15902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2277.970939][T15902] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2277.976586][T15902] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2277.996301][T15902] RSP: 0000:ffffc90001623628 EFLAGS: 00010246
[ 2278.002382][T15902] RAX: ffffffff83b40f4c RBX: ffff8881265e3088 RCX: 0000000000040000
[ 2278.010378][T15902] RDX: ffffc900016b5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2278.018401][T15902] RBP: ffffc90001623668 R08: 00018881265e308f R09: 0000000000000000
[ 2278.026387][T15902] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b50000
[ 2278.034425][T15902] R13: 0000000000000000 R14: ffffc900016237f0 R15: ffff8881265e3000
[ 2278.042416][T15902] FS:  00007f0d9ea5f700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2278.051374][T15902] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2278.058029][T15902] CR2: 00005611d2156a3f CR3: 000000011e60d000 CR4: 00000000003506f0
[ 2278.066024][T15902] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2278.074009][T15902] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2278.082007][T15902] Call Trace:
[ 2278.085289][T15902]  <TASK>
[ 2278.088212][T15902]  tcf_block_put+0x4c/0x70
[ 2278.092706][T15902]  cake_destroy+0x2d/0x50
[ 2278.097134][T15902]  ? cake_reset+0x5d0/0x5d0
[ 2278.101749][T15902]  qdisc_create+0xa82/0xd10
[ 2278.106372][T15902]  ? __nla_parse+0x3c/0x50
[ 2278.110818][T15902]  tc_modify_qdisc+0x64a/0x10b0
[ 2278.115756][T15902]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2278.121673][T15902]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2278.126616][T15902]  ? ___cache_free+0x46/0x300
[ 2278.131318][T15902]  ? packet_rcv+0xc3/0x9d0
[ 2278.135738][T15902]  ? __kfree_skb+0xfe/0x150
[ 2278.140269][T15902]  ? kmem_cache_free+0x5e/0x100
[ 2278.145180][T15902]  ? __kfree_skb+0xfe/0x150
[ 2278.149714][T15902]  ? consume_skb+0x48/0x160
[ 2278.154218][T15902]  ? nlmon_xmit+0x5f/0x70
[ 2278.158547][T15902]  ? __this_cpu_preempt_check+0x18/0x20
[ 2278.164142][T15902]  ? __local_bh_enable_ip+0x4d/0x70
[ 2278.169480][T15902]  ? local_bh_enable+0x1b/0x20
[ 2278.174322][T15902]  ? __dev_queue_xmit+0x597/0xf70
[ 2278.179368][T15902]  ? __skb_clone+0x2db/0x300
[ 2278.184063][T15902]  ? __rcu_read_unlock+0x5c/0x290
[ 2278.189156][T15902]  netlink_rcv_skb+0x14e/0x250
[ 2278.193931][T15902]  ? rtnetlink_bind+0x60/0x60
[ 2278.198612][T15902]  rtnetlink_rcv+0x18/0x20
[ 2278.203042][T15902]  netlink_unicast+0x5fc/0x6c0
[ 2278.207905][T15902]  netlink_sendmsg+0x6e1/0x7d0
[ 2278.212717][T15902]  ? netlink_getsockopt+0x720/0x720
[ 2278.217924][T15902]  ____sys_sendmsg+0x39a/0x510
[ 2278.222749][T15902]  __sys_sendmsg+0x195/0x230
[ 2278.227359][T15902]  __x64_sys_sendmsg+0x42/0x50
[ 2278.232180][T15902]  do_syscall_64+0x44/0xd0
[ 2278.236677][T15902]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2278.242640][T15902] RIP: 0033:0x7f0da0d09ae9
[ 2278.247047][T15902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2278.266733][T15902] RSP: 002b:00007f0d9ea5f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2278.275203][T15902] RAX: ffffffffffffffda RBX: 00007f0da0e1d020 RCX: 00007f0da0d09ae9
[ 2278.283291][T15902] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2278.291280][T15902] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2278.299260][T15902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2278.307225][T15902] R13: 00007ffc810aceef R14: 00007f0d9ea5f300 R15: 0000000000022000
[ 2278.315274][T15902]  </TASK>
[ 2278.318286][T15902] ---[ end trace e45544a13c7e47d1 ]---
[ 2278.325155][T15902] ------------[ cut here ]------------
[ 2278.330628][T15902] WARNING: CPU: 0 PID: 15902 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2278.340113][T15902] Modules linked in:
[ 2278.344076][T15902] CPU: 0 PID: 15902 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2278.353970][T15902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2278.364205][T15902] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2278.369776][T15902] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2278.389408][T15902] RSP: 0000:ffffc900016235d8 EFLAGS: 00010246
[ 2278.395531][T15902] RAX: ffffffff83b414a7 RBX: ffff8881265e30a0 RCX: 0000000000040000
[ 2278.403533][T15902] RDX: ffffc900016b5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2278.411527][T15902] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2278.419613][T15902] R10: 0001ffffffffffff R11: 00018881265e30a0 R12: ffff8881265e3050
[ 2278.427611][T15902] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff8881265e3000
[ 2278.435600][T15902] FS:  00007f0d9ea5f700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2278.444550][T15902] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2278.451190][T15902] CR2: 00005611d2156a3f CR3: 000000011e60d000 CR4: 00000000003506f0
[ 2278.459174][T15902] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2278.467254][T15902] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2278.475248][T15902] Call Trace:
[ 2278.478522][T15902]  <TASK>
[ 2278.481814][T15902]  tcf_block_put_ext+0xe5/0x180
[ 2278.486675][T15902]  tcf_block_put+0x4c/0x70
[ 2278.491173][T15902]  cake_destroy+0x2d/0x50
[ 2278.495533][T15902]  ? cake_reset+0x5d0/0x5d0
[ 2278.500055][T15902]  qdisc_create+0xa82/0xd10
[ 2278.504567][T15902]  ? __nla_parse+0x3c/0x50
[ 2278.509011][T15902]  tc_modify_qdisc+0x64a/0x10b0
[ 2278.513949][T15902]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2278.519865][T15902]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2278.524858][T15902]  ? ___cache_free+0x46/0x300
[ 2278.529612][T15902]  ? packet_rcv+0xc3/0x9d0
[ 2278.534029][T15902]  ? __kfree_skb+0xfe/0x150
[ 2278.538584][T15902]  ? kmem_cache_free+0x5e/0x100
[ 2278.543459][T15902]  ? __kfree_skb+0xfe/0x150
[ 2278.547965][T15902]  ? consume_skb+0x48/0x160
[ 2278.552585][T15902]  ? nlmon_xmit+0x5f/0x70
[ 2278.556984][T15902]  ? __this_cpu_preempt_check+0x18/0x20
[ 2278.562585][T15902]  ? __local_bh_enable_ip+0x4d/0x70
[ 2278.567782][T15902]  ? local_bh_enable+0x1b/0x20
[ 2278.572569][T15902]  ? __dev_queue_xmit+0x597/0xf70
[ 2278.577603][T15902]  ? __skb_clone+0x2db/0x300
[ 2278.582211][T15902]  ? __rcu_read_unlock+0x5c/0x290
[ 2278.587239][T15902]  netlink_rcv_skb+0x14e/0x250
[ 2278.592120][T15902]  ? rtnetlink_bind+0x60/0x60
[ 2278.596866][T15902]  rtnetlink_rcv+0x18/0x20
[ 2278.601297][T15902]  netlink_unicast+0x5fc/0x6c0
[ 2278.606085][T15902]  netlink_sendmsg+0x6e1/0x7d0
[ 2278.610969][T15902]  ? netlink_getsockopt+0x720/0x720
[ 2278.616214][T15902]  ____sys_sendmsg+0x39a/0x510
[ 2278.621073][T15902]  __sys_sendmsg+0x195/0x230
[ 2278.625670][T15902]  __x64_sys_sendmsg+0x42/0x50
[ 2278.630515][T15902]  do_syscall_64+0x44/0xd0
[ 2278.634958][T15902]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2278.640917][T15902] RIP: 0033:0x7f0da0d09ae9
[ 2278.645334][T15902] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2278.664971][T15902] RSP: 002b:00007f0d9ea5f188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2278.673421][T15902] RAX: ffffffffffffffda RBX: 00007f0da0e1d020 RCX: 00007f0da0d09ae9
[ 2278.681409][T15902] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2278.689405][T15902] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2278.697375][T15902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2278.705360][T15902] R13: 00007ffc810aceef R14: 00007f0d9ea5f300 R15: 0000000000022000
[ 2278.713349][T15902]  </TASK>
[ 2278.716363][T15902] ---[ end trace e45544a13c7e47d2 ]---
18:58:00 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)

18:58:00 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

18:58:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xc}}, {0x4}}]}]}, 0x68}}, 0x0)

18:58:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 2325.550032][T16033] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2329.569136][T16030] warn_alloc: 1 callbacks suppressed
[ 2329.569152][T16030] syz-executor.4: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0
[ 2329.590840][T16030] CPU: 1 PID: 16030 Comm: syz-executor.4 Tainted: G        W         5.15.0-syzkaller #0
[ 2329.600786][T16030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2329.611085][T16030] Call Trace:
[ 2329.614364][T16030]  <TASK>
[ 2329.617287][T16030]  dump_stack_lvl+0xd6/0x122
[ 2329.621942][T16030]  dump_stack+0x11/0x1b
[ 2329.626089][T16030]  warn_alloc+0x132/0x190
[ 2329.630412][T16030]  __vmalloc_node_range+0x58b/0x690
[ 2329.635633][T16030]  dup_task_struct+0x496/0x680
[ 2329.640406][T16030]  ? copy_process+0x3f4/0x2fc0
[ 2329.645266][T16030]  copy_process+0x3f4/0x2fc0
[ 2329.649848][T16030]  kernel_clone+0x15c/0x6a0
[ 2329.654412][T16030]  __x64_sys_clone+0xc6/0xf0
[ 2329.658989][T16030]  do_syscall_64+0x44/0xd0
[ 2329.663487][T16030]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2329.669366][T16030] RIP: 0033:0x7f0f58a1df11
[ 2329.673781][T16030] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 2329.693393][T16030] RSP: 002b:00007ffde26de648 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2329.701866][T16030] RAX: ffffffffffffffda RBX: 00007f0f56772700 RCX: 00007f0f58a1df11
[ 2329.709811][T16030] RDX: 00007f0f567729d0 RSI: 00007f0f567722f0 RDI: 00000000003d0f00
[ 2329.717800][T16030] RBP: 00007ffde26de880 R08: 00007f0f56772700 R09: 00007f0f56772700
[ 2329.725767][T16030] R10: 00007f0f567729d0 R11: 0000000000000206 R12: 00007ffde26de6fe
[ 2329.733732][T16030] R13: 00007ffde26de6ff R14: 00007f0f56772300 R15: 0000555555b05820
[ 2329.741737][T16030]  </TASK>
[ 2329.744783][T16030] Mem-Info:
[ 2329.747867][T16030] active_anon:10688 inactive_anon:100538 isolated_anon:0
[ 2329.747867][T16030]  active_file:196 inactive_file:245 isolated_file:0
[ 2329.747867][T16030]  unevictable:0 dirty:7 writeback:0
[ 2329.747867][T16030]  slab_reclaimable:7742 slab_unreclaimable:1741976
[ 2329.747867][T16030]  mapped:52510 shmem:379 pagetables:5307 bounce:0
[ 2329.747867][T16030]  kernel_misc_reclaimable:0
[ 2329.747867][T16030]  free:12561 free_pcp:244 free_cma:0
[ 2329.788998][T16030] Node 0 active_anon:42752kB inactive_anon:402152kB active_file:784kB inactive_file:980kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210040kB dirty:28kB writeback:0kB shmem:1516kB writeback_tmp:0kB kernel_stack:5296kB pagetables:21228kB all_unreclaimable? yes
[ 2329.815311][T16030] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2329.842089][T16030] lowmem_reserve[]: 0 2896 7874 7874
[ 2329.847360][T16030] Node 0 DMA32 free:23276kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2329.875669][T16030] lowmem_reserve[]: 0 0 4978 4978
[ 2329.880698][T16030] Node 0 Normal free:11608kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42752kB inactive_anon:401236kB active_file:552kB inactive_file:744kB unevictable:0kB writepending:28kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:976kB local_pcp:368kB free_cma:0kB
[ 2329.910662][T16030] lowmem_reserve[]: 0 0 0 0
[ 2329.915156][T16030] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2329.927772][T16030] Node 0 DMA32: 253*4kB (UMEH) 137*8kB (UMEH) 55*16kB (UMEH) 48*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 4*1024kB (UM) 3*2048kB (ME) 1*4096kB (M) = 23276kB
[ 2329.945557][T16030] Node 0 Normal: 1653*4kB (UME) 463*8kB (ME) 65*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11356kB
[ 2329.959268][T16030] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2329.968550][T16030] 880 total pagecache pages
[ 2329.973054][T16030] 0 pages in swap cache
[ 2329.977183][T16030] Swap cache stats: add 0, delete 0, find 0/0
[ 2329.983241][T16030] Free swap  = 0kB
[ 2329.986936][T16030] Total swap = 0kB
[ 2329.990668][T16030] 2097051 pages RAM
[ 2329.994608][T16030] 0 pages HighMem/MovableOnly
[ 2329.999312][T16030] 75955 pages reserved
[ 2332.454810][   T25] oom_reaper: reaped process 16035 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB
[ 2332.467300][T16036] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 2332.475834][T16036] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2334.708983][T16139] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2344.586575][T16139] syz-executor.1: vmalloc error: size 524288, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 2344.603201][T16139] CPU: 0 PID: 16139 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2344.613092][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2344.623141][T16139] Call Trace:
[ 2344.626426][T16139]  <TASK>
[ 2344.629368][T16139]  dump_stack_lvl+0xd6/0x122
[ 2344.634005][T16139]  dump_stack+0x11/0x1b
[ 2344.638246][T16139]  warn_alloc+0x132/0x190
[ 2344.642585][T16139]  __vmalloc_node_range+0x58b/0x690
[ 2344.647836][T16139]  ? cake_init+0x20d/0x640
[ 2344.652279][T16139]  __vmalloc_node+0x61/0x70
[ 2344.656809][T16139]  ? cake_init+0x20d/0x640
[ 2344.661228][T16139]  kvmalloc_node+0xd2/0x110
[ 2344.665772][T16139]  cake_init+0x20d/0x640
[ 2344.670042][T16139]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2344.675851][T16139]  ? qdisc_alloc+0x334/0x3c0
[ 2344.680446][T16139]  ? qdisc_lookup+0x20c/0x2e0
[ 2344.685117][T16139]  ? qdisc_peek_dequeued+0x140/0x140
[ 2344.690458][T16139]  qdisc_create+0x5f4/0xd10
[ 2344.694982][T16139]  ? __nla_parse+0x3c/0x50
[ 2344.699411][T16139]  tc_modify_qdisc+0x64a/0x10b0
[ 2344.704254][T16139]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2344.710163][T16139]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2344.715206][T16139]  ? ___cache_free+0x46/0x300
[ 2344.719919][T16139]  ? packet_rcv+0xc3/0x9d0
[ 2344.724323][T16139]  ? __kfree_skb+0xfe/0x150
[ 2344.728870][T16139]  ? kmem_cache_free+0x5e/0x100
[ 2344.733738][T16139]  ? __kfree_skb+0xfe/0x150
[ 2344.738236][T16139]  ? consume_skb+0x48/0x160
[ 2344.742726][T16139]  ? nlmon_xmit+0x5f/0x70
[ 2344.747080][T16139]  ? __this_cpu_preempt_check+0x18/0x20
[ 2344.752663][T16139]  ? __local_bh_enable_ip+0x4d/0x70
[ 2344.757911][T16139]  ? local_bh_enable+0x1b/0x20
[ 2344.762673][T16139]  ? __dev_queue_xmit+0x597/0xf70
[ 2344.767726][T16139]  ? __skb_clone+0x2db/0x300
[ 2344.772305][T16139]  ? __rcu_read_unlock+0x5c/0x290
[ 2344.777354][T16139]  netlink_rcv_skb+0x14e/0x250
[ 2344.782246][T16139]  ? rtnetlink_bind+0x60/0x60
[ 2344.786908][T16139]  rtnetlink_rcv+0x18/0x20
[ 2344.791323][T16139]  netlink_unicast+0x5fc/0x6c0
[ 2344.796141][T16139]  netlink_sendmsg+0x6e1/0x7d0
[ 2344.800975][T16139]  ? netlink_getsockopt+0x720/0x720
[ 2344.806234][T16139]  ____sys_sendmsg+0x39a/0x510
[ 2344.810987][T16139]  __sys_sendmsg+0x195/0x230
[ 2344.815562][T16139]  ? __xfrm_init_state+0x350/0x820
[ 2344.820707][T16139]  __x64_sys_sendmsg+0x42/0x50
[ 2344.825455][T16139]  do_syscall_64+0x44/0xd0
[ 2344.829896][T16139]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2344.835805][T16139] RIP: 0033:0x7f7b56f48ae9
[ 2344.840209][T16139] Code: Unable to access opcode bytes at RIP 0x7f7b56f48abf.
[ 2344.847553][T16139] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2344.855972][T16139] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2344.863945][T16139] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2344.871969][T16139] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2344.879932][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2344.887921][T16139] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2344.895880][T16139]  </TASK>
[ 2344.898975][T16139] Mem-Info:
[ 2344.902089][T16139] active_anon:10690 inactive_anon:100501 isolated_anon:0
[ 2344.902089][T16139]  active_file:149 inactive_file:161 isolated_file:0
[ 2344.902089][T16139]  unevictable:0 dirty:0 writeback:0
[ 2344.902089][T16139]  slab_reclaimable:7742 slab_unreclaimable:1742207
[ 2344.902089][T16139]  mapped:52421 shmem:381 pagetables:5275 bounce:0
[ 2344.902089][T16139]  kernel_misc_reclaimable:0
[ 2344.902089][T16139]  free:12314 free_pcp:324 free_cma:0
[ 2344.943306][T16139] Node 0 active_anon:42760kB inactive_anon:402004kB active_file:1152kB inactive_file:980kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:210496kB dirty:0kB writeback:0kB shmem:1524kB writeback_tmp:0kB kernel_stack:5248kB pagetables:21100kB all_unreclaimable? no
[ 2344.969922][T16139] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2344.996870][T16139] lowmem_reserve[]: 0 2896 7874 7874
[ 2345.002202][T16139] Node 0 DMA32 free:22220kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2345.030775][T16139] lowmem_reserve[]: 0 0 4978 4978
[ 2345.035865][T16139] Node 0 Normal free:10164kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42760kB inactive_anon:401088kB active_file:1096kB inactive_file:1520kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1288kB local_pcp:648kB free_cma:0kB
[ 2345.066799][T16139] lowmem_reserve[]: 0 0 0 0
[ 2345.071339][T16139] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2345.084084][T16139] Node 0 DMA32: 253*4kB (UMEH) 137*8kB (UMEH) 55*16kB (UMEH) 47*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 22220kB
[ 2345.101951][T16139] Node 0 Normal: 1595*4kB (UME) 471*8kB (UME) 64*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11172kB
[ 2345.115921][T16139] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2345.125234][T16139] 796 total pagecache pages
[ 2345.129743][T16139] 0 pages in swap cache
[ 2345.133881][T16139] Swap cache stats: add 0, delete 0, find 0/0
[ 2345.139963][T16139] Free swap  = 0kB
[ 2345.143686][T16139] Total swap = 0kB
[ 2345.147393][T16139] 2097051 pages RAM
[ 2345.151214][T16139] 0 pages HighMem/MovableOnly
[ 2345.155879][T16139] 75955 pages reserved
[ 2345.164761][T16139] ------------[ cut here ]------------
[ 2345.170247][T16139] WARNING: CPU: 0 PID: 16139 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2345.180876][T16139] Modules linked in:
[ 2345.184761][T16139] CPU: 0 PID: 16139 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2345.194664][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2345.204739][T16139] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2345.211457][T16139] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2345.231603][T16139] RSP: 0000:ffffc90000c375f0 EFLAGS: 00010246
[ 2345.237668][T16139] RAX: ffff888108912000 RBX: ffff88811cac68b0 RCX: 0000000000000000
[ 2345.245687][T16139] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: ffff88811cac6800
[ 2345.253684][T16139] RBP: ffffc90000c37738 R08: 000188811cac68b7 R09: 0000000000000000
[ 2345.261682][T16139] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811cac68b0
[ 2345.269779][T16139] R13: ffffffff85ec3720 R14: ffff88811cac6800 R15: ffffc90000c37668
[ 2345.277753][T16139] FS:  00007f7b54cbf700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2345.286715][T16139] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2345.293347][T16139] CR2: 00007f104ea740f2 CR3: 000000011e773000 CR4: 00000000003506f0
[ 2345.301346][T16139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2345.309333][T16139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2345.317302][T16139] Call Trace:
[ 2345.320595][T16139]  <TASK>
[ 2345.323600][T16139]  tcf_block_put_ext+0x2d/0x180
[ 2345.328524][T16139]  tcf_block_put+0x4c/0x70
[ 2345.332980][T16139]  cake_destroy+0x2d/0x50
[ 2345.337323][T16139]  ? cake_reset+0x5d0/0x5d0
[ 2345.341895][T16139]  qdisc_create+0xa82/0xd10
[ 2345.346414][T16139]  ? __nla_parse+0x3c/0x50
[ 2345.350842][T16139]  tc_modify_qdisc+0x64a/0x10b0
[ 2345.355719][T16139]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2345.361636][T16139]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2345.366562][T16139]  ? ___cache_free+0x46/0x300
[ 2345.371348][T16139]  ? packet_rcv+0xc3/0x9d0
[ 2345.375801][T16139]  ? __kfree_skb+0xfe/0x150
[ 2345.380311][T16139]  ? kmem_cache_free+0x5e/0x100
[ 2345.385147][T16139]  ? __kfree_skb+0xfe/0x150
[ 2345.389653][T16139]  ? consume_skb+0x48/0x160
[ 2345.394156][T16139]  ? nlmon_xmit+0x5f/0x70
[ 2345.398468][T16139]  ? __this_cpu_preempt_check+0x18/0x20
[ 2345.404172][T16139]  ? __local_bh_enable_ip+0x4d/0x70
[ 2345.409380][T16139]  ? local_bh_enable+0x1b/0x20
[ 2345.414218][T16139]  ? __dev_queue_xmit+0x597/0xf70
[ 2345.419307][T16139]  ? __skb_clone+0x2db/0x300
[ 2345.423902][T16139]  ? __rcu_read_unlock+0x5c/0x290
[ 2345.428958][T16139]  netlink_rcv_skb+0x14e/0x250
[ 2345.433842][T16139]  ? rtnetlink_bind+0x60/0x60
[ 2345.438573][T16139]  rtnetlink_rcv+0x18/0x20
[ 2345.443053][T16139]  netlink_unicast+0x5fc/0x6c0
[ 2345.447814][T16139]  netlink_sendmsg+0x6e1/0x7d0
[ 2345.452788][T16139]  ? netlink_getsockopt+0x720/0x720
[ 2345.457995][T16139]  ____sys_sendmsg+0x39a/0x510
[ 2345.462855][T16139]  __sys_sendmsg+0x195/0x230
[ 2345.467448][T16139]  ? __xfrm_init_state+0x350/0x820
[ 2345.472583][T16139]  __x64_sys_sendmsg+0x42/0x50
[ 2345.477349][T16139]  do_syscall_64+0x44/0xd0
[ 2345.481853][T16139]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2345.487751][T16139] RIP: 0033:0x7f7b56f48ae9
[ 2345.492212][T16139] Code: Unable to access opcode bytes at RIP 0x7f7b56f48abf.
[ 2345.499679][T16139] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2345.508163][T16139] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2345.516153][T16139] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2345.524141][T16139] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2345.532127][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2345.540113][T16139] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2345.548088][T16139]  </TASK>
[ 2345.551122][T16139] ---[ end trace e45544a13c7e47d3 ]---
[ 2345.557181][T16139] ------------[ cut here ]------------
[ 2345.562682][T16139] WARNING: CPU: 0 PID: 16139 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2345.572393][T16139] Modules linked in:
[ 2345.576286][T16139] CPU: 0 PID: 16139 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2345.586110][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2345.596281][T16139] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2345.601987][T16139] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2345.621870][T16139] RSP: 0000:ffffc90000c37628 EFLAGS: 00010246
[ 2345.628000][T16139] RAX: ffffffff83b40f4c RBX: ffff88811cac6888 RCX: 0000000000040000
[ 2345.635990][T16139] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2345.643998][T16139] RBP: ffffc90000c37668 R08: 000188811cac688f R09: 0000000000000000
[ 2345.651992][T16139] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b58000
[ 2345.659976][T16139] R13: 0000000000000000 R14: ffffc90000c377f0 R15: ffff88811cac6800
[ 2345.667952][T16139] FS:  00007f7b54cbf700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2345.676941][T16139] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2345.683542][T16139] CR2: 00007f7b56f48abf CR3: 000000011e773000 CR4: 00000000003506f0
[ 2345.691532][T16139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2345.699570][T16139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2345.707546][T16139] Call Trace:
[ 2345.710839][T16139]  <TASK>
[ 2345.713768][T16139]  tcf_block_put+0x4c/0x70
[ 2345.718268][T16139]  cake_destroy+0x2d/0x50
[ 2345.722675][T16139]  ? cake_reset+0x5d0/0x5d0
[ 2345.727443][T16139]  qdisc_create+0xa82/0xd10
[ 2345.732038][T16139]  ? __nla_parse+0x3c/0x50
[ 2345.736466][T16139]  tc_modify_qdisc+0x64a/0x10b0
[ 2345.741365][T16139]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2345.747283][T16139]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2345.752281][T16139]  ? ___cache_free+0x46/0x300
[ 2345.756961][T16139]  ? packet_rcv+0xc3/0x9d0
[ 2345.761442][T16139]  ? __kfree_skb+0xfe/0x150
[ 2345.765947][T16139]  ? kmem_cache_free+0x5e/0x100
[ 2345.770822][T16139]  ? __kfree_skb+0xfe/0x150
[ 2345.775471][T16139]  ? consume_skb+0x48/0x160
[ 2345.779989][T16139]  ? nlmon_xmit+0x5f/0x70
[ 2345.784328][T16139]  ? __this_cpu_preempt_check+0x18/0x20
[ 2345.789889][T16139]  ? __local_bh_enable_ip+0x4d/0x70
[ 2345.795097][T16139]  ? local_bh_enable+0x1b/0x20
[ 2345.799883][T16139]  ? __dev_queue_xmit+0x597/0xf70
[ 2345.804983][T16139]  ? __skb_clone+0x2db/0x300
[ 2345.809690][T16139]  ? __rcu_read_unlock+0x5c/0x290
[ 2345.814721][T16139]  netlink_rcv_skb+0x14e/0x250
[ 2345.819515][T16139]  ? rtnetlink_bind+0x60/0x60
[ 2345.824304][T16139]  rtnetlink_rcv+0x18/0x20
[ 2345.828727][T16139]  netlink_unicast+0x5fc/0x6c0
[ 2345.833534][T16139]  netlink_sendmsg+0x6e1/0x7d0
[ 2345.838301][T16139]  ? netlink_getsockopt+0x720/0x720
[ 2345.843585][T16139]  ____sys_sendmsg+0x39a/0x510
[ 2345.848443][T16139]  __sys_sendmsg+0x195/0x230
[ 2345.853053][T16139]  ? __xfrm_init_state+0x350/0x820
[ 2345.858230][T16139]  __x64_sys_sendmsg+0x42/0x50
[ 2345.863006][T16139]  do_syscall_64+0x44/0xd0
[ 2345.867653][T16139]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2345.873564][T16139] RIP: 0033:0x7f7b56f48ae9
[ 2345.878041][T16139] Code: Unable to access opcode bytes at RIP 0x7f7b56f48abf.
[ 2345.885447][T16139] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2345.893982][T16139] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2345.901969][T16139] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2345.909960][T16139] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2345.917940][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2345.925966][T16139] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2345.933962][T16139]  </TASK>
[ 2345.936974][T16139] ---[ end trace e45544a13c7e47d4 ]---
[ 2345.944056][T16139] ------------[ cut here ]------------
[ 2345.949529][T16139] WARNING: CPU: 0 PID: 16139 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2345.959051][T16139] Modules linked in:
[ 2345.962969][T16139] CPU: 0 PID: 16139 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2345.972885][T16139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2345.982982][T16139] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2345.988574][T16139] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2346.008405][T16139] RSP: 0000:ffffc90000c375d8 EFLAGS: 00010246
[ 2346.014502][T16139] RAX: ffffffff83b414a7 RBX: ffff88811cac68a0 RCX: 0000000000040000
[ 2346.022488][T16139] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2346.030488][T16139] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2346.038534][T16139] R10: 0001ffffffffffff R11: 000188811cac68a0 R12: ffff88811cac6850
[ 2346.046520][T16139] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811cac6800
[ 2346.054503][T16139] FS:  00007f7b54cbf700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2346.063431][T16139] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2346.070365][T16139] CR2: 00007f7b56f48abf CR3: 000000011e773000 CR4: 00000000003506f0
[ 2346.078343][T16139] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2346.086404][T16139] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2346.094378][T16139] Call Trace:
[ 2346.097684][T16139]  <TASK>
[ 2346.100702][T16139]  tcf_block_put_ext+0xe5/0x180
[ 2346.105668][T16139]  tcf_block_put+0x4c/0x70
[ 2346.110088][T16139]  cake_destroy+0x2d/0x50
[ 2346.114471][T16139]  ? cake_reset+0x5d0/0x5d0
[ 2346.119124][T16139]  qdisc_create+0xa82/0xd10
[ 2346.123669][T16139]  ? __nla_parse+0x3c/0x50
[ 2346.128092][T16139]  tc_modify_qdisc+0x64a/0x10b0
[ 2346.132942][T16139]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2346.138873][T16139]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2346.143895][T16139]  ? ___cache_free+0x46/0x300
[ 2346.148554][T16139]  ? packet_rcv+0xc3/0x9d0
[ 2346.153044][T16139]  ? __kfree_skb+0xfe/0x150
[ 2346.157616][T16139]  ? kmem_cache_free+0x5e/0x100
[ 2346.162722][T16139]  ? __kfree_skb+0xfe/0x150
[ 2346.167208][T16139]  ? consume_skb+0x48/0x160
[ 2346.171704][T16139]  ? nlmon_xmit+0x5f/0x70
[ 2346.176086][T16139]  ? __this_cpu_preempt_check+0x18/0x20
[ 2346.181631][T16139]  ? __local_bh_enable_ip+0x4d/0x70
[ 2346.186854][T16139]  ? local_bh_enable+0x1b/0x20
[ 2346.191728][T16139]  ? __dev_queue_xmit+0x597/0xf70
[ 2346.196779][T16139]  ? __skb_clone+0x2db/0x300
[ 2346.201387][T16139]  ? __rcu_read_unlock+0x5c/0x290
[ 2346.206400][T16139]  netlink_rcv_skb+0x14e/0x250
[ 2346.211227][T16139]  ? rtnetlink_bind+0x60/0x60
[ 2346.215924][T16139]  rtnetlink_rcv+0x18/0x20
[ 2346.220450][T16139]  netlink_unicast+0x5fc/0x6c0
[ 2346.225302][T16139]  netlink_sendmsg+0x6e1/0x7d0
[ 2346.230181][T16139]  ? netlink_getsockopt+0x720/0x720
[ 2346.235475][T16139]  ____sys_sendmsg+0x39a/0x510
[ 2346.240241][T16139]  __sys_sendmsg+0x195/0x230
[ 2346.244831][T16139]  ? __xfrm_init_state+0x350/0x820
[ 2346.249978][T16139]  __x64_sys_sendmsg+0x42/0x50
[ 2346.254748][T16139]  do_syscall_64+0x44/0xd0
[ 2346.259339][T16139]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2346.265235][T16139] RIP: 0033:0x7f7b56f48ae9
[ 2346.269659][T16139] Code: Unable to access opcode bytes at RIP 0x7f7b56f48abf.
[ 2346.277010][T16139] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2346.285409][T16139] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2346.293373][T16139] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2346.301453][T16139] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2346.309428][T16139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2346.317580][T16139] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2346.325558][T16139]  </TASK>
[ 2346.328572][T16139] ---[ end trace e45544a13c7e47d5 ]---
18:59:09 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xf}}, {0x4}}]}]}, 0x68}}, 0x0)

18:59:11 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6558]}]}}]}, 0x434}}, 0x0)

18:59:33 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff0]}]}}]}, 0x434}}, 0x0)

18:59:50 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x1c}}, {0x4}}]}]}, 0x68}}, 0x0)

18:59:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

18:59:52 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100]}]}}]}, 0x434}}, 0x0)

[ 2396.806909][T16150] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2404.230071][T16150] syz-executor.3: vmalloc error: size 479232, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0
[ 2404.246533][T16150] CPU: 0 PID: 16150 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2404.256370][T16150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2404.266423][T16150] Call Trace:
[ 2404.269764][T16150]  <TASK>
[ 2404.272689][T16150]  dump_stack_lvl+0xd6/0x122
[ 2404.277435][T16150]  dump_stack+0x11/0x1b
[ 2404.281593][T16150]  warn_alloc+0x132/0x190
[ 2404.285940][T16150]  __vmalloc_node_range+0x58b/0x690
[ 2404.291225][T16150]  ? cake_init+0x20d/0x640
[ 2404.295731][T16150]  __vmalloc_node+0x61/0x70
[ 2404.300322][T16150]  ? cake_init+0x20d/0x640
[ 2404.304749][T16150]  kvmalloc_node+0xd2/0x110
[ 2404.309331][T16150]  cake_init+0x20d/0x640
[ 2404.313652][T16150]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2404.319392][T16150]  ? qdisc_alloc+0x334/0x3c0
[ 2404.324055][T16150]  ? qdisc_lookup+0x20c/0x2e0
[ 2404.328741][T16150]  ? qdisc_peek_dequeued+0x140/0x140
[ 2404.334080][T16150]  qdisc_create+0x5f4/0xd10
[ 2404.338616][T16150]  ? __nla_parse+0x3c/0x50
[ 2404.343132][T16150]  tc_modify_qdisc+0x64a/0x10b0
[ 2404.348053][T16150]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2404.354007][T16150]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2404.358945][T16150]  ? ___cache_free+0x46/0x300
[ 2404.363624][T16150]  ? packet_rcv+0x3d6/0x9d0
[ 2404.368166][T16150]  ? __kfree_skb+0xfe/0x150
[ 2404.372783][T16150]  ? kmem_cache_free+0x5e/0x100
[ 2404.377636][T16150]  ? __kfree_skb+0xfe/0x150
[ 2404.382141][T16150]  ? consume_skb+0x48/0x160
[ 2404.386657][T16150]  ? nlmon_xmit+0x5f/0x70
[ 2404.390985][T16150]  ? __this_cpu_preempt_check+0x18/0x20
[ 2404.396680][T16150]  ? __local_bh_enable_ip+0x4d/0x70
[ 2404.401958][T16150]  ? local_bh_enable+0x1b/0x20
[ 2404.406754][T16150]  ? __dev_queue_xmit+0x597/0xf70
[ 2404.411824][T16150]  ? __skb_clone+0x2db/0x300
[ 2404.416415][T16150]  ? __rcu_read_unlock+0x5c/0x290
[ 2404.421516][T16150]  netlink_rcv_skb+0x14e/0x250
[ 2404.426661][T16150]  ? rtnetlink_bind+0x60/0x60
[ 2404.431343][T16150]  rtnetlink_rcv+0x18/0x20
[ 2404.435757][T16150]  netlink_unicast+0x5fc/0x6c0
[ 2404.440522][T16150]  netlink_sendmsg+0x6e1/0x7d0
[ 2404.445318][T16150]  ? netlink_getsockopt+0x720/0x720
[ 2404.450602][T16150]  ____sys_sendmsg+0x39a/0x510
[ 2404.455385][T16150]  __sys_sendmsg+0x195/0x230
[ 2404.459987][T16150]  ? __xfrm_init_state+0x350/0x820
[ 2404.465138][T16150]  __x64_sys_sendmsg+0x42/0x50
[ 2404.469902][T16150]  do_syscall_64+0x44/0xd0
[ 2404.474395][T16150]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2404.480341][T16150] RIP: 0033:0x7fd36aa9bae9
[ 2404.484753][T16150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2404.504478][T16150] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2404.512964][T16150] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2404.520937][T16150] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2404.528912][T16150] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2404.536952][T16150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2404.544921][T16150] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2404.552895][T16150]  </TASK>
[ 2404.555996][T16150] Mem-Info:
[ 2404.559108][T16150] active_anon:10698 inactive_anon:100457 isolated_anon:0
[ 2404.559108][T16150]  active_file:289 inactive_file:314 isolated_file:0
[ 2404.559108][T16150]  unevictable:0 dirty:12 writeback:0
[ 2404.559108][T16150]  slab_reclaimable:7702 slab_unreclaimable:1742281
[ 2404.559108][T16150]  mapped:52593 shmem:389 pagetables:5276 bounce:0
[ 2404.559108][T16150]  kernel_misc_reclaimable:0
[ 2404.559108][T16150]  free:12216 free_pcp:245 free_cma:0
[ 2404.600802][T16150] Node 0 active_anon:42792kB inactive_anon:401828kB active_file:1824kB inactive_file:1620kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:211416kB dirty:48kB writeback:0kB shmem:1556kB writeback_tmp:0kB kernel_stack:5248kB pagetables:21104kB all_unreclaimable? no
[ 2404.627232][T16150] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2404.654172][T16150] lowmem_reserve[]: 0 2896 7874 7874
[ 2404.659599][T16150] Node 0 DMA32 free:22220kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2404.688282][T16150] lowmem_reserve[]: 0 0 4978 4978
[ 2404.693370][T16150] Node 0 Normal free:8764kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42792kB inactive_anon:400912kB active_file:1396kB inactive_file:3916kB unevictable:0kB writepending:48kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:908kB local_pcp:660kB free_cma:0kB
[ 2404.723686][T16150] lowmem_reserve[]: 0 0 0 0
[ 2404.728188][T16150] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2404.740890][T16150] Node 0 DMA32: 253*4kB (UMEH) 137*8kB (UMEH) 55*16kB (UMEH) 47*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 22220kB
[ 2404.758745][T16150] Node 0 Normal: 1664*4kB (UME) 442*8kB (UME) 80*16kB (UM) 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11536kB
[ 2404.773168][T16150] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2404.782570][T16150] 835 total pagecache pages
[ 2404.787210][T16150] 0 pages in swap cache
[ 2404.791371][T16150] Swap cache stats: add 0, delete 0, find 0/0
[ 2404.797425][T16150] Free swap  = 0kB
[ 2404.801151][T16150] Total swap = 0kB
[ 2404.804867][T16150] 2097051 pages RAM
[ 2404.808659][T16150] 0 pages HighMem/MovableOnly
[ 2404.813428][T16150] 75955 pages reserved
[ 2404.821961][T16150] ------------[ cut here ]------------
[ 2404.827422][T16150] WARNING: CPU: 0 PID: 16150 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2404.837985][T16150] Modules linked in:
[ 2404.841902][T16150] CPU: 0 PID: 16150 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2404.851826][T16150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2404.861924][T16150] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2404.868777][T16150] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2404.888418][T16150] RSP: 0018:ffffc90008aff5f0 EFLAGS: 00010246
[ 2404.894608][T16150] RAX: ffff88811e3f4000 RBX: ffff88811c6998b0 RCX: 0000000000000000
[ 2404.902603][T16150] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: ffff88811c699800
[ 2404.910591][T16150] RBP: ffffc90008aff738 R08: 000188811c6998b7 R09: 0000000000000000
[ 2404.918601][T16150] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811c6998b0
[ 2404.926602][T16150] R13: ffffffff85ec3720 R14: ffff88811c699800 R15: ffffc90008aff668
[ 2404.934599][T16150] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2404.943622][T16150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2404.950234][T16150] CR2: 00005555555e73bc CR3: 00000001477ec000 CR4: 00000000003506f0
[ 2404.958290][T16150] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2404.966283][T16150] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2404.974285][T16150] Call Trace:
[ 2404.977560][T16150]  <TASK>
[ 2404.980517][T16150]  tcf_block_put_ext+0x2d/0x180
[ 2404.985420][T16150]  tcf_block_put+0x4c/0x70
[ 2404.990013][T16150]  cake_destroy+0x2d/0x50
[ 2404.994394][T16150]  ? cake_reset+0x5d0/0x5d0
[ 2404.998901][T16150]  qdisc_create+0xa82/0xd10
[ 2405.003471][T16150]  ? __nla_parse+0x3c/0x50
[ 2405.008043][T16150]  tc_modify_qdisc+0x64a/0x10b0
[ 2405.012940][T16150]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2405.018931][T16150]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2405.023995][T16150]  ? ___cache_free+0x46/0x300
[ 2405.028671][T16150]  ? packet_rcv+0x3d6/0x9d0
[ 2405.033304][T16150]  ? __kfree_skb+0xfe/0x150
[ 2405.037818][T16150]  ? kmem_cache_free+0x5e/0x100
[ 2405.042696][T16150]  ? __kfree_skb+0xfe/0x150
[ 2405.047202][T16150]  ? consume_skb+0x48/0x160
[ 2405.051722][T16150]  ? nlmon_xmit+0x5f/0x70
[ 2405.056057][T16150]  ? __this_cpu_preempt_check+0x18/0x20
[ 2405.061633][T16150]  ? __local_bh_enable_ip+0x4d/0x70
[ 2405.067010][T16150]  ? local_bh_enable+0x1b/0x20
[ 2405.071809][T16150]  ? __dev_queue_xmit+0x597/0xf70
[ 2405.076910][T16150]  ? __skb_clone+0x2db/0x300
[ 2405.081527][T16150]  ? __rcu_read_unlock+0x5c/0x290
[ 2405.086628][T16150]  netlink_rcv_skb+0x14e/0x250
[ 2405.091522][T16150]  ? rtnetlink_bind+0x60/0x60
[ 2405.096320][T16150]  rtnetlink_rcv+0x18/0x20
[ 2405.100769][T16150]  netlink_unicast+0x5fc/0x6c0
[ 2405.105535][T16150]  netlink_sendmsg+0x6e1/0x7d0
[ 2405.110341][T16150]  ? netlink_getsockopt+0x720/0x720
[ 2405.115572][T16150]  ____sys_sendmsg+0x39a/0x510
[ 2405.120411][T16150]  __sys_sendmsg+0x195/0x230
[ 2405.125002][T16150]  ? __xfrm_init_state+0x350/0x820
[ 2405.130144][T16150]  __x64_sys_sendmsg+0x42/0x50
[ 2405.134907][T16150]  do_syscall_64+0x44/0xd0
[ 2405.139356][T16150]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2405.145248][T16150] RIP: 0033:0x7fd36aa9bae9
[ 2405.149688][T16150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2405.169413][T16150] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2405.177832][T16150] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2405.185826][T16150] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2405.193899][T16150] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2405.201928][T16150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2405.209935][T16150] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2405.217919][T16150]  </TASK>
[ 2405.220987][T16150] ---[ end trace e45544a13c7e47d6 ]---
[ 2405.227043][T16150] ------------[ cut here ]------------
[ 2405.232515][T16150] WARNING: CPU: 0 PID: 16150 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2405.242128][T16150] Modules linked in:
[ 2405.246025][T16150] CPU: 0 PID: 16150 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2405.255851][T16150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2405.265936][T16150] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2405.271595][T16150] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2405.291262][T16150] RSP: 0018:ffffc90008aff628 EFLAGS: 00010246
[ 2405.297328][T16150] RAX: ffffffff83b40f4c RBX: ffff88811c699888 RCX: 0000000000040000
[ 2405.305324][T16150] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2405.313316][T16150] RBP: ffffc90008aff668 R08: 000188811c69988f R09: 0000000000000000
[ 2405.321306][T16150] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108910000
[ 2405.329307][T16150] R13: 0000000000000000 R14: ffffc90008aff7f0 R15: ffff88811c699800
[ 2405.337293][T16150] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2405.346258][T16150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2405.352864][T16150] CR2: 00005555555e73bc CR3: 00000001477ec000 CR4: 00000000003506f0
[ 2405.360904][T16150] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2405.368878][T16150] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2405.376874][T16150] Call Trace:
[ 2405.380173][T16150]  <TASK>
[ 2405.383096][T16150]  tcf_block_put+0x4c/0x70
[ 2405.387618][T16150]  cake_destroy+0x2d/0x50
[ 2405.392116][T16150]  ? cake_reset+0x5d0/0x5d0
[ 2405.396654][T16150]  qdisc_create+0xa82/0xd10
[ 2405.401178][T16150]  ? __nla_parse+0x3c/0x50
[ 2405.405625][T16150]  tc_modify_qdisc+0x64a/0x10b0
[ 2405.410506][T16150]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2405.416513][T16150]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2405.421507][T16150]  ? ___cache_free+0x46/0x300
[ 2405.426185][T16150]  ? packet_rcv+0x3d6/0x9d0
[ 2405.430711][T16150]  ? __kfree_skb+0xfe/0x150
[ 2405.435214][T16150]  ? kmem_cache_free+0x5e/0x100
[ 2405.440103][T16150]  ? __kfree_skb+0xfe/0x150
[ 2405.444603][T16150]  ? consume_skb+0x48/0x160
[ 2405.449181][T16150]  ? nlmon_xmit+0x5f/0x70
[ 2405.453518][T16150]  ? __this_cpu_preempt_check+0x18/0x20
[ 2405.459085][T16150]  ? __local_bh_enable_ip+0x4d/0x70
[ 2405.464323][T16150]  ? local_bh_enable+0x1b/0x20
[ 2405.469219][T16150]  ? __dev_queue_xmit+0x597/0xf70
[ 2405.474254][T16150]  ? __skb_clone+0x2db/0x300
[ 2405.478846][T16150]  ? __rcu_read_unlock+0x5c/0x290
[ 2405.483892][T16150]  netlink_rcv_skb+0x14e/0x250
[ 2405.489110][T16150]  ? rtnetlink_bind+0x60/0x60
[ 2405.493787][T16150]  rtnetlink_rcv+0x18/0x20
[ 2405.498207][T16150]  netlink_unicast+0x5fc/0x6c0
[ 2405.503018][T16150]  netlink_sendmsg+0x6e1/0x7d0
[ 2405.507819][T16150]  ? netlink_getsockopt+0x720/0x720
[ 2405.513090][T16150]  ____sys_sendmsg+0x39a/0x510
[ 2405.517860][T16150]  __sys_sendmsg+0x195/0x230
[ 2405.522475][T16150]  ? __xfrm_init_state+0x350/0x820
[ 2405.527591][T16150]  __x64_sys_sendmsg+0x42/0x50
[ 2405.532522][T16150]  do_syscall_64+0x44/0xd0
[ 2405.536944][T16150]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2405.542875][T16150] RIP: 0033:0x7fd36aa9bae9
[ 2405.547287][T16150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2405.567057][T16150] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2405.575512][T16150] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2405.583508][T16150] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2405.591498][T16150] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2405.599484][T16150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2405.607492][T16150] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2405.615538][T16150]  </TASK>
[ 2405.618556][T16150] ---[ end trace e45544a13c7e47d7 ]---
[ 2405.625563][T16150] ------------[ cut here ]------------
[ 2405.631034][T16150] WARNING: CPU: 0 PID: 16150 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2405.640436][T16150] Modules linked in:
[ 2405.644361][T16150] CPU: 0 PID: 16150 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2405.654189][T16150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2405.664257][T16150] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2405.669970][T16150] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2405.689727][T16150] RSP: 0018:ffffc90008aff5d8 EFLAGS: 00010246
[ 2405.695801][T16150] RAX: ffffffff83b414a7 RBX: ffff88811c6998a0 RCX: 0000000000040000
[ 2405.703813][T16150] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2405.711852][T16150] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2405.719837][T16150] R10: 0001ffffffffffff R11: 000188811c6998a0 R12: ffff88811c699850
[ 2405.727812][T16150] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811c699800
[ 2405.735800][T16150] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2405.744826][T16150] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2405.751499][T16150] CR2: 00005555555e73bc CR3: 00000001477ec000 CR4: 00000000003506f0
[ 2405.759594][T16150] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2405.767563][T16150] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2405.775822][T16150] Call Trace:
[ 2405.779131][T16150]  <TASK>
[ 2405.782065][T16150]  tcf_block_put_ext+0xe5/0x180
[ 2405.786927][T16150]  tcf_block_put+0x4c/0x70
[ 2405.791383][T16150]  cake_destroy+0x2d/0x50
[ 2405.795721][T16150]  ? cake_reset+0x5d0/0x5d0
[ 2405.800288][T16150]  qdisc_create+0xa82/0xd10
[ 2405.804819][T16150]  ? __nla_parse+0x3c/0x50
[ 2405.809253][T16150]  tc_modify_qdisc+0x64a/0x10b0
[ 2405.814141][T16150]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2405.820231][T16150]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2405.825195][T16150]  ? ___cache_free+0x46/0x300
[ 2405.829925][T16150]  ? packet_rcv+0x3d6/0x9d0
[ 2405.834508][T16150]  ? __kfree_skb+0xfe/0x150
[ 2405.839012][T16150]  ? kmem_cache_free+0x5e/0x100
[ 2405.843885][T16150]  ? __kfree_skb+0xfe/0x150
[ 2405.848455][T16150]  ? consume_skb+0x48/0x160
[ 2405.853080][T16150]  ? nlmon_xmit+0x5f/0x70
[ 2405.857449][T16150]  ? __this_cpu_preempt_check+0x18/0x20
[ 2405.863090][T16150]  ? __local_bh_enable_ip+0x4d/0x70
[ 2405.868293][T16150]  ? local_bh_enable+0x1b/0x20
[ 2405.873124][T16150]  ? __dev_queue_xmit+0x597/0xf70
[ 2405.878160][T16150]  ? __skb_clone+0x2db/0x300
[ 2405.882841][T16150]  ? __rcu_read_unlock+0x5c/0x290
[ 2405.887869][T16150]  netlink_rcv_skb+0x14e/0x250
[ 2405.892710][T16150]  ? rtnetlink_bind+0x60/0x60
[ 2405.897392][T16150]  rtnetlink_rcv+0x18/0x20
[ 2405.901888][T16150]  netlink_unicast+0x5fc/0x6c0
[ 2405.906726][T16150]  netlink_sendmsg+0x6e1/0x7d0
[ 2405.911586][T16150]  ? netlink_getsockopt+0x720/0x720
[ 2405.916795][T16150]  ____sys_sendmsg+0x39a/0x510
[ 2405.921607][T16150]  __sys_sendmsg+0x195/0x230
[ 2405.926216][T16150]  ? __xfrm_init_state+0x350/0x820
[ 2405.931519][T16150]  __x64_sys_sendmsg+0x42/0x50
[ 2405.936285][T16150]  do_syscall_64+0x44/0xd0
[ 2405.940836][T16150]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2405.946763][T16150] RIP: 0033:0x7fd36aa9bae9
[ 2405.951207][T16150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2405.970839][T16150] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2405.979365][T16150] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2405.987340][T16150] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2405.995497][T16150] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2406.003502][T16150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2406.011492][T16150] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2406.019484][T16150]  </TASK>
[ 2406.022500][T16150] ---[ end trace e45544a13c7e47d8 ]---
19:00:18 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 2427.085608][T16364] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2446.184185][T16366] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2449.810456][T16366] syz-executor.0: vmalloc error: size 352256, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 2449.826898][T16366] CPU: 1 PID: 16366 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2449.836704][T16366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2449.846757][T16366] Call Trace:
[ 2449.850030][T16366]  <TASK>
[ 2449.852954][T16366]  dump_stack_lvl+0xd6/0x122
[ 2449.857603][T16366]  dump_stack+0x11/0x1b
[ 2449.861761][T16366]  warn_alloc+0x132/0x190
[ 2449.866073][T16366]  __vmalloc_node_range+0x58b/0x690
[ 2449.871320][T16366]  ? cake_init+0x20d/0x640
[ 2449.875737][T16366]  __vmalloc_node+0x61/0x70
[ 2449.880222][T16366]  ? cake_init+0x20d/0x640
[ 2449.884751][T16366]  kvmalloc_node+0xd2/0x110
[ 2449.889235][T16366]  cake_init+0x20d/0x640
[ 2449.893467][T16366]  ? tsan.module_ctor+0x10/0x10
[ 2449.898333][T16366]  ? qdisc_alloc+0x334/0x3c0
[ 2449.902937][T16366]  ? qdisc_lookup+0x20c/0x2e0
[ 2449.907663][T16366]  ? qdisc_peek_dequeued+0x140/0x140
[ 2449.913008][T16366]  qdisc_create+0x5f4/0xd10
[ 2449.917493][T16366]  ? __nla_parse+0x3c/0x50
[ 2449.921946][T16366]  tc_modify_qdisc+0x64a/0x10b0
[ 2449.926779][T16366]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2449.932651][T16366]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2449.937680][T16366]  ? ___cache_free+0x46/0x300
[ 2449.942340][T16366]  ? packet_rcv+0xc3/0x9d0
[ 2449.946901][T16366]  ? __kfree_skb+0xfe/0x150
[ 2449.951391][T16366]  ? kmem_cache_free+0x5e/0x100
[ 2449.956359][T16366]  ? __kfree_skb+0xfe/0x150
[ 2449.960898][T16366]  ? consume_skb+0x48/0x160
[ 2449.965413][T16366]  ? nlmon_xmit+0x5f/0x70
[ 2449.969721][T16366]  ? __this_cpu_preempt_check+0x18/0x20
[ 2449.975321][T16366]  ? __local_bh_enable_ip+0x4d/0x70
[ 2449.980550][T16366]  ? local_bh_enable+0x1b/0x20
[ 2449.985352][T16366]  ? __dev_queue_xmit+0x597/0xf70
[ 2449.990414][T16366]  ? __skb_clone+0x2db/0x300
[ 2449.994983][T16366]  ? __rcu_read_unlock+0x5c/0x290
[ 2449.999985][T16366]  netlink_rcv_skb+0x14e/0x250
[ 2450.004743][T16366]  ? rtnetlink_bind+0x60/0x60
[ 2450.009487][T16366]  rtnetlink_rcv+0x18/0x20
[ 2450.013887][T16366]  netlink_unicast+0x5fc/0x6c0
[ 2450.018631][T16366]  netlink_sendmsg+0x6e1/0x7d0
[ 2450.023449][T16366]  ? netlink_getsockopt+0x720/0x720
[ 2450.028974][T16366]  ____sys_sendmsg+0x39a/0x510
[ 2450.033733][T16366]  __sys_sendmsg+0x195/0x230
[ 2450.038443][T16366]  __x64_sys_sendmsg+0x42/0x50
[ 2450.043215][T16366]  do_syscall_64+0x44/0xd0
[ 2450.047683][T16366]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2450.053572][T16366] RIP: 0033:0x7f0da0d09ae9
[ 2450.058018][T16366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2450.077766][T16366] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2450.086235][T16366] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2450.094188][T16366] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2450.102205][T16366] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2450.110194][T16366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2450.118160][T16366] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2450.126120][T16366]  </TASK>
[ 2450.129183][T16366] Mem-Info:
[ 2450.132271][T16366] active_anon:10706 inactive_anon:100408 isolated_anon:0
[ 2450.132271][T16366]  active_file:223 inactive_file:295 isolated_file:28
[ 2450.132271][T16366]  unevictable:0 dirty:1 writeback:7
[ 2450.132271][T16366]  slab_reclaimable:7700 slab_unreclaimable:1742246
[ 2450.132271][T16366]  mapped:52475 shmem:397 pagetables:5276 bounce:0
[ 2450.132271][T16366]  kernel_misc_reclaimable:0
[ 2450.132271][T16366]  free:12473 free_pcp:223 free_cma:0
[ 2450.173531][T16366] Node 0 active_anon:42824kB inactive_anon:401632kB active_file:892kB inactive_file:1180kB unevictable:0kB isolated(anon):0kB isolated(file):112kB mapped:209900kB dirty:4kB writeback:28kB shmem:1588kB writeback_tmp:0kB kernel_stack:5280kB pagetables:21104kB all_unreclaimable? yes
[ 2450.200032][T16366] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2450.226955][T16366] lowmem_reserve[]: 0 2896 7874 7874
[ 2450.232242][T16366] Node 0 DMA32 free:22220kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2450.260561][T16366] lowmem_reserve[]: 0 0 4978 4978
[ 2450.265597][T16366] Node 0 Normal free:12312kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42824kB inactive_anon:400716kB active_file:760kB inactive_file:828kB unevictable:0kB writepending:32kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:892kB local_pcp:416kB free_cma:0kB
[ 2450.295543][T16366] lowmem_reserve[]: 0 0 0 0
[ 2450.300050][T16366] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2450.312664][T16366] Node 0 DMA32: 253*4kB (UMEH) 137*8kB (UMEH) 55*16kB (UMEH) 47*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 22220kB
[ 2450.330301][T16366] Node 0 Normal: 1712*4kB (UME) 462*8kB (UME) 73*16kB (UM) 1*32kB (U) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11808kB
[ 2450.344891][T16366] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2450.354205][T16366] 938 total pagecache pages
[ 2450.358756][T16366] 0 pages in swap cache
[ 2450.362949][T16366] Swap cache stats: add 0, delete 0, find 0/0
[ 2450.368988][T16366] Free swap  = 0kB
[ 2450.372758][T16366] Total swap = 0kB
[ 2450.376450][T16366] 2097051 pages RAM
[ 2450.380241][T16366] 0 pages HighMem/MovableOnly
[ 2450.384901][T16366] 75955 pages reserved
[ 2450.389575][T16366] ------------[ cut here ]------------
[ 2450.395033][T16366] WARNING: CPU: 0 PID: 16366 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2450.405634][T16366] Modules linked in:
[ 2450.409656][T16366] CPU: 0 PID: 16366 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2450.419573][T16366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2450.429630][T16366] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2450.436400][T16366] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2450.456308][T16366] RSP: 0000:ffffc900084535f0 EFLAGS: 00010246
[ 2450.462416][T16366] RAX: ffff88811d8a3000 RBX: ffff88810585b0b0 RCX: 0000000000000000
[ 2450.470381][T16366] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: ffff88810585b000
[ 2450.478350][T16366] RBP: ffffc90008453738 R08: 000188810585b0b7 R09: 0000000000000000
[ 2450.486366][T16366] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88810585b0b0
[ 2450.494395][T16366] R13: ffffffff85ec3720 R14: ffff88810585b000 R15: ffffc90008453668
[ 2450.502432][T16366] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2450.511351][T16366] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2450.517970][T16366] CR2: 00000000007a76a0 CR3: 000000011e70b000 CR4: 00000000003506f0
[ 2450.525941][T16366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2450.533924][T16366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2450.541944][T16366] Call Trace:
[ 2450.545219][T16366]  <TASK>
[ 2450.548134][T16366]  tcf_block_put_ext+0x2d/0x180
[ 2450.553047][T16366]  tcf_block_put+0x4c/0x70
[ 2450.557517][T16366]  cake_destroy+0x2d/0x50
[ 2450.561925][T16366]  ? cake_reset+0x5d0/0x5d0
[ 2450.566515][T16366]  qdisc_create+0xa82/0xd10
[ 2450.571053][T16366]  ? __nla_parse+0x3c/0x50
[ 2450.575477][T16366]  tc_modify_qdisc+0x64a/0x10b0
[ 2450.580366][T16366]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2450.586262][T16366]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2450.591234][T16366]  ? ___cache_free+0x46/0x300
[ 2450.595900][T16366]  ? packet_rcv+0xc3/0x9d0
[ 2450.600319][T16366]  ? __kfree_skb+0xfe/0x150
[ 2450.604846][T16366]  ? kmem_cache_free+0x5e/0x100
[ 2450.609798][T16366]  ? __kfree_skb+0xfe/0x150
[ 2450.614335][T16366]  ? consume_skb+0x48/0x160
[ 2450.618896][T16366]  ? nlmon_xmit+0x5f/0x70
[ 2450.623219][T16366]  ? __this_cpu_preempt_check+0x18/0x20
[ 2450.628746][T16366]  ? __local_bh_enable_ip+0x4d/0x70
[ 2450.633938][T16366]  ? local_bh_enable+0x1b/0x20
[ 2450.638687][T16366]  ? __dev_queue_xmit+0x597/0xf70
[ 2450.643777][T16366]  ? __skb_clone+0x2db/0x300
[ 2450.648409][T16366]  ? __rcu_read_unlock+0x5c/0x290
[ 2450.653640][T16366]  netlink_rcv_skb+0x14e/0x250
[ 2450.658449][T16366]  ? rtnetlink_bind+0x60/0x60
[ 2450.663304][T16366]  rtnetlink_rcv+0x18/0x20
[ 2450.667725][T16366]  netlink_unicast+0x5fc/0x6c0
[ 2450.672507][T16366]  netlink_sendmsg+0x6e1/0x7d0
[ 2450.677452][T16366]  ? netlink_getsockopt+0x720/0x720
[ 2450.682666][T16366]  ____sys_sendmsg+0x39a/0x510
[ 2450.687539][T16366]  __sys_sendmsg+0x195/0x230
[ 2450.692125][T16366]  __x64_sys_sendmsg+0x42/0x50
[ 2450.697001][T16366]  do_syscall_64+0x44/0xd0
[ 2450.701421][T16366]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2450.707303][T16366] RIP: 0033:0x7f0da0d09ae9
[ 2450.711748][T16366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2450.731392][T16366] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2450.739814][T16366] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2450.747769][T16366] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2450.755756][T16366] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2450.763864][T16366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2450.771830][T16366] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2450.779795][T16366]  </TASK>
[ 2450.782793][T16366] ---[ end trace e45544a13c7e47d9 ]---
[ 2450.788554][T16366] ------------[ cut here ]------------
[ 2450.794023][T16366] WARNING: CPU: 0 PID: 16366 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2450.803565][T16366] Modules linked in:
[ 2450.807492][T16366] CPU: 0 PID: 16366 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2450.817292][T16366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2450.827438][T16366] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2450.833093][T16366] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2450.852693][T16366] RSP: 0000:ffffc90008453628 EFLAGS: 00010246
[ 2450.858749][T16366] RAX: ffffffff83b40f4c RBX: ffff88810585b088 RCX: 0000000000040000
[ 2450.866712][T16366] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2450.874754][T16366] RBP: ffffc90008453668 R08: 000188810585b08f R09: 0000000000000000
[ 2450.882715][T16366] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888107bc8000
[ 2450.890688][T16366] R13: 0000000000000000 R14: ffffc900084537f0 R15: ffff88810585b000
[ 2450.898649][T16366] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2450.907588][T16366] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2450.914196][T16366] CR2: 00000000007a76a0 CR3: 000000011e70b000 CR4: 00000000003506f0
[ 2450.922175][T16366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2450.930282][T16366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2450.938241][T16366] Call Trace:
[ 2450.941523][T16366]  <TASK>
[ 2450.944591][T16366]  tcf_block_put+0x4c/0x70
[ 2450.949002][T16366]  cake_destroy+0x2d/0x50
[ 2450.953440][T16366]  ? cake_reset+0x5d0/0x5d0
[ 2450.957925][T16366]  qdisc_create+0xa82/0xd10
[ 2450.962423][T16366]  ? __nla_parse+0x3c/0x50
[ 2450.966823][T16366]  tc_modify_qdisc+0x64a/0x10b0
[ 2450.971698][T16366]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2450.977602][T16366]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2450.982552][T16366]  ? ___cache_free+0x46/0x300
[ 2450.987302][T16366]  ? packet_rcv+0xc3/0x9d0
[ 2450.991744][T16366]  ? __kfree_skb+0xfe/0x150
[ 2450.996242][T16366]  ? kmem_cache_free+0x5e/0x100
[ 2451.001245][T16366]  ? __kfree_skb+0xfe/0x150
[ 2451.005731][T16366]  ? consume_skb+0x48/0x160
[ 2451.010253][T16366]  ? nlmon_xmit+0x5f/0x70
[ 2451.014618][T16366]  ? __this_cpu_preempt_check+0x18/0x20
[ 2451.020209][T16366]  ? __local_bh_enable_ip+0x4d/0x70
[ 2451.025445][T16366]  ? local_bh_enable+0x1b/0x20
[ 2451.030233][T16366]  ? __dev_queue_xmit+0x597/0xf70
[ 2451.035262][T16366]  ? __skb_clone+0x2db/0x300
[ 2451.039934][T16366]  ? __rcu_read_unlock+0x5c/0x290
[ 2451.044952][T16366]  netlink_rcv_skb+0x14e/0x250
[ 2451.049725][T16366]  ? rtnetlink_bind+0x60/0x60
[ 2451.054413][T16366]  rtnetlink_rcv+0x18/0x20
[ 2451.058811][T16366]  netlink_unicast+0x5fc/0x6c0
[ 2451.063605][T16366]  netlink_sendmsg+0x6e1/0x7d0
[ 2451.068359][T16366]  ? netlink_getsockopt+0x720/0x720
[ 2451.073555][T16366]  ____sys_sendmsg+0x39a/0x510
[ 2451.078367][T16366]  __sys_sendmsg+0x195/0x230
[ 2451.082977][T16366]  __x64_sys_sendmsg+0x42/0x50
[ 2451.087870][T16366]  do_syscall_64+0x44/0xd0
[ 2451.092294][T16366]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2451.098172][T16366] RIP: 0033:0x7f0da0d09ae9
[ 2451.102601][T16366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2451.122206][T16366] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2451.130685][T16366] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2451.138636][T16366] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2451.146600][T16366] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2451.154589][T16366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2451.162550][T16366] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2451.170536][T16366]  </TASK>
[ 2451.173535][T16366] ---[ end trace e45544a13c7e47da ]---
[ 2451.180562][T16366] ------------[ cut here ]------------
[ 2451.186097][T16366] WARNING: CPU: 0 PID: 16366 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2451.195606][T16366] Modules linked in:
[ 2451.199504][T16366] CPU: 0 PID: 16366 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2451.209320][T16366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2451.219391][T16366] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2451.225000][T16366] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2451.244633][T16366] RSP: 0000:ffffc900084535d8 EFLAGS: 00010246
[ 2451.250722][T16366] RAX: ffffffff83b414a7 RBX: ffff88810585b0a0 RCX: 0000000000040000
[ 2451.258761][T16366] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2451.266813][T16366] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2451.274812][T16366] R10: 0001ffffffffffff R11: 000188810585b0a0 R12: ffff88810585b050
[ 2451.282775][T16366] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88810585b000
[ 2451.290739][T16366] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2451.299680][T16366] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2451.306351][T16366] CR2: 00000000007a76a0 CR3: 000000011e70b000 CR4: 00000000003506f0
[ 2451.314343][T16366] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2451.322326][T16366] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2451.330335][T16366] Call Trace:
[ 2451.333605][T16366]  <TASK>
[ 2451.336532][T16366]  tcf_block_put_ext+0xe5/0x180
[ 2451.341395][T16366]  tcf_block_put+0x4c/0x70
[ 2451.345803][T16366]  cake_destroy+0x2d/0x50
[ 2451.350168][T16366]  ? cake_reset+0x5d0/0x5d0
[ 2451.354688][T16366]  qdisc_create+0xa82/0xd10
[ 2451.359192][T16366]  ? __nla_parse+0x3c/0x50
[ 2451.363614][T16366]  tc_modify_qdisc+0x64a/0x10b0
[ 2451.368520][T16366]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2451.374524][T16366]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2451.379532][T16366]  ? ___cache_free+0x46/0x300
[ 2451.384202][T16366]  ? packet_rcv+0xc3/0x9d0
[ 2451.388595][T16366]  ? __kfree_skb+0xfe/0x150
[ 2451.393106][T16366]  ? kmem_cache_free+0x5e/0x100
[ 2451.398025][T16366]  ? __kfree_skb+0xfe/0x150
[ 2451.402540][T16366]  ? consume_skb+0x48/0x160
[ 2451.407032][T16366]  ? nlmon_xmit+0x5f/0x70
[ 2451.411407][T16366]  ? __this_cpu_preempt_check+0x18/0x20
[ 2451.416944][T16366]  ? __local_bh_enable_ip+0x4d/0x70
[ 2451.422202][T16366]  ? local_bh_enable+0x1b/0x20
[ 2451.426948][T16366]  ? __dev_queue_xmit+0x597/0xf70
[ 2451.432016][T16366]  ? __skb_clone+0x2db/0x300
[ 2451.436612][T16366]  ? __rcu_read_unlock+0x5c/0x290
[ 2451.441762][T16366]  netlink_rcv_skb+0x14e/0x250
[ 2451.446519][T16366]  ? rtnetlink_bind+0x60/0x60
[ 2451.451246][T16366]  rtnetlink_rcv+0x18/0x20
[ 2451.455711][T16366]  netlink_unicast+0x5fc/0x6c0
[ 2451.460595][T16366]  netlink_sendmsg+0x6e1/0x7d0
[ 2451.465349][T16366]  ? netlink_getsockopt+0x720/0x720
[ 2451.470555][T16366]  ____sys_sendmsg+0x39a/0x510
[ 2451.475313][T16366]  __sys_sendmsg+0x195/0x230
[ 2451.479945][T16366]  __x64_sys_sendmsg+0x42/0x50
[ 2451.484741][T16366]  do_syscall_64+0x44/0xd0
[ 2451.489220][T16366]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2451.495169][T16366] RIP: 0033:0x7f0da0d09ae9
[ 2451.499590][T16366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2451.519298][T16366] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2451.527695][T16366] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2451.535662][T16366] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2451.543700][T16366] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2451.551695][T16366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2451.559690][T16366] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2451.567659][T16366]  </TASK>
[ 2451.570672][T16366] ---[ end trace e45544a13c7e47db ]---
19:00:50 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8847]}]}}]}, 0x434}}, 0x0)

19:00:50 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}]}}]}, 0x434}}, 0x0)

[ 2462.250837][T16371] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
19:01:08 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x60}}, {0x4}}]}]}, 0x68}}, 0x0)

19:01:08 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)

19:01:26 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ec00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 2504.648000][T16476] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2507.949227][T16476] syz-executor.1: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 2507.965471][T16476] CPU: 0 PID: 16476 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2507.975345][T16476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2507.985396][T16476] Call Trace:
[ 2507.988692][T16476]  <TASK>
[ 2507.991685][T16476]  dump_stack_lvl+0xd6/0x122
[ 2507.996279][T16476]  dump_stack+0x11/0x1b
[ 2508.000479][T16476]  warn_alloc+0x132/0x190
[ 2508.004824][T16476]  __vmalloc_node_range+0x58b/0x690
[ 2508.010149][T16476]  ? cake_init+0x20d/0x640
[ 2508.014645][T16476]  __vmalloc_node+0x61/0x70
[ 2508.019159][T16476]  ? cake_init+0x20d/0x640
[ 2508.023584][T16476]  kvmalloc_node+0xd2/0x110
[ 2508.028176][T16476]  cake_init+0x20d/0x640
[ 2508.032428][T16476]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2508.038187][T16476]  ? qdisc_alloc+0x334/0x3c0
[ 2508.042796][T16476]  ? qdisc_lookup+0x20c/0x2e0
[ 2508.047485][T16476]  ? qdisc_peek_dequeued+0x140/0x140
[ 2508.052828][T16476]  qdisc_create+0x5f4/0xd10
[ 2508.057385][T16476]  ? __nla_parse+0x3c/0x50
[ 2508.061818][T16476]  tc_modify_qdisc+0x64a/0x10b0
[ 2508.066682][T16476]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2508.072644][T16476]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2508.077631][T16476]  ? ___cache_free+0x46/0x300
[ 2508.082307][T16476]  ? packet_rcv+0xc3/0x9d0
[ 2508.086788][T16476]  ? __kfree_skb+0xfe/0x150
[ 2508.091305][T16476]  ? kmem_cache_free+0x5e/0x100
[ 2508.096230][T16476]  ? __kfree_skb+0xfe/0x150
[ 2508.100737][T16476]  ? consume_skb+0x48/0x160
[ 2508.105261][T16476]  ? nlmon_xmit+0x5f/0x70
[ 2508.109668][T16476]  ? __this_cpu_preempt_check+0x18/0x20
[ 2508.115256][T16476]  ? __local_bh_enable_ip+0x4d/0x70
[ 2508.120461][T16476]  ? local_bh_enable+0x1b/0x20
[ 2508.125257][T16476]  ? __dev_queue_xmit+0x597/0xf70
[ 2508.130516][T16476]  ? __skb_clone+0x2db/0x300
[ 2508.135109][T16476]  ? __rcu_read_unlock+0x5c/0x290
[ 2508.140135][T16476]  netlink_rcv_skb+0x14e/0x250
[ 2508.144914][T16476]  ? rtnetlink_bind+0x60/0x60
[ 2508.149704][T16476]  rtnetlink_rcv+0x18/0x20
[ 2508.154124][T16476]  netlink_unicast+0x5fc/0x6c0
[ 2508.158963][T16476]  netlink_sendmsg+0x6e1/0x7d0
[ 2508.163732][T16476]  ? netlink_getsockopt+0x720/0x720
[ 2508.168983][T16476]  ____sys_sendmsg+0x39a/0x510
[ 2508.173773][T16476]  __sys_sendmsg+0x195/0x230
[ 2508.178441][T16476]  __x64_sys_sendmsg+0x42/0x50
[ 2508.183230][T16476]  do_syscall_64+0x44/0xd0
[ 2508.187652][T16476]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2508.193617][T16476] RIP: 0033:0x7f7b56f48ae9
[ 2508.198033][T16476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2508.217779][T16476] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2508.226236][T16476] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2508.234197][T16476] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2508.242285][T16476] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2508.250239][T16476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2508.258213][T16476] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2508.266166][T16476]  </TASK>
[ 2508.269232][T16476] Mem-Info:
[ 2508.272327][T16476] active_anon:10664 inactive_anon:100361 isolated_anon:0
[ 2508.272327][T16476]  active_file:137 inactive_file:1145 isolated_file:0
[ 2508.272327][T16476]  unevictable:0 dirty:5 writeback:0
[ 2508.272327][T16476]  slab_reclaimable:7693 slab_unreclaimable:1742333
[ 2508.272327][T16476]  mapped:53016 shmem:355 pagetables:5275 bounce:0
[ 2508.272327][T16476]  kernel_misc_reclaimable:0
[ 2508.272327][T16476]  free:11575 free_pcp:335 free_cma:0
[ 2508.313560][T16476] Node 0 active_anon:42656kB inactive_anon:401444kB active_file:548kB inactive_file:4580kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:212064kB dirty:20kB writeback:0kB shmem:1420kB writeback_tmp:0kB kernel_stack:5248kB pagetables:21100kB all_unreclaimable? yes
[ 2508.339994][T16476] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2508.366799][T16476] lowmem_reserve[]: 0 2896 7874 7874
[ 2508.372198][T16476] Node 0 DMA32 free:22192kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2508.400669][T16476] lowmem_reserve[]: 0 0 4978 4978
[ 2508.405679][T16476] Node 0 Normal free:8748kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42656kB inactive_anon:400528kB active_file:456kB inactive_file:5020kB unevictable:0kB writepending:20kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1340kB local_pcp:1092kB free_cma:0kB
[ 2508.435733][T16476] lowmem_reserve[]: 0 0 0 0
[ 2508.440316][T16476] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2508.452948][T16476] Node 0 DMA32: 254*4kB (UME) 137*8kB (UME) 55*16kB (UME) 46*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 22192kB
[ 2508.470454][T16476] Node 0 Normal: 851*4kB (UME) 510*8kB (ME) 71*16kB (UME) 2*32kB (U) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8748kB
[ 2508.485140][T16476] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2508.494519][T16476] 1672 total pagecache pages
[ 2508.499099][T16476] 0 pages in swap cache
[ 2508.503241][T16476] Swap cache stats: add 0, delete 0, find 0/0
[ 2508.509292][T16476] Free swap  = 0kB
[ 2508.512982][T16476] Total swap = 0kB
[ 2508.516678][T16476] 2097051 pages RAM
[ 2508.520467][T16476] 0 pages HighMem/MovableOnly
[ 2508.525115][T16476] 75955 pages reserved
[ 2508.529880][T16476] ------------[ cut here ]------------
[ 2508.535374][T16476] WARNING: CPU: 1 PID: 16476 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2508.545946][T16476] Modules linked in:
[ 2508.549958][T16476] CPU: 1 PID: 16476 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2508.559778][T16476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2508.569933][T16476] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2508.576792][T16476] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2508.596615][T16476] RSP: 0018:ffffc90008cc75f0 EFLAGS: 00010246
[ 2508.602703][T16476] RAX: ffff88813f027000 RBX: ffff88823fed08b0 RCX: 0000000000000000
[ 2508.610689][T16476] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: ffff88823fed0800
[ 2508.618655][T16476] RBP: ffffc90008cc7738 R08: 000188823fed08b7 R09: 0000000000000000
[ 2508.626632][T16476] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88823fed08b0
[ 2508.634610][T16476] R13: ffffffff85ec3720 R14: ffff88823fed0800 R15: ffffc90008cc7668
[ 2508.642607][T16476] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2508.651565][T16476] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2508.658240][T16476] CR2: 00007f1b1433b8b7 CR3: 0000000124514000 CR4: 00000000003506e0
[ 2508.666235][T16476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2508.674275][T16476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2508.682260][T16476] Call Trace:
[ 2508.685526][T16476]  <TASK>
[ 2508.688441][T16476]  tcf_block_put_ext+0x2d/0x180
[ 2508.693294][T16476]  tcf_block_put+0x4c/0x70
[ 2508.697694][T16476]  cake_destroy+0x2d/0x50
[ 2508.702022][T16476]  ? cake_reset+0x5d0/0x5d0
[ 2508.706603][T16476]  qdisc_create+0xa82/0xd10
[ 2508.711117][T16476]  ? __nla_parse+0x3c/0x50
[ 2508.715519][T16476]  tc_modify_qdisc+0x64a/0x10b0
[ 2508.720454][T16476]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2508.726331][T16476]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2508.731367][T16476]  ? ___cache_free+0x46/0x300
[ 2508.736026][T16476]  ? packet_rcv+0xc3/0x9d0
[ 2508.740459][T16476]  ? __kfree_skb+0xfe/0x150
[ 2508.744998][T16476]  ? kmem_cache_free+0x5e/0x100
[ 2508.749845][T16476]  ? __kfree_skb+0xfe/0x150
[ 2508.754420][T16476]  ? consume_skb+0x48/0x160
[ 2508.758905][T16476]  ? nlmon_xmit+0x5f/0x70
[ 2508.763365][T16476]  ? __this_cpu_preempt_check+0x18/0x20
[ 2508.768899][T16476]  ? __local_bh_enable_ip+0x4d/0x70
[ 2508.774170][T16476]  ? local_bh_enable+0x1b/0x20
[ 2508.778953][T16476]  ? __dev_queue_xmit+0x597/0xf70
[ 2508.784031][T16476]  ? __skb_clone+0x2db/0x300
[ 2508.788602][T16476]  ? __rcu_read_unlock+0x5c/0x290
[ 2508.793622][T16476]  netlink_rcv_skb+0x14e/0x250
[ 2508.798415][T16476]  ? rtnetlink_bind+0x60/0x60
[ 2508.803124][T16476]  rtnetlink_rcv+0x18/0x20
[ 2508.807521][T16476]  netlink_unicast+0x5fc/0x6c0
[ 2508.812471][T16476]  netlink_sendmsg+0x6e1/0x7d0
[ 2508.817221][T16476]  ? netlink_getsockopt+0x720/0x720
[ 2508.822496][T16476]  ____sys_sendmsg+0x39a/0x510
[ 2508.827321][T16476]  __sys_sendmsg+0x195/0x230
[ 2508.831908][T16476]  __x64_sys_sendmsg+0x42/0x50
[ 2508.836653][T16476]  do_syscall_64+0x44/0xd0
[ 2508.841067][T16476]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2508.847073][T16476] RIP: 0033:0x7f7b56f48ae9
[ 2508.851477][T16476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2508.871192][T16476] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2508.879755][T16476] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2508.887737][T16476] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2508.895716][T16476] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2508.903745][T16476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2508.911721][T16476] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2508.919688][T16476]  </TASK>
[ 2508.922733][T16476] ---[ end trace e45544a13c7e47dc ]---
[ 2508.928557][T16476] ------------[ cut here ]------------
[ 2508.934007][T16476] WARNING: CPU: 1 PID: 16476 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2508.943561][T16476] Modules linked in:
[ 2508.947445][T16476] CPU: 1 PID: 16476 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2508.957300][T16476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2508.967362][T16476] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2508.972991][T16476] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2508.992598][T16476] RSP: 0018:ffffc90008cc7628 EFLAGS: 00010246
[ 2508.998643][T16476] RAX: ffffffff83b40f4c RBX: ffff88823fed0888 RCX: 0000000000040000
[ 2509.006617][T16476] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2509.014584][T16476] RBP: ffffc90008cc7668 R08: 000188823fed088f R09: 0000000000000000
[ 2509.022561][T16476] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108910000
[ 2509.030670][T16476] R13: 0000000000000000 R14: ffffc90008cc77f0 R15: ffff88823fed0800
[ 2509.038621][T16476] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2509.047542][T16476] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2509.054215][T16476] CR2: 00007f1b1433b8b7 CR3: 0000000124514000 CR4: 00000000003506e0
[ 2509.062192][T16476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2509.070183][T16476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2509.078186][T16476] Call Trace:
[ 2509.081462][T16476]  <TASK>
[ 2509.084432][T16476]  tcf_block_put+0x4c/0x70
[ 2509.088962][T16476]  cake_destroy+0x2d/0x50
[ 2509.093471][T16476]  ? cake_reset+0x5d0/0x5d0
[ 2509.098036][T16476]  qdisc_create+0xa82/0xd10
[ 2509.102593][T16476]  ? __nla_parse+0x3c/0x50
[ 2509.107008][T16476]  tc_modify_qdisc+0x64a/0x10b0
[ 2509.111855][T16476]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2509.117757][T16476]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2509.122758][T16476]  ? ___cache_free+0x46/0x300
[ 2509.127491][T16476]  ? packet_rcv+0xc3/0x9d0
[ 2509.131944][T16476]  ? __kfree_skb+0xfe/0x150
[ 2509.136517][T16476]  ? kmem_cache_free+0x5e/0x100
[ 2509.141372][T16476]  ? __kfree_skb+0xfe/0x150
[ 2509.145879][T16476]  ? consume_skb+0x48/0x160
[ 2509.150465][T16476]  ? nlmon_xmit+0x5f/0x70
[ 2509.154885][T16476]  ? __this_cpu_preempt_check+0x18/0x20
[ 2509.160646][T16476]  ? __local_bh_enable_ip+0x4d/0x70
[ 2509.165832][T16476]  ? local_bh_enable+0x1b/0x20
[ 2509.170712][T16476]  ? __dev_queue_xmit+0x597/0xf70
[ 2509.175719][T16476]  ? __skb_clone+0x2db/0x300
[ 2509.180352][T16476]  ? __rcu_read_unlock+0x5c/0x290
[ 2509.185484][T16476]  netlink_rcv_skb+0x14e/0x250
[ 2509.190282][T16476]  ? rtnetlink_bind+0x60/0x60
[ 2509.194940][T16476]  rtnetlink_rcv+0x18/0x20
[ 2509.199363][T16476]  netlink_unicast+0x5fc/0x6c0
[ 2509.204156][T16476]  netlink_sendmsg+0x6e1/0x7d0
[ 2509.208931][T16476]  ? netlink_getsockopt+0x720/0x720
[ 2509.214224][T16476]  ____sys_sendmsg+0x39a/0x510
[ 2509.218970][T16476]  __sys_sendmsg+0x195/0x230
[ 2509.223568][T16476]  __x64_sys_sendmsg+0x42/0x50
[ 2509.228351][T16476]  do_syscall_64+0x44/0xd0
[ 2509.232780][T16476]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2509.238667][T16476] RIP: 0033:0x7f7b56f48ae9
[ 2509.243074][T16476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2509.262703][T16476] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2509.271157][T16476] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2509.279124][T16476] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2509.287154][T16476] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2509.295118][T16476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2509.303269][T16476] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2509.311273][T16476]  </TASK>
[ 2509.314274][T16476] ---[ end trace e45544a13c7e47dd ]---
[ 2509.321099][T16476] ------------[ cut here ]------------
[ 2509.326547][T16476] WARNING: CPU: 1 PID: 16476 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2509.336034][T16476] Modules linked in:
[ 2509.339916][T16476] CPU: 1 PID: 16476 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2509.349710][T16476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2509.359787][T16476] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2509.365368][T16476] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2509.384974][T16476] RSP: 0018:ffffc90008cc75d8 EFLAGS: 00010246
[ 2509.391060][T16476] RAX: ffffffff83b414a7 RBX: ffff88823fed08a0 RCX: 0000000000040000
[ 2509.399038][T16476] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2509.407029][T16476] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2509.415020][T16476] R10: 0001ffffffffffff R11: 000188823fed08a0 R12: ffff88823fed0850
[ 2509.423002][T16476] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88823fed0800
[ 2509.430970][T16476] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2509.439964][T16476] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2509.446686][T16476] CR2: 00007f1b1433b8b7 CR3: 0000000124514000 CR4: 00000000003506e0
[ 2509.454710][T16476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2509.462762][T16476] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2509.470746][T16476] Call Trace:
[ 2509.474008][T16476]  <TASK>
[ 2509.476930][T16476]  tcf_block_put_ext+0xe5/0x180
[ 2509.481781][T16476]  tcf_block_put+0x4c/0x70
[ 2509.486178][T16476]  cake_destroy+0x2d/0x50
[ 2509.490503][T16476]  ? cake_reset+0x5d0/0x5d0
[ 2509.495006][T16476]  qdisc_create+0xa82/0xd10
[ 2509.499504][T16476]  ? __nla_parse+0x3c/0x50
[ 2509.503906][T16476]  tc_modify_qdisc+0x64a/0x10b0
[ 2509.508760][T16476]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2509.514652][T16476]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2509.519625][T16476]  ? ___cache_free+0x46/0x300
[ 2509.524375][T16476]  ? packet_rcv+0xc3/0x9d0
[ 2509.528770][T16476]  ? __kfree_skb+0xfe/0x150
[ 2509.533385][T16476]  ? kmem_cache_free+0x5e/0x100
[ 2509.538261][T16476]  ? __kfree_skb+0xfe/0x150
[ 2509.542774][T16476]  ? consume_skb+0x48/0x160
[ 2509.547261][T16476]  ? nlmon_xmit+0x5f/0x70
[ 2509.551585][T16476]  ? __this_cpu_preempt_check+0x18/0x20
[ 2509.557154][T16476]  ? __local_bh_enable_ip+0x4d/0x70
[ 2509.562348][T16476]  ? local_bh_enable+0x1b/0x20
[ 2509.567093][T16476]  ? __dev_queue_xmit+0x597/0xf70
[ 2509.572173][T16476]  ? __skb_clone+0x2db/0x300
[ 2509.576765][T16476]  ? __rcu_read_unlock+0x5c/0x290
[ 2509.581781][T16476]  netlink_rcv_skb+0x14e/0x250
[ 2509.586541][T16476]  ? rtnetlink_bind+0x60/0x60
[ 2509.591210][T16476]  rtnetlink_rcv+0x18/0x20
[ 2509.595715][T16476]  netlink_unicast+0x5fc/0x6c0
[ 2509.600606][T16476]  netlink_sendmsg+0x6e1/0x7d0
[ 2509.605418][T16476]  ? netlink_getsockopt+0x720/0x720
[ 2509.610626][T16476]  ____sys_sendmsg+0x39a/0x510
[ 2509.615493][T16476]  __sys_sendmsg+0x195/0x230
[ 2509.620120][T16476]  __x64_sys_sendmsg+0x42/0x50
[ 2509.625001][T16476]  do_syscall_64+0x44/0xd0
[ 2509.629448][T16476]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2509.635335][T16476] RIP: 0033:0x7f7b56f48ae9
[ 2509.639755][T16476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2509.659398][T16476] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2509.667898][T16476] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2509.675863][T16476] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2509.683828][T16476] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2509.691847][T16476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2509.699813][T16476] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2509.707769][T16476]  </TASK>
[ 2509.710797][T16476] ---[ end trace e45544a13c7e47de ]---
19:02:08 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)

[ 2525.663258][T16582] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2531.029121][T16582] syz-executor.0: vmalloc error: size 520192, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 2531.045553][T16582] CPU: 1 PID: 16582 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2531.055337][T16582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2531.065376][T16582] Call Trace:
[ 2531.068637][T16582]  <TASK>
[ 2531.071548][T16582]  dump_stack_lvl+0xd6/0x122
[ 2531.076159][T16582]  dump_stack+0x11/0x1b
[ 2531.080333][T16582]  warn_alloc+0x132/0x190
[ 2531.084655][T16582]  __vmalloc_node_range+0x58b/0x690
[ 2531.089895][T16582]  ? cake_init+0x20d/0x640
[ 2531.094333][T16582]  __vmalloc_node+0x61/0x70
[ 2531.098832][T16582]  ? cake_init+0x20d/0x640
[ 2531.103248][T16582]  kvmalloc_node+0xd2/0x110
[ 2531.107833][T16582]  cake_init+0x20d/0x640
[ 2531.112092][T16582]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2531.117872][T16582]  ? qdisc_alloc+0x334/0x3c0
[ 2531.122444][T16582]  ? qdisc_lookup+0x20c/0x2e0
[ 2531.127100][T16582]  ? qdisc_peek_dequeued+0x140/0x140
[ 2531.132368][T16582]  qdisc_create+0x5f4/0xd10
[ 2531.136862][T16582]  ? __nla_parse+0x3c/0x50
[ 2531.141342][T16582]  tc_modify_qdisc+0x64a/0x10b0
[ 2531.146206][T16582]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2531.152086][T16582]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2531.157052][T16582]  ? ___cache_free+0x46/0x300
[ 2531.161715][T16582]  ? packet_rcv+0xc3/0x9d0
[ 2531.166185][T16582]  ? __kfree_skb+0xfe/0x150
[ 2531.170673][T16582]  ? kmem_cache_free+0x5e/0x100
[ 2531.175519][T16582]  ? __kfree_skb+0xfe/0x150
[ 2531.180005][T16582]  ? consume_skb+0x48/0x160
[ 2531.184570][T16582]  ? nlmon_xmit+0x5f/0x70
[ 2531.188886][T16582]  ? __this_cpu_preempt_check+0x18/0x20
[ 2531.194452][T16582]  ? __local_bh_enable_ip+0x4d/0x70
[ 2531.199635][T16582]  ? local_bh_enable+0x1b/0x20
[ 2531.204609][T16582]  ? __dev_queue_xmit+0x597/0xf70
[ 2531.209648][T16582]  ? __skb_clone+0x2db/0x300
[ 2531.214221][T16582]  ? __rcu_read_unlock+0x5c/0x290
[ 2531.219314][T16582]  netlink_rcv_skb+0x14e/0x250
[ 2531.224113][T16582]  ? rtnetlink_bind+0x60/0x60
[ 2531.228852][T16582]  rtnetlink_rcv+0x18/0x20
[ 2531.233308][T16582]  netlink_unicast+0x5fc/0x6c0
[ 2531.238054][T16582]  netlink_sendmsg+0x6e1/0x7d0
[ 2531.242833][T16582]  ? netlink_getsockopt+0x720/0x720
[ 2531.248057][T16582]  ____sys_sendmsg+0x39a/0x510
[ 2531.252886][T16582]  __sys_sendmsg+0x195/0x230
[ 2531.257494][T16582]  ? __xfrm_init_state+0x350/0x820
[ 2531.262584][T16582]  __x64_sys_sendmsg+0x42/0x50
[ 2531.267364][T16582]  do_syscall_64+0x44/0xd0
[ 2531.271827][T16582]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2531.277782][T16582] RIP: 0033:0x7f0da0d09ae9
[ 2531.282174][T16582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2531.301843][T16582] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2531.310235][T16582] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2531.318192][T16582] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2531.326233][T16582] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2531.334198][T16582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2531.342218][T16582] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2531.350176][T16582]  </TASK>
[ 2531.353229][T16582] Mem-Info:
[ 2531.356322][T16582] active_anon:10671 inactive_anon:100334 isolated_anon:0
[ 2531.356322][T16582]  active_file:257 inactive_file:304 isolated_file:0
[ 2531.356322][T16582]  unevictable:0 dirty:0 writeback:0
[ 2531.356322][T16582]  slab_reclaimable:7692 slab_unreclaimable:1742351
[ 2531.356322][T16582]  mapped:52531 shmem:362 pagetables:5277 bounce:0
[ 2531.356322][T16582]  kernel_misc_reclaimable:0
[ 2531.356322][T16582]  free:12121 free_pcp:307 free_cma:0
[ 2531.397558][T16582] Node 0 active_anon:42684kB inactive_anon:401336kB active_file:1028kB inactive_file:1216kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210124kB dirty:0kB writeback:0kB shmem:1448kB writeback_tmp:0kB kernel_stack:5312kB pagetables:21108kB all_unreclaimable? yes
[ 2531.424013][T16582] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2531.450777][T16582] lowmem_reserve[]: 0 2896 7874 7874
[ 2531.456048][T16582] Node 0 DMA32 free:22192kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2531.484384][T16582] lowmem_reserve[]: 0 0 4978 4978
[ 2531.489472][T16582] Node 0 Normal free:11184kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42684kB inactive_anon:400420kB active_file:760kB inactive_file:1336kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1228kB local_pcp:436kB free_cma:0kB
[ 2531.519592][T16582] lowmem_reserve[]: 0 0 0 0
[ 2531.524157][T16582] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2531.536833][T16582] Node 0 DMA32: 254*4kB (UME) 137*8kB (UME) 55*16kB (UME) 46*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 22192kB
[ 2531.554388][T16582] Node 0 Normal: 1433*4kB (UME) 500*8kB (UME) 71*16kB (UM) 2*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10932kB
[ 2531.568637][T16582] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2531.577907][T16582] 986 total pagecache pages
[ 2531.582387][T16582] 0 pages in swap cache
[ 2531.586511][T16582] Swap cache stats: add 0, delete 0, find 0/0
[ 2531.592593][T16582] Free swap  = 0kB
[ 2531.596295][T16582] Total swap = 0kB
[ 2531.600000][T16582] 2097051 pages RAM
[ 2531.603793][T16582] 0 pages HighMem/MovableOnly
[ 2531.608438][T16582] 75955 pages reserved
[ 2531.613133][T16582] ------------[ cut here ]------------
[ 2531.618596][T16582] WARNING: CPU: 0 PID: 16582 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2531.629206][T16582] Modules linked in:
[ 2531.633093][T16582] CPU: 0 PID: 16582 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2531.642944][T16582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2531.653033][T16582] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2531.659744][T16582] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2531.679370][T16582] RSP: 0000:ffffc900084535f0 EFLAGS: 00010246
[ 2531.685515][T16582] RAX: ffff88811d9da000 RBX: ffff8881495fc8b0 RCX: 0000000000000000
[ 2531.693584][T16582] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: ffff8881495fc800
[ 2531.701554][T16582] RBP: ffffc90008453738 R08: 00018881495fc8b7 R09: 0000000000000000
[ 2531.709598][T16582] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8881495fc8b0
[ 2531.717649][T16582] R13: ffffffff85ec3720 R14: ffff8881495fc800 R15: ffffc90008453668
[ 2531.725799][T16582] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2531.734937][T16582] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2531.741582][T16582] CR2: 0000000000443e6d CR3: 000000011e7ed000 CR4: 00000000003506f0
[ 2531.750066][T16582] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2531.758259][T16582] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2531.766269][T16582] Call Trace:
[ 2531.769579][T16582]  <TASK>
[ 2531.772500][T16582]  tcf_block_put_ext+0x2d/0x180
[ 2531.777360][T16582]  tcf_block_put+0x4c/0x70
[ 2531.781900][T16582]  cake_destroy+0x2d/0x50
[ 2531.786393][T16582]  ? cake_reset+0x5d0/0x5d0
[ 2531.790912][T16582]  qdisc_create+0xa82/0xd10
[ 2531.795398][T16582]  ? __nla_parse+0x3c/0x50
[ 2531.799815][T16582]  tc_modify_qdisc+0x64a/0x10b0
[ 2531.804669][T16582]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2531.810563][T16582]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2531.815526][T16582]  ? ___cache_free+0x46/0x300
[ 2531.820213][T16582]  ? packet_rcv+0xc3/0x9d0
[ 2531.824682][T16582]  ? __kfree_skb+0xfe/0x150
[ 2531.829232][T16582]  ? kmem_cache_free+0x5e/0x100
[ 2531.834090][T16582]  ? __kfree_skb+0xfe/0x150
[ 2531.838582][T16582]  ? consume_skb+0x48/0x160
[ 2531.843080][T16582]  ? nlmon_xmit+0x5f/0x70
[ 2531.847390][T16582]  ? __this_cpu_preempt_check+0x18/0x20
[ 2531.852963][T16582]  ? __local_bh_enable_ip+0x4d/0x70
[ 2531.858143][T16582]  ? local_bh_enable+0x1b/0x20
[ 2531.862903][T16582]  ? __dev_queue_xmit+0x597/0xf70
[ 2531.868014][T16582]  ? __skb_clone+0x2db/0x300
[ 2531.872601][T16582]  ? __rcu_read_unlock+0x5c/0x290
[ 2531.877603][T16582]  netlink_rcv_skb+0x14e/0x250
[ 2531.882401][T16582]  ? rtnetlink_bind+0x60/0x60
[ 2531.887057][T16582]  rtnetlink_rcv+0x18/0x20
[ 2531.891498][T16582]  netlink_unicast+0x5fc/0x6c0
[ 2531.896337][T16582]  netlink_sendmsg+0x6e1/0x7d0
[ 2531.901101][T16582]  ? netlink_getsockopt+0x720/0x720
[ 2531.906473][T16582]  ____sys_sendmsg+0x39a/0x510
[ 2531.911234][T16582]  __sys_sendmsg+0x195/0x230
[ 2531.915810][T16582]  ? __xfrm_init_state+0x350/0x820
[ 2531.920977][T16582]  __x64_sys_sendmsg+0x42/0x50
[ 2531.925721][T16582]  do_syscall_64+0x44/0xd0
[ 2531.930154][T16582]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2531.936127][T16582] RIP: 0033:0x7f0da0d09ae9
[ 2531.940644][T16582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2531.960268][T16582] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2531.968752][T16582] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2531.976716][T16582] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2531.984759][T16582] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2531.992729][T16582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2532.000765][T16582] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2532.008717][T16582]  </TASK>
[ 2532.011772][T16582] ---[ end trace e45544a13c7e47df ]---
[ 2532.017726][T16582] ------------[ cut here ]------------
[ 2532.023168][T16582] WARNING: CPU: 0 PID: 16582 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2532.032719][T16582] Modules linked in:
[ 2532.036586][T16582] CPU: 0 PID: 16582 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2532.046379][T16582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2532.056479][T16582] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2532.062194][T16582] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2532.082067][T16582] RSP: 0000:ffffc90008453628 EFLAGS: 00010246
[ 2532.088114][T16582] RAX: ffffffff83b40f4c RBX: ffff8881495fc888 RCX: 0000000000040000
[ 2532.096074][T16582] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2532.104034][T16582] RBP: ffffc90008453668 R08: 00018881495fc88f R09: 0000000000000000
[ 2532.111992][T16582] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108910000
[ 2532.119955][T16582] R13: 0000000000000000 R14: ffffc900084537f0 R15: ffff8881495fc800
[ 2532.127915][T16582] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2532.136830][T16582] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2532.143415][T16582] CR2: 0000000000443e6d CR3: 000000011e7ed000 CR4: 00000000003506f0
[ 2532.151378][T16582] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2532.159426][T16582] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2532.167395][T16582] Call Trace:
[ 2532.170690][T16582]  <TASK>
[ 2532.173620][T16582]  tcf_block_put+0x4c/0x70
[ 2532.178023][T16582]  cake_destroy+0x2d/0x50
[ 2532.182343][T16582]  ? cake_reset+0x5d0/0x5d0
[ 2532.186825][T16582]  qdisc_create+0xa82/0xd10
[ 2532.191323][T16582]  ? __nla_parse+0x3c/0x50
[ 2532.195722][T16582]  tc_modify_qdisc+0x64a/0x10b0
[ 2532.200566][T16582]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2532.206444][T16582]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2532.211371][T16582]  ? ___cache_free+0x46/0x300
[ 2532.216054][T16582]  ? packet_rcv+0xc3/0x9d0
[ 2532.220608][T16582]  ? __kfree_skb+0xfe/0x150
[ 2532.225135][T16582]  ? kmem_cache_free+0x5e/0x100
[ 2532.229980][T16582]  ? __kfree_skb+0xfe/0x150
[ 2532.234474][T16582]  ? consume_skb+0x48/0x160
[ 2532.238966][T16582]  ? nlmon_xmit+0x5f/0x70
[ 2532.243300][T16582]  ? __this_cpu_preempt_check+0x18/0x20
[ 2532.248826][T16582]  ? __local_bh_enable_ip+0x4d/0x70
[ 2532.254023][T16582]  ? local_bh_enable+0x1b/0x20
[ 2532.258765][T16582]  ? __dev_queue_xmit+0x597/0xf70
[ 2532.263854][T16582]  ? __skb_clone+0x2db/0x300
[ 2532.268487][T16582]  ? __rcu_read_unlock+0x5c/0x290
[ 2532.273542][T16582]  netlink_rcv_skb+0x14e/0x250
[ 2532.278285][T16582]  ? rtnetlink_bind+0x60/0x60
[ 2532.282968][T16582]  rtnetlink_rcv+0x18/0x20
[ 2532.287392][T16582]  netlink_unicast+0x5fc/0x6c0
[ 2532.292159][T16582]  netlink_sendmsg+0x6e1/0x7d0
[ 2532.296997][T16582]  ? netlink_getsockopt+0x720/0x720
[ 2532.302202][T16582]  ____sys_sendmsg+0x39a/0x510
[ 2532.306956][T16582]  __sys_sendmsg+0x195/0x230
[ 2532.311565][T16582]  ? __xfrm_init_state+0x350/0x820
[ 2532.316672][T16582]  __x64_sys_sendmsg+0x42/0x50
[ 2532.321441][T16582]  do_syscall_64+0x44/0xd0
[ 2532.325860][T16582]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2532.331805][T16582] RIP: 0033:0x7f0da0d09ae9
[ 2532.336200][T16582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2532.355882][T16582] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2532.364281][T16582] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2532.372254][T16582] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2532.380234][T16582] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2532.388197][T16582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2532.396239][T16582] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2532.404259][T16582]  </TASK>
[ 2532.407254][T16582] ---[ end trace e45544a13c7e47e0 ]---
[ 2532.413999][T16582] ------------[ cut here ]------------
[ 2532.419525][T16582] WARNING: CPU: 0 PID: 16582 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2532.428969][T16582] Modules linked in:
[ 2532.432850][T16582] CPU: 0 PID: 16582 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2532.442674][T16582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2532.452830][T16582] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2532.458369][T16582] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2532.477975][T16582] RSP: 0000:ffffc900084535d8 EFLAGS: 00010246
[ 2532.484031][T16582] RAX: ffffffff83b414a7 RBX: ffff8881495fc8a0 RCX: 0000000000040000
[ 2532.491992][T16582] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2532.500093][T16582] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2532.508047][T16582] R10: 0001ffffffffffff R11: 00018881495fc8a0 R12: ffff8881495fc850
[ 2532.516021][T16582] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff8881495fc800
[ 2532.524005][T16582] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2532.532927][T16582] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2532.539506][T16582] CR2: 0000000000443e6d CR3: 000000011e7ed000 CR4: 00000000003506f0
[ 2532.547573][T16582] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2532.555535][T16582] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2532.563508][T16582] Call Trace:
[ 2532.566765][T16582]  <TASK>
[ 2532.569783][T16582]  tcf_block_put_ext+0xe5/0x180
[ 2532.574732][T16582]  tcf_block_put+0x4c/0x70
[ 2532.579224][T16582]  cake_destroy+0x2d/0x50
[ 2532.583560][T16582]  ? cake_reset+0x5d0/0x5d0
[ 2532.588083][T16582]  qdisc_create+0xa82/0xd10
[ 2532.592591][T16582]  ? __nla_parse+0x3c/0x50
[ 2532.596988][T16582]  tc_modify_qdisc+0x64a/0x10b0
[ 2532.601920][T16582]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2532.607814][T16582]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2532.612801][T16582]  ? ___cache_free+0x46/0x300
[ 2532.617515][T16582]  ? packet_rcv+0xc3/0x9d0
[ 2532.621925][T16582]  ? __kfree_skb+0xfe/0x150
[ 2532.626409][T16582]  ? kmem_cache_free+0x5e/0x100
[ 2532.631314][T16582]  ? __kfree_skb+0xfe/0x150
[ 2532.635854][T16582]  ? consume_skb+0x48/0x160
[ 2532.640422][T16582]  ? nlmon_xmit+0x5f/0x70
[ 2532.644775][T16582]  ? __this_cpu_preempt_check+0x18/0x20
[ 2532.650390][T16582]  ? __local_bh_enable_ip+0x4d/0x70
[ 2532.655592][T16582]  ? local_bh_enable+0x1b/0x20
[ 2532.660372][T16582]  ? __dev_queue_xmit+0x597/0xf70
[ 2532.665415][T16582]  ? __skb_clone+0x2db/0x300
[ 2532.669999][T16582]  ? __rcu_read_unlock+0x5c/0x290
[ 2532.675042][T16582]  netlink_rcv_skb+0x14e/0x250
[ 2532.679827][T16582]  ? rtnetlink_bind+0x60/0x60
[ 2532.684586][T16582]  rtnetlink_rcv+0x18/0x20
[ 2532.688983][T16582]  netlink_unicast+0x5fc/0x6c0
[ 2532.693834][T16582]  netlink_sendmsg+0x6e1/0x7d0
[ 2532.698669][T16582]  ? netlink_getsockopt+0x720/0x720
[ 2532.703874][T16582]  ____sys_sendmsg+0x39a/0x510
[ 2532.708715][T16582]  __sys_sendmsg+0x195/0x230
[ 2532.713380][T16582]  ? __xfrm_init_state+0x350/0x820
[ 2532.718488][T16582]  __x64_sys_sendmsg+0x42/0x50
[ 2532.723251][T16582]  do_syscall_64+0x44/0xd0
[ 2532.727716][T16582]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2532.733603][T16582] RIP: 0033:0x7f0da0d09ae9
[ 2532.738000][T16582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2532.757689][T16582] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2532.766104][T16582] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2532.774067][T16582] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2532.782127][T16582] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2532.790154][T16582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2532.798102][T16582] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2532.806075][T16582]  </TASK>
[ 2532.809195][T16582] ---[ end trace e45544a13c7e47e1 ]---
[ 2532.815290][T16586] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2532.829392][T16584] ------------[ cut here ]------------
[ 2532.834848][T16584] WARNING: CPU: 1 PID: 16584 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2532.845527][T16584] Modules linked in:
[ 2532.849450][T16584] CPU: 1 PID: 16584 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2532.859260][T16584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2532.869490][T16584] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2532.876378][T16584] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2532.896037][T16584] RSP: 0018:ffffc900090ab5f0 EFLAGS: 00010246
[ 2532.902189][T16584] RAX: ffff88811d9d6000 RBX: ffff88811f79a0b0 RCX: 0000000000000000
[ 2532.910153][T16584] RDX: ffffc900018b6000 RSI: 0000000000001ec9 RDI: ffff88811f79a000
[ 2532.918118][T16584] RBP: ffffc900090ab738 R08: 000188811f79a0b7 R09: 0000000000000000
[ 2532.926118][T16584] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811f79a0b0
[ 2532.934203][T16584] R13: ffffffff85ec3720 R14: ffff88811f79a000 R15: ffffc900090ab668
[ 2532.942201][T16584] FS:  00007f0d9ea3e700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2532.951193][T16584] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2532.957770][T16584] CR2: 0000000000d704b0 CR3: 000000011e7ed000 CR4: 00000000003506e0
[ 2532.965745][T16584] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2532.973709][T16584] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2532.981674][T16584] Call Trace:
[ 2532.984932][T16584]  <TASK>
[ 2532.987840][T16584]  tcf_block_put_ext+0x2d/0x180
[ 2532.992702][T16584]  tcf_block_put+0x4c/0x70
[ 2532.997173][T16584]  cake_destroy+0x2d/0x50
[ 2533.001557][T16584]  ? cake_reset+0x5d0/0x5d0
[ 2533.006043][T16584]  qdisc_create+0xa82/0xd10
[ 2533.010544][T16584]  ? __nla_parse+0x3c/0x50
[ 2533.015040][T16584]  tc_modify_qdisc+0x64a/0x10b0
[ 2533.019976][T16584]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2533.025870][T16584]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2533.030799][T16584]  ? ___cache_free+0x46/0x300
[ 2533.035452][T16584]  ? packet_rcv+0xc3/0x9d0
[ 2533.039880][T16584]  ? __kfree_skb+0xfe/0x150
[ 2533.044399][T16584]  ? kmem_cache_free+0x5e/0x100
[ 2533.049249][T16584]  ? __kfree_skb+0xfe/0x150
[ 2533.053746][T16584]  ? consume_skb+0x48/0x160
[ 2533.058252][T16584]  ? nlmon_xmit+0x5f/0x70
[ 2533.062595][T16584]  ? __this_cpu_preempt_check+0x18/0x20
[ 2533.068175][T16584]  ? __local_bh_enable_ip+0x4d/0x70
[ 2533.073375][T16584]  ? local_bh_enable+0x1b/0x20
[ 2533.078124][T16584]  ? __dev_queue_xmit+0x597/0xf70
[ 2533.083148][T16584]  ? __skb_clone+0x2db/0x300
[ 2533.087784][T16584]  ? __rcu_read_unlock+0x5c/0x290
[ 2533.092801][T16584]  netlink_rcv_skb+0x14e/0x250
[ 2533.097550][T16584]  ? rtnetlink_bind+0x60/0x60
[ 2533.102219][T16584]  rtnetlink_rcv+0x18/0x20
[ 2533.106613][T16584]  netlink_unicast+0x5fc/0x6c0
[ 2533.111448][T16584]  netlink_sendmsg+0x6e1/0x7d0
[ 2533.116249][T16584]  ? netlink_getsockopt+0x720/0x720
[ 2533.121463][T16584]  ____sys_sendmsg+0x39a/0x510
[ 2533.126208][T16584]  __sys_sendmsg+0x195/0x230
[ 2533.130853][T16584]  ? __xfrm_init_state+0x350/0x820
[ 2533.136016][T16584]  __x64_sys_sendmsg+0x42/0x50
[ 2533.140832][T16584]  do_syscall_64+0x44/0xd0
[ 2533.145230][T16584]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2533.151158][T16584] RIP: 0033:0x7f0da0d09ae9
[ 2533.155560][T16584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2533.175172][T16584] RSP: 002b:00007f0d9ea3e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2533.183862][T16584] RAX: ffffffffffffffda RBX: 00007f0da0e1d0e0 RCX: 00007f0da0d09ae9
[ 2533.191831][T16584] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2533.199797][T16584] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2533.207766][T16584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2533.215816][T16584] R13: 00007ffc810aceef R14: 00007f0d9ea3e300 R15: 0000000000022000
[ 2533.223957][T16584]  </TASK>
[ 2533.227030][T16584] ---[ end trace e45544a13c7e47e2 ]---
[ 2533.232906][T16584] ------------[ cut here ]------------
[ 2533.238425][T16584] WARNING: CPU: 1 PID: 16584 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2533.248025][T16584] Modules linked in:
[ 2533.251921][T16584] CPU: 1 PID: 16584 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2533.261719][T16584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2533.271803][T16584] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2533.277427][T16584] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2533.297117][T16584] RSP: 0018:ffffc900090ab628 EFLAGS: 00010287
[ 2533.303189][T16584] RAX: ffffffff83b40f4c RBX: ffff88811f79a088 RCX: 0000000000040000
[ 2533.311286][T16584] RDX: ffffc900018b6000 RSI: 000000000003dc32 RDI: 000000000003dc33
[ 2533.319262][T16584] RBP: ffffc900090ab668 R08: 000188811f79a08f R09: 0000000000000000
[ 2533.327336][T16584] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108910000
[ 2533.335303][T16584] R13: 0000000000000000 R14: ffffc900090ab7f0 R15: ffff88811f79a000
[ 2533.343290][T16584] FS:  00007f0d9ea3e700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2533.352212][T16584] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2533.358787][T16584] CR2: 0000000000d704b0 CR3: 000000011e7ed000 CR4: 00000000003506e0
[ 2533.366885][T16584] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2533.374896][T16584] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2533.382861][T16584] Call Trace:
[ 2533.386254][T16584]  <TASK>
[ 2533.389206][T16584]  tcf_block_put+0x4c/0x70
[ 2533.393689][T16584]  cake_destroy+0x2d/0x50
[ 2533.398016][T16584]  ? cake_reset+0x5d0/0x5d0
[ 2533.402535][T16584]  qdisc_create+0xa82/0xd10
[ 2533.407120][T16584]  ? __nla_parse+0x3c/0x50
[ 2533.411567][T16584]  tc_modify_qdisc+0x64a/0x10b0
[ 2533.416412][T16584]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2533.422331][T16584]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2533.427254][T16584]  ? ___cache_free+0x46/0x300
[ 2533.432594][T16584]  ? packet_rcv+0xc3/0x9d0
[ 2533.437105][T16584]  ? __kfree_skb+0xfe/0x150
[ 2533.441617][T16584]  ? kmem_cache_free+0x5e/0x100
[ 2533.446498][T16584]  ? __kfree_skb+0xfe/0x150
[ 2533.450999][T16584]  ? consume_skb+0x48/0x160
[ 2533.455517][T16584]  ? nlmon_xmit+0x5f/0x70
[ 2533.459857][T16584]  ? __this_cpu_preempt_check+0x18/0x20
[ 2533.465412][T16584]  ? __local_bh_enable_ip+0x4d/0x70
[ 2533.470685][T16584]  ? local_bh_enable+0x1b/0x20
[ 2533.475430][T16584]  ? __dev_queue_xmit+0x597/0xf70
[ 2533.480553][T16584]  ? __skb_clone+0x2db/0x300
[ 2533.485438][T16584]  ? __rcu_read_unlock+0x5c/0x290
[ 2533.490595][T16584]  netlink_rcv_skb+0x14e/0x250
[ 2533.495382][T16584]  ? rtnetlink_bind+0x60/0x60
[ 2533.500111][T16584]  rtnetlink_rcv+0x18/0x20
[ 2533.504505][T16584]  netlink_unicast+0x5fc/0x6c0
[ 2533.509279][T16584]  netlink_sendmsg+0x6e1/0x7d0
[ 2533.514037][T16584]  ? netlink_getsockopt+0x720/0x720
[ 2533.519241][T16584]  ____sys_sendmsg+0x39a/0x510
[ 2533.524010][T16584]  __sys_sendmsg+0x195/0x230
[ 2533.528694][T16584]  ? __xfrm_init_state+0x350/0x820
[ 2533.533811][T16584]  __x64_sys_sendmsg+0x42/0x50
[ 2533.538593][T16584]  do_syscall_64+0x44/0xd0
[ 2533.543032][T16584]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2533.548959][T16584] RIP: 0033:0x7f0da0d09ae9
[ 2533.553369][T16584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2533.573136][T16584] RSP: 002b:00007f0d9ea3e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2533.581541][T16584] RAX: ffffffffffffffda RBX: 00007f0da0e1d0e0 RCX: 00007f0da0d09ae9
[ 2533.589506][T16584] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2533.597551][T16584] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2533.605524][T16584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2533.613485][T16584] R13: 00007ffc810aceef R14: 00007f0d9ea3e300 R15: 0000000000022000
[ 2533.621658][T16584]  </TASK>
[ 2533.624659][T16584] ---[ end trace e45544a13c7e47e3 ]---
[ 2533.631451][T16584] ------------[ cut here ]------------
[ 2533.636885][T16584] WARNING: CPU: 1 PID: 16584 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2533.646266][T16584] Modules linked in:
[ 2533.652190][T16584] CPU: 1 PID: 16584 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2533.662129][T16584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2533.672188][T16584] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2533.677818][T16584] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2533.697425][T16584] RSP: 0018:ffffc900090ab5d8 EFLAGS: 00010246
[ 2533.703541][T16584] RAX: ffffffff83b414a7 RBX: ffff88811f79a0a0 RCX: 0000000000040000
[ 2533.711511][T16584] RDX: ffffc900018b6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2533.719482][T16584] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2533.727452][T16584] R10: 0001ffffffffffff R11: 000188811f79a0a0 R12: ffff88811f79a050
[ 2533.735420][T16584] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811f79a000
[ 2533.743425][T16584] FS:  00007f0d9ea3e700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2533.752346][T16584] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2533.759088][T16584] CR2: 0000000000d704b0 CR3: 000000011e7ed000 CR4: 00000000003506e0
[ 2533.767104][T16584] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2533.775292][T16584] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2533.783296][T16584] Call Trace:
[ 2533.786639][T16584]  <TASK>
[ 2533.789570][T16584]  tcf_block_put_ext+0xe5/0x180
[ 2533.794430][T16584]  tcf_block_put+0x4c/0x70
[ 2533.798903][T16584]  cake_destroy+0x2d/0x50
[ 2533.803289][T16584]  ? cake_reset+0x5d0/0x5d0
[ 2533.807787][T16584]  qdisc_create+0xa82/0xd10
[ 2533.812340][T16584]  ? __nla_parse+0x3c/0x50
[ 2533.816768][T16584]  tc_modify_qdisc+0x64a/0x10b0
[ 2533.821618][T16584]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2533.827507][T16584]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2533.832789][T16584]  ? ___cache_free+0x46/0x300
[ 2533.837449][T16584]  ? packet_rcv+0xc3/0x9d0
[ 2533.841883][T16584]  ? __kfree_skb+0xfe/0x150
[ 2533.846369][T16584]  ? kmem_cache_free+0x5e/0x100
[ 2533.851235][T16584]  ? __kfree_skb+0xfe/0x150
[ 2533.855777][T16584]  ? consume_skb+0x48/0x160
[ 2533.860291][T16584]  ? nlmon_xmit+0x5f/0x70
[ 2533.864618][T16584]  ? __this_cpu_preempt_check+0x18/0x20
[ 2533.870206][T16584]  ? __local_bh_enable_ip+0x4d/0x70
[ 2533.875560][T16584]  ? local_bh_enable+0x1b/0x20
[ 2533.880399][T16584]  ? __dev_queue_xmit+0x597/0xf70
[ 2533.885493][T16584]  ? __skb_clone+0x2db/0x300
[ 2533.890125][T16584]  ? __rcu_read_unlock+0x5c/0x290
[ 2533.895227][T16584]  netlink_rcv_skb+0x14e/0x250
[ 2533.899999][T16584]  ? rtnetlink_bind+0x60/0x60
[ 2533.904758][T16584]  rtnetlink_rcv+0x18/0x20
[ 2533.909176][T16584]  netlink_unicast+0x5fc/0x6c0
[ 2533.913943][T16584]  netlink_sendmsg+0x6e1/0x7d0
[ 2533.918691][T16584]  ? netlink_getsockopt+0x720/0x720
[ 2533.923885][T16584]  ____sys_sendmsg+0x39a/0x510
[ 2533.928659][T16584]  __sys_sendmsg+0x195/0x230
[ 2533.933340][T16584]  ? __xfrm_init_state+0x350/0x820
[ 2533.938459][T16584]  __x64_sys_sendmsg+0x42/0x50
[ 2533.943349][T16584]  do_syscall_64+0x44/0xd0
[ 2533.947762][T16584]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2533.953662][T16584] RIP: 0033:0x7f0da0d09ae9
[ 2533.958053][T16584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2533.977827][T16584] RSP: 002b:00007f0d9ea3e188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2533.986292][T16584] RAX: ffffffffffffffda RBX: 00007f0da0e1d0e0 RCX: 00007f0da0d09ae9
[ 2533.994367][T16584] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2534.002548][T16584] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2534.010530][T16584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2534.018636][T16584] R13: 00007ffc810aceef R14: 00007f0d9ea3e300 R15: 0000000000022000
[ 2534.026605][T16584]  </TASK>
[ 2534.029691][T16584] ---[ end trace e45544a13c7e47e4 ]---
[ 2540.999208][T16689] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
19:02:11 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7]}]}}]}, 0x434}}, 0x0)

19:02:11 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x400c00)
write$P9_RREADDIR(r0, &(0x7f0000000000)={0x49, 0x29, 0x1, {0x40, [{{0x8, 0x1}, 0x2, 0x0, 0x7, './file0'}, {{0x51, 0x1, 0x6}, 0x2, 0x9, 0x7, './file0'}]}}, 0x49)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x4107}, {0x4c, 0x18, {0x0, @media='udp\x00'}}}}, 0x68}}, 0x0)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r3, 0x300, 0x70bd2b, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0xffffffff}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x2040000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:02:47 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x300}}, {0x4}}]}]}, 0x68}}, 0x0)

19:02:51 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)

[ 2582.280223][T16794] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2586.220181][T16794] warn_alloc: 1 callbacks suppressed
[ 2586.220195][T16794] syz-executor.1: vmalloc error: size 217088, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 2586.242008][T16794] CPU: 0 PID: 16794 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2586.251974][T16794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2586.262180][T16794] Call Trace:
[ 2586.265443][T16794]  <TASK>
[ 2586.268361][T16794]  dump_stack_lvl+0xd6/0x122
[ 2586.272994][T16794]  dump_stack+0x11/0x1b
[ 2586.277592][T16794]  warn_alloc+0x132/0x190
[ 2586.281957][T16794]  __vmalloc_node_range+0x58b/0x690
[ 2586.287169][T16794]  ? cake_init+0x20d/0x640
[ 2586.291639][T16794]  __vmalloc_node+0x61/0x70
[ 2586.296160][T16794]  ? cake_init+0x20d/0x640
[ 2586.300714][T16794]  kvmalloc_node+0xd2/0x110
[ 2586.305205][T16794]  cake_init+0x20d/0x640
[ 2586.309436][T16794]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2586.315139][T16794]  ? qdisc_alloc+0x334/0x3c0
[ 2586.319911][T16794]  ? qdisc_lookup+0x20c/0x2e0
[ 2586.324589][T16794]  ? qdisc_peek_dequeued+0x140/0x140
[ 2586.329859][T16794]  qdisc_create+0x5f4/0xd10
[ 2586.334428][T16794]  ? __nla_parse+0x3c/0x50
[ 2586.338928][T16794]  tc_modify_qdisc+0x64a/0x10b0
[ 2586.343825][T16794]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2586.349726][T16794]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2586.354684][T16794]  ? ___cache_free+0x46/0x300
[ 2586.359461][T16794]  ? packet_rcv+0xc3/0x9d0
[ 2586.363873][T16794]  ? __kfree_skb+0xfe/0x150
[ 2586.368412][T16794]  ? kmem_cache_free+0x5e/0x100
[ 2586.373311][T16794]  ? __kfree_skb+0xfe/0x150
[ 2586.377814][T16794]  ? consume_skb+0x48/0x160
[ 2586.382378][T16794]  ? nlmon_xmit+0x5f/0x70
[ 2586.386797][T16794]  ? __this_cpu_preempt_check+0x18/0x20
[ 2586.392414][T16794]  ? __local_bh_enable_ip+0x4d/0x70
[ 2586.397638][T16794]  ? local_bh_enable+0x1b/0x20
[ 2586.402597][T16794]  ? __dev_queue_xmit+0x597/0xf70
[ 2586.407632][T16794]  ? __skb_clone+0x2db/0x300
[ 2586.412303][T16794]  ? __rcu_read_unlock+0x5c/0x290
[ 2586.417397][T16794]  netlink_rcv_skb+0x14e/0x250
[ 2586.422239][T16794]  ? rtnetlink_bind+0x60/0x60
[ 2586.426923][T16794]  rtnetlink_rcv+0x18/0x20
[ 2586.431343][T16794]  netlink_unicast+0x5fc/0x6c0
[ 2586.436181][T16794]  netlink_sendmsg+0x6e1/0x7d0
[ 2586.440994][T16794]  ? netlink_getsockopt+0x720/0x720
[ 2586.446258][T16794]  ____sys_sendmsg+0x39a/0x510
[ 2586.451131][T16794]  __sys_sendmsg+0x195/0x230
[ 2586.455746][T16794]  ? __xfrm_init_state+0x350/0x820
[ 2586.460888][T16794]  __x64_sys_sendmsg+0x42/0x50
[ 2586.465658][T16794]  do_syscall_64+0x44/0xd0
[ 2586.470110][T16794]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2586.476030][T16794] RIP: 0033:0x7f7b56f48ae9
[ 2586.480435][T16794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2586.500045][T16794] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2586.508491][T16794] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2586.516556][T16794] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2586.524625][T16794] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2586.532675][T16794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2586.540652][T16794] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2586.548635][T16794]  </TASK>
[ 2586.551788][T16794] Mem-Info:
[ 2586.554886][T16794] active_anon:10685 inactive_anon:100290 isolated_anon:0
[ 2586.554886][T16794]  active_file:246 inactive_file:239 isolated_file:0
[ 2586.554886][T16794]  unevictable:0 dirty:0 writeback:0
[ 2586.554886][T16794]  slab_reclaimable:7688 slab_unreclaimable:1742296
[ 2586.554886][T16794]  mapped:52528 shmem:376 pagetables:5275 bounce:0
[ 2586.554886][T16794]  kernel_misc_reclaimable:0
[ 2586.554886][T16794]  free:12321 free_pcp:328 free_cma:0
[ 2586.596367][T16794] Node 0 active_anon:42740kB inactive_anon:401160kB active_file:1208kB inactive_file:960kB unevictable:0kB isolated(anon):0kB isolated(file):120kB mapped:210344kB dirty:0kB writeback:0kB shmem:1504kB writeback_tmp:0kB kernel_stack:5264kB pagetables:21100kB all_unreclaimable? no
[ 2586.622864][T16794] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2586.649855][T16794] lowmem_reserve[]: 0 2896 7874 7874
[ 2586.655231][T16794] Node 0 DMA32 free:22192kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2586.683655][T16794] lowmem_reserve[]: 0 0 4978 4978
[ 2586.688756][T16794] Node 0 Normal free:11636kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42740kB inactive_anon:400244kB active_file:1444kB inactive_file:1344kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:920kB local_pcp:544kB free_cma:0kB
[ 2586.719101][T16794] lowmem_reserve[]: 0 0 0 0
[ 2586.723634][T16794] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2586.736328][T16794] Node 0 DMA32: 254*4kB (UME) 137*8kB (UME) 55*16kB (UME) 46*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 22192kB
[ 2586.753903][T16794] Node 0 Normal: 1419*4kB (UME) 538*8kB (UME) 70*16kB (UM) 1*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11132kB
[ 2586.768203][T16794] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2586.777511][T16794] 1357 total pagecache pages
[ 2586.782116][T16794] 0 pages in swap cache
[ 2586.786260][T16794] Swap cache stats: add 0, delete 0, find 0/0
[ 2586.792442][T16794] Free swap  = 0kB
[ 2586.796161][T16794] Total swap = 0kB
[ 2586.799888][T16794] 2097051 pages RAM
[ 2586.803687][T16794] 0 pages HighMem/MovableOnly
[ 2586.808351][T16794] 75955 pages reserved
[ 2586.814885][T16794] ------------[ cut here ]------------
[ 2586.820370][T16794] WARNING: CPU: 0 PID: 16794 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2586.831184][T16794] Modules linked in:
[ 2586.835073][T16794] CPU: 0 PID: 16794 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2586.844930][T16794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2586.855006][T16794] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2586.861858][T16794] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2586.881701][T16794] RSP: 0018:ffffc90008cc75f0 EFLAGS: 00010246
[ 2586.887823][T16794] RAX: ffff8881253ea000 RBX: ffff88811d8ec0b0 RCX: 0000000000000000
[ 2586.895966][T16794] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: ffff88811d8ec000
[ 2586.904001][T16794] RBP: ffffc90008cc7738 R08: 000188811d8ec0b7 R09: 0000000000000000
[ 2586.912239][T16794] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811d8ec0b0
[ 2586.920225][T16794] R13: ffffffff85ec3720 R14: ffff88811d8ec000 R15: ffffc90008cc7668
[ 2586.928217][T16794] FS:  00007f7b54cbf700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2586.937153][T16794] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2586.943751][T16794] CR2: 00007f2ab0842018 CR3: 0000000147453000 CR4: 00000000003506f0
[ 2586.951790][T16794] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2586.959777][T16794] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2586.967797][T16794] Call Trace:
[ 2586.971104][T16794]  <TASK>
[ 2586.974031][T16794]  tcf_block_put_ext+0x2d/0x180
[ 2586.978947][T16794]  tcf_block_put+0x4c/0x70
[ 2586.983533][T16794]  cake_destroy+0x2d/0x50
[ 2586.987864][T16794]  ? cake_reset+0x5d0/0x5d0
[ 2586.992383][T16794]  qdisc_create+0xa82/0xd10
[ 2586.996897][T16794]  ? __nla_parse+0x3c/0x50
[ 2587.001386][T16794]  tc_modify_qdisc+0x64a/0x10b0
[ 2587.006289][T16794]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2587.012378][T16794]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2587.017351][T16794]  ? ___cache_free+0x46/0x300
[ 2587.022103][T16794]  ? packet_rcv+0xc3/0x9d0
[ 2587.026545][T16794]  ? __kfree_skb+0xfe/0x150
[ 2587.031087][T16794]  ? kmem_cache_free+0x5e/0x100
[ 2587.035940][T16794]  ? __kfree_skb+0xfe/0x150
[ 2587.040590][T16794]  ? consume_skb+0x48/0x160
[ 2587.045114][T16794]  ? nlmon_xmit+0x5f/0x70
[ 2587.049483][T16794]  ? __this_cpu_preempt_check+0x18/0x20
[ 2587.055104][T16794]  ? __local_bh_enable_ip+0x4d/0x70
[ 2587.060426][T16794]  ? local_bh_enable+0x1b/0x20
[ 2587.065196][T16794]  ? __dev_queue_xmit+0x597/0xf70
[ 2587.070284][T16794]  ? __skb_clone+0x2db/0x300
[ 2587.074884][T16794]  ? __rcu_read_unlock+0x5c/0x290
[ 2587.079959][T16794]  netlink_rcv_skb+0x14e/0x250
[ 2587.084793][T16794]  ? rtnetlink_bind+0x60/0x60
[ 2587.089560][T16794]  rtnetlink_rcv+0x18/0x20
[ 2587.094049][T16794]  netlink_unicast+0x5fc/0x6c0
[ 2587.098878][T16794]  netlink_sendmsg+0x6e1/0x7d0
[ 2587.103748][T16794]  ? netlink_getsockopt+0x720/0x720
[ 2587.109583][T16794]  ____sys_sendmsg+0x39a/0x510
[ 2587.114386][T16794]  __sys_sendmsg+0x195/0x230
[ 2587.118982][T16794]  ? __xfrm_init_state+0x350/0x820
[ 2587.124160][T16794]  __x64_sys_sendmsg+0x42/0x50
[ 2587.128929][T16794]  do_syscall_64+0x44/0xd0
[ 2587.133433][T16794]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2587.139348][T16794] RIP: 0033:0x7f7b56f48ae9
[ 2587.143762][T16794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2587.163480][T16794] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2587.171905][T16794] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2587.179895][T16794] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2587.188036][T16794] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2587.196024][T16794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2587.204151][T16794] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2587.212145][T16794]  </TASK>
[ 2587.215159][T16794] ---[ end trace e45544a13c7e47e5 ]---
[ 2587.221238][T16794] ------------[ cut here ]------------
[ 2587.226686][T16794] WARNING: CPU: 0 PID: 16794 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2587.236378][T16794] Modules linked in:
[ 2587.240304][T16794] CPU: 0 PID: 16794 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2587.250126][T16794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2587.260268][T16794] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2587.265910][T16794] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2587.285543][T16794] RSP: 0018:ffffc90008cc7628 EFLAGS: 00010246
[ 2587.291813][T16794] RAX: ffffffff83b40f4c RBX: ffff88811d8ec088 RCX: 0000000000040000
[ 2587.299821][T16794] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2587.307796][T16794] RBP: ffffc90008cc7668 R08: 000188811d8ec08f R09: 0000000000000000
[ 2587.315790][T16794] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b50000
[ 2587.323777][T16794] R13: 0000000000000000 R14: ffffc90008cc77f0 R15: ffff88811d8ec000
[ 2587.331776][T16794] FS:  00007f7b54cbf700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2587.340726][T16794] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2587.347543][T16794] CR2: 00007f2ab0842018 CR3: 0000000147453000 CR4: 00000000003506f0
[ 2587.355543][T16794] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2587.363574][T16794] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2587.371651][T16794] Call Trace:
[ 2587.374928][T16794]  <TASK>
[ 2587.377854][T16794]  tcf_block_put+0x4c/0x70
[ 2587.382299][T16794]  cake_destroy+0x2d/0x50
[ 2587.386681][T16794]  ? cake_reset+0x5d0/0x5d0
[ 2587.391279][T16794]  qdisc_create+0xa82/0xd10
[ 2587.395903][T16794]  ? __nla_parse+0x3c/0x50
[ 2587.400351][T16794]  tc_modify_qdisc+0x64a/0x10b0
[ 2587.405204][T16794]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2587.411205][T16794]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2587.416151][T16794]  ? ___cache_free+0x46/0x300
[ 2587.420848][T16794]  ? packet_rcv+0xc3/0x9d0
[ 2587.425269][T16794]  ? __kfree_skb+0xfe/0x150
[ 2587.429870][T16794]  ? kmem_cache_free+0x5e/0x100
[ 2587.434754][T16794]  ? __kfree_skb+0xfe/0x150
[ 2587.439305][T16794]  ? consume_skb+0x48/0x160
[ 2587.443813][T16794]  ? nlmon_xmit+0x5f/0x70
[ 2587.448149][T16794]  ? __this_cpu_preempt_check+0x18/0x20
[ 2587.453731][T16794]  ? __local_bh_enable_ip+0x4d/0x70
[ 2587.458948][T16794]  ? local_bh_enable+0x1b/0x20
[ 2587.463808][T16794]  ? __dev_queue_xmit+0x597/0xf70
[ 2587.468856][T16794]  ? __skb_clone+0x2db/0x300
[ 2587.473466][T16794]  ? __rcu_read_unlock+0x5c/0x290
[ 2587.478522][T16794]  netlink_rcv_skb+0x14e/0x250
[ 2587.483321][T16794]  ? rtnetlink_bind+0x60/0x60
[ 2587.488067][T16794]  rtnetlink_rcv+0x18/0x20
[ 2587.492552][T16794]  netlink_unicast+0x5fc/0x6c0
[ 2587.497321][T16794]  netlink_sendmsg+0x6e1/0x7d0
[ 2587.502117][T16794]  ? netlink_getsockopt+0x720/0x720
[ 2587.507319][T16794]  ____sys_sendmsg+0x39a/0x510
[ 2587.512112][T16794]  __sys_sendmsg+0x195/0x230
[ 2587.516811][T16794]  ? __xfrm_init_state+0x350/0x820
[ 2587.521991][T16794]  __x64_sys_sendmsg+0x42/0x50
[ 2587.526780][T16794]  do_syscall_64+0x44/0xd0
[ 2587.531227][T16794]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2587.537129][T16794] RIP: 0033:0x7f7b56f48ae9
[ 2587.541562][T16794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2587.561192][T16794] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2587.569739][T16794] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2587.577714][T16794] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2587.585714][T16794] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2587.593704][T16794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2587.601699][T16794] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2587.609691][T16794]  </TASK>
[ 2587.612707][T16794] ---[ end trace e45544a13c7e47e6 ]---
[ 2587.619644][T16794] ------------[ cut here ]------------
[ 2587.625096][T16794] WARNING: CPU: 0 PID: 16794 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2587.634504][T16794] Modules linked in:
[ 2587.638388][T16794] CPU: 0 PID: 16794 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2587.648255][T16794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2587.658410][T16794] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2587.664020][T16794] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2587.683660][T16794] RSP: 0018:ffffc90008cc75d8 EFLAGS: 00010246
[ 2587.689775][T16794] RAX: ffffffff83b414a7 RBX: ffff88811d8ec0a0 RCX: 0000000000040000
[ 2587.697785][T16794] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2587.705859][T16794] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2587.713857][T16794] R10: 0001ffffffffffff R11: 000188811d8ec0a0 R12: ffff88811d8ec050
[ 2587.721873][T16794] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811d8ec000
[ 2587.729904][T16794] FS:  00007f7b54cbf700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2587.738841][T16794] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2587.745457][T16794] CR2: 00007f2ab0842018 CR3: 0000000147453000 CR4: 00000000003506f0
[ 2587.753446][T16794] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2587.761432][T16794] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2587.769428][T16794] Call Trace:
[ 2587.772701][T16794]  <TASK>
[ 2587.775680][T16794]  tcf_block_put_ext+0xe5/0x180
[ 2587.780693][T16794]  tcf_block_put+0x4c/0x70
[ 2587.785269][T16794]  cake_destroy+0x2d/0x50
[ 2587.789619][T16794]  ? cake_reset+0x5d0/0x5d0
[ 2587.794196][T16794]  qdisc_create+0xa82/0xd10
[ 2587.798783][T16794]  ? __nla_parse+0x3c/0x50
[ 2587.803226][T16794]  tc_modify_qdisc+0x64a/0x10b0
[ 2587.808090][T16794]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2587.814011][T16794]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2587.818956][T16794]  ? ___cache_free+0x46/0x300
[ 2587.823717][T16794]  ? packet_rcv+0xc3/0x9d0
[ 2587.828132][T16794]  ? __kfree_skb+0xfe/0x150
[ 2587.832653][T16794]  ? kmem_cache_free+0x5e/0x100
[ 2587.837504][T16794]  ? __kfree_skb+0xfe/0x150
[ 2587.842089][T16794]  ? consume_skb+0x48/0x160
[ 2587.846621][T16794]  ? nlmon_xmit+0x5f/0x70
[ 2587.851159][T16794]  ? __this_cpu_preempt_check+0x18/0x20
[ 2587.856713][T16794]  ? __local_bh_enable_ip+0x4d/0x70
[ 2587.861942][T16794]  ? local_bh_enable+0x1b/0x20
[ 2587.866714][T16794]  ? __dev_queue_xmit+0x597/0xf70
[ 2587.871768][T16794]  ? __skb_clone+0x2db/0x300
[ 2587.876365][T16794]  ? __rcu_read_unlock+0x5c/0x290
[ 2587.881499][T16794]  netlink_rcv_skb+0x14e/0x250
[ 2587.886271][T16794]  ? rtnetlink_bind+0x60/0x60
[ 2587.891049][T16794]  rtnetlink_rcv+0x18/0x20
[ 2587.895467][T16794]  netlink_unicast+0x5fc/0x6c0
[ 2587.900267][T16794]  netlink_sendmsg+0x6e1/0x7d0
[ 2587.905097][T16794]  ? netlink_getsockopt+0x720/0x720
[ 2587.910379][T16794]  ____sys_sendmsg+0x39a/0x510
[ 2587.915288][T16794]  __sys_sendmsg+0x195/0x230
[ 2587.919923][T16794]  ? __xfrm_init_state+0x350/0x820
[ 2587.925058][T16794]  __x64_sys_sendmsg+0x42/0x50
[ 2587.929869][T16794]  do_syscall_64+0x44/0xd0
[ 2587.934344][T16794]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2587.940284][T16794] RIP: 0033:0x7f7b56f48ae9
[ 2587.944695][T16794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2587.964329][T16794] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2587.972765][T16794] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2587.980780][T16794] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2587.988842][T16794] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2587.996835][T16794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2588.004822][T16794] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2588.012819][T16794]  </TASK>
[ 2588.015825][T16794] ---[ end trace e45544a13c7e47e7 ]---
[ 2588.023817][T16796] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2590.419632][T16797] ------------[ cut here ]------------
[ 2590.425226][T16797] WARNING: CPU: 1 PID: 16797 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2590.435915][T16797] Modules linked in:
[ 2590.439845][T16797] CPU: 1 PID: 16797 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2590.449656][T16797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2590.459890][T16797] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2590.466553][T16797] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2590.486251][T16797] RSP: 0000:ffffc900092eb5f0 EFLAGS: 00010246
[ 2590.492340][T16797] RAX: ffff88811d843000 RBX: ffff88811e7278b0 RCX: 0000000000000000
[ 2590.500302][T16797] RDX: ffffc90007ce8000 RSI: 0000000000012c8e RDI: ffff88811e727800
[ 2590.508322][T16797] RBP: ffffc900092eb738 R08: 000188811e7278b7 R09: 0000000000000000
[ 2590.516344][T16797] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811e7278b0
[ 2590.524405][T16797] R13: ffffffff85ec3720 R14: ffff88811e727800 R15: ffffc900092eb668
[ 2590.532366][T16797] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2590.541341][T16797] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2590.547908][T16797] CR2: 00007f1b143350a4 CR3: 000000014e305000 CR4: 00000000003506e0
[ 2590.555926][T16797] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2590.563979][T16797] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2590.571947][T16797] Call Trace:
[ 2590.575202][T16797]  <TASK>
[ 2590.578190][T16797]  tcf_block_put_ext+0x2d/0x180
[ 2590.583139][T16797]  tcf_block_put+0x4c/0x70
[ 2590.587667][T16797]  cake_destroy+0x2d/0x50
[ 2590.592025][T16797]  ? cake_reset+0x5d0/0x5d0
[ 2590.596508][T16797]  qdisc_create+0xa82/0xd10
[ 2590.601065][T16797]  ? __nla_parse+0x3c/0x50
[ 2590.605544][T16797]  tc_modify_qdisc+0x64a/0x10b0
[ 2590.610479][T16797]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2590.616411][T16797]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2590.621418][T16797]  ? ___cache_free+0x46/0x300
[ 2590.626074][T16797]  ? packet_rcv+0xc3/0x9d0
[ 2590.630604][T16797]  ? __kfree_skb+0xfe/0x150
[ 2590.635093][T16797]  ? kmem_cache_free+0x5e/0x100
[ 2590.639977][T16797]  ? __kfree_skb+0xfe/0x150
[ 2590.644459][T16797]  ? consume_skb+0x48/0x160
[ 2590.648941][T16797]  ? nlmon_xmit+0x5f/0x70
[ 2590.653353][T16797]  ? __this_cpu_preempt_check+0x18/0x20
[ 2590.658877][T16797]  ? __local_bh_enable_ip+0x4d/0x70
[ 2590.664064][T16797]  ? local_bh_enable+0x1b/0x20
[ 2590.668845][T16797]  ? __dev_queue_xmit+0x597/0xf70
[ 2590.673862][T16797]  ? __skb_clone+0x2db/0x300
[ 2590.678515][T16797]  ? __rcu_read_unlock+0x5c/0x290
[ 2590.683718][T16797]  netlink_rcv_skb+0x14e/0x250
[ 2590.688463][T16797]  ? rtnetlink_bind+0x60/0x60
[ 2590.693193][T16797]  rtnetlink_rcv+0x18/0x20
[ 2590.697667][T16797]  netlink_unicast+0x5fc/0x6c0
[ 2590.702438][T16797]  netlink_sendmsg+0x6e1/0x7d0
[ 2590.707183][T16797]  ? netlink_getsockopt+0x720/0x720
[ 2590.712389][T16797]  ____sys_sendmsg+0x39a/0x510
[ 2590.717196][T16797]  __sys_sendmsg+0x195/0x230
[ 2590.721842][T16797]  __x64_sys_sendmsg+0x42/0x50
[ 2590.726587][T16797]  do_syscall_64+0x44/0xd0
[ 2590.730997][T16797]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2590.736881][T16797] RIP: 0033:0x7f2ab072eae9
[ 2590.741423][T16797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2590.761016][T16797] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2590.769485][T16797] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2590.777461][T16797] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2590.785425][T16797] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2590.793471][T16797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2590.801427][T16797] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2590.809393][T16797]  </TASK>
[ 2590.812399][T16797] ---[ end trace e45544a13c7e47e8 ]---
[ 2590.818310][T16797] ------------[ cut here ]------------
[ 2590.823769][T16797] WARNING: CPU: 1 PID: 16797 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2590.833418][T16797] Modules linked in:
[ 2590.837285][T16797] CPU: 1 PID: 16797 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2590.847086][T16797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2590.857412][T16797] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2590.863075][T16797] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2590.882790][T16797] RSP: 0000:ffffc900092eb628 EFLAGS: 00010246
[ 2590.889032][T16797] RAX: ffffffff83b40f4c RBX: ffff88811e727888 RCX: 0000000000040000
[ 2590.897007][T16797] RDX: ffffc90007ce8000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2590.905060][T16797] RBP: ffffc900092eb668 R08: 000188811e72788f R09: 0000000000000000
[ 2590.913051][T16797] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b58000
[ 2590.921024][T16797] R13: 0000000000000000 R14: ffffc900092eb7f0 R15: ffff88811e727800
[ 2590.928986][T16797] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2590.938029][T16797] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2590.944602][T16797] CR2: 00007f1b143350a4 CR3: 000000014e305000 CR4: 00000000003506e0
[ 2590.952667][T16797] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2590.960883][T16797] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2590.968840][T16797] Call Trace:
[ 2590.972110][T16797]  <TASK>
[ 2590.975022][T16797]  tcf_block_put+0x4c/0x70
[ 2590.979434][T16797]  cake_destroy+0x2d/0x50
[ 2590.983853][T16797]  ? cake_reset+0x5d0/0x5d0
[ 2590.988411][T16797]  qdisc_create+0xa82/0xd10
[ 2590.992954][T16797]  ? __nla_parse+0x3c/0x50
[ 2590.997356][T16797]  tc_modify_qdisc+0x64a/0x10b0
[ 2591.002278][T16797]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2591.008151][T16797]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2591.013137][T16797]  ? ___cache_free+0x46/0x300
[ 2591.017864][T16797]  ? packet_rcv+0xc3/0x9d0
[ 2591.022268][T16797]  ? __kfree_skb+0xfe/0x150
[ 2591.026752][T16797]  ? kmem_cache_free+0x5e/0x100
[ 2591.031675][T16797]  ? __kfree_skb+0xfe/0x150
[ 2591.036242][T16797]  ? consume_skb+0x48/0x160
[ 2591.040732][T16797]  ? nlmon_xmit+0x5f/0x70
[ 2591.045041][T16797]  ? __this_cpu_preempt_check+0x18/0x20
[ 2591.050587][T16797]  ? __local_bh_enable_ip+0x4d/0x70
[ 2591.055913][T16797]  ? local_bh_enable+0x1b/0x20
[ 2591.060810][T16797]  ? __dev_queue_xmit+0x597/0xf70
[ 2591.065825][T16797]  ? __skb_clone+0x2db/0x300
[ 2591.070405][T16797]  ? __rcu_read_unlock+0x5c/0x290
[ 2591.075609][T16797]  netlink_rcv_skb+0x14e/0x250
[ 2591.080368][T16797]  ? rtnetlink_bind+0x60/0x60
[ 2591.085040][T16797]  rtnetlink_rcv+0x18/0x20
[ 2591.089453][T16797]  netlink_unicast+0x5fc/0x6c0
[ 2591.094249][T16797]  netlink_sendmsg+0x6e1/0x7d0
[ 2591.099218][T16797]  ? netlink_getsockopt+0x720/0x720
[ 2591.104412][T16797]  ____sys_sendmsg+0x39a/0x510
[ 2591.109242][T16797]  __sys_sendmsg+0x195/0x230
[ 2591.113868][T16797]  __x64_sys_sendmsg+0x42/0x50
[ 2591.118619][T16797]  do_syscall_64+0x44/0xd0
[ 2591.123031][T16797]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2591.128966][T16797] RIP: 0033:0x7f2ab072eae9
[ 2591.133400][T16797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2591.153068][T16797] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2591.161497][T16797] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2591.169517][T16797] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2591.177486][T16797] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2591.185503][T16797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2591.193464][T16797] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2591.201465][T16797]  </TASK>
[ 2591.204463][T16797] ---[ end trace e45544a13c7e47e9 ]---
[ 2591.211277][T16797] ------------[ cut here ]------------
[ 2591.216720][T16797] WARNING: CPU: 1 PID: 16797 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2591.226092][T16797] Modules linked in:
[ 2591.229983][T16797] CPU: 1 PID: 16797 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2591.239887][T16797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2591.249966][T16797] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2591.255608][T16797] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2591.275305][T16797] RSP: 0000:ffffc900092eb5d8 EFLAGS: 00010246
[ 2591.281424][T16797] RAX: ffffffff83b414a7 RBX: ffff88811e7278a0 RCX: 0000000000040000
[ 2591.289394][T16797] RDX: ffffc90007ce8000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2591.297438][T16797] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2591.305403][T16797] R10: 0001ffffffffffff R11: 000188811e7278a0 R12: ffff88811e727850
[ 2591.313371][T16797] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811e727800
[ 2591.321476][T16797] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2591.330408][T16797] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2591.337160][T16797] CR2: 00007f1b143350a4 CR3: 000000014e305000 CR4: 00000000003506e0
[ 2591.345122][T16797] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2591.353190][T16797] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2591.361210][T16797] Call Trace:
[ 2591.364483][T16797]  <TASK>
[ 2591.367406][T16797]  tcf_block_put_ext+0xe5/0x180
[ 2591.372323][T16797]  tcf_block_put+0x4c/0x70
[ 2591.376724][T16797]  cake_destroy+0x2d/0x50
[ 2591.381142][T16797]  ? cake_reset+0x5d0/0x5d0
[ 2591.385635][T16797]  qdisc_create+0xa82/0xd10
[ 2591.390136][T16797]  ? __nla_parse+0x3c/0x50
[ 2591.394540][T16797]  tc_modify_qdisc+0x64a/0x10b0
[ 2591.399383][T16797]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2591.405258][T16797]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2591.410259][T16797]  ? ___cache_free+0x46/0x300
[ 2591.414920][T16797]  ? packet_rcv+0xc3/0x9d0
[ 2591.419378][T16797]  ? __kfree_skb+0xfe/0x150
[ 2591.423861][T16797]  ? kmem_cache_free+0x5e/0x100
[ 2591.428692][T16797]  ? __kfree_skb+0xfe/0x150
[ 2591.433187][T16797]  ? consume_skb+0x48/0x160
[ 2591.437685][T16797]  ? nlmon_xmit+0x5f/0x70
[ 2591.442047][T16797]  ? __this_cpu_preempt_check+0x18/0x20
[ 2591.447611][T16797]  ? __local_bh_enable_ip+0x4d/0x70
[ 2591.452816][T16797]  ? local_bh_enable+0x1b/0x20
[ 2591.457618][T16797]  ? __dev_queue_xmit+0x597/0xf70
[ 2591.462705][T16797]  ? __skb_clone+0x2db/0x300
[ 2591.467286][T16797]  ? __rcu_read_unlock+0x5c/0x290
[ 2591.472301][T16797]  netlink_rcv_skb+0x14e/0x250
[ 2591.477117][T16797]  ? rtnetlink_bind+0x60/0x60
[ 2591.481859][T16797]  rtnetlink_rcv+0x18/0x20
[ 2591.486354][T16797]  netlink_unicast+0x5fc/0x6c0
[ 2591.491122][T16797]  netlink_sendmsg+0x6e1/0x7d0
[ 2591.496029][T16797]  ? netlink_getsockopt+0x720/0x720
[ 2591.501237][T16797]  ____sys_sendmsg+0x39a/0x510
[ 2591.506129][T16797]  __sys_sendmsg+0x195/0x230
[ 2591.510724][T16797]  __x64_sys_sendmsg+0x42/0x50
[ 2591.515473][T16797]  do_syscall_64+0x44/0xd0
[ 2591.519917][T16797]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2591.525866][T16797] RIP: 0033:0x7f2ab072eae9
[ 2591.530288][T16797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2591.549903][T16797] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2591.558321][T16797] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2591.566303][T16797] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2591.574264][T16797] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2591.582314][T16797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2591.590282][T16797] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2591.598314][T16797]  </TASK>
[ 2591.601332][T16797] ---[ end trace e45544a13c7e47ea ]---
[ 2591.607186][T16899] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2591.620409][T16898] ------------[ cut here ]------------
[ 2591.625893][T16898] WARNING: CPU: 0 PID: 16898 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2591.636603][T16898] Modules linked in:
[ 2591.640509][T16898] CPU: 0 PID: 16898 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2591.650726][T16898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2591.660811][T16898] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2591.668386][T16898] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2591.688113][T16898] RSP: 0000:ffffc900090c35f0 EFLAGS: 00010246
[ 2591.694275][T16898] RAX: ffff88811c649000 RBX: ffff88811e7720b0 RCX: 0000000000000000
[ 2591.702269][T16898] RDX: ffffc90007ee9000 RSI: 0000000000001eea RDI: ffff88811e772000
[ 2591.710256][T16898] RBP: ffffc900090c3738 R08: 000188811e7720b7 R09: 0000000000000000
[ 2591.718310][T16898] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811e7720b0
[ 2591.726309][T16898] R13: ffffffff85ec3720 R14: ffff88811e772000 R15: ffffc900090c3668
[ 2591.734394][T16898] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2591.743330][T16898] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2591.749986][T16898] CR2: 0000000000ca90e0 CR3: 000000014e305000 CR4: 00000000003506f0
[ 2591.757956][T16898] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2591.765984][T16898] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2591.773997][T16898] Call Trace:
[ 2591.777269][T16898]  <TASK>
[ 2591.780201][T16898]  tcf_block_put_ext+0x2d/0x180
[ 2591.785143][T16898]  tcf_block_put+0x4c/0x70
[ 2591.789616][T16898]  cake_destroy+0x2d/0x50
[ 2591.794016][T16898]  ? cake_reset+0x5d0/0x5d0
[ 2591.798534][T16898]  qdisc_create+0xa82/0xd10
[ 2591.803055][T16898]  ? __nla_parse+0x3c/0x50
[ 2591.807481][T16898]  tc_modify_qdisc+0x64a/0x10b0
[ 2591.812510][T16898]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2591.818408][T16898]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2591.823404][T16898]  ? ___cache_free+0x46/0x300
[ 2591.828079][T16898]  ? packet_rcv+0xc3/0x9d0
[ 2591.832525][T16898]  ? __kfree_skb+0xfe/0x150
[ 2591.837035][T16898]  ? kmem_cache_free+0x5e/0x100
[ 2591.842070][T16898]  ? __kfree_skb+0xfe/0x150
[ 2591.846698][T16898]  ? consume_skb+0x48/0x160
[ 2591.851348][T16898]  ? nlmon_xmit+0x5f/0x70
[ 2591.855731][T16898]  ? __this_cpu_preempt_check+0x18/0x20
[ 2591.861400][T16898]  ? __local_bh_enable_ip+0x4d/0x70
[ 2591.866603][T16898]  ? local_bh_enable+0x1b/0x20
[ 2591.871412][T16898]  ? __dev_queue_xmit+0x597/0xf70
[ 2591.876487][T16898]  ? __skb_clone+0x2db/0x300
[ 2591.881174][T16898]  ? __rcu_read_unlock+0x5c/0x290
[ 2591.886348][T16898]  netlink_rcv_skb+0x14e/0x250
[ 2591.891146][T16898]  ? rtnetlink_bind+0x60/0x60
[ 2591.895828][T16898]  rtnetlink_rcv+0x18/0x20
[ 2591.900281][T16898]  netlink_unicast+0x5fc/0x6c0
[ 2591.905155][T16898]  netlink_sendmsg+0x6e1/0x7d0
[ 2591.909946][T16898]  ? netlink_getsockopt+0x720/0x720
[ 2591.915193][T16898]  ____sys_sendmsg+0x39a/0x510
[ 2591.920032][T16898]  __sys_sendmsg+0x195/0x230
[ 2591.924693][T16898]  ? __xfrm_init_state+0x350/0x820
[ 2591.929855][T16898]  __x64_sys_sendmsg+0x42/0x50
[ 2591.934625][T16898]  do_syscall_64+0x44/0xd0
[ 2591.939142][T16898]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2591.945049][T16898] RIP: 0033:0x7f2ab072eae9
[ 2591.949519][T16898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2591.969159][T16898] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2591.977571][T16898] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 2591.985619][T16898] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2591.993744][T16898] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2592.001791][T16898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2592.009855][T16898] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 2592.017810][T16898]  </TASK>
[ 2592.020848][T16898] ---[ end trace e45544a13c7e47eb ]---
[ 2592.026702][T16898] ------------[ cut here ]------------
[ 2592.032166][T16898] WARNING: CPU: 0 PID: 16898 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2592.041737][T16898] Modules linked in:
[ 2592.045607][T16898] CPU: 0 PID: 16898 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2592.055583][T16898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2592.065943][T16898] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2592.071638][T16898] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2592.091416][T16898] RSP: 0000:ffffc900090c3628 EFLAGS: 00010283
[ 2592.097483][T16898] RAX: ffffffff83b40f4c RBX: ffff88811e772088 RCX: 0000000000040000
[ 2592.105472][T16898] RDX: ffffc90007ee9000 RSI: 000000000003a8a3 RDI: 000000000003a8a4
[ 2592.113467][T16898] RBP: ffffc900090c3668 R08: 000188811e77208f R09: 0000000000000000
[ 2592.121518][T16898] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b50000
[ 2592.129511][T16898] R13: 0000000000000000 R14: ffffc900090c37f0 R15: ffff88811e772000
[ 2592.137612][T16898] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2592.146762][T16898] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2592.153352][T16898] CR2: 0000000000ca90e0 CR3: 000000014e305000 CR4: 00000000003506f0
[ 2592.161414][T16898] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2592.169449][T16898] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2592.177418][T16898] Call Trace:
[ 2592.180702][T16898]  <TASK>
[ 2592.183624][T16898]  tcf_block_put+0x4c/0x70
[ 2592.188042][T16898]  cake_destroy+0x2d/0x50
[ 2592.192376][T16898]  ? cake_reset+0x5d0/0x5d0
[ 2592.196962][T16898]  qdisc_create+0xa82/0xd10
[ 2592.201529][T16898]  ? __nla_parse+0x3c/0x50
[ 2592.205943][T16898]  tc_modify_qdisc+0x64a/0x10b0
[ 2592.210856][T16898]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2592.216788][T16898]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2592.221746][T16898]  ? ___cache_free+0x46/0x300
[ 2592.226426][T16898]  ? packet_rcv+0xc3/0x9d0
[ 2592.230859][T16898]  ? __kfree_skb+0xfe/0x150
[ 2592.235368][T16898]  ? kmem_cache_free+0x5e/0x100
[ 2592.240300][T16898]  ? __kfree_skb+0xfe/0x150
[ 2592.244818][T16898]  ? consume_skb+0x48/0x160
[ 2592.249399][T16898]  ? nlmon_xmit+0x5f/0x70
[ 2592.253761][T16898]  ? __this_cpu_preempt_check+0x18/0x20
[ 2592.259446][T16898]  ? __local_bh_enable_ip+0x4d/0x70
[ 2592.264763][T16898]  ? local_bh_enable+0x1b/0x20
[ 2592.269549][T16898]  ? __dev_queue_xmit+0x597/0xf70
[ 2592.274587][T16898]  ? __skb_clone+0x2db/0x300
[ 2592.279184][T16898]  ? __rcu_read_unlock+0x5c/0x290
[ 2592.284245][T16898]  netlink_rcv_skb+0x14e/0x250
[ 2592.288990][T16898]  ? rtnetlink_bind+0x60/0x60
[ 2592.293675][T16898]  rtnetlink_rcv+0x18/0x20
[ 2592.298267][T16898]  netlink_unicast+0x5fc/0x6c0
[ 2592.303040][T16898]  netlink_sendmsg+0x6e1/0x7d0
[ 2592.307821][T16898]  ? netlink_getsockopt+0x720/0x720
[ 2592.313023][T16898]  ____sys_sendmsg+0x39a/0x510
[ 2592.317796][T16898]  __sys_sendmsg+0x195/0x230
[ 2592.322457][T16898]  ? __xfrm_init_state+0x350/0x820
[ 2592.327661][T16898]  __x64_sys_sendmsg+0x42/0x50
[ 2592.332493][T16898]  do_syscall_64+0x44/0xd0
[ 2592.336960][T16898]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2592.342898][T16898] RIP: 0033:0x7f2ab072eae9
[ 2592.347372][T16898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2592.367003][T16898] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2592.375431][T16898] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 2592.383412][T16898] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2592.391489][T16898] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2592.399544][T16898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2592.407510][T16898] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 2592.415552][T16898]  </TASK>
[ 2592.418565][T16898] ---[ end trace e45544a13c7e47ec ]---
[ 2592.425543][T16898] ------------[ cut here ]------------
[ 2592.431006][T16898] WARNING: CPU: 0 PID: 16898 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2592.440393][T16898] Modules linked in:
[ 2592.444322][T16898] CPU: 0 PID: 16898 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2592.454132][T16898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2592.464204][T16898] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2592.469796][T16898] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2592.489438][T16898] RSP: 0000:ffffc900090c35d8 EFLAGS: 00010246
[ 2592.495492][T16898] RAX: ffffffff83b414a7 RBX: ffff88811e7720a0 RCX: 0000000000040000
[ 2592.503472][T16898] RDX: ffffc90007ee9000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2592.511470][T16898] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2592.519463][T16898] R10: 0001ffffffffffff R11: 000188811e7720a0 R12: ffff88811e772050
[ 2592.527502][T16898] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811e772000
[ 2592.535531][T16898] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2592.544465][T16898] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2592.551066][T16898] CR2: 0000000000ca90e0 CR3: 000000014e305000 CR4: 00000000003506f0
[ 2592.559044][T16898] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2592.567058][T16898] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2592.575161][T16898] Call Trace:
[ 2592.578428][T16898]  <TASK>
[ 2592.581366][T16898]  tcf_block_put_ext+0xe5/0x180
[ 2592.586259][T16898]  tcf_block_put+0x4c/0x70
[ 2592.590682][T16898]  cake_destroy+0x2d/0x50
[ 2592.595019][T16898]  ? cake_reset+0x5d0/0x5d0
[ 2592.599583][T16898]  qdisc_create+0xa82/0xd10
[ 2592.604170][T16898]  ? __nla_parse+0x3c/0x50
[ 2592.608577][T16898]  tc_modify_qdisc+0x64a/0x10b0
[ 2592.613576][T16898]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2592.619557][T16898]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2592.624486][T16898]  ? ___cache_free+0x46/0x300
[ 2592.629200][T16898]  ? packet_rcv+0xc3/0x9d0
[ 2592.633611][T16898]  ? __kfree_skb+0xfe/0x150
[ 2592.638118][T16898]  ? kmem_cache_free+0x5e/0x100
[ 2592.642999][T16898]  ? __kfree_skb+0xfe/0x150
[ 2592.647504][T16898]  ? consume_skb+0x48/0x160
[ 2592.652020][T16898]  ? nlmon_xmit+0x5f/0x70
[ 2592.656351][T16898]  ? __this_cpu_preempt_check+0x18/0x20
[ 2592.662042][T16898]  ? __local_bh_enable_ip+0x4d/0x70
[ 2592.667280][T16898]  ? local_bh_enable+0x1b/0x20
[ 2592.672109][T16898]  ? __dev_queue_xmit+0x597/0xf70
[ 2592.677278][T16898]  ? __skb_clone+0x2db/0x300
[ 2592.682137][T16898]  ? __rcu_read_unlock+0x5c/0x290
[ 2592.687195][T16898]  netlink_rcv_skb+0x14e/0x250
[ 2592.692016][T16898]  ? rtnetlink_bind+0x60/0x60
[ 2592.696698][T16898]  rtnetlink_rcv+0x18/0x20
[ 2592.701205][T16898]  netlink_unicast+0x5fc/0x6c0
[ 2592.705966][T16898]  netlink_sendmsg+0x6e1/0x7d0
[ 2592.710763][T16898]  ? netlink_getsockopt+0x720/0x720
[ 2592.715962][T16898]  ____sys_sendmsg+0x39a/0x510
[ 2592.720750][T16898]  __sys_sendmsg+0x195/0x230
[ 2592.725335][T16898]  ? __xfrm_init_state+0x350/0x820
[ 2592.730647][T16898]  __x64_sys_sendmsg+0x42/0x50
[ 2592.735445][T16898]  do_syscall_64+0x44/0xd0
[ 2592.739911][T16898]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2592.745812][T16898] RIP: 0033:0x7f2ab072eae9
[ 2592.750244][T16898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2592.769868][T16898] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2592.778260][T16898] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 2592.786238][T16898] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2592.794218][T16898] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2592.802681][T16898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2592.810691][T16898] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 2592.818678][T16898]  </TASK>
[ 2592.821698][T16898] ---[ end trace e45544a13c7e47ed ]---
[ 2593.803267][T16904] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2595.910456][T16904] ------------[ cut here ]------------
[ 2595.915931][T16904] WARNING: CPU: 0 PID: 16904 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2595.926506][T16904] Modules linked in:
[ 2595.930631][T16904] CPU: 0 PID: 16904 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2595.940504][T16904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2595.950705][T16904] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2595.957634][T16904] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2595.977271][T16904] RSP: 0018:ffffc9000adeb5f0 EFLAGS: 00010246
[ 2595.983489][T16904] RAX: ffff88811e66c000 RBX: ffff88811d8ef0b0 RCX: 0000000000000000
[ 2595.991475][T16904] RDX: ffffc900036c5000 RSI: 00000000000088da RDI: ffff88811d8ef000
[ 2595.999465][T16904] RBP: ffffc9000adeb738 R08: 000188811d8ef0b7 R09: 0000000000000000
[ 2596.007907][T16904] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811d8ef0b0
[ 2596.015929][T16904] R13: ffffffff85ec3720 R14: ffff88811d8ef000 R15: ffffc9000adeb668
[ 2596.023933][T16904] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2596.032892][T16904] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2596.039594][T16904] CR2: 00007fd3687f1718 CR3: 000000011e6e5000 CR4: 00000000003506f0
[ 2596.047610][T16904] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2596.055606][T16904] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2596.063781][T16904] Call Trace:
[ 2596.067082][T16904]  <TASK>
[ 2596.070031][T16904]  tcf_block_put_ext+0x2d/0x180
[ 2596.074896][T16904]  tcf_block_put+0x4c/0x70
[ 2596.079441][T16904]  cake_destroy+0x2d/0x50
[ 2596.083797][T16904]  ? cake_reset+0x5d0/0x5d0
[ 2596.088307][T16904]  qdisc_create+0xa82/0xd10
[ 2596.092861][T16904]  ? __nla_parse+0x3c/0x50
[ 2596.097357][T16904]  tc_modify_qdisc+0x64a/0x10b0
[ 2596.102249][T16904]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2596.108188][T16904]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2596.113162][T16904]  ? ___cache_free+0x46/0x300
[ 2596.117843][T16904]  ? packet_rcv+0x3d6/0x9d0
[ 2596.122407][T16904]  ? __kfree_skb+0xfe/0x150
[ 2596.126933][T16904]  ? kmem_cache_free+0x5e/0x100
[ 2596.131811][T16904]  ? __kfree_skb+0xfe/0x150
[ 2596.136445][T16904]  ? consume_skb+0x48/0x160
[ 2596.140981][T16904]  ? nlmon_xmit+0x5f/0x70
[ 2596.145399][T16904]  ? __this_cpu_preempt_check+0x18/0x20
[ 2596.150979][T16904]  ? __local_bh_enable_ip+0x4d/0x70
[ 2596.156293][T16904]  ? local_bh_enable+0x1b/0x20
[ 2596.161182][T16904]  ? __dev_queue_xmit+0x597/0xf70
[ 2596.166265][T16904]  ? __skb_clone+0x2db/0x300
[ 2596.170981][T16904]  ? __rcu_read_unlock+0x5c/0x290
[ 2596.176062][T16904]  netlink_rcv_skb+0x14e/0x250
[ 2596.180860][T16904]  ? rtnetlink_bind+0x60/0x60
[ 2596.185540][T16904]  rtnetlink_rcv+0x18/0x20
[ 2596.189976][T16904]  netlink_unicast+0x5fc/0x6c0
[ 2596.194791][T16904]  netlink_sendmsg+0x6e1/0x7d0
[ 2596.199579][T16904]  ? netlink_getsockopt+0x720/0x720
[ 2596.204820][T16904]  ____sys_sendmsg+0x39a/0x510
[ 2596.209786][T16904]  __sys_sendmsg+0x195/0x230
[ 2596.214378][T16904]  ? __xfrm_init_state+0x350/0x820
[ 2596.219605][T16904]  __x64_sys_sendmsg+0x42/0x50
[ 2596.224377][T16904]  do_syscall_64+0x44/0xd0
[ 2596.228804][T16904]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2596.234794][T16904] RIP: 0033:0x7fd36aa9bae9
[ 2596.239252][T16904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2596.258883][T16904] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2596.267420][T16904] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2596.275530][T16904] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2596.283533][T16904] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2596.291977][T16904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2596.299967][T16904] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2596.307944][T16904]  </TASK>
[ 2596.310986][T16904] ---[ end trace e45544a13c7e47ee ]---
[ 2596.316975][T16904] ------------[ cut here ]------------
[ 2596.322449][T16904] WARNING: CPU: 0 PID: 16904 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2596.332036][T16904] Modules linked in:
[ 2596.335926][T16904] CPU: 0 PID: 16904 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2596.345848][T16904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2596.355927][T16904] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2596.361612][T16904] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2596.381475][T16904] RSP: 0018:ffffc9000adeb628 EFLAGS: 00010283
[ 2596.387598][T16904] RAX: ffffffff83b40f4c RBX: ffff88811d8ef088 RCX: 0000000000040000
[ 2596.395615][T16904] RDX: ffffc900036c5000 RSI: 000000000003dd88 RDI: 000000000003dd89
[ 2596.403614][T16904] RBP: ffffc9000adeb668 R08: 000188811d8ef08f R09: 0000000000000000
[ 2596.411609][T16904] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b50000
[ 2596.419640][T16904] R13: 0000000000000000 R14: ffffc9000adeb7f0 R15: ffff88811d8ef000
[ 2596.427627][T16904] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2596.436832][T16904] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2596.443440][T16904] CR2: 00007fd3687f1718 CR3: 000000011e6e5000 CR4: 00000000003506f0
[ 2596.451439][T16904] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2596.459455][T16904] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2596.467432][T16904] Call Trace:
[ 2596.470735][T16904]  <TASK>
[ 2596.473668][T16904]  tcf_block_put+0x4c/0x70
[ 2596.478151][T16904]  cake_destroy+0x2d/0x50
[ 2596.482500][T16904]  ? cake_reset+0x5d0/0x5d0
[ 2596.487011][T16904]  qdisc_create+0xa82/0xd10
[ 2596.491544][T16904]  ? __nla_parse+0x3c/0x50
[ 2596.495976][T16904]  tc_modify_qdisc+0x64a/0x10b0
[ 2596.500887][T16904]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2596.506787][T16904]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2596.511811][T16904]  ? ___cache_free+0x46/0x300
[ 2596.516489][T16904]  ? packet_rcv+0x3d6/0x9d0
[ 2596.521046][T16904]  ? __kfree_skb+0xfe/0x150
[ 2596.525553][T16904]  ? kmem_cache_free+0x5e/0x100
[ 2596.530622][T16904]  ? __kfree_skb+0xfe/0x150
[ 2596.535132][T16904]  ? consume_skb+0x48/0x160
[ 2596.539689][T16904]  ? nlmon_xmit+0x5f/0x70
[ 2596.544103][T16904]  ? __this_cpu_preempt_check+0x18/0x20
[ 2596.549691][T16904]  ? __local_bh_enable_ip+0x4d/0x70
[ 2596.554951][T16904]  ? local_bh_enable+0x1b/0x20
[ 2596.559740][T16904]  ? __dev_queue_xmit+0x597/0xf70
[ 2596.564772][T16904]  ? __skb_clone+0x2db/0x300
[ 2596.569390][T16904]  ? __rcu_read_unlock+0x5c/0x290
[ 2596.574432][T16904]  netlink_rcv_skb+0x14e/0x250
[ 2596.579218][T16904]  ? rtnetlink_bind+0x60/0x60
[ 2596.584036][T16904]  rtnetlink_rcv+0x18/0x20
[ 2596.588545][T16904]  netlink_unicast+0x5fc/0x6c0
[ 2596.593423][T16904]  netlink_sendmsg+0x6e1/0x7d0
[ 2596.598250][T16904]  ? netlink_getsockopt+0x720/0x720
[ 2596.603564][T16904]  ____sys_sendmsg+0x39a/0x510
[ 2596.608337][T16904]  __sys_sendmsg+0x195/0x230
[ 2596.613004][T16904]  ? __xfrm_init_state+0x350/0x820
[ 2596.618139][T16904]  __x64_sys_sendmsg+0x42/0x50
[ 2596.622984][T16904]  do_syscall_64+0x44/0xd0
[ 2596.627410][T16904]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2596.633327][T16904] RIP: 0033:0x7fd36aa9bae9
[ 2596.637739][T16904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2596.657429][T16904] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2596.665868][T16904] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2596.673864][T16904] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2596.681858][T16904] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2596.689978][T16904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2596.697969][T16904] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2596.705988][T16904]  </TASK>
[ 2596.709006][T16904] ---[ end trace e45544a13c7e47ef ]---
[ 2596.715951][T16904] ------------[ cut here ]------------
[ 2596.721426][T16904] WARNING: CPU: 0 PID: 16904 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2596.730903][T16904] Modules linked in:
[ 2596.734793][T16904] CPU: 0 PID: 16904 Comm: syz-executor.3 Tainted: G        W         5.15.0-syzkaller #0
[ 2596.744694][T16904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2596.754817][T16904] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2596.760400][T16904] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2596.780048][T16904] RSP: 0018:ffffc9000adeb5d8 EFLAGS: 00010246
[ 2596.786220][T16904] RAX: ffffffff83b414a7 RBX: ffff88811d8ef0a0 RCX: 0000000000040000
[ 2596.794650][T16904] RDX: ffffc900036c5000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2596.802646][T16904] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2596.810638][T16904] R10: 0001ffffffffffff R11: 000188811d8ef0a0 R12: ffff88811d8ef050
[ 2596.818610][T16904] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811d8ef000
[ 2596.826664][T16904] FS:  00007fd368812700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2596.835606][T16904] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2596.842226][T16904] CR2: 00007fd3687f1718 CR3: 000000011e6e5000 CR4: 00000000003506f0
[ 2596.850267][T16904] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2596.858261][T16904] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2596.866360][T16904] Call Trace:
[ 2596.869660][T16904]  <TASK>
[ 2596.872588][T16904]  tcf_block_put_ext+0xe5/0x180
[ 2596.877580][T16904]  tcf_block_put+0x4c/0x70
[ 2596.882029][T16904]  cake_destroy+0x2d/0x50
[ 2596.886364][T16904]  ? cake_reset+0x5d0/0x5d0
[ 2596.890993][T16904]  qdisc_create+0xa82/0xd10
[ 2596.895547][T16904]  ? __nla_parse+0x3c/0x50
[ 2596.899986][T16904]  tc_modify_qdisc+0x64a/0x10b0
[ 2596.904925][T16904]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2596.910994][T16904]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2596.915983][T16904]  ? ___cache_free+0x46/0x300
[ 2596.920688][T16904]  ? packet_rcv+0x3d6/0x9d0
[ 2596.925293][T16904]  ? __kfree_skb+0xfe/0x150
[ 2596.929904][T16904]  ? kmem_cache_free+0x5e/0x100
[ 2596.934804][T16904]  ? __kfree_skb+0xfe/0x150
[ 2596.939335][T16904]  ? consume_skb+0x48/0x160
[ 2596.943887][T16904]  ? nlmon_xmit+0x5f/0x70
[ 2596.948245][T16904]  ? __this_cpu_preempt_check+0x18/0x20
[ 2596.953830][T16904]  ? __local_bh_enable_ip+0x4d/0x70
[ 2596.959035][T16904]  ? local_bh_enable+0x1b/0x20
[ 2596.963883][T16904]  ? __dev_queue_xmit+0x597/0xf70
[ 2596.968991][T16904]  ? __skb_clone+0x2db/0x300
[ 2596.973673][T16904]  ? __rcu_read_unlock+0x5c/0x290
[ 2596.978772][T16904]  netlink_rcv_skb+0x14e/0x250
[ 2596.983569][T16904]  ? rtnetlink_bind+0x60/0x60
[ 2596.988337][T16904]  rtnetlink_rcv+0x18/0x20
[ 2596.992800][T16904]  netlink_unicast+0x5fc/0x6c0
[ 2596.997570][T16904]  netlink_sendmsg+0x6e1/0x7d0
[ 2597.002379][T16904]  ? netlink_getsockopt+0x720/0x720
[ 2597.007578][T16904]  ____sys_sendmsg+0x39a/0x510
[ 2597.012378][T16904]  __sys_sendmsg+0x195/0x230
[ 2597.017102][T16904]  ? __xfrm_init_state+0x350/0x820
[ 2597.022342][T16904]  __x64_sys_sendmsg+0x42/0x50
[ 2597.027185][T16904]  do_syscall_64+0x44/0xd0
[ 2597.031654][T16904]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2597.037557][T16904] RIP: 0033:0x7fd36aa9bae9
[ 2597.041994][T16904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2597.061636][T16904] RSP: 002b:00007fd368812188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2597.070072][T16904] RAX: ffffffffffffffda RBX: 00007fd36abaef60 RCX: 00007fd36aa9bae9
[ 2597.078181][T16904] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2597.086197][T16904] RBP: 00007fd36aaf5f6d R08: 0000000000000000 R09: 0000000000000000
[ 2597.094201][T16904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2597.102381][T16904] R13: 00007ffcf4adf22f R14: 00007fd368812300 R15: 0000000000022000
[ 2597.110448][T16904]  </TASK>
[ 2597.113466][T16904] ---[ end trace e45544a13c7e47f0 ]---
[ 2600.876791][T17007] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
19:03:12 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec9000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 2608.576974][T17007] warn_alloc: 3 callbacks suppressed
[ 2608.576990][T17007] syz-executor.0: vmalloc error: size 106496, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 2608.598837][T17007] CPU: 1 PID: 17007 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2608.608707][T17007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2608.618761][T17007] Call Trace:
[ 2608.622038][T17007]  <TASK>
[ 2608.625020][T17007]  dump_stack_lvl+0xd6/0x122
[ 2608.629660][T17007]  dump_stack+0x11/0x1b
[ 2608.633796][T17007]  warn_alloc+0x132/0x190
[ 2608.638120][T17007]  __vmalloc_node_range+0x58b/0x690
[ 2608.643305][T17007]  ? cake_init+0x20d/0x640
[ 2608.647704][T17007]  __vmalloc_node+0x61/0x70
[ 2608.652187][T17007]  ? cake_init+0x20d/0x640
[ 2608.656616][T17007]  kvmalloc_node+0xd2/0x110
[ 2608.661108][T17007]  cake_init+0x20d/0x640
[ 2608.665333][T17007]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2608.671041][T17007]  ? qdisc_alloc+0x334/0x3c0
[ 2608.675612][T17007]  ? qdisc_lookup+0x20c/0x2e0
[ 2608.680296][T17007]  ? qdisc_peek_dequeued+0x140/0x140
[ 2608.685576][T17007]  qdisc_create+0x5f4/0xd10
[ 2608.690074][T17007]  ? __nla_parse+0x3c/0x50
[ 2608.694471][T17007]  tc_modify_qdisc+0x64a/0x10b0
[ 2608.699387][T17007]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2608.705264][T17007]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2608.710389][T17007]  ? ___cache_free+0x46/0x300
[ 2608.715165][T17007]  ? packet_rcv+0xc3/0x9d0
[ 2608.719567][T17007]  ? __kfree_skb+0xfe/0x150
[ 2608.724054][T17007]  ? kmem_cache_free+0x5e/0x100
[ 2608.728890][T17007]  ? __kfree_skb+0xfe/0x150
[ 2608.733375][T17007]  ? consume_skb+0x48/0x160
[ 2608.737915][T17007]  ? nlmon_xmit+0x5f/0x70
[ 2608.742227][T17007]  ? __this_cpu_preempt_check+0x18/0x20
[ 2608.747801][T17007]  ? sysvec_apic_timer_interrupt+0x4a/0xb0
[ 2608.753705][T17007]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2608.760021][T17007]  ? rtnetlink_net_exit+0x40/0x40
[ 2608.765025][T17007]  netlink_rcv_skb+0x14e/0x250
[ 2608.769784][T17007]  ? rtnetlink_bind+0x60/0x60
[ 2608.774440][T17007]  rtnetlink_rcv+0x18/0x20
[ 2608.778844][T17007]  netlink_unicast+0x5fc/0x6c0
[ 2608.783614][T17007]  netlink_sendmsg+0x6e1/0x7d0
[ 2608.788468][T17007]  ? netlink_getsockopt+0x720/0x720
[ 2608.793715][T17007]  ____sys_sendmsg+0x39a/0x510
[ 2608.798514][T17007]  __sys_sendmsg+0x195/0x230
[ 2608.803084][T17007]  ? __xfrm_init_state+0x350/0x820
[ 2608.808245][T17007]  __x64_sys_sendmsg+0x42/0x50
[ 2608.812990][T17007]  do_syscall_64+0x44/0xd0
[ 2608.817524][T17007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2608.823583][T17007] RIP: 0033:0x7f0da0d09ae9
[ 2608.828103][T17007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2608.847695][T17007] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2608.856086][T17007] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2608.864043][T17007] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2608.872205][T17007] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2608.880159][T17007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2608.888269][T17007] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2608.896267][T17007]  </TASK>
[ 2608.899545][T17007] Mem-Info:
[ 2608.902631][T17007] active_anon:10708 inactive_anon:100280 isolated_anon:0
[ 2608.902631][T17007]  active_file:303 inactive_file:384 isolated_file:0
[ 2608.902631][T17007]  unevictable:0 dirty:5 writeback:0
[ 2608.902631][T17007]  slab_reclaimable:7688 slab_unreclaimable:1742364
[ 2608.902631][T17007]  mapped:52524 shmem:399 pagetables:5276 bounce:0
[ 2608.902631][T17007]  kernel_misc_reclaimable:0
[ 2608.902631][T17007]  free:12335 free_pcp:192 free_cma:0
[ 2608.943715][T17007] Node 0 active_anon:42832kB inactive_anon:401120kB active_file:1212kB inactive_file:1536kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210096kB dirty:20kB writeback:0kB shmem:1596kB writeback_tmp:0kB kernel_stack:5264kB pagetables:21104kB all_unreclaimable? yes
[ 2608.970194][T17007] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2608.997098][T17007] lowmem_reserve[]: 0 2896 7874 7874
[ 2609.002391][T17007] Node 0 DMA32 free:22192kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2609.030955][T17007] lowmem_reserve[]: 0 0 4978 4978
[ 2609.036009][T17007] Node 0 Normal free:11788kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42832kB inactive_anon:400204kB active_file:1108kB inactive_file:1124kB unevictable:0kB writepending:20kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:768kB local_pcp:300kB free_cma:0kB
[ 2609.066621][T17007] lowmem_reserve[]: 0 0 0 0
[ 2609.071126][T17007] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2609.083890][T17007] Node 0 DMA32: 254*4kB (UME) 137*8kB (UME) 55*16kB (UME) 46*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 22192kB
[ 2609.101628][T17007] Node 0 Normal: 1528*4kB (UME) 520*8kB (UME) 71*16kB (UM) 4*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11536kB
[ 2609.115897][T17007] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2609.125169][T17007] 1128 total pagecache pages
[ 2609.129749][T17007] 0 pages in swap cache
[ 2609.133944][T17007] Swap cache stats: add 0, delete 0, find 0/0
[ 2609.140010][T17007] Free swap  = 0kB
[ 2609.143813][T17007] Total swap = 0kB
[ 2609.147506][T17007] 2097051 pages RAM
[ 2609.151299][T17007] 0 pages HighMem/MovableOnly
[ 2609.155945][T17007] 75955 pages reserved
[ 2609.160586][T17007] ------------[ cut here ]------------
[ 2609.166050][T17007] WARNING: CPU: 0 PID: 17007 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2609.176685][T17007] Modules linked in:
[ 2609.180648][T17007] CPU: 0 PID: 17007 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2609.190656][T17007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2609.200752][T17007] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2609.207438][T17007] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2609.227126][T17007] RSP: 0000:ffffc90008cfb5f0 EFLAGS: 00010246
[ 2609.233188][T17007] RAX: ffff88811ea49000 RBX: ffff88811e7720b0 RCX: 0000000000000000
[ 2609.241201][T17007] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: ffff88811e772000
[ 2609.249247][T17007] RBP: ffffc90008cfb738 R08: 000188811e7720b7 R09: 0000000000000000
[ 2609.257216][T17007] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811e7720b0
[ 2609.265183][T17007] R13: ffffffff85ec3720 R14: ffff88811e772000 R15: ffffc90008cfb668
[ 2609.273230][T17007] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2609.282274][T17007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2609.288891][T17007] CR2: 000000000046db5d CR3: 0000000147453000 CR4: 00000000003506f0
[ 2609.296946][T17007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2609.304966][T17007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2609.312942][T17007] Call Trace:
[ 2609.316199][T17007]  <TASK>
[ 2609.319130][T17007]  tcf_block_put_ext+0x2d/0x180
[ 2609.323983][T17007]  tcf_block_put+0x4c/0x70
[ 2609.328461][T17007]  cake_destroy+0x2d/0x50
[ 2609.332809][T17007]  ? cake_reset+0x5d0/0x5d0
[ 2609.337294][T17007]  qdisc_create+0xa82/0xd10
[ 2609.341852][T17007]  ? __nla_parse+0x3c/0x50
[ 2609.346260][T17007]  tc_modify_qdisc+0x64a/0x10b0
[ 2609.351210][T17007]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2609.357087][T17007]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2609.362077][T17007]  ? ___cache_free+0x46/0x300
[ 2609.366743][T17007]  ? packet_rcv+0xc3/0x9d0
[ 2609.371293][T17007]  ? __kfree_skb+0xfe/0x150
[ 2609.375791][T17007]  ? kmem_cache_free+0x5e/0x100
[ 2609.380642][T17007]  ? __kfree_skb+0xfe/0x150
[ 2609.385126][T17007]  ? consume_skb+0x48/0x160
[ 2609.389686][T17007]  ? nlmon_xmit+0x5f/0x70
[ 2609.394026][T17007]  ? __this_cpu_preempt_check+0x18/0x20
[ 2609.399651][T17007]  ? sysvec_apic_timer_interrupt+0x4a/0xb0
[ 2609.405457][T17007]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2609.411677][T17007]  ? rtnetlink_net_exit+0x40/0x40
[ 2609.416714][T17007]  netlink_rcv_skb+0x14e/0x250
[ 2609.421484][T17007]  ? rtnetlink_bind+0x60/0x60
[ 2609.426143][T17007]  rtnetlink_rcv+0x18/0x20
[ 2609.430562][T17007]  netlink_unicast+0x5fc/0x6c0
[ 2609.435332][T17007]  netlink_sendmsg+0x6e1/0x7d0
[ 2609.440138][T17007]  ? netlink_getsockopt+0x720/0x720
[ 2609.445652][T17007]  ____sys_sendmsg+0x39a/0x510
[ 2609.450548][T17007]  __sys_sendmsg+0x195/0x230
[ 2609.455127][T17007]  ? __xfrm_init_state+0x350/0x820
[ 2609.460280][T17007]  __x64_sys_sendmsg+0x42/0x50
[ 2609.465083][T17007]  do_syscall_64+0x44/0xd0
[ 2609.469526][T17007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2609.475420][T17007] RIP: 0033:0x7f0da0d09ae9
[ 2609.479826][T17007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2609.499524][T17007] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2609.507940][T17007] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2609.515953][T17007] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2609.523987][T17007] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2609.531995][T17007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2609.539970][T17007] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2609.547924][T17007]  </TASK>
[ 2609.551019][T17007] ---[ end trace e45544a13c7e47f1 ]---
[ 2609.557087][T17007] ------------[ cut here ]------------
[ 2609.562554][T17007] WARNING: CPU: 0 PID: 17007 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2609.572123][T17007] Modules linked in:
[ 2609.576002][T17007] CPU: 0 PID: 17007 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2609.585880][T17007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2609.595929][T17007] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2609.601613][T17007] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2609.621276][T17007] RSP: 0000:ffffc90008cfb628 EFLAGS: 00010246
[ 2609.627405][T17007] RAX: ffffffff83b40f4c RBX: ffff88811e772088 RCX: 0000000000040000
[ 2609.635378][T17007] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2609.643424][T17007] RBP: ffffc90008cfb668 R08: 000188811e77208f R09: 0000000000000000
[ 2609.651393][T17007] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b50000
[ 2609.659364][T17007] R13: 0000000000000000 R14: ffffc90008cfb7f0 R15: ffff88811e772000
[ 2609.667377][T17007] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2609.676405][T17007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2609.682984][T17007] CR2: 000000000046db5d CR3: 0000000147453000 CR4: 00000000003506f0
[ 2609.691021][T17007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2609.699092][T17007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2609.707059][T17007] Call Trace:
[ 2609.710347][T17007]  <TASK>
[ 2609.713292][T17007]  tcf_block_put+0x4c/0x70
[ 2609.717785][T17007]  cake_destroy+0x2d/0x50
[ 2609.722170][T17007]  ? cake_reset+0x5d0/0x5d0
[ 2609.726676][T17007]  qdisc_create+0xa82/0xd10
[ 2609.731173][T17007]  ? __nla_parse+0x3c/0x50
[ 2609.735704][T17007]  tc_modify_qdisc+0x64a/0x10b0
[ 2609.740568][T17007]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2609.746445][T17007]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2609.751396][T17007]  ? ___cache_free+0x46/0x300
[ 2609.756052][T17007]  ? packet_rcv+0xc3/0x9d0
[ 2609.760545][T17007]  ? __kfree_skb+0xfe/0x150
[ 2609.765029][T17007]  ? kmem_cache_free+0x5e/0x100
[ 2609.769997][T17007]  ? __kfree_skb+0xfe/0x150
[ 2609.774481][T17007]  ? consume_skb+0x48/0x160
[ 2609.778962][T17007]  ? nlmon_xmit+0x5f/0x70
[ 2609.783281][T17007]  ? __this_cpu_preempt_check+0x18/0x20
[ 2609.788976][T17007]  ? sysvec_apic_timer_interrupt+0x4a/0xb0
[ 2609.794894][T17007]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2609.801071][T17007]  ? rtnetlink_net_exit+0x40/0x40
[ 2609.806089][T17007]  netlink_rcv_skb+0x14e/0x250
[ 2609.810863][T17007]  ? rtnetlink_bind+0x60/0x60
[ 2609.815529][T17007]  rtnetlink_rcv+0x18/0x20
[ 2609.820045][T17007]  netlink_unicast+0x5fc/0x6c0
[ 2609.824820][T17007]  netlink_sendmsg+0x6e1/0x7d0
[ 2609.829701][T17007]  ? netlink_getsockopt+0x720/0x720
[ 2609.835047][T17007]  ____sys_sendmsg+0x39a/0x510
[ 2609.839916][T17007]  __sys_sendmsg+0x195/0x230
[ 2609.844496][T17007]  ? __xfrm_init_state+0x350/0x820
[ 2609.849781][T17007]  __x64_sys_sendmsg+0x42/0x50
[ 2609.854560][T17007]  do_syscall_64+0x44/0xd0
[ 2609.858993][T17007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2609.864932][T17007] RIP: 0033:0x7f0da0d09ae9
[ 2609.869434][T17007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2609.889292][T17007] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2609.897811][T17007] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2609.905834][T17007] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2609.913971][T17007] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2609.921939][T17007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2609.930016][T17007] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2609.938033][T17007]  </TASK>
[ 2609.941052][T17007] ---[ end trace e45544a13c7e47f2 ]---
[ 2609.947925][T17007] ------------[ cut here ]------------
[ 2609.953552][T17007] WARNING: CPU: 0 PID: 17007 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2609.963024][T17007] Modules linked in:
[ 2609.966999][T17007] CPU: 0 PID: 17007 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2609.976983][T17007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2609.987036][T17007] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2609.992589][T17007] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2610.012190][T17007] RSP: 0000:ffffc90008cfb5d8 EFLAGS: 00010246
[ 2610.018234][T17007] RAX: ffffffff83b414a7 RBX: ffff88811e7720a0 RCX: 0000000000040000
[ 2610.026208][T17007] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2610.034306][T17007] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2610.042340][T17007] R10: 0001ffffffffffff R11: 000188811e7720a0 R12: ffff88811e772050
[ 2610.050321][T17007] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811e772000
[ 2610.058314][T17007] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2610.067254][T17007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2610.073833][T17007] CR2: 000000000046db5d CR3: 0000000147453000 CR4: 00000000003506f0
[ 2610.081802][T17007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2610.089784][T17007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2610.097772][T17007] Call Trace:
[ 2610.101044][T17007]  <TASK>
[ 2610.103956][T17007]  tcf_block_put_ext+0xe5/0x180
[ 2610.108815][T17007]  tcf_block_put+0x4c/0x70
[ 2610.113310][T17007]  cake_destroy+0x2d/0x50
[ 2610.117630][T17007]  ? cake_reset+0x5d0/0x5d0
[ 2610.122188][T17007]  qdisc_create+0xa82/0xd10
[ 2610.126682][T17007]  ? __nla_parse+0x3c/0x50
[ 2610.131094][T17007]  tc_modify_qdisc+0x64a/0x10b0
[ 2610.135988][T17007]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2610.141873][T17007]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2610.146792][T17007]  ? ___cache_free+0x46/0x300
[ 2610.151462][T17007]  ? packet_rcv+0xc3/0x9d0
[ 2610.155857][T17007]  ? __kfree_skb+0xfe/0x150
[ 2610.160425][T17007]  ? kmem_cache_free+0x5e/0x100
[ 2610.165270][T17007]  ? __kfree_skb+0xfe/0x150
[ 2610.169774][T17007]  ? consume_skb+0x48/0x160
[ 2610.174274][T17007]  ? nlmon_xmit+0x5f/0x70
[ 2610.178591][T17007]  ? __this_cpu_preempt_check+0x18/0x20
[ 2610.184135][T17007]  ? sysvec_apic_timer_interrupt+0x4a/0xb0
[ 2610.189950][T17007]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 2610.196119][T17007]  ? rtnetlink_net_exit+0x40/0x40
[ 2610.201258][T17007]  netlink_rcv_skb+0x14e/0x250
[ 2610.206056][T17007]  ? rtnetlink_bind+0x60/0x60
[ 2610.210734][T17007]  rtnetlink_rcv+0x18/0x20
[ 2610.215183][T17007]  netlink_unicast+0x5fc/0x6c0
[ 2610.219961][T17007]  netlink_sendmsg+0x6e1/0x7d0
[ 2610.224976][T17007]  ? netlink_getsockopt+0x720/0x720
[ 2610.230165][T17007]  ____sys_sendmsg+0x39a/0x510
[ 2610.234948][T17007]  __sys_sendmsg+0x195/0x230
[ 2610.239607][T17007]  ? __xfrm_init_state+0x350/0x820
[ 2610.244737][T17007]  __x64_sys_sendmsg+0x42/0x50
[ 2610.249524][T17007]  do_syscall_64+0x44/0xd0
[ 2610.253965][T17007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2610.259850][T17007] RIP: 0033:0x7f0da0d09ae9
[ 2610.264278][T17007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2610.283883][T17007] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2610.292319][T17007] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2610.300314][T17007] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2610.308289][T17007] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2610.316401][T17007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2610.324479][T17007] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2610.332510][T17007]  </TASK>
[ 2610.335536][T17007] ---[ end trace e45544a13c7e47f3 ]---
[ 2610.433878][T17010] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=45 sclass=netlink_tcpdiag_socket pid=17010 comm=syz-executor.5
19:04:37 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:04:41 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}]}}]}, 0x434}}, 0x0)

[ 2683.529933][T17132] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
19:04:43 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xc00}}, {0x4}}]}]}, 0x68}}, 0x0)

19:04:44 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8848]}]}}]}, 0x434}}, 0x0)

19:04:50 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0)

[ 2697.056869][T17132] syz-executor.0: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 2697.073303][T17132] CPU: 0 PID: 17132 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2697.083305][T17132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2697.093474][T17132] Call Trace:
[ 2697.096828][T17132]  <TASK>
[ 2697.099788][T17132]  dump_stack_lvl+0xd6/0x122
[ 2697.104402][T17132]  dump_stack+0x11/0x1b
[ 2697.108601][T17132]  warn_alloc+0x132/0x190
[ 2697.112926][T17132]  __vmalloc_node_range+0x58b/0x690
[ 2697.118155][T17132]  ? cake_init+0x20d/0x640
[ 2697.122617][T17132]  __vmalloc_node+0x61/0x70
[ 2697.127150][T17132]  ? cake_init+0x20d/0x640
[ 2697.132109][T17132]  kvmalloc_node+0xd2/0x110
[ 2697.136653][T17132]  cake_init+0x20d/0x640
[ 2697.140990][T17132]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2697.146756][T17132]  ? qdisc_alloc+0x334/0x3c0
[ 2697.151366][T17132]  ? qdisc_lookup+0x20c/0x2e0
[ 2697.156160][T17132]  ? qdisc_peek_dequeued+0x140/0x140
[ 2697.161497][T17132]  qdisc_create+0x5f4/0xd10
[ 2697.166089][T17132]  ? __nla_parse+0x3c/0x50
[ 2697.170510][T17132]  tc_modify_qdisc+0x64a/0x10b0
[ 2697.175439][T17132]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2697.181389][T17132]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2697.186309][T17132]  ? ___cache_free+0x46/0x300
[ 2697.191027][T17132]  ? packet_rcv+0xc3/0x9d0
[ 2697.195429][T17132]  ? __kfree_skb+0xfe/0x150
[ 2697.200009][T17132]  ? kmem_cache_free+0x5e/0x100
[ 2697.204876][T17132]  ? __kfree_skb+0xfe/0x150
[ 2697.209392][T17132]  ? consume_skb+0x48/0x160
[ 2697.214072][T17132]  ? nlmon_xmit+0x5f/0x70
[ 2697.218455][T17132]  ? __this_cpu_preempt_check+0x18/0x20
[ 2697.224094][T17132]  ? __local_bh_enable_ip+0x4d/0x70
[ 2697.229276][T17132]  ? local_bh_enable+0x1b/0x20
[ 2697.234101][T17132]  ? __dev_queue_xmit+0x597/0xf70
[ 2697.239108][T17132]  ? __skb_clone+0x2db/0x300
[ 2697.243844][T17132]  ? __rcu_read_unlock+0x5c/0x290
[ 2697.248851][T17132]  netlink_rcv_skb+0x14e/0x250
[ 2697.253648][T17132]  ? rtnetlink_bind+0x60/0x60
[ 2697.258324][T17132]  rtnetlink_rcv+0x18/0x20
[ 2697.262795][T17132]  netlink_unicast+0x5fc/0x6c0
[ 2697.267597][T17132]  netlink_sendmsg+0x6e1/0x7d0
[ 2697.272439][T17132]  ? netlink_getsockopt+0x720/0x720
[ 2697.277637][T17132]  ____sys_sendmsg+0x39a/0x510
[ 2697.282423][T17132]  __sys_sendmsg+0x195/0x230
[ 2697.287070][T17132]  __x64_sys_sendmsg+0x42/0x50
[ 2697.291908][T17132]  do_syscall_64+0x44/0xd0
[ 2697.296495][T17132]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2697.302395][T17132] RIP: 0033:0x7f0da0d09ae9
[ 2697.306806][T17132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2697.326439][T17132] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2697.334924][T17132] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2697.342901][T17132] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2697.350889][T17132] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2697.358874][T17132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2697.366859][T17132] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2697.374840][T17132]  </TASK>
[ 2697.378083][T17132] Mem-Info:
[ 2697.381206][T17132] active_anon:10666 inactive_anon:100321 isolated_anon:0
[ 2697.381206][T17132]  active_file:313 inactive_file:668 isolated_file:3
[ 2697.381206][T17132]  unevictable:0 dirty:1 writeback:0
[ 2697.381206][T17132]  slab_reclaimable:7689 slab_unreclaimable:1742399
[ 2697.381206][T17132]  mapped:52965 shmem:357 pagetables:5397 bounce:0
[ 2697.381206][T17132]  kernel_misc_reclaimable:0
[ 2697.381206][T17132]  free:11952 free_pcp:97 free_cma:0
[ 2697.422403][T17132] Node 0 active_anon:42664kB inactive_anon:401284kB active_file:1088kB inactive_file:1040kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:210584kB dirty:4kB writeback:0kB shmem:1428kB writeback_tmp:0kB kernel_stack:5424kB pagetables:21588kB all_unreclaimable? no
[ 2697.448835][T17132] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2697.475699][T17132] lowmem_reserve[]: 0 2896 7874 7874
[ 2697.481093][T17132] Node 0 DMA32 free:22224kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:2048KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2697.509502][T17132] lowmem_reserve[]: 0 0 4978 4978
[ 2697.514559][T17132] Node 0 Normal free:11232kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42664kB inactive_anon:400368kB active_file:928kB inactive_file:1352kB unevictable:0kB writepending:4kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1204kB local_pcp:276kB free_cma:0kB
[ 2697.544601][T17132] lowmem_reserve[]: 0 0 0 0
[ 2697.549162][T17132] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2697.561933][T17132] Node 0 DMA32: 254*4kB (UME) 137*8kB (UME) 55*16kB (UME) 47*32kB (UME) 19*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 22224kB
[ 2697.579496][T17132] Node 0 Normal: 1704*4kB (UME) 481*8kB (UME) 63*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11672kB
[ 2697.593399][T17132] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2697.602699][T17132] 1058 total pagecache pages
[ 2697.607281][T17132] 0 pages in swap cache
[ 2697.611444][T17132] Swap cache stats: add 0, delete 0, find 0/0
[ 2697.617554][T17132] Free swap  = 0kB
[ 2697.621274][T17132] Total swap = 0kB
[ 2697.624985][T17132] 2097051 pages RAM
[ 2697.628794][T17132] 0 pages HighMem/MovableOnly
[ 2697.633480][T17132] 75955 pages reserved
[ 2697.641117][T17132] ------------[ cut here ]------------
[ 2697.646570][T17132] WARNING: CPU: 0 PID: 17132 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2697.657188][T17132] Modules linked in:
[ 2697.661103][T17132] CPU: 0 PID: 17132 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2697.670955][T17132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2697.681024][T17132] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2697.687725][T17132] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2697.707465][T17132] RSP: 0018:ffffc9000b0bf5f0 EFLAGS: 00010246
[ 2697.713559][T17132] RAX: ffff88811d887000 RBX: ffff8881202740b0 RCX: 0000000000000000
[ 2697.721554][T17132] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: ffff888120274000
[ 2697.729563][T17132] RBP: ffffc9000b0bf738 R08: 00018881202740b7 R09: 0000000000000000
[ 2697.737829][T17132] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8881202740b0
[ 2697.745835][T17132] R13: ffffffff85ec3720 R14: ffff888120274000 R15: ffffc9000b0bf668
[ 2697.753881][T17132] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2697.762842][T17132] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2697.769443][T17132] CR2: 00007ffcf4adcc00 CR3: 000000011cd6a000 CR4: 00000000003506f0
[ 2697.777425][T17132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2697.785431][T17132] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2697.793442][T17132] Call Trace:
[ 2697.796721][T17132]  <TASK>
[ 2697.799740][T17132]  tcf_block_put_ext+0x2d/0x180
[ 2697.804616][T17132]  tcf_block_put+0x4c/0x70
[ 2697.809144][T17132]  cake_destroy+0x2d/0x50
[ 2697.813511][T17132]  ? cake_reset+0x5d0/0x5d0
[ 2697.818024][T17132]  qdisc_create+0xa82/0xd10
[ 2697.822617][T17132]  ? __nla_parse+0x3c/0x50
[ 2697.827060][T17132]  tc_modify_qdisc+0x64a/0x10b0
[ 2697.831948][T17132]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2697.837843][T17132]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2697.842888][T17132]  ? ___cache_free+0x46/0x300
[ 2697.847589][T17132]  ? packet_rcv+0xc3/0x9d0
[ 2697.852037][T17132]  ? __kfree_skb+0xfe/0x150
[ 2697.856553][T17132]  ? kmem_cache_free+0x5e/0x100
[ 2697.861442][T17132]  ? __kfree_skb+0xfe/0x150
[ 2697.865960][T17132]  ? consume_skb+0x48/0x160
[ 2697.870578][T17132]  ? nlmon_xmit+0x5f/0x70
[ 2697.874908][T17132]  ? __this_cpu_preempt_check+0x18/0x20
[ 2697.880522][T17132]  ? __local_bh_enable_ip+0x4d/0x70
[ 2697.885723][T17132]  ? local_bh_enable+0x1b/0x20
[ 2697.890550][T17132]  ? __dev_queue_xmit+0x597/0xf70
[ 2697.895651][T17132]  ? __skb_clone+0x2db/0x300
[ 2697.900272][T17132]  ? __rcu_read_unlock+0x5c/0x290
[ 2697.905340][T17132]  netlink_rcv_skb+0x14e/0x250
[ 2697.910146][T17132]  ? rtnetlink_bind+0x60/0x60
[ 2697.914832][T17132]  rtnetlink_rcv+0x18/0x20
[ 2697.919314][T17132]  netlink_unicast+0x5fc/0x6c0
[ 2697.924085][T17132]  netlink_sendmsg+0x6e1/0x7d0
[ 2697.928883][T17132]  ? netlink_getsockopt+0x720/0x720
[ 2697.934133][T17132]  ____sys_sendmsg+0x39a/0x510
[ 2697.938985][T17132]  __sys_sendmsg+0x195/0x230
[ 2697.943631][T17132]  __x64_sys_sendmsg+0x42/0x50
[ 2697.948453][T17132]  do_syscall_64+0x44/0xd0
[ 2697.953423][T17132]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2697.959343][T17132] RIP: 0033:0x7f0da0d09ae9
[ 2697.963760][T17132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2697.983411][T17132] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2697.991852][T17132] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2697.999848][T17132] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2698.007906][T17132] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2698.015938][T17132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2698.024083][T17132] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2698.032142][T17132]  </TASK>
[ 2698.035241][T17132] ---[ end trace e45544a13c7e47f4 ]---
[ 2698.041337][T17132] ------------[ cut here ]------------
[ 2698.046788][T17132] WARNING: CPU: 0 PID: 17132 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2698.056480][T17132] Modules linked in:
[ 2698.060401][T17132] CPU: 0 PID: 17132 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2698.070354][T17132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2698.080438][T17132] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2698.086319][T17132] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2698.105988][T17132] RSP: 0018:ffffc9000b0bf628 EFLAGS: 00010246
[ 2698.112089][T17132] RAX: ffffffff83b40f4c RBX: ffff888120274088 RCX: 0000000000040000
[ 2698.120080][T17132] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2698.128053][T17132] RBP: ffffc9000b0bf668 R08: 000188812027408f R09: 0000000000000000
[ 2698.136147][T17132] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b50000
[ 2698.144408][T17132] R13: 0000000000000000 R14: ffffc9000b0bf7f0 R15: ffff888120274000
[ 2698.152400][T17132] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2698.161458][T17132] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2698.168067][T17132] CR2: 00007ffcf4adcc00 CR3: 000000011cd6a000 CR4: 00000000003506f0
[ 2698.176064][T17132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2698.184135][T17132] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2698.192134][T17132] Call Trace:
[ 2698.195409][T17132]  <TASK>
[ 2698.198332][T17132]  tcf_block_put+0x4c/0x70
[ 2698.202785][T17132]  cake_destroy+0x2d/0x50
[ 2698.207182][T17132]  ? cake_reset+0x5d0/0x5d0
[ 2698.211717][T17132]  qdisc_create+0xa82/0xd10
[ 2698.216227][T17132]  ? __nla_parse+0x3c/0x50
[ 2698.220669][T17132]  tc_modify_qdisc+0x64a/0x10b0
[ 2698.225532][T17132]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2698.231458][T17132]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2698.236409][T17132]  ? ___cache_free+0x46/0x300
[ 2698.241177][T17132]  ? packet_rcv+0xc3/0x9d0
[ 2698.245594][T17132]  ? __kfree_skb+0xfe/0x150
[ 2698.250127][T17132]  ? kmem_cache_free+0x5e/0x100
[ 2698.255034][T17132]  ? __kfree_skb+0xfe/0x150
[ 2698.259575][T17132]  ? consume_skb+0x48/0x160
[ 2698.264083][T17132]  ? nlmon_xmit+0x5f/0x70
[ 2698.268416][T17132]  ? __this_cpu_preempt_check+0x18/0x20
[ 2698.274080][T17132]  ? __local_bh_enable_ip+0x4d/0x70
[ 2698.279299][T17132]  ? local_bh_enable+0x1b/0x20
[ 2698.284070][T17132]  ? __dev_queue_xmit+0x597/0xf70
[ 2698.289156][T17132]  ? __skb_clone+0x2db/0x300
[ 2698.293756][T17132]  ? __rcu_read_unlock+0x5c/0x290
[ 2698.298835][T17132]  netlink_rcv_skb+0x14e/0x250
[ 2698.303633][T17132]  ? rtnetlink_bind+0x60/0x60
[ 2698.308312][T17132]  rtnetlink_rcv+0x18/0x20
[ 2698.312755][T17132]  netlink_unicast+0x5fc/0x6c0
[ 2698.317617][T17132]  netlink_sendmsg+0x6e1/0x7d0
[ 2698.322414][T17132]  ? netlink_getsockopt+0x720/0x720
[ 2698.327620][T17132]  ____sys_sendmsg+0x39a/0x510
[ 2698.332453][T17132]  __sys_sendmsg+0x195/0x230
[ 2698.337059][T17132]  __x64_sys_sendmsg+0x42/0x50
[ 2698.341938][T17132]  do_syscall_64+0x44/0xd0
[ 2698.346363][T17132]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2698.352291][T17132] RIP: 0033:0x7f0da0d09ae9
[ 2698.356705][T17132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2698.376842][T17132] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2698.385286][T17132] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2698.393383][T17132] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2698.401381][T17132] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2698.409553][T17132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2698.417527][T17132] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2698.425528][T17132]  </TASK>
[ 2698.428543][T17132] ---[ end trace e45544a13c7e47f5 ]---
[ 2698.435523][T17132] ------------[ cut here ]------------
[ 2698.441006][T17132] WARNING: CPU: 0 PID: 17132 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2698.450449][T17132] Modules linked in:
[ 2698.454336][T17132] CPU: 0 PID: 17132 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 2698.464167][T17132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2698.474297][T17132] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2698.480007][T17132] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2698.499691][T17132] RSP: 0018:ffffc9000b0bf5d8 EFLAGS: 00010246
[ 2698.505768][T17132] RAX: ffffffff83b414a7 RBX: ffff8881202740a0 RCX: 0000000000040000
[ 2698.513789][T17132] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2698.521779][T17132] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2698.530293][T17132] R10: 0001ffffffffffff R11: 00018881202740a0 R12: ffff888120274050
[ 2698.538277][T17132] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888120274000
[ 2698.546276][T17132] FS:  00007f0d9ea80700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2698.555298][T17132] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2698.561919][T17132] CR2: 00007ffcf4adcc00 CR3: 000000011cd6a000 CR4: 00000000003506f0
[ 2698.569919][T17132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2698.577895][T17132] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2698.585953][T17132] Call Trace:
[ 2698.589265][T17132]  <TASK>
[ 2698.592197][T17132]  tcf_block_put_ext+0xe5/0x180
[ 2698.597074][T17132]  tcf_block_put+0x4c/0x70
[ 2698.601549][T17132]  cake_destroy+0x2d/0x50
[ 2698.605889][T17132]  ? cake_reset+0x5d0/0x5d0
[ 2698.610452][T17132]  qdisc_create+0xa82/0xd10
[ 2698.614963][T17132]  ? __nla_parse+0x3c/0x50
[ 2698.619411][T17132]  tc_modify_qdisc+0x64a/0x10b0
[ 2698.624276][T17132]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2698.630199][T17132]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2698.635146][T17132]  ? ___cache_free+0x46/0x300
[ 2698.639844][T17132]  ? packet_rcv+0xc3/0x9d0
[ 2698.644344][T17132]  ? __kfree_skb+0xfe/0x150
[ 2698.648865][T17132]  ? kmem_cache_free+0x5e/0x100
[ 2698.653769][T17132]  ? __kfree_skb+0xfe/0x150
[ 2698.658290][T17132]  ? consume_skb+0x48/0x160
[ 2698.662854][T17132]  ? nlmon_xmit+0x5f/0x70
[ 2698.667233][T17132]  ? __this_cpu_preempt_check+0x18/0x20
[ 2698.672893][T17132]  ? __local_bh_enable_ip+0x4d/0x70
[ 2698.678118][T17132]  ? local_bh_enable+0x1b/0x20
[ 2698.683046][T17132]  ? __dev_queue_xmit+0x597/0xf70
[ 2698.688148][T17132]  ? __skb_clone+0x2db/0x300
[ 2698.692769][T17132]  ? __rcu_read_unlock+0x5c/0x290
[ 2698.697872][T17132]  netlink_rcv_skb+0x14e/0x250
[ 2698.702722][T17132]  ? rtnetlink_bind+0x60/0x60
[ 2698.707404][T17132]  rtnetlink_rcv+0x18/0x20
[ 2698.711911][T17132]  netlink_unicast+0x5fc/0x6c0
[ 2698.716712][T17132]  netlink_sendmsg+0x6e1/0x7d0
[ 2698.721520][T17132]  ? netlink_getsockopt+0x720/0x720
[ 2698.726740][T17132]  ____sys_sendmsg+0x39a/0x510
[ 2698.731627][T17132]  __sys_sendmsg+0x195/0x230
[ 2698.736238][T17132]  __x64_sys_sendmsg+0x42/0x50
[ 2698.741029][T17132]  do_syscall_64+0x44/0xd0
[ 2698.745456][T17132]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2698.751377][T17132] RIP: 0033:0x7f0da0d09ae9
[ 2698.755804][T17132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2698.775538][T17132] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2698.783998][T17132] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 2698.791988][T17132] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2698.799999][T17132] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 2698.807995][T17132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2698.816057][T17132] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 2698.824058][T17132]  </TASK>
[ 2698.827074][T17132] ---[ end trace e45544a13c7e47f6 ]---
[ 2698.836561][T17204] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2698.873305][T17205] ------------[ cut here ]------------
[ 2698.878783][T17205] WARNING: CPU: 0 PID: 17205 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2698.889403][T17205] Modules linked in:
[ 2698.893421][T17205] CPU: 0 PID: 17205 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2698.903280][T17205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2698.913407][T17205] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2698.920149][T17205] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2698.939883][T17205] RSP: 0018:ffffc9000b0df5f0 EFLAGS: 00010246
[ 2698.945957][T17205] RAX: ffff88811d854000 RBX: ffff88811e6c48b0 RCX: 0000000000000000
[ 2698.953955][T17205] RDX: ffffc90007ce8000 RSI: 0000000000001ed1 RDI: ffff88811e6c4800
[ 2698.961955][T17205] RBP: ffffc9000b0df738 R08: 000188811e6c48b7 R09: 0000000000000000
[ 2698.969960][T17205] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88811e6c48b0
[ 2698.977972][T17205] R13: ffffffff85ec3720 R14: ffff88811e6c4800 R15: ffffc9000b0df668
[ 2698.985994][T17205] FS:  00007f2aae484700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2698.994953][T17205] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2699.001572][T17205] CR2: 00007ffcf4adcc00 CR3: 000000014e305000 CR4: 00000000003506f0
[ 2699.009570][T17205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2699.017884][T17205] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2699.025916][T17205] Call Trace:
[ 2699.029204][T17205]  <TASK>
[ 2699.032215][T17205]  tcf_block_put_ext+0x2d/0x180
[ 2699.037152][T17205]  tcf_block_put+0x4c/0x70
[ 2699.041599][T17205]  cake_destroy+0x2d/0x50
[ 2699.045991][T17205]  ? cake_reset+0x5d0/0x5d0
[ 2699.050530][T17205]  qdisc_create+0xa82/0xd10
[ 2699.055034][T17205]  ? __nla_parse+0x3c/0x50
[ 2699.059753][T17205]  tc_modify_qdisc+0x64a/0x10b0
[ 2699.064615][T17205]  ? __mmdrop+0x207/0x310
[ 2699.069030][T17205]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2699.074976][T17205]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2699.079974][T17205]  ? ___cache_free+0x46/0x300
[ 2699.084661][T17205]  ? packet_rcv+0xc3/0x9d0
[ 2699.089173][T17205]  ? __kfree_skb+0xfe/0x150
[ 2699.093677][T17205]  ? kmem_cache_free+0x5e/0x100
[ 2699.098640][T17205]  ? __kfree_skb+0xfe/0x150
[ 2699.103165][T17205]  ? consume_skb+0x48/0x160
[ 2699.107670][T17205]  ? nlmon_xmit+0x5f/0x70
[ 2699.112046][T17205]  ? __this_cpu_preempt_check+0x18/0x20
[ 2699.117649][T17205]  ? __local_bh_enable_ip+0x4d/0x70
[ 2699.122882][T17205]  ? local_bh_enable+0x1b/0x20
[ 2699.127733][T17205]  ? __dev_queue_xmit+0x597/0xf70
[ 2699.132794][T17205]  ? __skb_clone+0x2db/0x300
[ 2699.137385][T17205]  ? __rcu_read_unlock+0x5c/0x290
[ 2699.142633][T17205]  netlink_rcv_skb+0x14e/0x250
[ 2699.147450][T17205]  ? rtnetlink_bind+0x60/0x60
[ 2699.152238][T17205]  rtnetlink_rcv+0x18/0x20
[ 2699.156656][T17205]  netlink_unicast+0x5fc/0x6c0
[ 2699.161455][T17205]  netlink_sendmsg+0x6e1/0x7d0
[ 2699.166304][T17205]  ? netlink_getsockopt+0x720/0x720
[ 2699.171568][T17205]  ____sys_sendmsg+0x39a/0x510
[ 2699.176336][T17205]  __sys_sendmsg+0x195/0x230
[ 2699.181036][T17205]  __x64_sys_sendmsg+0x42/0x50
[ 2699.185814][T17205]  do_syscall_64+0x44/0xd0
[ 2699.190263][T17205]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2699.196198][T17205] RIP: 0033:0x7f2ab072eae9
[ 2699.200637][T17205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2699.220370][T17205] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2699.228856][T17205] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2699.236860][T17205] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2699.244873][T17205] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2699.252887][T17205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2699.260900][T17205] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2699.268879][T17205]  </TASK>
[ 2699.271939][T17205] ---[ end trace e45544a13c7e47f7 ]---
[ 2699.277895][T17205] ------------[ cut here ]------------
[ 2699.283374][T17205] WARNING: CPU: 0 PID: 17205 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2699.292985][T17205] Modules linked in:
[ 2699.296875][T17205] CPU: 0 PID: 17205 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2699.306808][T17205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2699.316901][T17205] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2699.322579][T17205] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2699.342581][T17205] RSP: 0018:ffffc9000b0df628 EFLAGS: 00010283
[ 2699.348731][T17205] RAX: ffffffff83b40f4c RBX: ffff88811e6c4888 RCX: 0000000000040000
[ 2699.356834][T17205] RDX: ffffc90007ce8000 RSI: 000000000003753a RDI: 000000000003753b
[ 2699.364832][T17205] RBP: ffffc9000b0df668 R08: 000188811e6c488f R09: 0000000000000000
[ 2699.372845][T17205] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b50000
[ 2699.380915][T17205] R13: 0000000000000000 R14: ffffc9000b0df7f0 R15: ffff88811e6c4800
[ 2699.388888][T17205] FS:  00007f2aae484700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2699.397851][T17205] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2699.404544][T17205] CR2: 00007ffcf4adcc00 CR3: 000000014e305000 CR4: 00000000003506f0
[ 2699.412533][T17205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2699.420660][T17205] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2699.428638][T17205] Call Trace:
[ 2699.431938][T17205]  <TASK>
[ 2699.434867][T17205]  tcf_block_put+0x4c/0x70
[ 2699.439359][T17205]  cake_destroy+0x2d/0x50
[ 2699.443753][T17205]  ? cake_reset+0x5d0/0x5d0
[ 2699.448295][T17205]  qdisc_create+0xa82/0xd10
[ 2699.452990][T17205]  ? __nla_parse+0x3c/0x50
[ 2699.457413][T17205]  tc_modify_qdisc+0x64a/0x10b0
[ 2699.462336][T17205]  ? __mmdrop+0x207/0x310
[ 2699.466714][T17205]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2699.472647][T17205]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2699.477663][T17205]  ? ___cache_free+0x46/0x300
[ 2699.482393][T17205]  ? packet_rcv+0xc3/0x9d0
[ 2699.486809][T17205]  ? __kfree_skb+0xfe/0x150
[ 2699.491359][T17205]  ? kmem_cache_free+0x5e/0x100
[ 2699.496216][T17205]  ? __kfree_skb+0xfe/0x150
[ 2699.500753][T17205]  ? consume_skb+0x48/0x160
[ 2699.505266][T17205]  ? nlmon_xmit+0x5f/0x70
[ 2699.509828][T17205]  ? __this_cpu_preempt_check+0x18/0x20
[ 2699.515372][T17205]  ? __local_bh_enable_ip+0x4d/0x70
[ 2699.520628][T17205]  ? local_bh_enable+0x1b/0x20
[ 2699.525399][T17205]  ? __dev_queue_xmit+0x597/0xf70
[ 2699.530481][T17205]  ? __skb_clone+0x2db/0x300
[ 2699.535196][T17205]  ? __rcu_read_unlock+0x5c/0x290
[ 2699.540245][T17205]  netlink_rcv_skb+0x14e/0x250
[ 2699.545015][T17205]  ? rtnetlink_bind+0x60/0x60
[ 2699.549721][T17205]  rtnetlink_rcv+0x18/0x20
[ 2699.554227][T17205]  netlink_unicast+0x5fc/0x6c0
[ 2699.558995][T17205]  netlink_sendmsg+0x6e1/0x7d0
[ 2699.563936][T17205]  ? netlink_getsockopt+0x720/0x720
[ 2699.569245][T17205]  ____sys_sendmsg+0x39a/0x510
[ 2699.574019][T17205]  __sys_sendmsg+0x195/0x230
[ 2699.578770][T17205]  __x64_sys_sendmsg+0x42/0x50
[ 2699.583653][T17205]  do_syscall_64+0x44/0xd0
[ 2699.588174][T17205]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2699.594136][T17205] RIP: 0033:0x7f2ab072eae9
[ 2699.598551][T17205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2699.618182][T17205] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2699.626680][T17205] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2699.634759][T17205] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2699.642749][T17205] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2699.650813][T17205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2699.658836][T17205] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2699.666890][T17205]  </TASK>
[ 2699.669921][T17205] ---[ end trace e45544a13c7e47f8 ]---
[ 2699.676665][T17205] ------------[ cut here ]------------
[ 2699.682155][T17205] WARNING: CPU: 0 PID: 17205 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2699.691670][T17205] Modules linked in:
[ 2699.695556][T17205] CPU: 0 PID: 17205 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2699.705391][T17205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2699.715469][T17205] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2699.721065][T17205] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2699.740732][T17205] RSP: 0018:ffffc9000b0df5d8 EFLAGS: 00010246
[ 2699.746803][T17205] RAX: ffffffff83b414a7 RBX: ffff88811e6c48a0 RCX: 0000000000040000
[ 2699.754823][T17205] RDX: ffffc90007ce8000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2699.762813][T17205] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2699.770933][T17205] R10: 0001ffffffffffff R11: 000188811e6c48a0 R12: ffff88811e6c4850
[ 2699.778916][T17205] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88811e6c4800
[ 2699.787144][T17205] FS:  00007f2aae484700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2699.796104][T17205] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2699.802700][T17205] CR2: 00007ffcf4adcc00 CR3: 000000014e305000 CR4: 00000000003506f0
[ 2699.810748][T17205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2699.818783][T17205] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2699.826875][T17205] Call Trace:
[ 2699.830230][T17205]  <TASK>
[ 2699.833160][T17205]  tcf_block_put_ext+0xe5/0x180
[ 2699.838019][T17205]  tcf_block_put+0x4c/0x70
[ 2699.842534][T17205]  cake_destroy+0x2d/0x50
[ 2699.846868][T17205]  ? cake_reset+0x5d0/0x5d0
[ 2699.851411][T17205]  qdisc_create+0xa82/0xd10
[ 2699.855964][T17205]  ? __nla_parse+0x3c/0x50
[ 2699.860404][T17205]  tc_modify_qdisc+0x64a/0x10b0
[ 2699.865312][T17205]  ? __mmdrop+0x207/0x310
[ 2699.869747][T17205]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2699.875652][T17205]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2699.880685][T17205]  ? ___cache_free+0x46/0x300
[ 2699.885369][T17205]  ? packet_rcv+0xc3/0x9d0
[ 2699.889994][T17205]  ? __kfree_skb+0xfe/0x150
[ 2699.894508][T17205]  ? kmem_cache_free+0x5e/0x100
[ 2699.899384][T17205]  ? __kfree_skb+0xfe/0x150
[ 2699.903890][T17205]  ? consume_skb+0x48/0x160
[ 2699.908484][T17205]  ? nlmon_xmit+0x5f/0x70
[ 2699.912841][T17205]  ? __this_cpu_preempt_check+0x18/0x20
[ 2699.918394][T17205]  ? __local_bh_enable_ip+0x4d/0x70
[ 2699.923641][T17205]  ? local_bh_enable+0x1b/0x20
[ 2699.928420][T17205]  ? __dev_queue_xmit+0x597/0xf70
[ 2699.933884][T17205]  ? __skb_clone+0x2db/0x300
[ 2699.938633][T17205]  ? __rcu_read_unlock+0x5c/0x290
[ 2699.943679][T17205]  netlink_rcv_skb+0x14e/0x250
[ 2699.948620][T17205]  ? rtnetlink_bind+0x60/0x60
[ 2699.953325][T17205]  rtnetlink_rcv+0x18/0x20
[ 2699.957820][T17205]  netlink_unicast+0x5fc/0x6c0
[ 2699.962622][T17205]  netlink_sendmsg+0x6e1/0x7d0
[ 2699.967413][T17205]  ? netlink_getsockopt+0x720/0x720
[ 2699.972721][T17205]  ____sys_sendmsg+0x39a/0x510
[ 2699.977488][T17205]  __sys_sendmsg+0x195/0x230
[ 2699.982111][T17205]  __x64_sys_sendmsg+0x42/0x50
[ 2699.986880][T17205]  do_syscall_64+0x44/0xd0
[ 2699.991347][T17205]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2699.997245][T17205] RIP: 0033:0x7f2ab072eae9
[ 2700.001706][T17205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2700.021376][T17205] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2700.030430][T17205] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2700.038524][T17205] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2700.046527][T17205] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2700.054520][T17205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2700.062584][T17205] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2700.070582][T17205]  </TASK>
[ 2700.073598][T17205] ---[ end trace e45544a13c7e47f9 ]---
[ 2700.087418][T17209] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2700.104136][T17283] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2702.198500][T17389] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
19:05:07 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xf00}}, {0x4}}]}]}, 0x68}}, 0x0)

19:05:08 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 2705.141260][T17389] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 2705.149930][T17389] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2705.160681][T17390] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2705.171499][T17390] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 2705.179988][T17390] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
19:06:00 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
setsockopt$CAIFSO_REQ_PARAM(r1, 0x116, 0x80, &(0x7f00000002c0)="5feeca7bef8cf375dc4ac492124c67ca2ac46a3a625b7c15bc8df4f5daf576bceea7409399554d1ebb627dbb9d85beeac98d2625bc48a78bfc9d73adbe547a76854068ec170f31ff3da0149464842ec9edb5dcdd3d01a637d180fe50e9e655639396", 0x62)
write$cgroup_int(r0, &(0x7f0000000200), 0x400c00)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x2, &(0x7f0000000000)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @generic={0x2, 0x8, 0x5, 0x8, 0x531}], &(0x7f0000000040)='GPL\x00', 0x20, 0x2, &(0x7f00000000c0)=""/2, 0x40f00, 0x1c, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f0000000140)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000200)={0x5, 0xb, 0x6, 0x1}, 0x10}, 0x78)

19:06:05 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:06:08 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0)

[ 2814.806156][T17505] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
19:06:58 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000]}]}}]}, 0x434}}, 0x0)

19:06:58 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x1c00}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 2824.544782][T17505] warn_alloc: 2 callbacks suppressed
[ 2824.544796][T17505] syz-executor.1: vmalloc error: size 741376, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0
[ 2824.566713][T17505] CPU: 0 PID: 17505 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2824.576520][T17505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2824.586637][T17505] Call Trace:
[ 2824.589910][T17505]  <TASK>
[ 2824.592835][T17505]  dump_stack_lvl+0xd6/0x122
[ 2824.597432][T17505]  dump_stack+0x11/0x1b
[ 2824.601569][T17505]  warn_alloc+0x132/0x190
[ 2824.605884][T17505]  __vmalloc_node_range+0x58b/0x690
[ 2824.611069][T17505]  ? cake_init+0x20d/0x640
[ 2824.615534][T17505]  __vmalloc_node+0x61/0x70
[ 2824.620140][T17505]  ? cake_init+0x20d/0x640
[ 2824.624557][T17505]  kvmalloc_node+0xd2/0x110
[ 2824.629053][T17505]  cake_init+0x20d/0x640
[ 2824.633654][T17505]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2824.639374][T17505]  ? qdisc_alloc+0x334/0x3c0
[ 2824.643962][T17505]  ? qdisc_lookup+0x20c/0x2e0
[ 2824.648709][T17505]  ? qdisc_peek_dequeued+0x140/0x140
[ 2824.654046][T17505]  qdisc_create+0x5f4/0xd10
[ 2824.658547][T17505]  ? __nla_parse+0x3c/0x50
[ 2824.662959][T17505]  tc_modify_qdisc+0x64a/0x10b0
[ 2824.667795][T17505]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2824.673753][T17505]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2824.678703][T17505]  ? ___cache_free+0x46/0x300
[ 2824.683362][T17505]  ? packet_rcv+0xc3/0x9d0
[ 2824.687777][T17505]  ? __kfree_skb+0xfe/0x150
[ 2824.692364][T17505]  ? kmem_cache_free+0x5e/0x100
[ 2824.697274][T17505]  ? __kfree_skb+0xfe/0x150
[ 2824.701832][T17505]  ? consume_skb+0x48/0x160
[ 2824.706329][T17505]  ? nlmon_xmit+0x5f/0x70
[ 2824.710657][T17505]  ? __this_cpu_preempt_check+0x18/0x20
[ 2824.716274][T17505]  ? __local_bh_enable_ip+0x4d/0x70
[ 2824.721524][T17505]  ? local_bh_enable+0x1b/0x20
[ 2824.726305][T17505]  ? __dev_queue_xmit+0x597/0xf70
[ 2824.731315][T17505]  ? __skb_clone+0x2db/0x300
[ 2824.735918][T17505]  ? __rcu_read_unlock+0x5c/0x290
[ 2824.740925][T17505]  netlink_rcv_skb+0x14e/0x250
[ 2824.745670][T17505]  ? rtnetlink_bind+0x60/0x60
[ 2824.750421][T17505]  rtnetlink_rcv+0x18/0x20
[ 2824.754848][T17505]  netlink_unicast+0x5fc/0x6c0
[ 2824.759718][T17505]  netlink_sendmsg+0x6e1/0x7d0
[ 2824.764501][T17505]  ? netlink_getsockopt+0x720/0x720
[ 2824.769702][T17505]  ____sys_sendmsg+0x39a/0x510
[ 2824.774453][T17505]  __sys_sendmsg+0x195/0x230
[ 2824.779028][T17505]  __x64_sys_sendmsg+0x42/0x50
[ 2824.783784][T17505]  do_syscall_64+0x44/0xd0
[ 2824.788278][T17505]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2824.794196][T17505] RIP: 0033:0x7f7b56f48ae9
[ 2824.798601][T17505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2824.818319][T17505] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2824.826720][T17505] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2824.834694][T17505] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2824.842759][T17505] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2824.850731][T17505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2824.858712][T17505] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2824.866686][T17505]  </TASK>
[ 2824.869751][T17505] Mem-Info:
[ 2824.872912][T17505] active_anon:10680 inactive_anon:100153 isolated_anon:0
[ 2824.872912][T17505]  active_file:216 inactive_file:1092 isolated_file:0
[ 2824.872912][T17505]  unevictable:0 dirty:6 writeback:0
[ 2824.872912][T17505]  slab_reclaimable:7074 slab_unreclaimable:1742359
[ 2824.872912][T17505]  mapped:53065 shmem:372 pagetables:5275 bounce:0
[ 2824.872912][T17505]  kernel_misc_reclaimable:0
[ 2824.872912][T17505]  free:11933 free_pcp:294 free_cma:0
[ 2824.914163][T17505] Node 0 active_anon:42720kB inactive_anon:400612kB active_file:680kB inactive_file:1132kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210056kB dirty:24kB writeback:0kB shmem:1488kB writeback_tmp:0kB kernel_stack:5264kB pagetables:21100kB all_unreclaimable? no
[ 2824.940486][T17505] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2824.967589][T17505] lowmem_reserve[]: 0 2896 7874 7874
[ 2824.972896][T17505] Node 0 DMA32 free:23380kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[ 2825.001336][T17505] lowmem_reserve[]: 0 0 4978 4978
[ 2825.006350][T17505] Node 0 Normal free:11512kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42720kB inactive_anon:399696kB active_file:1344kB inactive_file:1200kB unevictable:0kB writepending:24kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1792kB local_pcp:800kB free_cma:0kB
[ 2825.036514][T17505] lowmem_reserve[]: 0 0 0 0
[ 2825.041095][T17505] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2825.053800][T17505] Node 0 DMA32: 357*4kB (UME) 193*8kB (UME) 70*16kB (UME) 47*32kB (UME) 20*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 23388kB
[ 2825.071471][T17505] Node 0 Normal: 1410*4kB (ME) 531*8kB (ME) 91*16kB (ME) 4*32kB (ME) 1*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11920kB
[ 2825.087050][T17505] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2825.096343][T17505] 878 total pagecache pages
[ 2825.100832][T17505] 0 pages in swap cache
[ 2825.104983][T17505] Swap cache stats: add 0, delete 0, find 0/0
[ 2825.111039][T17505] Free swap  = 0kB
[ 2825.114749][T17505] Total swap = 0kB
[ 2825.118440][T17505] 2097051 pages RAM
[ 2825.122237][T17505] 0 pages HighMem/MovableOnly
[ 2825.126885][T17505] 75955 pages reserved
[ 2825.131569][T17505] ------------[ cut here ]------------
[ 2825.137028][T17505] WARNING: CPU: 1 PID: 17505 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2825.147739][T17505] Modules linked in:
[ 2825.151717][T17505] CPU: 1 PID: 17505 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2825.161591][T17505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2825.171638][T17505] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2825.178338][T17505] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2825.198035][T17505] RSP: 0018:ffffc9000b2275f0 EFLAGS: 00010246
[ 2825.204163][T17505] RAX: ffff88810589b000 RBX: ffff888103e518b0 RCX: 0000000000000000
[ 2825.212130][T17505] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: ffff888103e51800
[ 2825.220183][T17505] RBP: ffffc9000b227738 R08: 0001888103e518b7 R09: 0000000000000000
[ 2825.228155][T17505] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888103e518b0
[ 2825.236131][T17505] R13: ffffffff85ec3720 R14: ffff888103e51800 R15: ffffc9000b227668
[ 2825.244149][T17505] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2825.253068][T17505] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2825.259698][T17505] CR2: 0000000000ee7248 CR3: 0000000128776000 CR4: 00000000003506e0
[ 2825.267681][T17505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2825.275677][T17505] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2825.283659][T17505] Call Trace:
[ 2825.286966][T17505]  <TASK>
[ 2825.289888][T17505]  tcf_block_put_ext+0x2d/0x180
[ 2825.294750][T17505]  tcf_block_put+0x4c/0x70
[ 2825.299236][T17505]  cake_destroy+0x2d/0x50
[ 2825.303568][T17505]  ? cake_reset+0x5d0/0x5d0
[ 2825.308107][T17505]  qdisc_create+0xa82/0xd10
[ 2825.312807][T17505]  ? __nla_parse+0x3c/0x50
[ 2825.317206][T17505]  tc_modify_qdisc+0x64a/0x10b0
[ 2825.322052][T17505]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2825.327991][T17505]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2825.332981][T17505]  ? ___cache_free+0x46/0x300
[ 2825.337660][T17505]  ? packet_rcv+0xc3/0x9d0
[ 2825.342066][T17505]  ? __kfree_skb+0xfe/0x150
[ 2825.346631][T17505]  ? kmem_cache_free+0x5e/0x100
[ 2825.351576][T17505]  ? __kfree_skb+0xfe/0x150
[ 2825.356075][T17505]  ? consume_skb+0x48/0x160
[ 2825.360642][T17505]  ? nlmon_xmit+0x5f/0x70
[ 2825.364970][T17505]  ? __this_cpu_preempt_check+0x18/0x20
[ 2825.370559][T17505]  ? __local_bh_enable_ip+0x4d/0x70
[ 2825.375809][T17505]  ? local_bh_enable+0x1b/0x20
[ 2825.380650][T17505]  ? __dev_queue_xmit+0x597/0xf70
[ 2825.385721][T17505]  ? __skb_clone+0x2db/0x300
[ 2825.390303][T17505]  ? __rcu_read_unlock+0x5c/0x290
[ 2825.395366][T17505]  netlink_rcv_skb+0x14e/0x250
[ 2825.400162][T17505]  ? rtnetlink_bind+0x60/0x60
[ 2825.404894][T17505]  rtnetlink_rcv+0x18/0x20
[ 2825.409303][T17505]  netlink_unicast+0x5fc/0x6c0
[ 2825.414102][T17505]  netlink_sendmsg+0x6e1/0x7d0
[ 2825.418928][T17505]  ? netlink_getsockopt+0x720/0x720
[ 2825.424117][T17505]  ____sys_sendmsg+0x39a/0x510
[ 2825.428939][T17505]  __sys_sendmsg+0x195/0x230
[ 2825.433642][T17505]  __x64_sys_sendmsg+0x42/0x50
[ 2825.438398][T17505]  do_syscall_64+0x44/0xd0
[ 2825.442874][T17505]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2825.448745][T17505] RIP: 0033:0x7f7b56f48ae9
[ 2825.453213][T17505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2825.472920][T17505] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2825.481321][T17505] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2825.489483][T17505] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2825.497513][T17505] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2825.505500][T17505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2825.513465][T17505] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2825.521426][T17505]  </TASK>
[ 2825.524425][T17505] ---[ end trace e45544a13c7e47fa ]---
[ 2825.530202][T17505] ------------[ cut here ]------------
[ 2825.535677][T17505] WARNING: CPU: 1 PID: 17505 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2825.545221][T17505] Modules linked in:
[ 2825.549148][T17505] CPU: 1 PID: 17505 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2825.558946][T17505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2825.568988][T17505] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2825.574643][T17505] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2825.594279][T17505] RSP: 0018:ffffc9000b227628 EFLAGS: 00010246
[ 2825.600338][T17505] RAX: ffffffff83b40f4c RBX: ffff888103e51888 RCX: 0000000000040000
[ 2825.608421][T17505] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2825.616396][T17505] RBP: ffffc9000b227668 R08: 0001888103e5188f R09: 0000000000000000
[ 2825.624455][T17505] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108dd0000
[ 2825.632439][T17505] R13: 0000000000000000 R14: ffffc9000b2277f0 R15: ffff888103e51800
[ 2825.640411][T17505] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2825.649329][T17505] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2825.655896][T17505] CR2: 0000000000ee7248 CR3: 0000000128776000 CR4: 00000000003506e0
[ 2825.663857][T17505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2825.671818][T17505] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2825.679858][T17505] Call Trace:
[ 2825.683146][T17505]  <TASK>
[ 2825.686059][T17505]  tcf_block_put+0x4c/0x70
[ 2825.690478][T17505]  cake_destroy+0x2d/0x50
[ 2825.694812][T17505]  ? cake_reset+0x5d0/0x5d0
[ 2825.699412][T17505]  qdisc_create+0xa82/0xd10
[ 2825.703987][T17505]  ? __nla_parse+0x3c/0x50
[ 2825.708412][T17505]  tc_modify_qdisc+0x64a/0x10b0
[ 2825.713294][T17505]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2825.719292][T17505]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2825.724288][T17505]  ? ___cache_free+0x46/0x300
[ 2825.729032][T17505]  ? packet_rcv+0xc3/0x9d0
[ 2825.733469][T17505]  ? __kfree_skb+0xfe/0x150
[ 2825.737969][T17505]  ? kmem_cache_free+0x5e/0x100
[ 2825.742876][T17505]  ? __kfree_skb+0xfe/0x150
[ 2825.747394][T17505]  ? consume_skb+0x48/0x160
[ 2825.752118][T17505]  ? nlmon_xmit+0x5f/0x70
[ 2825.756425][T17505]  ? __this_cpu_preempt_check+0x18/0x20
[ 2825.762008][T17505]  ? __local_bh_enable_ip+0x4d/0x70
[ 2825.767290][T17505]  ? local_bh_enable+0x1b/0x20
[ 2825.772372][T17505]  ? __dev_queue_xmit+0x597/0xf70
[ 2825.777429][T17505]  ? __skb_clone+0x2db/0x300
[ 2825.782171][T17505]  ? __rcu_read_unlock+0x5c/0x290
[ 2825.787182][T17505]  netlink_rcv_skb+0x14e/0x250
[ 2825.792007][T17505]  ? rtnetlink_bind+0x60/0x60
[ 2825.796666][T17505]  rtnetlink_rcv+0x18/0x20
[ 2825.801104][T17505]  netlink_unicast+0x5fc/0x6c0
[ 2825.805855][T17505]  netlink_sendmsg+0x6e1/0x7d0
[ 2825.811316][T17505]  ? netlink_getsockopt+0x720/0x720
[ 2825.816506][T17505]  ____sys_sendmsg+0x39a/0x510
[ 2825.821412][T17505]  __sys_sendmsg+0x195/0x230
[ 2825.826037][T17505]  __x64_sys_sendmsg+0x42/0x50
[ 2825.831068][T17505]  do_syscall_64+0x44/0xd0
[ 2825.835554][T17505]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2825.841553][T17505] RIP: 0033:0x7f7b56f48ae9
[ 2825.845963][T17505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2825.865681][T17505] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2825.874091][T17505] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2825.882073][T17505] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2825.890047][T17505] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2825.897997][T17505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2825.905967][T17505] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2825.914041][T17505]  </TASK>
[ 2825.917059][T17505] ---[ end trace e45544a13c7e47fb ]---
[ 2825.923771][T17505] ------------[ cut here ]------------
[ 2825.929223][T17505] WARNING: CPU: 1 PID: 17505 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2825.938586][T17505] Modules linked in:
[ 2825.942510][T17505] CPU: 1 PID: 17505 Comm: syz-executor.1 Tainted: G        W         5.15.0-syzkaller #0
[ 2825.952328][T17505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2825.962467][T17505] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2825.968008][T17505] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2825.987665][T17505] RSP: 0018:ffffc9000b2275d8 EFLAGS: 00010246
[ 2825.993753][T17505] RAX: ffffffff83b414a7 RBX: ffff888103e518a0 RCX: 0000000000040000
[ 2826.001744][T17505] RDX: ffffc90002abf000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2826.009709][T17505] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2826.017682][T17505] R10: 0001ffffffffffff R11: 0001888103e518a0 R12: ffff888103e51850
[ 2826.025680][T17505] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888103e51800
[ 2826.033707][T17505] FS:  00007f7b54cbf700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2826.042853][T17505] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2826.049464][T17505] CR2: 0000000000ee7248 CR3: 0000000128776000 CR4: 00000000003506e0
[ 2826.057422][T17505] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2826.065394][T17505] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2826.073370][T17505] Call Trace:
[ 2826.076626][T17505]  <TASK>
[ 2826.079556][T17505]  tcf_block_put_ext+0xe5/0x180
[ 2826.084571][T17505]  tcf_block_put+0x4c/0x70
[ 2826.088970][T17505]  cake_destroy+0x2d/0x50
[ 2826.093500][T17505]  ? cake_reset+0x5d0/0x5d0
[ 2826.098007][T17505]  qdisc_create+0xa82/0xd10
[ 2826.102529][T17505]  ? __nla_parse+0x3c/0x50
[ 2826.107139][T17505]  tc_modify_qdisc+0x64a/0x10b0
[ 2826.112057][T17505]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2826.117980][T17505]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2826.122995][T17505]  ? ___cache_free+0x46/0x300
[ 2826.127655][T17505]  ? packet_rcv+0xc3/0x9d0
[ 2826.132062][T17505]  ? __kfree_skb+0xfe/0x150
[ 2826.136719][T17505]  ? kmem_cache_free+0x5e/0x100
[ 2826.141579][T17505]  ? __kfree_skb+0xfe/0x150
[ 2826.146070][T17505]  ? consume_skb+0x48/0x160
[ 2826.150659][T17505]  ? nlmon_xmit+0x5f/0x70
[ 2826.154978][T17505]  ? __this_cpu_preempt_check+0x18/0x20
[ 2826.160518][T17505]  ? __local_bh_enable_ip+0x4d/0x70
[ 2826.165753][T17505]  ? local_bh_enable+0x1b/0x20
[ 2826.170522][T17505]  ? __dev_queue_xmit+0x597/0xf70
[ 2826.175622][T17505]  ? __skb_clone+0x2db/0x300
[ 2826.180253][T17505]  ? __rcu_read_unlock+0x5c/0x290
[ 2826.185297][T17505]  netlink_rcv_skb+0x14e/0x250
[ 2826.190064][T17505]  ? rtnetlink_bind+0x60/0x60
[ 2826.194801][T17505]  rtnetlink_rcv+0x18/0x20
[ 2826.199248][T17505]  netlink_unicast+0x5fc/0x6c0
[ 2826.204036][T17505]  netlink_sendmsg+0x6e1/0x7d0
[ 2826.208807][T17505]  ? netlink_getsockopt+0x720/0x720
[ 2826.214010][T17505]  ____sys_sendmsg+0x39a/0x510
[ 2826.218868][T17505]  __sys_sendmsg+0x195/0x230
[ 2826.223692][T17505]  __x64_sys_sendmsg+0x42/0x50
[ 2826.228443][T17505]  do_syscall_64+0x44/0xd0
[ 2826.232921][T17505]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2826.238916][T17505] RIP: 0033:0x7f7b56f48ae9
[ 2826.243333][T17505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2826.263059][T17505] RSP: 002b:00007f7b54cbf188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2826.271642][T17505] RAX: ffffffffffffffda RBX: 00007f7b5705bf60 RCX: 00007f7b56f48ae9
[ 2826.279658][T17505] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 2826.287645][T17505] RBP: 00007f7b56fa2f6d R08: 0000000000000000 R09: 0000000000000000
[ 2826.295637][T17505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2826.304076][T17505] R13: 00007ffdc1e753ef R14: 00007f7b54cbf300 R15: 0000000000022000
[ 2826.312147][T17505]  </TASK>
[ 2826.315155][T17505] ---[ end trace e45544a13c7e47fc ]---
[ 2828.081931][T17508] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2830.371165][T17508] ------------[ cut here ]------------
[ 2830.376657][T17508] WARNING: CPU: 0 PID: 17508 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2830.387268][T17508] Modules linked in:
[ 2830.391196][T17508] CPU: 0 PID: 17508 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2830.401090][T17508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2830.411215][T17508] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2830.417943][T17508] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2830.437701][T17508] RSP: 0000:ffffc9000b2af5f0 EFLAGS: 00010246
[ 2830.443819][T17508] RAX: ffff888107d36000 RBX: ffff8881474d58b0 RCX: 0000000000000000
[ 2830.451827][T17508] RDX: ffffc900078e6000 RSI: 000000000000f10e RDI: ffff8881474d5800
[ 2830.459903][T17508] RBP: ffffc9000b2af738 R08: 00018881474d58b7 R09: 0000000000000000
[ 2830.467921][T17508] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8881474d58b0
[ 2830.475940][T17508] R13: ffffffff85ec3720 R14: ffff8881474d5800 R15: ffffc9000b2af668
[ 2830.483961][T17508] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2830.493041][T17508] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2830.499651][T17508] CR2: 00007f1b144b8b60 CR3: 0000000105885000 CR4: 00000000003506f0
[ 2830.507632][T17508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2830.515719][T17508] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2830.523759][T17508] Call Trace:
[ 2830.527100][T17508]  <TASK>
[ 2830.530047][T17508]  tcf_block_put_ext+0x2d/0x180
[ 2830.535109][T17508]  tcf_block_put+0x4c/0x70
[ 2830.539596][T17508]  cake_destroy+0x2d/0x50
[ 2830.543993][T17508]  ? cake_reset+0x5d0/0x5d0
[ 2830.548537][T17508]  qdisc_create+0xa82/0xd10
[ 2830.553076][T17508]  ? __nla_parse+0x3c/0x50
[ 2830.557502][T17508]  tc_modify_qdisc+0x64a/0x10b0
[ 2830.562392][T17508]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2830.568311][T17508]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2830.573290][T17508]  ? ___cache_free+0x46/0x300
[ 2830.577979][T17508]  ? packet_rcv+0xc3/0x9d0
[ 2830.582531][T17508]  ? __kfree_skb+0xfe/0x150
[ 2830.587074][T17508]  ? kmem_cache_free+0x5e/0x100
[ 2830.591954][T17508]  ? __kfree_skb+0xfe/0x150
[ 2830.596466][T17508]  ? consume_skb+0x48/0x160
[ 2830.601066][T17508]  ? nlmon_xmit+0x5f/0x70
[ 2830.605413][T17508]  ? __this_cpu_preempt_check+0x18/0x20
[ 2830.610993][T17508]  ? __local_bh_enable_ip+0x4d/0x70
[ 2830.616233][T17508]  ? local_bh_enable+0x1b/0x20
[ 2830.621064][T17508]  ? __dev_queue_xmit+0x597/0xf70
[ 2830.626129][T17508]  ? __skb_clone+0x2db/0x300
[ 2830.630792][T17508]  ? __rcu_read_unlock+0x5c/0x290
[ 2830.635904][T17508]  netlink_rcv_skb+0x14e/0x250
[ 2830.640700][T17508]  ? rtnetlink_bind+0x60/0x60
[ 2830.645411][T17508]  rtnetlink_rcv+0x18/0x20
[ 2830.649865][T17508]  netlink_unicast+0x5fc/0x6c0
[ 2830.654702][T17508]  netlink_sendmsg+0x6e1/0x7d0
[ 2830.659500][T17508]  ? netlink_getsockopt+0x720/0x720
[ 2830.664802][T17508]  ____sys_sendmsg+0x39a/0x510
[ 2830.669597][T17508]  __sys_sendmsg+0x195/0x230
[ 2830.674209][T17508]  __x64_sys_sendmsg+0x42/0x50
[ 2830.679029][T17508]  do_syscall_64+0x44/0xd0
[ 2830.683492][T17508]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2830.689510][T17508] RIP: 0033:0x7f2ab072eae9
[ 2830.693982][T17508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2830.713622][T17508] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2830.722199][T17508] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2830.730199][T17508] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2830.738192][T17508] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2830.746184][T17508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2830.754209][T17508] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2830.762287][T17508]  </TASK>
[ 2830.765367][T17508] ---[ end trace e45544a13c7e47fd ]---
[ 2830.771386][T17508] ------------[ cut here ]------------
[ 2830.776833][T17508] WARNING: CPU: 0 PID: 17508 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2830.786524][T17508] Modules linked in:
[ 2830.790504][T17508] CPU: 0 PID: 17508 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2830.800337][T17508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2830.810469][T17508] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2830.816126][T17508] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2830.835803][T17508] RSP: 0000:ffffc9000b2af628 EFLAGS: 00010246
[ 2830.842013][T17508] RAX: ffffffff83b40f4c RBX: ffff8881474d5888 RCX: 0000000000040000
[ 2830.850115][T17508] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2830.858119][T17508] RBP: ffffc9000b2af668 R08: 00018881474d588f R09: 0000000000000000
[ 2830.866265][T17508] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108dd0000
[ 2830.874267][T17508] R13: 0000000000000000 R14: ffffc9000b2af7f0 R15: ffff8881474d5800
[ 2830.882258][T17508] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2830.891317][T17508] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2830.898035][T17508] CR2: 00007f1b144b8b60 CR3: 0000000105885000 CR4: 00000000003506f0
[ 2830.906384][T17508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2830.914379][T17508] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2830.922379][T17508] Call Trace:
[ 2830.925658][T17508]  <TASK>
[ 2830.928668][T17508]  tcf_block_put+0x4c/0x70
[ 2830.933118][T17508]  cake_destroy+0x2d/0x50
[ 2830.937535][T17508]  ? cake_reset+0x5d0/0x5d0
[ 2830.942123][T17508]  qdisc_create+0xa82/0xd10
[ 2830.947140][T17508]  ? __nla_parse+0x3c/0x50
[ 2830.951591][T17508]  tc_modify_qdisc+0x64a/0x10b0
[ 2830.956472][T17508]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2830.962412][T17508]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2830.967455][T17508]  ? ___cache_free+0x46/0x300
[ 2830.972163][T17508]  ? packet_rcv+0xc3/0x9d0
[ 2830.976668][T17508]  ? __kfree_skb+0xfe/0x150
[ 2830.981242][T17508]  ? kmem_cache_free+0x5e/0x100
[ 2830.986159][T17508]  ? __kfree_skb+0xfe/0x150
[ 2830.990749][T17508]  ? consume_skb+0x48/0x160
[ 2830.995294][T17508]  ? nlmon_xmit+0x5f/0x70
[ 2830.999721][T17508]  ? __this_cpu_preempt_check+0x18/0x20
[ 2831.005282][T17508]  ? __local_bh_enable_ip+0x4d/0x70
[ 2831.010516][T17508]  ? local_bh_enable+0x1b/0x20
[ 2831.015290][T17508]  ? __dev_queue_xmit+0x597/0xf70
[ 2831.020497][T17508]  ? __skb_clone+0x2db/0x300
[ 2831.025139][T17508]  ? __rcu_read_unlock+0x5c/0x290
[ 2831.030219][T17508]  netlink_rcv_skb+0x14e/0x250
[ 2831.035048][T17508]  ? rtnetlink_bind+0x60/0x60
[ 2831.039773][T17508]  rtnetlink_rcv+0x18/0x20
[ 2831.044195][T17508]  netlink_unicast+0x5fc/0x6c0
[ 2831.048992][T17508]  netlink_sendmsg+0x6e1/0x7d0
[ 2831.053786][T17508]  ? netlink_getsockopt+0x720/0x720
[ 2831.058998][T17508]  ____sys_sendmsg+0x39a/0x510
[ 2831.063791][T17508]  __sys_sendmsg+0x195/0x230
[ 2831.068399][T17508]  __x64_sys_sendmsg+0x42/0x50
[ 2831.073187][T17508]  do_syscall_64+0x44/0xd0
[ 2831.077733][T17508]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2831.083651][T17508] RIP: 0033:0x7f2ab072eae9
[ 2831.088061][T17508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2831.107764][T17508] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2831.116270][T17508] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2831.124268][T17508] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2831.132271][T17508] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2831.140439][T17508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2831.148428][T17508] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2831.156505][T17508]  </TASK>
[ 2831.159544][T17508] ---[ end trace e45544a13c7e47fe ]---
[ 2831.166637][T17508] ------------[ cut here ]------------
[ 2831.172109][T17508] WARNING: CPU: 0 PID: 17508 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2831.181609][T17508] Modules linked in:
[ 2831.185504][T17508] CPU: 0 PID: 17508 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2831.195332][T17508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2831.205439][T17508] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2831.211049][T17508] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2831.230700][T17508] RSP: 0000:ffffc9000b2af5d8 EFLAGS: 00010246
[ 2831.236780][T17508] RAX: ffffffff83b414a7 RBX: ffff8881474d58a0 RCX: 0000000000040000
[ 2831.244787][T17508] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2831.252785][T17508] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2831.260802][T17508] R10: 0001ffffffffffff R11: 00018881474d58a0 R12: ffff8881474d5850
[ 2831.268781][T17508] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff8881474d5800
[ 2831.276783][T17508] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2831.285767][T17508] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2831.292477][T17508] CR2: 00007f1b144b8b60 CR3: 0000000105885000 CR4: 00000000003506f0
[ 2831.300478][T17508] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2831.308459][T17508] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2831.316489][T17508] Call Trace:
[ 2831.319866][T17508]  <TASK>
[ 2831.322790][T17508]  tcf_block_put_ext+0xe5/0x180
[ 2831.327780][T17508]  tcf_block_put+0x4c/0x70
[ 2831.332266][T17508]  cake_destroy+0x2d/0x50
[ 2831.336603][T17508]  ? cake_reset+0x5d0/0x5d0
[ 2831.341195][T17508]  qdisc_create+0xa82/0xd10
[ 2831.345705][T17508]  ? __nla_parse+0x3c/0x50
[ 2831.350147][T17508]  tc_modify_qdisc+0x64a/0x10b0
[ 2831.355050][T17508]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2831.361023][T17508]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2831.365971][T17508]  ? ___cache_free+0x46/0x300
[ 2831.370706][T17508]  ? packet_rcv+0xc3/0x9d0
[ 2831.375231][T17508]  ? __kfree_skb+0xfe/0x150
[ 2831.379774][T17508]  ? kmem_cache_free+0x5e/0x100
[ 2831.384630][T17508]  ? __kfree_skb+0xfe/0x150
[ 2831.389156][T17508]  ? consume_skb+0x48/0x160
[ 2831.393698][T17508]  ? nlmon_xmit+0x5f/0x70
[ 2831.398030][T17508]  ? __this_cpu_preempt_check+0x18/0x20
[ 2831.403692][T17508]  ? __local_bh_enable_ip+0x4d/0x70
[ 2831.408983][T17508]  ? local_bh_enable+0x1b/0x20
[ 2831.413823][T17508]  ? __dev_queue_xmit+0x597/0xf70
[ 2831.418901][T17508]  ? __skb_clone+0x2db/0x300
[ 2831.423513][T17508]  ? __rcu_read_unlock+0x5c/0x290
[ 2831.428542][T17508]  netlink_rcv_skb+0x14e/0x250
[ 2831.433338][T17508]  ? rtnetlink_bind+0x60/0x60
[ 2831.438114][T17508]  rtnetlink_rcv+0x18/0x20
[ 2831.442545][T17508]  netlink_unicast+0x5fc/0x6c0
[ 2831.447315][T17508]  netlink_sendmsg+0x6e1/0x7d0
[ 2831.452104][T17508]  ? netlink_getsockopt+0x720/0x720
[ 2831.457329][T17508]  ____sys_sendmsg+0x39a/0x510
[ 2831.462123][T17508]  __sys_sendmsg+0x195/0x230
[ 2831.466752][T17508]  __x64_sys_sendmsg+0x42/0x50
[ 2831.471570][T17508]  do_syscall_64+0x44/0xd0
[ 2831.476007][T17508]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2831.481963][T17508] RIP: 0033:0x7f2ab072eae9
[ 2831.486397][T17508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2831.506054][T17508] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2831.514672][T17508] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2831.522693][T17508] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2831.530748][T17508] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2831.538725][T17508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2831.546792][T17508] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2831.554831][T17508]  </TASK>
[ 2831.557860][T17508] ---[ end trace e45544a13c7e47ff ]---
[ 2831.567243][T17513] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
19:07:20 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x4}}]}, 0x30}}, 0x0)

[ 2835.375594][T17515] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
19:07:20 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50000]}]}}]}, 0x434}}, 0x0)

19:07:20 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 2836.999116][T17515] warn_alloc: 1 callbacks suppressed
[ 2836.999133][T17515] syz-executor.2: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[ 2837.020705][T17515] CPU: 0 PID: 17515 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2837.030843][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2837.041081][T17515] Call Trace:
[ 2837.044453][T17515]  <TASK>
[ 2837.047377][T17515]  dump_stack_lvl+0xd6/0x122
[ 2837.052070][T17515]  dump_stack+0x11/0x1b
[ 2837.056227][T17515]  warn_alloc+0x132/0x190
[ 2837.060573][T17515]  __vmalloc_node_range+0x58b/0x690
[ 2837.065774][T17515]  ? cake_init+0x20d/0x640
[ 2837.070253][T17515]  __vmalloc_node+0x61/0x70
[ 2837.074756][T17515]  ? cake_init+0x20d/0x640
[ 2837.079259][T17515]  kvmalloc_node+0xd2/0x110
[ 2837.083765][T17515]  cake_init+0x20d/0x640
[ 2837.088011][T17515]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2837.093736][T17515]  ? qdisc_alloc+0x334/0x3c0
[ 2837.098325][T17515]  ? qdisc_lookup+0x20c/0x2e0
[ 2837.103120][T17515]  ? qdisc_peek_dequeued+0x140/0x140
[ 2837.108432][T17515]  qdisc_create+0x5f4/0xd10
[ 2837.112939][T17515]  ? __nla_parse+0x3c/0x50
[ 2837.117870][T17515]  tc_modify_qdisc+0x64a/0x10b0
[ 2837.122911][T17515]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2837.128865][T17515]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2837.133881][T17515]  ? __kfree_skb+0xfe/0x150
[ 2837.138406][T17515]  ? kmem_cache_free+0x6c/0x100
[ 2837.143239][T17515]  ? __kfree_skb+0xfe/0x150
[ 2837.147729][T17515]  ? consume_skb+0x48/0x160
[ 2837.152235][T17515]  ? nlmon_xmit+0x5f/0x70
[ 2837.156645][T17515]  ? __this_cpu_preempt_check+0x18/0x20
[ 2837.162228][T17515]  ? __local_bh_enable_ip+0x4d/0x70
[ 2837.167437][T17515]  ? local_bh_enable+0x1b/0x20
[ 2837.172235][T17515]  ? __dev_queue_xmit+0x597/0xf70
[ 2837.177248][T17515]  ? __skb_clone+0x2db/0x300
[ 2837.181825][T17515]  ? __rcu_read_unlock+0x5c/0x290
[ 2837.186966][T17515]  netlink_rcv_skb+0x14e/0x250
[ 2837.191717][T17515]  ? rtnetlink_bind+0x60/0x60
[ 2837.196378][T17515]  rtnetlink_rcv+0x18/0x20
[ 2837.200771][T17515]  netlink_unicast+0x5fc/0x6c0
[ 2837.205516][T17515]  netlink_sendmsg+0x6e1/0x7d0
[ 2837.210318][T17515]  ? netlink_getsockopt+0x720/0x720
[ 2837.215529][T17515]  ____sys_sendmsg+0x39a/0x510
[ 2837.220282][T17515]  __sys_sendmsg+0x195/0x230
[ 2837.224870][T17515]  ? __xfrm_init_state+0x350/0x820
[ 2837.230196][T17515]  __x64_sys_sendmsg+0x42/0x50
[ 2837.234947][T17515]  do_syscall_64+0x44/0xd0
[ 2837.239349][T17515]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2837.245274][T17515] RIP: 0033:0x7f2ab072eae9
[ 2837.249676][T17515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2837.269325][T17515] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2837.277878][T17515] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2837.285850][T17515] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2837.293903][T17515] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2837.301950][T17515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2837.309901][T17515] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2837.317975][T17515]  </TASK>
[ 2837.321022][T17515] Mem-Info:
[ 2837.324209][T17515] active_anon:10694 inactive_anon:100143 isolated_anon:0
[ 2837.324209][T17515]  active_file:244 inactive_file:285 isolated_file:21
[ 2837.324209][T17515]  unevictable:0 dirty:22 writeback:0
[ 2837.324209][T17515]  slab_reclaimable:7075 slab_unreclaimable:1742498
[ 2837.324209][T17515]  mapped:52513 shmem:385 pagetables:5279 bounce:0
[ 2837.324209][T17515]  kernel_misc_reclaimable:0
[ 2837.324209][T17515]  free:12815 free_pcp:344 free_cma:0
[ 2837.365577][T17515] Node 0 active_anon:42776kB inactive_anon:400572kB active_file:976kB inactive_file:1140kB unevictable:0kB isolated(anon):0kB isolated(file):84kB mapped:210052kB dirty:88kB writeback:0kB shmem:1540kB writeback_tmp:0kB kernel_stack:5328kB pagetables:21116kB all_unreclaimable? yes
[ 2837.392073][T17515] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2837.418851][T17515] lowmem_reserve[]: 0 2896 7874 7874
[ 2837.424232][T17515] Node 0 DMA32 free:23400kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2837.452698][T17515] lowmem_reserve[]: 0 0 4978 4978
[ 2837.457716][T17515] Node 0 Normal free:12500kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42776kB inactive_anon:399656kB active_file:1124kB inactive_file:1548kB unevictable:0kB writepending:88kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:1376kB local_pcp:696kB free_cma:0kB
[ 2837.487903][T17515] lowmem_reserve[]: 0 0 0 0
[ 2837.492436][T17515] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2837.505152][T17515] Node 0 DMA32: 358*4kB (UME) 194*8kB (UME) 70*16kB (UME) 47*32kB (UME) 20*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 23400kB
[ 2837.522647][T17515] Node 0 Normal: 1508*4kB (UME) 537*8kB (UME) 84*16kB (UME) 6*32kB (UM) 2*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12248kB
[ 2837.537712][T17515] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2837.547128][T17515] 927 total pagecache pages
[ 2837.551918][T17515] 0 pages in swap cache
[ 2837.556063][T17515] Swap cache stats: add 0, delete 0, find 0/0
[ 2837.562162][T17515] Free swap  = 0kB
[ 2837.565861][T17515] Total swap = 0kB
[ 2837.569589][T17515] 2097051 pages RAM
[ 2837.573376][T17515] 0 pages HighMem/MovableOnly
[ 2837.578045][T17515] 75955 pages reserved
[ 2837.583421][T17515] ------------[ cut here ]------------
[ 2837.588854][T17515] WARNING: CPU: 0 PID: 17515 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2837.599353][T17515] Modules linked in:
[ 2837.603223][T17515] CPU: 0 PID: 17515 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2837.613114][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2837.623176][T17515] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2837.629861][T17515] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2837.649488][T17515] RSP: 0000:ffffc9000b2a75f0 EFLAGS: 00010246
[ 2837.655554][T17515] RAX: ffff88810589b000 RBX: ffff88815527e8b0 RCX: 0000000000000000
[ 2837.663517][T17515] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: ffff88815527e800
[ 2837.671501][T17515] RBP: ffffc9000b2a7738 R08: 000188815527e8b7 R09: 0000000000000000
[ 2837.679466][T17515] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88815527e8b0
[ 2837.687417][T17515] R13: ffffffff85ec3720 R14: ffff88815527e800 R15: ffffc9000b2a7668
[ 2837.695479][T17515] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2837.704446][T17515] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2837.711035][T17515] CR2: 000000000040bac0 CR3: 00000001474b3000 CR4: 00000000003506f0
[ 2837.719130][T17515] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2837.727108][T17515] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2837.735077][T17515] Call Trace:
[ 2837.738335][T17515]  <TASK>
[ 2837.741285][T17515]  tcf_block_put_ext+0x2d/0x180
[ 2837.746142][T17515]  tcf_block_put+0x4c/0x70
[ 2837.750587][T17515]  cake_destroy+0x2d/0x50
[ 2837.754905][T17515]  ? cake_reset+0x5d0/0x5d0
[ 2837.759429][T17515]  qdisc_create+0xa82/0xd10
[ 2837.763941][T17515]  ? __nla_parse+0x3c/0x50
[ 2837.768363][T17515]  tc_modify_qdisc+0x64a/0x10b0
[ 2837.773339][T17515]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2837.779259][T17515]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2837.784374][T17515]  ? __kfree_skb+0xfe/0x150
[ 2837.788872][T17515]  ? kmem_cache_free+0x6c/0x100
[ 2837.793759][T17515]  ? __kfree_skb+0xfe/0x150
[ 2837.798242][T17515]  ? consume_skb+0x48/0x160
[ 2837.802786][T17515]  ? nlmon_xmit+0x5f/0x70
[ 2837.807173][T17515]  ? __this_cpu_preempt_check+0x18/0x20
[ 2837.812710][T17515]  ? __local_bh_enable_ip+0x4d/0x70
[ 2837.817954][T17515]  ? local_bh_enable+0x1b/0x20
[ 2837.822743][T17515]  ? __dev_queue_xmit+0x597/0xf70
[ 2837.827843][T17515]  ? __skb_clone+0x2db/0x300
[ 2837.832520][T17515]  ? __rcu_read_unlock+0x5c/0x290
[ 2837.837535][T17515]  netlink_rcv_skb+0x14e/0x250
[ 2837.842364][T17515]  ? rtnetlink_bind+0x60/0x60
[ 2837.847080][T17515]  rtnetlink_rcv+0x18/0x20
[ 2837.851504][T17515]  netlink_unicast+0x5fc/0x6c0
[ 2837.856261][T17515]  netlink_sendmsg+0x6e1/0x7d0
[ 2837.861064][T17515]  ? netlink_getsockopt+0x720/0x720
[ 2837.866343][T17515]  ____sys_sendmsg+0x39a/0x510
[ 2837.871171][T17515]  __sys_sendmsg+0x195/0x230
[ 2837.875749][T17515]  ? __xfrm_init_state+0x350/0x820
[ 2837.880937][T17515]  __x64_sys_sendmsg+0x42/0x50
[ 2837.885691][T17515]  do_syscall_64+0x44/0xd0
[ 2837.890122][T17515]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2837.896053][T17515] RIP: 0033:0x7f2ab072eae9
[ 2837.900586][T17515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2837.920202][T17515] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2837.928647][T17515] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2837.936707][T17515] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2837.944814][T17515] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2837.952912][T17515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2837.960959][T17515] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2837.968924][T17515]  </TASK>
[ 2837.971982][T17515] ---[ end trace e45544a13c7e4800 ]---
[ 2837.978002][T17515] ------------[ cut here ]------------
[ 2837.983456][T17515] WARNING: CPU: 0 PID: 17515 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2837.993019][T17515] Modules linked in:
[ 2837.996934][T17515] CPU: 0 PID: 17515 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2838.006980][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2838.017314][T17515] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2838.023017][T17515] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2838.042971][T17515] RSP: 0000:ffffc9000b2a7628 EFLAGS: 00010246
[ 2838.049291][T17515] RAX: ffffffff83b40f4c RBX: ffff88815527e888 RCX: 0000000000040000
[ 2838.057384][T17515] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2838.065435][T17515] RBP: ffffc9000b2a7668 R08: 000188815527e88f R09: 0000000000000000
[ 2838.073469][T17515] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888108dd0000
[ 2838.081506][T17515] R13: 0000000000000000 R14: ffffc9000b2a77f0 R15: ffff88815527e800
[ 2838.089469][T17515] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2838.098390][T17515] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2838.105042][T17515] CR2: 000000000040bac0 CR3: 00000001474b3000 CR4: 00000000003506f0
[ 2838.113021][T17515] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2838.120984][T17515] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2838.128935][T17515] Call Trace:
[ 2838.132265][T17515]  <TASK>
[ 2838.135304][T17515]  tcf_block_put+0x4c/0x70
[ 2838.139723][T17515]  cake_destroy+0x2d/0x50
[ 2838.144103][T17515]  ? cake_reset+0x5d0/0x5d0
[ 2838.148634][T17515]  qdisc_create+0xa82/0xd10
[ 2838.153142][T17515]  ? __nla_parse+0x3c/0x50
[ 2838.157552][T17515]  tc_modify_qdisc+0x64a/0x10b0
[ 2838.162399][T17515]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2838.168306][T17515]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2838.173247][T17515]  ? __kfree_skb+0xfe/0x150
[ 2838.177815][T17515]  ? kmem_cache_free+0x6c/0x100
[ 2838.182666][T17515]  ? __kfree_skb+0xfe/0x150
[ 2838.187186][T17515]  ? consume_skb+0x48/0x160
[ 2838.191680][T17515]  ? nlmon_xmit+0x5f/0x70
[ 2838.195989][T17515]  ? __this_cpu_preempt_check+0x18/0x20
[ 2838.201680][T17515]  ? __local_bh_enable_ip+0x4d/0x70
[ 2838.206917][T17515]  ? local_bh_enable+0x1b/0x20
[ 2838.211758][T17515]  ? __dev_queue_xmit+0x597/0xf70
[ 2838.216819][T17515]  ? __skb_clone+0x2db/0x300
[ 2838.221452][T17515]  ? __rcu_read_unlock+0x5c/0x290
[ 2838.226515][T17515]  netlink_rcv_skb+0x14e/0x250
[ 2838.231280][T17515]  ? rtnetlink_bind+0x60/0x60
[ 2838.235948][T17515]  rtnetlink_rcv+0x18/0x20
[ 2838.240356][T17515]  netlink_unicast+0x5fc/0x6c0
[ 2838.245152][T17515]  netlink_sendmsg+0x6e1/0x7d0
[ 2838.249945][T17515]  ? netlink_getsockopt+0x720/0x720
[ 2838.255125][T17515]  ____sys_sendmsg+0x39a/0x510
[ 2838.259948][T17515]  __sys_sendmsg+0x195/0x230
[ 2838.264629][T17515]  ? __xfrm_init_state+0x350/0x820
[ 2838.269783][T17515]  __x64_sys_sendmsg+0x42/0x50
[ 2838.274556][T17515]  do_syscall_64+0x44/0xd0
[ 2838.279032][T17515]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2838.284944][T17515] RIP: 0033:0x7f2ab072eae9
[ 2838.289364][T17515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2838.309048][T17515] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2838.317461][T17515] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2838.325509][T17515] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2838.333489][T17515] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2838.341462][T17515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2838.349462][T17515] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2838.357433][T17515]  </TASK>
[ 2838.360449][T17515] ---[ end trace e45544a13c7e4801 ]---
[ 2838.367097][T17515] ------------[ cut here ]------------
[ 2838.372662][T17515] WARNING: CPU: 0 PID: 17515 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2838.382050][T17515] Modules linked in:
[ 2838.385925][T17515] CPU: 0 PID: 17515 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2838.395753][T17515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2838.405984][T17515] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2838.411528][T17515] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2838.431235][T17515] RSP: 0000:ffffc9000b2a75d8 EFLAGS: 00010246
[ 2838.437314][T17515] RAX: ffffffff83b414a7 RBX: ffff88815527e8a0 RCX: 0000000000040000
[ 2838.445333][T17515] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2838.453350][T17515] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2838.461407][T17515] R10: 0001ffffffffffff R11: 000188815527e8a0 R12: ffff88815527e850
[ 2838.469389][T17515] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88815527e800
[ 2838.477342][T17515] FS:  00007f2aae4a5700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 2838.486329][T17515] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2838.492980][T17515] CR2: 000000000040bac0 CR3: 00000001474b3000 CR4: 00000000003506f0
[ 2838.500963][T17515] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2838.508930][T17515] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2838.516966][T17515] Call Trace:
[ 2838.520312][T17515]  <TASK>
[ 2838.523299][T17515]  tcf_block_put_ext+0xe5/0x180
[ 2838.528190][T17515]  tcf_block_put+0x4c/0x70
[ 2838.532639][T17515]  cake_destroy+0x2d/0x50
[ 2838.536957][T17515]  ? cake_reset+0x5d0/0x5d0
[ 2838.541532][T17515]  qdisc_create+0xa82/0xd10
[ 2838.546017][T17515]  ? __nla_parse+0x3c/0x50
[ 2838.550426][T17515]  tc_modify_qdisc+0x64a/0x10b0
[ 2838.555337][T17515]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2838.561243][T17515]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2838.566163][T17515]  ? __kfree_skb+0xfe/0x150
[ 2838.570676][T17515]  ? kmem_cache_free+0x6c/0x100
[ 2838.575508][T17515]  ? __kfree_skb+0xfe/0x150
[ 2838.580062][T17515]  ? consume_skb+0x48/0x160
[ 2838.584574][T17515]  ? nlmon_xmit+0x5f/0x70
[ 2838.588887][T17515]  ? __this_cpu_preempt_check+0x18/0x20
[ 2838.594450][T17515]  ? __local_bh_enable_ip+0x4d/0x70
[ 2838.599756][T17515]  ? local_bh_enable+0x1b/0x20
[ 2838.604629][T17515]  ? __dev_queue_xmit+0x597/0xf70
[ 2838.609676][T17515]  ? __skb_clone+0x2db/0x300
[ 2838.614268][T17515]  ? __rcu_read_unlock+0x5c/0x290
[ 2838.619861][T17515]  netlink_rcv_skb+0x14e/0x250
[ 2838.624648][T17515]  ? rtnetlink_bind+0x60/0x60
[ 2838.629333][T17515]  rtnetlink_rcv+0x18/0x20
[ 2838.633752][T17515]  netlink_unicast+0x5fc/0x6c0
[ 2838.638569][T17515]  netlink_sendmsg+0x6e1/0x7d0
[ 2838.643423][T17515]  ? netlink_getsockopt+0x720/0x720
[ 2838.648631][T17515]  ____sys_sendmsg+0x39a/0x510
[ 2838.653531][T17515]  __sys_sendmsg+0x195/0x230
[ 2838.658164][T17515]  ? __xfrm_init_state+0x350/0x820
[ 2838.663303][T17515]  __x64_sys_sendmsg+0x42/0x50
[ 2838.668082][T17515]  do_syscall_64+0x44/0xd0
[ 2838.672549][T17515]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2838.678530][T17515] RIP: 0033:0x7f2ab072eae9
[ 2838.682969][T17515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2838.702692][T17515] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2838.711210][T17515] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 2838.719205][T17515] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2838.727176][T17515] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2838.735155][T17515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2838.743227][T17515] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 2838.751215][T17515]  </TASK>
[ 2838.754226][T17515] ---[ end trace e45544a13c7e4802 ]---
[ 2838.760455][T17620] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2838.774777][T17623] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 2855.517434][T17729] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 2868.483280][T17730] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 2868.491778][T17730] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
19:08:02 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400300]}]}}]}, 0x434}}, 0x0)

19:08:02 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x6000}}, {0x4}}]}]}, 0x68}}, 0x0)

19:08:02 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}]}}]}, 0x434}}, 0x0)

19:08:02 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7]}]}}]}, 0x434}}, 0x0)

[ 2902.507345][T17813] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2909.149589][T17887] syz-executor.2: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[ 2909.165960][T17887] CPU: 0 PID: 17887 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2909.175765][T17887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2909.185821][T17887] Call Trace:
[ 2909.189081][T17887]  <TASK>
[ 2909.192133][T17887]  dump_stack_lvl+0xd6/0x122
[ 2909.196733][T17887]  dump_stack+0x11/0x1b
[ 2909.200948][T17887]  warn_alloc+0x132/0x190
[ 2909.205500][T17887]  __vmalloc_node_range+0x58b/0x690
[ 2909.210751][T17887]  ? cake_init+0x20d/0x640
[ 2909.215152][T17887]  __vmalloc_node+0x61/0x70
[ 2909.219773][T17887]  ? cake_init+0x20d/0x640
[ 2909.224200][T17887]  kvmalloc_node+0xd2/0x110
[ 2909.228688][T17887]  cake_init+0x20d/0x640
[ 2909.232983][T17887]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 2909.238757][T17887]  ? qdisc_alloc+0x334/0x3c0
[ 2909.243356][T17887]  ? qdisc_lookup+0x20c/0x2e0
[ 2909.248048][T17887]  ? qdisc_peek_dequeued+0x140/0x140
[ 2909.253338][T17887]  qdisc_create+0x5f4/0xd10
[ 2909.257881][T17887]  ? __nla_parse+0x3c/0x50
[ 2909.262304][T17887]  tc_modify_qdisc+0x64a/0x10b0
[ 2909.267175][T17887]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2909.273128][T17887]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2909.278168][T17887]  ? ___cache_free+0x46/0x300
[ 2909.282846][T17887]  ? packet_rcv+0xc3/0x9d0
[ 2909.287261][T17887]  ? __kfree_skb+0xfe/0x150
[ 2909.291762][T17887]  ? kmem_cache_free+0x5e/0x100
[ 2909.296610][T17887]  ? __kfree_skb+0xfe/0x150
[ 2909.301138][T17887]  ? consume_skb+0x48/0x160
[ 2909.305635][T17887]  ? nlmon_xmit+0x5f/0x70
[ 2909.309998][T17887]  ? __this_cpu_preempt_check+0x18/0x20
[ 2909.315777][T17887]  ? __local_bh_enable_ip+0x4d/0x70
[ 2909.321193][T17887]  ? local_bh_enable+0x1b/0x20
[ 2909.325960][T17887]  ? __dev_queue_xmit+0x597/0xf70
[ 2909.331022][T17887]  ? __skb_clone+0x2db/0x300
[ 2909.335620][T17887]  ? __rcu_read_unlock+0x5c/0x290
[ 2909.340671][T17887]  netlink_rcv_skb+0x14e/0x250
[ 2909.345445][T17887]  ? rtnetlink_bind+0x60/0x60
[ 2909.350304][T17887]  rtnetlink_rcv+0x18/0x20
[ 2909.354719][T17887]  netlink_unicast+0x5fc/0x6c0
[ 2909.359945][T17887]  netlink_sendmsg+0x6e1/0x7d0
[ 2909.364750][T17887]  ? netlink_getsockopt+0x720/0x720
[ 2909.370027][T17887]  ____sys_sendmsg+0x39a/0x510
[ 2909.374799][T17887]  __sys_sendmsg+0x195/0x230
[ 2909.379421][T17887]  __x64_sys_sendmsg+0x42/0x50
[ 2909.384255][T17887]  do_syscall_64+0x44/0xd0
[ 2909.388754][T17887]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2909.394628][T17887] RIP: 0033:0x7f2ab072eae9
[ 2909.399156][T17887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2909.419017][T17887] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2909.427423][T17887] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2909.435377][T17887] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2909.443344][T17887] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2909.451313][T17887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2909.459364][T17887] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2909.467412][T17887]  </TASK>
[ 2909.470501][T17887] Mem-Info:
[ 2909.473587][T17887] active_anon:10702 inactive_anon:100128 isolated_anon:0
[ 2909.473587][T17887]  active_file:264 inactive_file:311 isolated_file:0
[ 2909.473587][T17887]  unevictable:0 dirty:0 writeback:0
[ 2909.473587][T17887]  slab_reclaimable:7067 slab_unreclaimable:1742530
[ 2909.473587][T17887]  mapped:52556 shmem:393 pagetables:5334 bounce:0
[ 2909.473587][T17887]  kernel_misc_reclaimable:0
[ 2909.473587][T17887]  free:12522 free_pcp:61 free_cma:0
[ 2909.514652][T17887] Node 0 active_anon:42808kB inactive_anon:400512kB active_file:892kB inactive_file:1244kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210224kB dirty:0kB writeback:0kB shmem:1572kB writeback_tmp:0kB kernel_stack:5360kB pagetables:21336kB all_unreclaimable? yes
[ 2909.541296][T17887] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2909.568102][T17887] lowmem_reserve[]: 0 2896 7874 7874
[ 2909.573414][T17887] Node 0 DMA32 free:23416kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2909.601781][T17887] lowmem_reserve[]: 0 0 4978 4978
[ 2909.606799][T17887] Node 0 Normal free:11312kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42808kB inactive_anon:399596kB active_file:892kB inactive_file:1192kB unevictable:0kB writepending:0kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:324kB local_pcp:244kB free_cma:0kB
[ 2909.636910][T17887] lowmem_reserve[]: 0 0 0 0
[ 2909.641508][T17887] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 2909.654149][T17887] Node 0 DMA32: 360*4kB (UME) 195*8kB (UME) 70*16kB (UME) 47*32kB (UME) 20*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 23416kB
[ 2909.671737][T17887] Node 0 Normal: 1434*4kB (UME) 503*8kB (UME) 81*16kB (UME) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11056kB
[ 2909.685871][T17887] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 2909.695148][T17887] 1107 total pagecache pages
[ 2909.699740][T17887] 0 pages in swap cache
[ 2909.703956][T17887] Swap cache stats: add 0, delete 0, find 0/0
[ 2909.710012][T17887] Free swap  = 0kB
[ 2909.713720][T17887] Total swap = 0kB
[ 2909.717410][T17887] 2097051 pages RAM
[ 2909.721254][T17887] 0 pages HighMem/MovableOnly
[ 2909.725906][T17887] 75955 pages reserved
[ 2909.731147][T17887] ------------[ cut here ]------------
[ 2909.736654][T17887] WARNING: CPU: 1 PID: 17887 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2909.747292][T17887] Modules linked in:
[ 2909.751356][T17887] CPU: 1 PID: 17887 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2909.761178][T17887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2909.771253][T17887] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 2909.777921][T17887] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 2909.797743][T17887] RSP: 0018:ffffc9000bd0b5f0 EFLAGS: 00010246
[ 2909.803799][T17887] RAX: ffff88810a1c6000 RBX: ffff888109bd70b0 RCX: 0000000000000000
[ 2909.811790][T17887] RDX: ffffc90007ce8000 RSI: 000000000003ffff RDI: ffff888109bd7000
[ 2909.819761][T17887] RBP: ffffc9000bd0b738 R08: 0001888109bd70b7 R09: 0000000000000000
[ 2909.827727][T17887] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109bd70b0
[ 2909.835728][T17887] R13: ffffffff85ec3720 R14: ffff888109bd7000 R15: ffffc9000bd0b668
[ 2909.843709][T17887] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2909.852629][T17887] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2909.859204][T17887] CR2: 0000000000457ae0 CR3: 000000011e0db000 CR4: 00000000003506e0
[ 2909.867157][T17887] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2909.875121][T17887] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2909.883131][T17887] Call Trace:
[ 2909.886488][T17887]  <TASK>
[ 2909.889411][T17887]  tcf_block_put_ext+0x2d/0x180
[ 2909.894311][T17887]  tcf_block_put+0x4c/0x70
[ 2909.898779][T17887]  cake_destroy+0x2d/0x50
[ 2909.903141][T17887]  ? cake_reset+0x5d0/0x5d0
[ 2909.907629][T17887]  qdisc_create+0xa82/0xd10
[ 2909.912176][T17887]  ? __nla_parse+0x3c/0x50
[ 2909.916621][T17887]  tc_modify_qdisc+0x64a/0x10b0
[ 2909.921486][T17887]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2909.927393][T17887]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2909.932326][T17887]  ? ___cache_free+0x46/0x300
[ 2909.936984][T17887]  ? packet_rcv+0xc3/0x9d0
[ 2909.941392][T17887]  ? __kfree_skb+0xfe/0x150
[ 2909.945927][T17887]  ? kmem_cache_free+0x5e/0x100
[ 2909.950782][T17887]  ? __kfree_skb+0xfe/0x150
[ 2909.955462][T17887]  ? consume_skb+0x48/0x160
[ 2909.960037][T17887]  ? nlmon_xmit+0x5f/0x70
[ 2909.964350][T17887]  ? __this_cpu_preempt_check+0x18/0x20
[ 2909.969961][T17887]  ? __local_bh_enable_ip+0x4d/0x70
[ 2909.975147][T17887]  ? local_bh_enable+0x1b/0x20
[ 2909.979961][T17887]  ? __dev_queue_xmit+0x597/0xf70
[ 2909.984977][T17887]  ? __skb_clone+0x2db/0x300
[ 2909.989572][T17887]  ? __rcu_read_unlock+0x5c/0x290
[ 2909.994578][T17887]  netlink_rcv_skb+0x14e/0x250
[ 2909.999345][T17887]  ? rtnetlink_bind+0x60/0x60
[ 2910.004003][T17887]  rtnetlink_rcv+0x18/0x20
[ 2910.008463][T17887]  netlink_unicast+0x5fc/0x6c0
[ 2910.013377][T17887]  netlink_sendmsg+0x6e1/0x7d0
[ 2910.018154][T17887]  ? netlink_getsockopt+0x720/0x720
[ 2910.023448][T17887]  ____sys_sendmsg+0x39a/0x510
[ 2910.028207][T17887]  __sys_sendmsg+0x195/0x230
[ 2910.032795][T17887]  __x64_sys_sendmsg+0x42/0x50
[ 2910.037556][T17887]  do_syscall_64+0x44/0xd0
[ 2910.042064][T17887]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2910.047955][T17887] RIP: 0033:0x7f2ab072eae9
[ 2910.052417][T17887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2910.072117][T17887] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2910.080527][T17887] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2910.088523][T17887] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2910.096556][T17887] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2910.104543][T17887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2910.112551][T17887] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2910.120517][T17887]  </TASK>
[ 2910.123515][T17887] ---[ end trace e45544a13c7e4803 ]---
[ 2910.129400][T17887] ------------[ cut here ]------------
[ 2910.134829][T17887] WARNING: CPU: 1 PID: 17887 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 2910.144451][T17887] Modules linked in:
[ 2910.148319][T17887] CPU: 1 PID: 17887 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2910.158177][T17887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2910.168311][T17887] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 2910.174045][T17887] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 2910.193657][T17887] RSP: 0018:ffffc9000bd0b628 EFLAGS: 00010246
[ 2910.199727][T17887] RAX: ffffffff83b40f4c RBX: ffff888109bd7088 RCX: 0000000000040000
[ 2910.207690][T17887] RDX: ffffc90007ce8000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2910.215655][T17887] RBP: ffffc9000bd0b668 R08: 0001888109bd708f R09: 0000000000000000
[ 2910.223678][T17887] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff8881080b0000
[ 2910.231640][T17887] R13: 0000000000000000 R14: ffffc9000bd0b7f0 R15: ffff888109bd7000
[ 2910.239735][T17887] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2910.248650][T17887] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2910.255229][T17887] CR2: 0000000000457ae0 CR3: 000000011e0db000 CR4: 00000000003506e0
[ 2910.263287][T17887] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2910.271252][T17887] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2910.279256][T17887] Call Trace:
[ 2910.282516][T17887]  <TASK>
[ 2910.285428][T17887]  tcf_block_put+0x4c/0x70
[ 2910.289919][T17887]  cake_destroy+0x2d/0x50
[ 2910.294247][T17887]  ? cake_reset+0x5d0/0x5d0
[ 2910.298802][T17887]  qdisc_create+0xa82/0xd10
[ 2910.303341][T17887]  ? __nla_parse+0x3c/0x50
[ 2910.307742][T17887]  tc_modify_qdisc+0x64a/0x10b0
[ 2910.312589][T17887]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2910.318492][T17887]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2910.323424][T17887]  ? ___cache_free+0x46/0x300
[ 2910.328090][T17887]  ? packet_rcv+0xc3/0x9d0
[ 2910.332497][T17887]  ? __kfree_skb+0xfe/0x150
[ 2910.337078][T17887]  ? kmem_cache_free+0x5e/0x100
[ 2910.341935][T17887]  ? __kfree_skb+0xfe/0x150
[ 2910.346419][T17887]  ? consume_skb+0x48/0x160
[ 2910.350914][T17887]  ? nlmon_xmit+0x5f/0x70
[ 2910.355221][T17887]  ? __this_cpu_preempt_check+0x18/0x20
[ 2910.360767][T17887]  ? __local_bh_enable_ip+0x4d/0x70
[ 2910.365951][T17887]  ? local_bh_enable+0x1b/0x20
[ 2910.370743][T17887]  ? __dev_queue_xmit+0x597/0xf70
[ 2910.375758][T17887]  ? __skb_clone+0x2db/0x300
[ 2910.380425][T17887]  ? __rcu_read_unlock+0x5c/0x290
[ 2910.385449][T17887]  netlink_rcv_skb+0x14e/0x250
[ 2910.390208][T17887]  ? rtnetlink_bind+0x60/0x60
[ 2910.395157][T17887]  rtnetlink_rcv+0x18/0x20
[ 2910.399575][T17887]  netlink_unicast+0x5fc/0x6c0
[ 2910.404368][T17887]  netlink_sendmsg+0x6e1/0x7d0
[ 2910.409202][T17887]  ? netlink_getsockopt+0x720/0x720
[ 2910.414381][T17887]  ____sys_sendmsg+0x39a/0x510
[ 2910.419153][T17887]  __sys_sendmsg+0x195/0x230
[ 2910.423815][T17887]  __x64_sys_sendmsg+0x42/0x50
[ 2910.428655][T17887]  do_syscall_64+0x44/0xd0
[ 2910.433087][T17887]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2910.439005][T17887] RIP: 0033:0x7f2ab072eae9
[ 2910.443416][T17887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2910.463056][T17887] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2910.471552][T17887] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2910.479533][T17887] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2910.487484][T17887] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2910.495449][T17887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2910.503453][T17887] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2910.511419][T17887]  </TASK>
[ 2910.514417][T17887] ---[ end trace e45544a13c7e4804 ]---
[ 2910.521366][T17887] ------------[ cut here ]------------
[ 2910.526804][T17887] WARNING: CPU: 1 PID: 17887 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 2910.536351][T17887] Modules linked in:
[ 2910.540236][T17887] CPU: 1 PID: 17887 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 2910.550086][T17887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2910.560200][T17887] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 2910.565770][T17887] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 2910.585517][T17887] RSP: 0018:ffffc9000bd0b5d8 EFLAGS: 00010246
[ 2910.591580][T17887] RAX: ffffffff83b414a7 RBX: ffff888109bd70a0 RCX: 0000000000040000
[ 2910.599546][T17887] RDX: ffffc90007ce8000 RSI: 000000000003ffff RDI: 0000000000040000
[ 2910.607497][T17887] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 2910.615472][T17887] R10: 0001ffffffffffff R11: 0001888109bd70a0 R12: ffff888109bd7050
[ 2910.623447][T17887] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888109bd7000
[ 2910.631415][T17887] FS:  00007f2aae484700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 2910.640340][T17887] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2910.646946][T17887] CR2: 0000000000457ae0 CR3: 000000011e0db000 CR4: 00000000003506e0
[ 2910.654986][T17887] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2910.662954][T17887] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2910.670929][T17887] Call Trace:
[ 2910.674194][T17887]  <TASK>
[ 2910.677106][T17887]  tcf_block_put_ext+0xe5/0x180
[ 2910.681991][T17887]  tcf_block_put+0x4c/0x70
[ 2910.686423][T17887]  cake_destroy+0x2d/0x50
[ 2910.690784][T17887]  ? cake_reset+0x5d0/0x5d0
[ 2910.695334][T17887]  qdisc_create+0xa82/0xd10
[ 2910.699956][T17887]  ? __nla_parse+0x3c/0x50
[ 2910.704355][T17887]  tc_modify_qdisc+0x64a/0x10b0
[ 2910.709575][T17887]  ? qdisc_offload_graft_helper+0x190/0x190
[ 2910.715449][T17887]  rtnetlink_rcv_msg+0x745/0x7e0
[ 2910.720380][T17887]  ? ___cache_free+0x46/0x300
[ 2910.725072][T17887]  ? packet_rcv+0xc3/0x9d0
[ 2910.729495][T17887]  ? __kfree_skb+0xfe/0x150
[ 2910.733979][T17887]  ? kmem_cache_free+0x5e/0x100
[ 2910.738819][T17887]  ? __kfree_skb+0xfe/0x150
[ 2910.743331][T17887]  ? consume_skb+0x48/0x160
[ 2910.747814][T17887]  ? nlmon_xmit+0x5f/0x70
[ 2910.752176][T17887]  ? __this_cpu_preempt_check+0x18/0x20
[ 2910.757702][T17887]  ? __local_bh_enable_ip+0x4d/0x70
[ 2910.762903][T17887]  ? local_bh_enable+0x1b/0x20
[ 2910.767651][T17887]  ? __dev_queue_xmit+0x597/0xf70
[ 2910.772685][T17887]  ? __skb_clone+0x2db/0x300
[ 2910.777257][T17887]  ? __rcu_read_unlock+0x5c/0x290
[ 2910.782286][T17887]  netlink_rcv_skb+0x14e/0x250
[ 2910.787087][T17887]  ? rtnetlink_bind+0x60/0x60
[ 2910.791860][T17887]  rtnetlink_rcv+0x18/0x20
[ 2910.796340][T17887]  netlink_unicast+0x5fc/0x6c0
[ 2910.801105][T17887]  netlink_sendmsg+0x6e1/0x7d0
[ 2910.805904][T17887]  ? netlink_getsockopt+0x720/0x720
[ 2910.811111][T17887]  ____sys_sendmsg+0x39a/0x510
[ 2910.815889][T17887]  __sys_sendmsg+0x195/0x230
[ 2910.820623][T17887]  __x64_sys_sendmsg+0x42/0x50
[ 2910.825487][T17887]  do_syscall_64+0x44/0xd0
[ 2910.829963][T17887]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 2910.835879][T17887] RIP: 0033:0x7f2ab072eae9
[ 2910.840288][T17887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2910.859887][T17887] RSP: 002b:00007f2aae484188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2910.868276][T17887] RAX: ffffffffffffffda RBX: 00007f2ab0842020 RCX: 00007f2ab072eae9
[ 2910.876239][T17887] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 2910.884366][T17887] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 2910.892431][T17887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2910.900404][T17887] R13: 00007ffc9c92452f R14: 00007f2aae484300 R15: 0000000000022000
[ 2910.908365][T17887]  </TASK>
[ 2910.911391][T17887] ---[ end trace e45544a13c7e4805 ]---
[ 2910.928694][T17891] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2910.939754][T17893] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
19:09:33 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7]}]}}]}, 0x434}}, 0x0)

19:09:34 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}]}}]}, 0x434}}, 0x0)

19:09:45 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x63c8}}, {0x4}}]}]}, 0x68}}, 0x0)

19:09:47 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4040000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:10:13 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}]}}]}, 0x434}}, 0x0)

[ 3012.059456][T18007] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3016.909134][T18007] syz-executor.2: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[ 3016.925414][T18007] CPU: 0 PID: 18007 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 3016.935263][T18007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3016.945369][T18007] Call Trace:
[ 3016.948643][T18007]  <TASK>
[ 3016.951578][T18007]  dump_stack_lvl+0xd6/0x122
[ 3016.956180][T18007]  dump_stack+0x11/0x1b
[ 3016.960334][T18007]  warn_alloc+0x132/0x190
[ 3016.964686][T18007]  __vmalloc_node_range+0x58b/0x690
[ 3016.969922][T18007]  ? cake_init+0x20d/0x640
[ 3016.974346][T18007]  __vmalloc_node+0x61/0x70
[ 3016.979013][T18007]  ? cake_init+0x20d/0x640
[ 3016.983476][T18007]  kvmalloc_node+0xd2/0x110
[ 3016.988205][T18007]  cake_init+0x20d/0x640
[ 3016.992486][T18007]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 3016.998253][T18007]  ? qdisc_alloc+0x334/0x3c0
[ 3017.002886][T18007]  ? qdisc_lookup+0x20c/0x2e0
[ 3017.007546][T18007]  ? qdisc_peek_dequeued+0x140/0x140
[ 3017.012931][T18007]  qdisc_create+0x5f4/0xd10
[ 3017.017425][T18007]  ? __nla_parse+0x3c/0x50
[ 3017.021836][T18007]  tc_modify_qdisc+0x64a/0x10b0
[ 3017.026680][T18007]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3017.032659][T18007]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3017.037705][T18007]  ? ___cache_free+0x46/0x300
[ 3017.042368][T18007]  ? packet_rcv+0xc3/0x9d0
[ 3017.046786][T18007]  ? __kfree_skb+0xfe/0x150
[ 3017.051286][T18007]  ? kmem_cache_free+0x5e/0x100
[ 3017.056216][T18007]  ? __kfree_skb+0xfe/0x150
[ 3017.060706][T18007]  ? consume_skb+0x48/0x160
[ 3017.065213][T18007]  ? nlmon_xmit+0x5f/0x70
[ 3017.069526][T18007]  ? __this_cpu_preempt_check+0x18/0x20
[ 3017.075054][T18007]  ? __local_bh_enable_ip+0x4d/0x70
[ 3017.080233][T18007]  ? local_bh_enable+0x1b/0x20
[ 3017.084977][T18007]  ? __dev_queue_xmit+0x597/0xf70
[ 3017.090057][T18007]  ? __skb_clone+0x2db/0x300
[ 3017.094714][T18007]  ? __rcu_read_unlock+0x5c/0x290
[ 3017.099736][T18007]  netlink_rcv_skb+0x14e/0x250
[ 3017.104595][T18007]  ? rtnetlink_bind+0x60/0x60
[ 3017.109284][T18007]  rtnetlink_rcv+0x18/0x20
[ 3017.113705][T18007]  netlink_unicast+0x5fc/0x6c0
[ 3017.118466][T18007]  netlink_sendmsg+0x6e1/0x7d0
[ 3017.123302][T18007]  ? netlink_getsockopt+0x720/0x720
[ 3017.128508][T18007]  ____sys_sendmsg+0x39a/0x510
[ 3017.133256][T18007]  __sys_sendmsg+0x195/0x230
[ 3017.137842][T18007]  __x64_sys_sendmsg+0x42/0x50
[ 3017.142607][T18007]  do_syscall_64+0x44/0xd0
[ 3017.147086][T18007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3017.152956][T18007] RIP: 0033:0x7f2ab072eae9
[ 3017.157349][T18007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3017.177081][T18007] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3017.185530][T18007] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 3017.193539][T18007] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3017.201652][T18007] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 3017.209602][T18007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3017.217566][T18007] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 3017.225520][T18007]  </TASK>
[ 3017.228650][T18007] Mem-Info:
[ 3017.231767][T18007] active_anon:10710 inactive_anon:100046 isolated_anon:0
[ 3017.231767][T18007]  active_file:471 inactive_file:681 isolated_file:0
[ 3017.231767][T18007]  unevictable:0 dirty:8 writeback:0
[ 3017.231767][T18007]  slab_reclaimable:7064 slab_unreclaimable:1742458
[ 3017.231767][T18007]  mapped:52883 shmem:401 pagetables:5275 bounce:0
[ 3017.231767][T18007]  kernel_misc_reclaimable:0
[ 3017.231767][T18007]  free:12195 free_pcp:144 free_cma:0
[ 3017.273039][T18007] Node 0 active_anon:42840kB inactive_anon:400184kB active_file:1296kB inactive_file:1280kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210256kB dirty:32kB writeback:0kB shmem:1604kB writeback_tmp:0kB kernel_stack:5312kB pagetables:21100kB all_unreclaimable? no
[ 3017.299419][T18007] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3017.326395][T18007] lowmem_reserve[]: 0 2896 7874 7874
[ 3017.331733][T18007] Node 0 DMA32 free:23420kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3017.360288][T18007] lowmem_reserve[]: 0 0 4978 4978
[ 3017.365369][T18007] Node 0 Normal free:10756kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:2048KB active_anon:42844kB inactive_anon:399316kB active_file:2156kB inactive_file:2280kB unevictable:0kB writepending:32kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:712kB local_pcp:244kB free_cma:0kB
[ 3017.395518][T18007] lowmem_reserve[]: 0 0 0 0
[ 3017.400062][T18007] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 3017.412733][T18007] Node 0 DMA32: 359*4kB (UME) 196*8kB (UME) 70*16kB (UME) 47*32kB (UME) 20*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 23420kB
[ 3017.430410][T18007] Node 0 Normal: 832*4kB (UME) 513*8kB (UME) 94*16kB (UM) 7*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9160kB
[ 3017.444596][T18007] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 3017.453888][T18007] 1206 total pagecache pages
[ 3017.458463][T18007] 0 pages in swap cache
[ 3017.462637][T18007] Swap cache stats: add 0, delete 0, find 0/0
[ 3017.468748][T18007] Free swap  = 0kB
[ 3017.472507][T18007] Total swap = 0kB
[ 3017.476211][T18007] 2097051 pages RAM
[ 3017.480024][T18007] 0 pages HighMem/MovableOnly
[ 3017.484683][T18007] 75955 pages reserved
[ 3017.490250][T18007] ------------[ cut here ]------------
[ 3017.495781][T18007] WARNING: CPU: 1 PID: 18007 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 3017.506347][T18007] Modules linked in:
[ 3017.510372][T18007] CPU: 1 PID: 18007 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 3017.520209][T18007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3017.530292][T18007] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 3017.537058][T18007] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 3017.556776][T18007] RSP: 0000:ffffc9000bde35f0 EFLAGS: 00010246
[ 3017.562909][T18007] RAX: ffff88813ab82000 RBX: ffff888109b6c0b0 RCX: 0000000000000000
[ 3017.570882][T18007] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: ffff888109b6c000
[ 3017.578831][T18007] RBP: ffffc9000bde3738 R08: 0001888109b6c0b7 R09: 0000000000000000
[ 3017.586793][T18007] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b6c0b0
[ 3017.594770][T18007] R13: ffffffff85ec3720 R14: ffff888109b6c000 R15: ffffc9000bde3668
[ 3017.602799][T18007] FS:  00007f2aae4a5700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 3017.611775][T18007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3017.618428][T18007] CR2: 00007f1b14283160 CR3: 0000000105941000 CR4: 00000000003506e0
[ 3017.626422][T18007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3017.634385][T18007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3017.642367][T18007] Call Trace:
[ 3017.645623][T18007]  <TASK>
[ 3017.648544][T18007]  tcf_block_put_ext+0x2d/0x180
[ 3017.653464][T18007]  tcf_block_put+0x4c/0x70
[ 3017.657861][T18007]  cake_destroy+0x2d/0x50
[ 3017.662271][T18007]  ? cake_reset+0x5d0/0x5d0
[ 3017.666790][T18007]  qdisc_create+0xa82/0xd10
[ 3017.671290][T18007]  ? __nla_parse+0x3c/0x50
[ 3017.675693][T18007]  tc_modify_qdisc+0x64a/0x10b0
[ 3017.680705][T18007]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3017.686641][T18007]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3017.691581][T18007]  ? ___cache_free+0x46/0x300
[ 3017.696318][T18007]  ? packet_rcv+0xc3/0x9d0
[ 3017.700839][T18007]  ? __kfree_skb+0xfe/0x150
[ 3017.705329][T18007]  ? kmem_cache_free+0x5e/0x100
[ 3017.710172][T18007]  ? __kfree_skb+0xfe/0x150
[ 3017.714650][T18007]  ? consume_skb+0x48/0x160
[ 3017.719154][T18007]  ? nlmon_xmit+0x5f/0x70
[ 3017.723489][T18007]  ? __this_cpu_preempt_check+0x18/0x20
[ 3017.729013][T18007]  ? __local_bh_enable_ip+0x4d/0x70
[ 3017.734217][T18007]  ? local_bh_enable+0x1b/0x20
[ 3017.738971][T18007]  ? __dev_queue_xmit+0x597/0xf70
[ 3017.743990][T18007]  ? __skb_clone+0x2db/0x300
[ 3017.748662][T18007]  ? __rcu_read_unlock+0x5c/0x290
[ 3017.753694][T18007]  netlink_rcv_skb+0x14e/0x250
[ 3017.758466][T18007]  ? rtnetlink_bind+0x60/0x60
[ 3017.763155][T18007]  rtnetlink_rcv+0x18/0x20
[ 3017.767590][T18007]  netlink_unicast+0x5fc/0x6c0
[ 3017.772367][T18007]  netlink_sendmsg+0x6e1/0x7d0
[ 3017.777245][T18007]  ? netlink_getsockopt+0x720/0x720
[ 3017.782527][T18007]  ____sys_sendmsg+0x39a/0x510
[ 3017.787327][T18007]  __sys_sendmsg+0x195/0x230
[ 3017.791914][T18007]  __x64_sys_sendmsg+0x42/0x50
[ 3017.796745][T18007]  do_syscall_64+0x44/0xd0
[ 3017.801160][T18007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3017.807040][T18007] RIP: 0033:0x7f2ab072eae9
[ 3017.811594][T18007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3017.831215][T18007] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3017.839644][T18007] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 3017.847658][T18007] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3017.855627][T18007] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 3017.863625][T18007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3017.871588][T18007] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 3017.879594][T18007]  </TASK>
[ 3017.882701][T18007] ---[ end trace e45544a13c7e4806 ]---
[ 3017.888530][T18007] ------------[ cut here ]------------
[ 3017.893983][T18007] WARNING: CPU: 1 PID: 18007 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 3017.903550][T18007] Modules linked in:
[ 3017.907425][T18007] CPU: 1 PID: 18007 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 3017.917268][T18007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3017.927313][T18007] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 3017.932938][T18007] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 3017.952727][T18007] RSP: 0000:ffffc9000bde3628 EFLAGS: 00010246
[ 3017.958775][T18007] RAX: ffffffff83b40f4c RBX: ffff888109b6c088 RCX: 0000000000040000
[ 3017.966771][T18007] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 3017.974733][T18007] RBP: ffffc9000bde3668 R08: 0001888109b6c08f R09: 0000000000000000
[ 3017.982695][T18007] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888107080000
[ 3017.990714][T18007] R13: 0000000000000000 R14: ffffc9000bde37f0 R15: ffff888109b6c000
[ 3017.998729][T18007] FS:  00007f2aae4a5700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 3018.007669][T18007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3018.014351][T18007] CR2: 00007f1b14283160 CR3: 0000000105941000 CR4: 00000000003506e0
[ 3018.022321][T18007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3018.030351][T18007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3018.038307][T18007] Call Trace:
[ 3018.041578][T18007]  <TASK>
[ 3018.044611][T18007]  tcf_block_put+0x4c/0x70
[ 3018.049109][T18007]  cake_destroy+0x2d/0x50
[ 3018.053430][T18007]  ? cake_reset+0x5d0/0x5d0
[ 3018.057992][T18007]  qdisc_create+0xa82/0xd10
[ 3018.062513][T18007]  ? __nla_parse+0x3c/0x50
[ 3018.066928][T18007]  tc_modify_qdisc+0x64a/0x10b0
[ 3018.071884][T18007]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3018.077870][T18007]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3018.082811][T18007]  ? ___cache_free+0x46/0x300
[ 3018.087520][T18007]  ? packet_rcv+0xc3/0x9d0
[ 3018.092081][T18007]  ? __kfree_skb+0xfe/0x150
[ 3018.096642][T18007]  ? kmem_cache_free+0x5e/0x100
[ 3018.101490][T18007]  ? __kfree_skb+0xfe/0x150
[ 3018.105977][T18007]  ? consume_skb+0x48/0x160
[ 3018.110473][T18007]  ? nlmon_xmit+0x5f/0x70
[ 3018.114841][T18007]  ? __this_cpu_preempt_check+0x18/0x20
[ 3018.120398][T18007]  ? __local_bh_enable_ip+0x4d/0x70
[ 3018.125579][T18007]  ? local_bh_enable+0x1b/0x20
[ 3018.130337][T18007]  ? __dev_queue_xmit+0x597/0xf70
[ 3018.135410][T18007]  ? __skb_clone+0x2db/0x300
[ 3018.140008][T18007]  ? __rcu_read_unlock+0x5c/0x290
[ 3018.145082][T18007]  netlink_rcv_skb+0x14e/0x250
[ 3018.149882][T18007]  ? rtnetlink_bind+0x60/0x60
[ 3018.154551][T18007]  rtnetlink_rcv+0x18/0x20
[ 3018.159064][T18007]  netlink_unicast+0x5fc/0x6c0
[ 3018.163828][T18007]  netlink_sendmsg+0x6e1/0x7d0
[ 3018.168636][T18007]  ? netlink_getsockopt+0x720/0x720
[ 3018.173828][T18007]  ____sys_sendmsg+0x39a/0x510
[ 3018.178632][T18007]  __sys_sendmsg+0x195/0x230
[ 3018.183287][T18007]  __x64_sys_sendmsg+0x42/0x50
[ 3018.188033][T18007]  do_syscall_64+0x44/0xd0
[ 3018.192445][T18007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3018.198331][T18007] RIP: 0033:0x7f2ab072eae9
[ 3018.202739][T18007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.222342][T18007] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3018.230864][T18007] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 3018.238816][T18007] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3018.246827][T18007] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 3018.254790][T18007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3018.262774][T18007] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 3018.270742][T18007]  </TASK>
[ 3018.273743][T18007] ---[ end trace e45544a13c7e4807 ]---
[ 3018.280965][T18007] ------------[ cut here ]------------
[ 3018.286490][T18007] WARNING: CPU: 1 PID: 18007 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 3018.295899][T18007] Modules linked in:
[ 3018.299809][T18007] CPU: 1 PID: 18007 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 3018.309611][T18007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3018.319666][T18007] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 3018.325236][T18007] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 3018.344952][T18007] RSP: 0000:ffffc9000bde35d8 EFLAGS: 00010246
[ 3018.351220][T18007] RAX: ffffffff83b414a7 RBX: ffff888109b6c0a0 RCX: 0000000000040000
[ 3018.359186][T18007] RDX: ffffc900078e6000 RSI: 000000000003ffff RDI: 0000000000040000
[ 3018.367174][T18007] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 3018.375142][T18007] R10: 0001ffffffffffff R11: 0001888109b6c0a0 R12: ffff888109b6c050
[ 3018.383111][T18007] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff888109b6c000
[ 3018.391076][T18007] FS:  00007f2aae4a5700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 3018.400036][T18007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3018.406610][T18007] CR2: 00007f1b14283160 CR3: 0000000105941000 CR4: 00000000003506e0
[ 3018.414642][T18007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3018.422618][T18007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3018.430607][T18007] Call Trace:
[ 3018.433880][T18007]  <TASK>
[ 3018.436793][T18007]  tcf_block_put_ext+0xe5/0x180
[ 3018.441722][T18007]  tcf_block_put+0x4c/0x70
[ 3018.446119][T18007]  cake_destroy+0x2d/0x50
[ 3018.450450][T18007]  ? cake_reset+0x5d0/0x5d0
[ 3018.454944][T18007]  qdisc_create+0xa82/0xd10
[ 3018.459438][T18007]  ? __nla_parse+0x3c/0x50
[ 3018.463847][T18007]  tc_modify_qdisc+0x64a/0x10b0
[ 3018.468715][T18007]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3018.474622][T18007]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3018.479589][T18007]  ? ___cache_free+0x46/0x300
[ 3018.484244][T18007]  ? packet_rcv+0xc3/0x9d0
[ 3018.488652][T18007]  ? __kfree_skb+0xfe/0x150
[ 3018.493146][T18007]  ? kmem_cache_free+0x5e/0x100
[ 3018.498035][T18007]  ? __kfree_skb+0xfe/0x150
[ 3018.502526][T18007]  ? consume_skb+0x48/0x160
[ 3018.507008][T18007]  ? nlmon_xmit+0x5f/0x70
[ 3018.511328][T18007]  ? __this_cpu_preempt_check+0x18/0x20
[ 3018.516924][T18007]  ? __local_bh_enable_ip+0x4d/0x70
[ 3018.522357][T18007]  ? local_bh_enable+0x1b/0x20
[ 3018.527104][T18007]  ? __dev_queue_xmit+0x597/0xf70
[ 3018.532307][T18007]  ? __skb_clone+0x2db/0x300
[ 3018.536925][T18007]  ? __rcu_read_unlock+0x5c/0x290
[ 3018.541954][T18007]  netlink_rcv_skb+0x14e/0x250
[ 3018.546703][T18007]  ? rtnetlink_bind+0x60/0x60
[ 3018.551399][T18007]  rtnetlink_rcv+0x18/0x20
[ 3018.555851][T18007]  netlink_unicast+0x5fc/0x6c0
[ 3018.560653][T18007]  netlink_sendmsg+0x6e1/0x7d0
[ 3018.565481][T18007]  ? netlink_getsockopt+0x720/0x720
[ 3018.570691][T18007]  ____sys_sendmsg+0x39a/0x510
[ 3018.575436][T18007]  __sys_sendmsg+0x195/0x230
[ 3018.580128][T18007]  __x64_sys_sendmsg+0x42/0x50
[ 3018.584874][T18007]  do_syscall_64+0x44/0xd0
[ 3018.589306][T18007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3018.595208][T18007] RIP: 0033:0x7f2ab072eae9
[ 3018.599628][T18007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3018.619258][T18007] RSP: 002b:00007f2aae4a5188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3018.627653][T18007] RAX: ffffffffffffffda RBX: 00007f2ab0841f60 RCX: 00007f2ab072eae9
[ 3018.635617][T18007] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3018.643668][T18007] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 3018.651628][T18007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3018.659621][T18007] R13: 00007ffc9c92452f R14: 00007f2aae4a5300 R15: 0000000000022000
[ 3018.667573][T18007]  </TASK>
[ 3018.670667][T18007] ---[ end trace e45544a13c7e4808 ]---
[ 3018.676625][T18011] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3021.830585][T18010] ------------[ cut here ]------------
[ 3021.836055][T18010] WARNING: CPU: 0 PID: 18010 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 3021.846640][T18010] Modules linked in:
[ 3021.850700][T18010] CPU: 0 PID: 18010 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 3021.860518][T18010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3021.870612][T18010] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 3021.877314][T18010] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 3021.896947][T18010] RSP: 0000:ffffc9000bcfb5f0 EFLAGS: 00010246
[ 3021.903037][T18010] RAX: ffff888124552000 RBX: ffff88813abc68b0 RCX: 0000000000000000
[ 3021.911026][T18010] RDX: ffffc90007ee9000 RSI: 00000000000096e8 RDI: ffff88813abc6800
[ 3021.919001][T18010] RBP: ffffc9000bcfb738 R08: 000188813abc68b7 R09: 0000000000000000
[ 3021.927048][T18010] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff88813abc68b0
[ 3021.935150][T18010] R13: ffffffff85ec3720 R14: ffff88813abc6800 R15: ffffc9000bcfb668
[ 3021.943179][T18010] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 3021.952137][T18010] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3021.958717][T18010] CR2: 0000000000457ae0 CR3: 0000000105941000 CR4: 00000000003506f0
[ 3021.966731][T18010] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3021.974740][T18010] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3021.982730][T18010] Call Trace:
[ 3021.986006][T18010]  <TASK>
[ 3021.988972][T18010]  tcf_block_put_ext+0x2d/0x180
[ 3021.993895][T18010]  tcf_block_put+0x4c/0x70
[ 3021.998321][T18010]  cake_destroy+0x2d/0x50
[ 3022.002717][T18010]  ? cake_reset+0x5d0/0x5d0
[ 3022.007223][T18010]  qdisc_create+0xa82/0xd10
[ 3022.011779][T18010]  ? __nla_parse+0x3c/0x50
[ 3022.016230][T18010]  tc_modify_qdisc+0x64a/0x10b0
[ 3022.021187][T18010]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3022.027085][T18010]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3022.032078][T18010]  ? ___cache_free+0x46/0x300
[ 3022.036760][T18010]  ? packet_rcv+0xc3/0x9d0
[ 3022.041217][T18010]  ? __kfree_skb+0xfe/0x150
[ 3022.045730][T18010]  ? kmem_cache_free+0x5e/0x100
[ 3022.052381][T18010]  ? __kfree_skb+0xfe/0x150
[ 3022.056891][T18010]  ? consume_skb+0x48/0x160
[ 3022.061411][T18010]  ? nlmon_xmit+0x5f/0x70
[ 3022.065773][T18010]  ? __this_cpu_preempt_check+0x18/0x20
[ 3022.071398][T18010]  ? __local_bh_enable_ip+0x4d/0x70
[ 3022.076603][T18010]  ? local_bh_enable+0x1b/0x20
[ 3022.081387][T18010]  ? __dev_queue_xmit+0x597/0xf70
[ 3022.086488][T18010]  ? __skb_clone+0x2db/0x300
[ 3022.091107][T18010]  ? __rcu_read_unlock+0x5c/0x290
[ 3022.096131][T18010]  netlink_rcv_skb+0x14e/0x250
[ 3022.100926][T18010]  ? rtnetlink_bind+0x60/0x60
[ 3022.105608][T18010]  rtnetlink_rcv+0x18/0x20
[ 3022.110038][T18010]  netlink_unicast+0x5fc/0x6c0
[ 3022.114876][T18010]  netlink_sendmsg+0x6e1/0x7d0
[ 3022.119678][T18010]  ? netlink_getsockopt+0x720/0x720
[ 3022.124876][T18010]  ____sys_sendmsg+0x39a/0x510
[ 3022.129688][T18010]  __sys_sendmsg+0x195/0x230
[ 3022.134342][T18010]  ? __xfrm_init_state+0x350/0x820
[ 3022.139472][T18010]  __x64_sys_sendmsg+0x42/0x50
[ 3022.144309][T18010]  do_syscall_64+0x44/0xd0
[ 3022.148763][T18010]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3022.154719][T18010] RIP: 0033:0x7f2ab072eae9
[ 3022.159170][T18010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3022.179237][T18010] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3022.187718][T18010] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 3022.195711][T18010] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3022.203751][T18010] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 3022.211854][T18010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3022.219878][T18010] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 3022.227879][T18010]  </TASK>
[ 3022.230905][T18010] ---[ end trace e45544a13c7e4809 ]---
[ 3022.236912][T18010] ------------[ cut here ]------------
[ 3022.242467][T18010] WARNING: CPU: 0 PID: 18010 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 3022.252100][T18010] Modules linked in:
[ 3022.256000][T18010] CPU: 0 PID: 18010 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 3022.265849][T18010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3022.275955][T18010] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 3022.281621][T18010] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 3022.301367][T18010] RSP: 0000:ffffc9000bcfb628 EFLAGS: 00010287
[ 3022.307441][T18010] RAX: ffffffff83b40f4c RBX: ffff88813abc6888 RCX: 0000000000040000
[ 3022.315500][T18010] RDX: ffffc90007ee9000 RSI: 000000000003f287 RDI: 000000000003f288
[ 3022.323488][T18010] RBP: ffffc9000bcfb668 R08: 000188813abc688f R09: 0000000000000000
[ 3022.331474][T18010] R10: 0001ffffffffffff R11: 0001ffffffffffff R12: ffff888109b60000
[ 3022.339586][T18010] R13: 0000000000000000 R14: ffffc9000bcfb7f0 R15: ffff88813abc6800
[ 3022.347568][T18010] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 3022.356752][T18010] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3022.363386][T18010] CR2: 0000000000457ae0 CR3: 0000000105941000 CR4: 00000000003506f0
[ 3022.371383][T18010] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3022.379383][T18010] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3022.387361][T18010] Call Trace:
[ 3022.390919][T18010]  <TASK>
[ 3022.393862][T18010]  tcf_block_put+0x4c/0x70
[ 3022.398293][T18010]  cake_destroy+0x2d/0x50
[ 3022.402666][T18010]  ? cake_reset+0x5d0/0x5d0
[ 3022.407180][T18010]  qdisc_create+0xa82/0xd10
[ 3022.411712][T18010]  ? __nla_parse+0x3c/0x50
[ 3022.416146][T18010]  tc_modify_qdisc+0x64a/0x10b0
[ 3022.421066][T18010]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3022.426972][T18010]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3022.431944][T18010]  ? ___cache_free+0x46/0x300
[ 3022.436623][T18010]  ? packet_rcv+0xc3/0x9d0
[ 3022.441064][T18010]  ? __kfree_skb+0xfe/0x150
[ 3022.445615][T18010]  ? kmem_cache_free+0x5e/0x100
[ 3022.450603][T18010]  ? __kfree_skb+0xfe/0x150
[ 3022.455110][T18010]  ? consume_skb+0x48/0x160
[ 3022.459630][T18010]  ? nlmon_xmit+0x5f/0x70
[ 3022.463986][T18010]  ? __this_cpu_preempt_check+0x18/0x20
[ 3022.469576][T18010]  ? __local_bh_enable_ip+0x4d/0x70
[ 3022.474777][T18010]  ? local_bh_enable+0x1b/0x20
[ 3022.479586][T18010]  ? __dev_queue_xmit+0x597/0xf70
[ 3022.484699][T18010]  ? __skb_clone+0x2db/0x300
[ 3022.489311][T18010]  ? __rcu_read_unlock+0x5c/0x290
[ 3022.494338][T18010]  netlink_rcv_skb+0x14e/0x250
[ 3022.499124][T18010]  ? rtnetlink_bind+0x60/0x60
[ 3022.503804][T18010]  rtnetlink_rcv+0x18/0x20
[ 3022.508311][T18010]  netlink_unicast+0x5fc/0x6c0
[ 3022.513164][T18010]  netlink_sendmsg+0x6e1/0x7d0
[ 3022.517936][T18010]  ? netlink_getsockopt+0x720/0x720
[ 3022.523156][T18010]  ____sys_sendmsg+0x39a/0x510
[ 3022.527973][T18010]  __sys_sendmsg+0x195/0x230
[ 3022.532581][T18010]  ? __xfrm_init_state+0x350/0x820
[ 3022.537711][T18010]  __x64_sys_sendmsg+0x42/0x50
[ 3022.542496][T18010]  do_syscall_64+0x44/0xd0
[ 3022.546919][T18010]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3022.552869][T18010] RIP: 0033:0x7f2ab072eae9
[ 3022.557387][T18010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3022.577285][T18010] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3022.585764][T18010] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 3022.593753][T18010] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3022.602018][T18010] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 3022.610022][T18010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3022.618080][T18010] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 3022.626209][T18010]  </TASK>
[ 3022.629237][T18010] ---[ end trace e45544a13c7e480a ]---
[ 3022.636335][T18010] ------------[ cut here ]------------
[ 3022.641809][T18010] WARNING: CPU: 0 PID: 18010 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 3022.651313][T18010] Modules linked in:
[ 3022.655214][T18010] CPU: 0 PID: 18010 Comm: syz-executor.2 Tainted: G        W         5.15.0-syzkaller #0
[ 3022.665084][T18010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3022.675191][T18010] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 3022.680945][T18010] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 3022.700583][T18010] RSP: 0000:ffffc9000bcfb5d8 EFLAGS: 00010246
[ 3022.706905][T18010] RAX: ffffffff83b414a7 RBX: ffff88813abc68a0 RCX: 0000000000040000
[ 3022.714895][T18010] RDX: ffffc90007ee9000 RSI: 000000000003ffff RDI: 0000000000040000
[ 3022.722888][T18010] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 3022.730904][T18010] R10: 0001ffffffffffff R11: 000188813abc68a0 R12: ffff88813abc6850
[ 3022.738880][T18010] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88813abc6800
[ 3022.746891][T18010] FS:  00007f2aae463700(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
[ 3022.755851][T18010] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3022.762574][T18010] CR2: 0000000000457ae0 CR3: 0000000105941000 CR4: 00000000003506f0
[ 3022.770626][T18010] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3022.778773][T18010] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3022.786770][T18010] Call Trace:
[ 3022.790066][T18010]  <TASK>
[ 3022.793012][T18010]  tcf_block_put_ext+0xe5/0x180
[ 3022.797878][T18010]  tcf_block_put+0x4c/0x70
[ 3022.802320][T18010]  cake_destroy+0x2d/0x50
[ 3022.806726][T18010]  ? cake_reset+0x5d0/0x5d0
[ 3022.811259][T18010]  qdisc_create+0xa82/0xd10
[ 3022.815784][T18010]  ? __nla_parse+0x3c/0x50
[ 3022.820282][T18010]  tc_modify_qdisc+0x64a/0x10b0
[ 3022.825184][T18010]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3022.831124][T18010]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3022.836073][T18010]  ? ___cache_free+0x46/0x300
[ 3022.840793][T18010]  ? packet_rcv+0xc3/0x9d0
[ 3022.845206][T18010]  ? __kfree_skb+0xfe/0x150
[ 3022.849783][T18010]  ? kmem_cache_free+0x5e/0x100
[ 3022.854633][T18010]  ? __kfree_skb+0xfe/0x150
[ 3022.859256][T18010]  ? consume_skb+0x48/0x160
[ 3022.863765][T18010]  ? nlmon_xmit+0x5f/0x70
[ 3022.868114][T18010]  ? __this_cpu_preempt_check+0x18/0x20
[ 3022.873692][T18010]  ? __local_bh_enable_ip+0x4d/0x70
[ 3022.878922][T18010]  ? local_bh_enable+0x1b/0x20
[ 3022.883735][T18010]  ? __dev_queue_xmit+0x597/0xf70
[ 3022.888835][T18010]  ? __skb_clone+0x2db/0x300
[ 3022.893443][T18010]  ? __rcu_read_unlock+0x5c/0x290
[ 3022.898467][T18010]  netlink_rcv_skb+0x14e/0x250
[ 3022.903265][T18010]  ? rtnetlink_bind+0x60/0x60
[ 3022.908023][T18010]  rtnetlink_rcv+0x18/0x20
[ 3022.912502][T18010]  netlink_unicast+0x5fc/0x6c0
[ 3022.917270][T18010]  netlink_sendmsg+0x6e1/0x7d0
[ 3022.922062][T18010]  ? netlink_getsockopt+0x720/0x720
[ 3022.927385][T18010]  ____sys_sendmsg+0x39a/0x510
[ 3022.932187][T18010]  __sys_sendmsg+0x195/0x230
[ 3022.936856][T18010]  ? __xfrm_init_state+0x350/0x820
[ 3022.942024][T18010]  __x64_sys_sendmsg+0x42/0x50
[ 3022.946794][T18010]  do_syscall_64+0x44/0xd0
[ 3022.951335][T18010]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3022.957259][T18010] RIP: 0033:0x7f2ab072eae9
[ 3022.961697][T18010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3022.981328][T18010] RSP: 002b:00007f2aae463188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3022.989815][T18010] RAX: ffffffffffffffda RBX: 00007f2ab08420e0 RCX: 00007f2ab072eae9
[ 3022.997821][T18010] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3023.005825][T18010] RBP: 00007f2ab0788f6d R08: 0000000000000000 R09: 0000000000000000
[ 3023.013818][T18010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3023.021808][T18010] R13: 00007ffc9c92452f R14: 00007f2aae463300 R15: 0000000000022000
[ 3023.029806][T18010]  </TASK>
[ 3023.032818][T18010] ---[ end trace e45544a13c7e480b ]---
19:10:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xc863}}, {0x4}}]}]}, 0x68}}, 0x0)

19:10:57 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:11:29 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7]}]}}]}, 0x434}}, 0x0)

[ 3093.360196][T18123] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3096.139082][T18123] warn_alloc: 1 callbacks suppressed
[ 3096.139147][T18123] syz-executor.0: vmalloc error: size 778240, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 3096.160833][T18123] CPU: 0 PID: 18123 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 3096.170648][T18123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3096.180791][T18123] Call Trace:
[ 3096.184072][T18123]  <TASK>
[ 3096.186993][T18123]  dump_stack_lvl+0xd6/0x122
[ 3096.191586][T18123]  dump_stack+0x11/0x1b
[ 3096.195756][T18123]  warn_alloc+0x132/0x190
[ 3096.200095][T18123]  __vmalloc_node_range+0x58b/0x690
[ 3096.205419][T18123]  ? cake_init+0x20d/0x640
[ 3096.209849][T18123]  __vmalloc_node+0x61/0x70
[ 3096.214441][T18123]  ? cake_init+0x20d/0x640
[ 3096.218868][T18123]  kvmalloc_node+0xd2/0x110
[ 3096.223396][T18123]  cake_init+0x20d/0x640
[ 3096.227668][T18123]  ? gnet_stats_basic_sync_init+0x21/0x30
[ 3096.233385][T18123]  ? qdisc_alloc+0x334/0x3c0
[ 3096.238021][T18123]  ? qdisc_lookup+0x20c/0x2e0
[ 3096.242698][T18123]  ? qdisc_peek_dequeued+0x140/0x140
[ 3096.248004][T18123]  qdisc_create+0x5f4/0xd10
[ 3096.252572][T18123]  ? __nla_parse+0x3c/0x50
[ 3096.256970][T18123]  tc_modify_qdisc+0x64a/0x10b0
[ 3096.261824][T18123]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3096.267802][T18123]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3096.272729][T18123]  ? ___cache_free+0x46/0x300
[ 3096.277469][T18123]  ? packet_rcv+0xc3/0x9d0
[ 3096.281883][T18123]  ? __kfree_skb+0xfe/0x150
[ 3096.286377][T18123]  ? kmem_cache_free+0x5e/0x100
[ 3096.291260][T18123]  ? __kfree_skb+0xfe/0x150
[ 3096.295800][T18123]  ? consume_skb+0x48/0x160
[ 3096.300336][T18123]  ? nlmon_xmit+0x5f/0x70
[ 3096.304659][T18123]  ? __this_cpu_preempt_check+0x18/0x20
[ 3096.310259][T18123]  ? __local_bh_enable_ip+0x4d/0x70
[ 3096.315459][T18123]  ? local_bh_enable+0x1b/0x20
[ 3096.320312][T18123]  ? __dev_queue_xmit+0x597/0xf70
[ 3096.325333][T18123]  ? __skb_clone+0x2db/0x300
[ 3096.329902][T18123]  ? __rcu_read_unlock+0x5c/0x290
[ 3096.334907][T18123]  netlink_rcv_skb+0x14e/0x250
[ 3096.339656][T18123]  ? rtnetlink_bind+0x60/0x60
[ 3096.344406][T18123]  rtnetlink_rcv+0x18/0x20
[ 3096.348827][T18123]  netlink_unicast+0x5fc/0x6c0
[ 3096.353741][T18123]  netlink_sendmsg+0x6e1/0x7d0
[ 3096.358560][T18123]  ? netlink_getsockopt+0x720/0x720
[ 3096.363872][T18123]  ____sys_sendmsg+0x39a/0x510
[ 3096.368727][T18123]  __sys_sendmsg+0x195/0x230
[ 3096.373399][T18123]  ? __xfrm_init_state+0x350/0x820
[ 3096.378493][T18123]  __x64_sys_sendmsg+0x42/0x50
[ 3096.383249][T18123]  do_syscall_64+0x44/0xd0
[ 3096.387669][T18123]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3096.393542][T18123] RIP: 0033:0x7f0da0d09ae9
[ 3096.397963][T18123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3096.417570][T18123] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3096.425960][T18123] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 3096.433930][T18123] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3096.441894][T18123] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 3096.449849][T18123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3096.457891][T18123] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 3096.465907][T18123]  </TASK>
[ 3096.469003][T18123] Mem-Info:
[ 3096.472192][T18123] active_anon:10673 inactive_anon:99956 isolated_anon:0
[ 3096.472192][T18123]  active_file:196 inactive_file:242 isolated_file:0
[ 3096.472192][T18123]  unevictable:0 dirty:4 writeback:0
[ 3096.472192][T18123]  slab_reclaimable:7061 slab_unreclaimable:1742467
[ 3096.472192][T18123]  mapped:52537 shmem:364 pagetables:5277 bounce:0
[ 3096.472192][T18123]  kernel_misc_reclaimable:0
[ 3096.472192][T18123]  free:12957 free_pcp:143 free_cma:0
[ 3096.513521][T18123] Node 0 active_anon:42692kB inactive_anon:399824kB active_file:784kB inactive_file:968kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:210148kB dirty:16kB writeback:0kB shmem:1456kB writeback_tmp:0kB kernel_stack:5248kB pagetables:21108kB all_unreclaimable? yes
[ 3096.539840][T18123] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3096.566629][T18123] lowmem_reserve[]: 0 2896 7874 7874
[ 3096.571926][T18123] Node 0 DMA32 free:23428kB boost:0kB min:4172kB low:7136kB high:10100kB reserved_highatomic:4096KB active_anon:0kB inactive_anon:916kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2970776kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 3096.600313][T18123] lowmem_reserve[]: 0 0 4978 4978
[ 3096.605549][T18123] Node 0 Normal free:13040kB boost:0kB min:7172kB low:12268kB high:17364kB reserved_highatomic:4096KB active_anon:42692kB inactive_anon:398908kB active_file:656kB inactive_file:996kB unevictable:0kB writepending:4kB present:5242880kB managed:5098248kB mlocked:0kB bounce:0kB free_pcp:572kB local_pcp:288kB free_cma:0kB
[ 3096.635343][T18123] lowmem_reserve[]: 0 0 0 0
[ 3096.639889][T18123] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 3096.652509][T18123] Node 0 DMA32: 359*4kB (UME) 195*8kB (UME) 69*16kB (UME) 48*32kB (UME) 20*64kB (UME) 5*128kB (ME) 4*256kB (M) 3*512kB (UME) 3*1024kB (M) 3*2048kB (ME) 1*4096kB (M) = 23428kB
[ 3096.670142][T18123] Node 0 Normal: 1869*4kB (UME) 488*8kB (UME) 76*16kB (UM) 6*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12788kB
[ 3096.684526][T18123] Node 0 hugepages_total=4 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 3096.693796][T18123] 827 total pagecache pages
[ 3096.698359][T18123] 0 pages in swap cache
[ 3096.702542][T18123] Swap cache stats: add 0, delete 0, find 0/0
[ 3096.708583][T18123] Free swap  = 0kB
[ 3096.712286][T18123] Total swap = 0kB
[ 3096.715984][T18123] 2097051 pages RAM
[ 3096.719787][T18123] 0 pages HighMem/MovableOnly
[ 3096.724460][T18123] 75955 pages reserved
[ 3096.729835][T18123] ------------[ cut here ]------------
[ 3096.735355][T18123] WARNING: CPU: 1 PID: 18123 at net/sched/cls_api.c:825 tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 3096.745981][T18123] Modules linked in:
[ 3096.749887][T18123] CPU: 1 PID: 18123 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 3096.759699][T18123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3096.769767][T18123] RIP: 0010:tcf_chain0_head_change_cb_del+0xef/0x1e0
[ 3096.776578][T18123] Code: 83 fd 48 8b 1b 4c 39 e3 74 13 e8 7c a2 72 fd 4d 85 ed 75 87 eb 95 e8 70 a2 72 fd eb 05 e8 69 a2 72 fd 4c 89 f7 e8 e1 da e1 00 <0f> 0b e9 d7 00 00 00 e8 55 a2 72 fd eb 05 e8 4e a2 72 fd 49 8d be
[ 3096.796299][T18123] RSP: 0000:ffffc9000be775f0 EFLAGS: 00010246
[ 3096.802406][T18123] RAX: ffff888103fb9000 RBX: ffff88813fe388b0 RCX: 0000000000000000
[ 3096.810438][T18123] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: ffff88813fe38800
[ 3096.818495][T18123] RBP: ffffc9000be77738 R08: 000188813fe388b7 R09: 0000000000000000
[ 3096.826510][T18123] R10: 0001c90000a77bd0 R11: 0001ffffffffffff R12: ffff88813fe388b0
[ 3096.834493][T18123] R13: ffffffff85ec3720 R14: ffff88813fe38800 R15: ffffc9000be77668
[ 3096.842540][T18123] FS:  00007f0d9ea80700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 3096.851485][T18123] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3096.858101][T18123] CR2: 000000000043cf00 CR3: 0000000103ffb000 CR4: 00000000003506e0
[ 3096.866097][T18123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3096.874094][T18123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3096.882136][T18123] Call Trace:
[ 3096.885489][T18123]  <TASK>
[ 3096.888402][T18123]  tcf_block_put_ext+0x2d/0x180
[ 3096.893376][T18123]  tcf_block_put+0x4c/0x70
[ 3096.897848][T18123]  cake_destroy+0x2d/0x50
[ 3096.902218][T18123]  ? cake_reset+0x5d0/0x5d0
[ 3096.906730][T18123]  qdisc_create+0xa82/0xd10
[ 3096.911274][T18123]  ? __nla_parse+0x3c/0x50
[ 3096.915958][T18123]  tc_modify_qdisc+0x64a/0x10b0
[ 3096.920841][T18123]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3096.926748][T18123]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3096.931706][T18123]  ? ___cache_free+0x46/0x300
[ 3096.936418][T18123]  ? packet_rcv+0xc3/0x9d0
[ 3096.940893][T18123]  ? __kfree_skb+0xfe/0x150
[ 3096.945405][T18123]  ? kmem_cache_free+0x5e/0x100
[ 3096.950540][T18123]  ? __kfree_skb+0xfe/0x150
[ 3096.955138][T18123]  ? consume_skb+0x48/0x160
[ 3096.959732][T18123]  ? nlmon_xmit+0x5f/0x70
[ 3096.964119][T18123]  ? __this_cpu_preempt_check+0x18/0x20
[ 3096.969821][T18123]  ? __local_bh_enable_ip+0x4d/0x70
[ 3096.975120][T18123]  ? local_bh_enable+0x1b/0x20
[ 3096.979908][T18123]  ? __dev_queue_xmit+0x597/0xf70
[ 3096.984922][T18123]  ? __skb_clone+0x2db/0x300
[ 3096.989614][T18123]  ? __rcu_read_unlock+0x5c/0x290
[ 3096.994639][T18123]  netlink_rcv_skb+0x14e/0x250
[ 3096.999434][T18123]  ? rtnetlink_bind+0x60/0x60
[ 3097.007227][T18123]  rtnetlink_rcv+0x18/0x20
[ 3097.011649][T18123]  netlink_unicast+0x5fc/0x6c0
[ 3097.016437][T18123]  netlink_sendmsg+0x6e1/0x7d0
[ 3097.021374][T18123]  ? netlink_getsockopt+0x720/0x720
[ 3097.026615][T18123]  ____sys_sendmsg+0x39a/0x510
[ 3097.031451][T18123]  __sys_sendmsg+0x195/0x230
[ 3097.036037][T18123]  ? __xfrm_init_state+0x350/0x820
[ 3097.041194][T18123]  __x64_sys_sendmsg+0x42/0x50
[ 3097.046024][T18123]  do_syscall_64+0x44/0xd0
[ 3097.050947][T18123]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3097.056879][T18123] RIP: 0033:0x7f0da0d09ae9
[ 3097.061348][T18123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3097.080967][T18123] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3097.089398][T18123] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 3097.097364][T18123] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3097.105399][T18123] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 3097.113411][T18123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3097.121470][T18123] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 3097.129481][T18123]  </TASK>
[ 3097.132491][T18123] ---[ end trace e45544a13c7e480c ]---
[ 3097.138472][T18123] ------------[ cut here ]------------
[ 3097.143951][T18123] WARNING: CPU: 1 PID: 18123 at net/sched/cls_api.c:1298 tcf_block_put_ext+0xd0/0x180
[ 3097.153568][T18123] Modules linked in:
[ 3097.157450][T18123] CPU: 1 PID: 18123 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 3097.167357][T18123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3097.177465][T18123] RIP: 0010:tcf_block_put_ext+0xd0/0x180
[ 3097.183124][T18123] Code: 76 f0 83 fd 48 8b 1b 48 39 eb 74 0e e8 f9 9f 72 fd eb a7 e8 f2 9f 72 fd eb 25 e8 eb 9f 72 fd eb 05 e8 e4 9f 72 fd 48 8b 2c 24 <0f> 0b 4c 89 ff 4c 89 e6 48 89 ea b9 01 00 00 00 e8 9b 00 00 00 48
[ 3097.202851][T18123] RSP: 0000:ffffc9000be77628 EFLAGS: 00010246
[ 3097.208903][T18123] RAX: ffffffff83b40f4c RBX: ffff88813fe38888 RCX: 0000000000040000
[ 3097.216887][T18123] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 3097.225499][T18123] RBP: ffffc9000be77668 R08: 000188813fe3888f R09: 0000000000000000
[ 3097.233856][T18123] R10: 0001c90000a77bd0 R11: 0001ffffffffffff R12: ffff888109b60000
[ 3097.241863][T18123] R13: 0000000000000000 R14: ffffc9000be777f0 R15: ffff88813fe38800
[ 3097.249970][T18123] FS:  00007f0d9ea80700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 3097.258896][T18123] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3097.265640][T18123] CR2: 000000000043cf00 CR3: 0000000103ffb000 CR4: 00000000003506e0
[ 3097.273619][T18123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3097.281643][T18123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3097.289656][T18123] Call Trace:
[ 3097.292934][T18123]  <TASK>
[ 3097.295848][T18123]  tcf_block_put+0x4c/0x70
[ 3097.300293][T18123]  cake_destroy+0x2d/0x50
[ 3097.304669][T18123]  ? cake_reset+0x5d0/0x5d0
[ 3097.309179][T18123]  qdisc_create+0xa82/0xd10
[ 3097.313686][T18123]  ? __nla_parse+0x3c/0x50
[ 3097.318086][T18123]  tc_modify_qdisc+0x64a/0x10b0
[ 3097.323039][T18123]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3097.328920][T18123]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3097.333865][T18123]  ? ___cache_free+0x46/0x300
[ 3097.338536][T18123]  ? packet_rcv+0xc3/0x9d0
[ 3097.342955][T18123]  ? __kfree_skb+0xfe/0x150
[ 3097.347443][T18123]  ? kmem_cache_free+0x5e/0x100
[ 3097.352400][T18123]  ? __kfree_skb+0xfe/0x150
[ 3097.356959][T18123]  ? consume_skb+0x48/0x160
[ 3097.361470][T18123]  ? nlmon_xmit+0x5f/0x70
[ 3097.365835][T18123]  ? __this_cpu_preempt_check+0x18/0x20
[ 3097.371387][T18123]  ? __local_bh_enable_ip+0x4d/0x70
[ 3097.376643][T18123]  ? local_bh_enable+0x1b/0x20
[ 3097.381419][T18123]  ? __dev_queue_xmit+0x597/0xf70
[ 3097.386484][T18123]  ? __skb_clone+0x2db/0x300
[ 3097.391169][T18123]  ? __rcu_read_unlock+0x5c/0x290
[ 3097.396187][T18123]  netlink_rcv_skb+0x14e/0x250
[ 3097.400957][T18123]  ? rtnetlink_bind+0x60/0x60
[ 3097.405618][T18123]  rtnetlink_rcv+0x18/0x20
[ 3097.410036][T18123]  netlink_unicast+0x5fc/0x6c0
[ 3097.414797][T18123]  netlink_sendmsg+0x6e1/0x7d0
[ 3097.419588][T18123]  ? netlink_getsockopt+0x720/0x720
[ 3097.424784][T18123]  ____sys_sendmsg+0x39a/0x510
[ 3097.429590][T18123]  __sys_sendmsg+0x195/0x230
[ 3097.434245][T18123]  ? __xfrm_init_state+0x350/0x820
[ 3097.439381][T18123]  __x64_sys_sendmsg+0x42/0x50
[ 3097.444137][T18123]  do_syscall_64+0x44/0xd0
[ 3097.448537][T18123]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3097.454564][T18123] RIP: 0033:0x7f0da0d09ae9
[ 3097.458965][T18123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3097.478610][T18123] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3097.487052][T18123] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 3097.495052][T18123] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3097.503039][T18123] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 3097.511038][T18123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3097.519013][T18123] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 3097.527027][T18123]  </TASK>
[ 3097.530065][T18123] ---[ end trace e45544a13c7e480d ]---
[ 3097.536892][T18123] ------------[ cut here ]------------
[ 3097.542365][T18123] WARNING: CPU: 1 PID: 18123 at net/sched/cls_api.c:756 __tcf_block_put+0x4a7/0x4b0
[ 3097.551843][T18123] Modules linked in:
[ 3097.555761][T18123] CPU: 1 PID: 18123 Comm: syz-executor.0 Tainted: G        W         5.15.0-syzkaller #0
[ 3097.565573][T18123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3097.575668][T18123] RIP: 0010:__tcf_block_put+0x4a7/0x4b0
[ 3097.581323][T18123] Code: 2f d3 e1 00 4c 89 f7 31 f6 31 d2 e8 53 e2 ff ff eb d6 e8 9c 9a 72 fd eb cf e8 95 9a 72 fd 0f 0b e9 b9 fd ff ff e8 89 9a 72 fd <0f> 0b e9 6b fe ff ff 66 90 53 48 83 ec 28 48 89 fb 65 48 8b 04 25
[ 3097.601048][T18123] RSP: 0000:ffffc9000be775d8 EFLAGS: 00010246
[ 3097.607096][T18123] RAX: ffffffff83b414a7 RBX: ffff88813fe388a0 RCX: 0000000000040000
[ 3097.615197][T18123] RDX: ffffc90001239000 RSI: 000000000003ffff RDI: 0000000000040000
[ 3097.623200][T18123] RBP: 0000000000000000 R08: ffffffff83b41224 R09: 0000000000000000
[ 3097.631219][T18123] R10: 0001ffffffffffff R11: 000188813fe388a0 R12: ffff88813fe38850
[ 3097.639245][T18123] R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88813fe38800
[ 3097.647216][T18123] FS:  00007f0d9ea80700(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
[ 3097.656210][T18123] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3097.662814][T18123] CR2: 000000000043cf00 CR3: 0000000103ffb000 CR4: 00000000003506e0
[ 3097.670977][T18123] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3097.679287][T18123] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3097.687321][T18123] Call Trace:
[ 3097.690766][T18123]  <TASK>
[ 3097.693773][T18123]  tcf_block_put_ext+0xe5/0x180
[ 3097.698670][T18123]  tcf_block_put+0x4c/0x70
[ 3097.703108][T18123]  cake_destroy+0x2d/0x50
[ 3097.707437][T18123]  ? cake_reset+0x5d0/0x5d0
[ 3097.711942][T18123]  qdisc_create+0xa82/0xd10
[ 3097.716763][T18123]  ? __nla_parse+0x3c/0x50
[ 3097.721202][T18123]  tc_modify_qdisc+0x64a/0x10b0
[ 3097.726043][T18123]  ? qdisc_offload_graft_helper+0x190/0x190
[ 3097.731967][T18123]  rtnetlink_rcv_msg+0x745/0x7e0
[ 3097.736916][T18123]  ? ___cache_free+0x46/0x300
[ 3097.741601][T18123]  ? packet_rcv+0xc3/0x9d0
[ 3097.746136][T18123]  ? __kfree_skb+0xfe/0x150
[ 3097.750881][T18123]  ? kmem_cache_free+0x5e/0x100
[ 3097.755731][T18123]  ? __kfree_skb+0xfe/0x150
[ 3097.760298][T18123]  ? consume_skb+0x48/0x160
[ 3097.764822][T18123]  ? nlmon_xmit+0x5f/0x70
[ 3097.769162][T18123]  ? __this_cpu_preempt_check+0x18/0x20
[ 3097.774727][T18123]  ? __local_bh_enable_ip+0x4d/0x70
[ 3097.779940][T18123]  ? local_bh_enable+0x1b/0x20
[ 3097.784767][T18123]  ? __dev_queue_xmit+0x597/0xf70
[ 3097.789884][T18123]  ? __skb_clone+0x2db/0x300
[ 3097.794521][T18123]  ? __rcu_read_unlock+0x5c/0x290
[ 3097.799543][T18123]  netlink_rcv_skb+0x14e/0x250
[ 3097.804364][T18123]  ? rtnetlink_bind+0x60/0x60
[ 3097.809096][T18123]  rtnetlink_rcv+0x18/0x20
[ 3097.813544][T18123]  netlink_unicast+0x5fc/0x6c0
[ 3097.818326][T18123]  netlink_sendmsg+0x6e1/0x7d0
[ 3097.823145][T18123]  ? netlink_getsockopt+0x720/0x720
[ 3097.828362][T18123]  ____sys_sendmsg+0x39a/0x510
[ 3097.833202][T18123]  __sys_sendmsg+0x195/0x230
[ 3097.837859][T18123]  ? __xfrm_init_state+0x350/0x820
[ 3097.843027][T18123]  __x64_sys_sendmsg+0x42/0x50
[ 3097.847869][T18123]  do_syscall_64+0x44/0xd0
[ 3097.852306][T18123]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 3097.858293][T18123] RIP: 0033:0x7f0da0d09ae9
[ 3097.862715][T18123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 3097.882653][T18123] RSP: 002b:00007f0d9ea80188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 3097.891153][T18123] RAX: ffffffffffffffda RBX: 00007f0da0e1cf60 RCX: 00007f0da0d09ae9
[ 3097.899129][T18123] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[ 3097.907088][T18123] RBP: 00007f0da0d63f6d R08: 0000000000000000 R09: 0000000000000000
[ 3097.915079][T18123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 3097.923056][T18123] R13: 00007ffc810aceef R14: 00007f0d9ea80300 R15: 0000000000022000
[ 3097.931036][T18123]  </TASK>
[ 3097.934050][T18123] ---[ end trace e45544a13c7e480e ]---
19:11:50 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x34000}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3126.082720][T18125] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 3128.419861][T18125] netlink: 'syz-executor.3': attribute type 2 has an invalid length.
[ 3128.428340][T18125] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 3273.567003][T16029] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
19:14:40 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}]}}]}, 0x434}}, 0x0)

19:14:40 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:40 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@target={'target ', {'PCI:', '15', ':', '1c', ':', '9', '.', 'f'}}, 0x15)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB="d5f7a439012789384090ce5d9c7baa4438000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010063616b650000000004000200"], 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x12, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}]}}]}, 0x434}}, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000900)={0x1, &(0x7f0000000800)="bb6ab5ce92bb0b32db95912b55f1b300209262a0e0573c485ebd939a144f58db510caa3dbdf4606a71e2fbbcca4f3f93122e4abae43feb8e6f6adf938daf4b0ec1ad43f8be7f82712e25330bcf66760f649b7321df80c44effcd4c3ed64785819fdb0d245bcf7fe1f6fd1550037a7083fc81561f2109bac5c28cf6c3d45dac0a4ff3868d381201aba97c71ff0d21a3325339221b0297a22ab1b4c06e20aa6edf33dac37ba4c6d43bcbd50cfc1d0ef55f7f430300958509a399b12851e28713cc3c8d446ede22afaf77d0738e8e0bb82faa44d2e27dce5eefe7abb82037b39d0f967e6398320b90b532", &(0x7f0000000740)=@buf="d7ddf797e6c056c0795ca8c0839bb16a64aa71617f31446d2a90e96894c2192bec14b7a8d01b7d4d30d4a612e81382e206d4", 0x2}, 0x20)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/ip_vs\x00')
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000340)=@bpf_ext={0x1c, 0xd, &(0x7f0000000000)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x4}, @map_val={0x18, 0xb, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @generic={0x1, 0x3, 0x7, 0x101, 0x8}, @map_val={0x18, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x2}, @exit, @call={0x85, 0x0, 0x0, 0x65}, @alu={0x4, 0x1, 0x6, 0xb, 0x5, 0x8, 0xffffffffffffffff}, @jmp={0x5, 0x1, 0x7, 0xb, 0x0, 0x18, 0x4}, @jmp={0x5, 0x1, 0x3, 0x1, 0xb, 0x100, 0x10}], &(0x7f00000000c0)='GPL\x00', 0x7a7, 0xc0, &(0x7f0000000200)=""/192, 0x41000, 0x10, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x0, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0xe, 0x3f, 0x2}, 0x10, 0x80, r6}, 0x78)

[ 3273.673344][T16029] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3273.684350][T18180] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
19:14:40 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

19:14:40 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}]}}]}, 0x434}}, 0x0)

19:14:40 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x400300}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3273.724402][T18283] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[ 3273.734948][T18283] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3273.744917][T18283] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
19:14:40 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}]}}]}, 0x434}}, 0x0)

[ 3273.775078][T16029] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3273.806094][T18285] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
19:14:40 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x1000000}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3273.850854][T18290] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 3273.870944][T18394] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
19:14:40 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x2000000}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3273.930868][T16029] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 3273.972739][T18323] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
19:14:40 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
recvmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000200)=@abs, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000280)=""/221, 0xdd}], 0x1, &(0x7f0000000380)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, <r0=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [<r1=>0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf8}, 0x10000)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r1, 0x89fa, &(0x7f0000000540)={'syztnl1\x00', &(0x7f00000004c0)={'syztnl2\x00', <r2=>0x0, 0x2f, 0xff, 0x3f, 0x9, 0x1a, @mcast1, @private1, 0x1, 0x11}})
r3 = socket(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=ANY=[@ANYBLOB="3404000024000100"/20, @ANYRES32=r7, @ANYBLOB="00000000ffffffff0000000008000800746266000804020004041200"/1052], 0x434}}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000580)={0x2f8, 0x0, 0x800, 0x70bd27, 0x25dfdbfe, {}, [{{0x8}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8}, {0x250, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r7}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x2f8}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='ext4_request_blocks\x00', r0}, 0x10)

[ 3274.016113][T18285] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 3274.024475][T18285] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3274.050190][T18500] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
19:14:40 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}]}}]}, 0x434}}, 0x0)

[ 3274.085650][T18746] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 3274.103812][T18808] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
19:14:40 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x3000000}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3274.129808][T18744] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
19:14:40 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000]}]}}]}, 0x434}}, 0x0)

19:14:40 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x4000000}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:40 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 3274.217132][   T24] audit: type=1400 audit(1636744480.910:199774): avc:  denied  { search } for  pid=1476 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 3274.315980][T18746] netlink: 'syz-executor.5': attribute type 18 has an invalid length.
[ 3274.417248][T19040] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[ 3274.448578][T19007] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 3274.513942][T19130] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 3274.600239][   T24] audit: type=1400 audit(1636744481.300:199775): avc:  denied  { read } for  pid=19229 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=337 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 3274.623521][   T24] audit: type=1400 audit(1636744481.300:199776): avc:  denied  { open } for  pid=19229 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=337 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 3274.648809][   T24] audit: type=1400 audit(1636744481.300:199777): avc:  denied  { getattr } for  pid=19229 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=337 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 3274.736974][   T24] audit: type=1400 audit(1636744481.430:199778): avc:  denied  { write } for  pid=19228 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=336 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 3274.760344][   T24] audit: type=1400 audit(1636744481.430:199779): avc:  denied  { add_name } for  pid=19228 comm="dhcpcd-run-hook" name="resolv.conf.eth6.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 3274.801740][   T24] audit: type=1400 audit(1636744481.500:199780): avc:  denied  { remove_name } for  pid=19239 comm="rm" name="resolv.conf.eth6.link" dev="tmpfs" ino=137569 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 3275.079178][T16029] IPVS: stopping backup sync thread 17321 ...
[ 3275.170207][T16029] device hsr_slave_0 left promiscuous mode
[ 3275.176523][T16029] device hsr_slave_1 left promiscuous mode
[ 3275.190176][T16029] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 3275.198999][T16029] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 3275.230301][T16029] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 3275.238834][T16029] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 3275.273197][T16029] device bridge_slave_1 left promiscuous mode
[ 3275.279411][T16029] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3275.300545][T16029] device bridge_slave_0 left promiscuous mode
[ 3275.306714][T16029] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3275.481364][T16029] device veth1_macvtap left promiscuous mode
[ 3275.487481][T16029] device veth0_macvtap left promiscuous mode
[ 3275.493523][T16029] device veth1_vlan left promiscuous mode
[ 3275.499278][T16029] device veth0_vlan left promiscuous mode
[ 3282.620232][T16029] team0 (unregistering): Port device team_slave_1 removed
[ 3282.634537][T16029] team0 (unregistering): Port device team_slave_0 removed
[ 3282.648317][T16029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 3282.664284][T16029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 3282.727949][T16029] bond0 (unregistering): Released all slaves
[ 3282.860912][T19272] lo speed is unknown, defaulting to 1000
[ 3282.956350][T19272] chnl_net:caif_netlink_parms(): no params data found
[ 3283.010250][T19272] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3283.017289][T19272] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3283.027909][T19272] device bridge_slave_0 entered promiscuous mode
[ 3283.037546][T19272] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3283.044626][T19272] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3283.055148][T19272] device bridge_slave_1 entered promiscuous mode
[ 3283.098586][T19272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 3283.115516][T19272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 3283.154496][T19272] team0: Port device team_slave_0 added
[ 3283.174092][T19272] team0: Port device team_slave_1 added
[ 3283.201215][T19272] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 3283.208162][T19272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3283.234643][T19272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 3283.249911][T19272] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 3283.256861][T19272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 3283.282869][T19272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 3283.319087][T19272] device hsr_slave_0 entered promiscuous mode
[ 3283.329253][T19272] device hsr_slave_1 entered promiscuous mode
[ 3283.339143][T19272] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 3283.346701][T19272] Cannot create hsr debugfs directory
[ 3283.443286][T19272] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3283.450356][T19272] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3283.457663][T19272] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3283.464714][T19272] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3283.523994][T19272] 8021q: adding VLAN 0 to HW filter on device bond0
[ 3283.545541][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 3283.555949][T18009] bridge0: port 1(bridge_slave_0) entered disabled state
[ 3283.565447][T18009] bridge0: port 2(bridge_slave_1) entered disabled state
[ 3283.589382][T19272] 8021q: adding VLAN 0 to HW filter on device team0
[ 3283.611858][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 3283.620216][T18009] bridge0: port 1(bridge_slave_0) entered blocking state
[ 3283.627232][T18009] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 3283.635977][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 3283.644336][T18009] bridge0: port 2(bridge_slave_1) entered blocking state
[ 3283.651504][T18009] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 3283.685542][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 3283.694843][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 3283.722263][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 3283.732140][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 3283.741474][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 3283.755158][T19272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 3283.780441][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 3283.788924][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 3283.798741][T19272] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 3283.876035][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 3283.885675][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 3283.949321][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 3283.958685][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 3283.972901][T19272] device veth0_vlan entered promiscuous mode
[ 3283.985629][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 3283.994396][T18009] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 3284.007369][T19272] device veth1_vlan entered promiscuous mode
[ 3284.035033][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 3284.043998][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 3284.052978][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 3284.062665][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 3284.077459][T19272] device veth0_macvtap entered promiscuous mode
[ 3284.089752][T19272] device veth1_macvtap entered promiscuous mode
[ 3284.116753][T19272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 3284.127221][T19272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3284.137048][T19272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 3284.147469][T19272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3284.157273][T19272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 3284.167686][T19272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3284.178205][T19272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 3284.188637][T19272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3284.201554][T19272] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 3284.209935][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 3284.218964][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 3284.228114][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 3284.237632][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 3284.253437][T19272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 3284.263894][T19272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3284.273693][T19272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 3284.284143][T19272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3284.293956][T19272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 3284.304621][T19272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3284.314440][T19272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 3284.324852][T19272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 3284.337685][T19272] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 3284.346260][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 3284.355761][T15152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
19:14:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x8000000}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3284.414086][T19403] __nla_validate_parse: 8 callbacks suppressed
[ 3284.414102][T19403] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
19:14:51 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:51 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4040000]}]}}]}, 0x434}}, 0x0)

19:14:51 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x400c00)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x2, &(0x7f0000000080)=@raw=[@map_val={0x18, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x7}], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:51 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

19:14:51 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}}]}, 0x434}}, 0x0)

[ 3284.495123][T19495] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[ 3284.504560][T19508] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
19:14:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xc000000}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3284.549760][T19497] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3284.584735][T19488] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
19:14:51 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

19:14:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xf000000}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:51 executing program 5:
r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x2711}, 0x10, 0x40400)
ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000200)={{r0}, 0x0, 0x8, @unused=[0x100, 0x2, 0x3, 0xfff], @name="35febff64351cc84ab6e091b20643c21e5d5ec30c2427e5de8b2eea88ebfb8229cf5b7b16c6393042b74b2cb307c0798cb48f37d143b408f563123ec997149199b1d14938bafee2a45a4e016a71b01c5b569335a49319fe4660ddc0d3d0baa0f1c8a0084fe220b4c3ba7e269ad1c99f82011ff0a3f70335abf7ac7d3bbbeb45be38fa15d7540180224bed8016ebdb89ed7b79faf7f1c79494f77497558eb78082b1ea313b1017c7dd0a201288e774c1efb03724045b89b06f05ae11baf74eb72d11900ee2a25b6707b63e19f4f630dffc8ef906de0a10a0732881ae8e7e56e6c6c3aa2966e9666149b4bcad244574dd009feb020d344bd7b944ef54fb8ed9099f3ce31a476a853c21d68a867e3b70e86c029384b388b440a3b9fd2a993e7131fb09ba52bbd2a7ffbffd78ad15d0680e5b74494d0368ab956aeda25a477945aacb08ded80c0f83f2f5b17d419ec1e829fb15f1953dcb2247c0b7de92a63f25f0bece11ea2537798c676fdbced3276c5938919030b1040a3f5a0ed554d0d453e8ac1842d50ac2cdea75d77bc9b2ff06c349d229f5276cccb8ba132401f4f26658c3e18ef397d4157f5bb1372a537f6d3c27c6902f100992f1744a87733e73ed36d1d2421d0aedeb99124c5f6ce7ed36c2d1f4c808a02aa211a0d9a91fbc1f269c6243708c013e2b4a81ed949b489d2eb332447f3acaad4ce0e8ba8ada5ccf9ca1481408cabffeed404a7634fd770a610bdf5ff2ed9dc935266502244dc601bb85324a34d51736687e3863e668b5f4b6ecb3c4c59b9dcf8a5c334a82dcea8539906f8e6eb556080ef9ae93ac705c21eab26643d4c959ef82ebd65ba55b8added4b89d70555ca5a937d0eb1599098ea01445e1d911e0e5d1d4817864a54aadeb99628841cb6f6fa344cf6953b886c914dd0ad3b402428becbb34d98164560d78090851b1b52b0164f710308148e83b51eb1bf57173386b1d26bd039821afb0e205ef4d7cee00140ce56abe2612254f8136f47e1c2f6140e238790ceb98b18d332f4fbcc1a9f5cb1bac46d9e59bffb87a90407ec3e787dd8c2c0320674fa29f02db1752c85aa4ae26529fb08cd13c1c1917c518f481d2639af4c55f887fff4c5b18e2d7f6ee58fe9204cec932c1933f6d1b8043b5102df37e6dba6ca0274d71cdb8da05dee2c850430d400fff7b7125f624a305a906bf9a1dfb84e8de8980f352b89ff595e2c23df2bb4c250d223970bc6494e1d6bc8ee8e9b3726fbdbf2cf1a1bfc4e08704cf0b64cdd458033603502dd050a61c1102fa28f9f3a98ef82f1a23c18e97c035c23acb1c174bae9a50749018ba686b0592dd26e1038e1aabacda9b5dd8fd1313c6b003e39cbabf86532676758f095088fe41b701855814731f6a8d0bf879ac6ddb8d1e8996f0c987c8a1f967cc715c131fc297a74e791a05eb261e06cf596dfd65c93581e817920c869872c4578154b95b3edd3d964728bfb97bf08634ea39c430b11c2c188a5557fdd2b889382e5781f00320ad11695a2e8385a8343fb84c762310a7268b93b554b1205d01dc22f98a8c9c1e5198e9bca4476aef0aa5e3915405ad6e22a3e738b6fa26030fad9f236ebe5690580c6e69e98255281089382e272ff46fcc3ab0d6491e78606dfc103a40e1c7b028027c85d1de56ea34c93692727282eac2e22e7194ba4dc64a25cbe355d4bb698881d1a167482f4948b62bbdc7aa3b14f6cc1827243a4defe03eb10ef4f99884845c01600a333ebfd8fdd1d4c0f8a286866ad9109b3c344898dead7beff9c748536317541f9441ab01b97d27871584b9a7d7cfc202403d1239fb41cca66882eff285803842bd699e6212d46f55ce682348fcbc5a4e0f3ab2e50551199b0412e99538032207e430010846f9d84d4d0cb06687f7055ae6fd16e9b203a0d454af3dab46f3e358f3b3fb7553a57c9e38b2eebe0225baf9c16181b523996564b7a0a234812b673702553fe6e6a48d7c6d515a5f213f30fd29f070a9533f485c1aad612939dad824bbec303b72daf3029024d5f13801f7f7f7d47a8d39723d520c8f7e6eabc1b7f1870c05653fbbaea693c676b5ad8ff4dad70494de298ce74caf94ef866689d75415dc0cb3c0c5b6deff5d6659dd6037635b610f107f1ae3d6ba209b7a30f9d140b560f5d62f9fe23e29c4e45f9e11b2a494245965692482ba643b65bc36f17b6fdddb9aea360e5593566c668bad45068c6834de2d6c625c6d978569a9a0102f7ab89c46aa5eb2bef428239c8086018aeba9dd98cd7aa20cf80fe4b3fee0a1fcf1810503e6422001059d893125c3d80069f0667852f6a85fd8dc16f085052be57374b2e8b6a05d5d9515d4ccbabed7836409bbdf77143e267e808dfe6cc87c6db383d225b061a0b56b6cc2d4edbdee2f894418ee0d5d6c657f9faf766ddbf4a63f62e7df2071cbc743ff7bb22156e377b1178b1cb304632a6dfc231e82241779772f00151d1658b417401f6129373cd2f6cd764909c4fb0697a6b08668d6633215ba4596d846128c5559a4e37ea8a18e8b8e7cab1aa213f5b6f9934d65314078fad4dd6c109027ec2df5793132d45d16b6bcccbbd99c45024e2bdbf1c38d0d4f3acb280cdcff4023540f1d0cd482b1ab6cae01342457daa1b7bc7176ff98da201e2d54df524ba229227cc88c8acda2a43c2e943efe270ec76a888d7bb6a6fb1bbdd38ec98a2665fe2d40005eec426079f4ae2697ed07b9f862a8ff6a05bee1df67950ac32571ed8b738a30f48563ced654b09abbd7b402740a1ba96e1ae0a047223c408e42b2da0a9e328e6d789295ee67a1e39d02b9d62f7ee3a2af344dbd1b7a075671035892e097be578240c25414a267a0a9685c5fb4cec5a2499a040f608ee3fdb1bce3b8fd96bc7ba1be6ace5a29ea35d2cf4b846499e5d7138f406093159894e1ebd551b9887c7048faf5261a50ff68bb969c78739cc1e5ff97bbacb22c93c9807c9f522302ac9135cf23c470aa9cda388cf7e217dd75ab983dce54f161cda3d864c33a18cb7ca0d115114a7fb44386b94976ce5c8e5de284c37c49118117c97e750d7ca11dd6ef1829fcad8884f1b1bc35ed83d395b3aaaafffd71da3191f4d1f5a0c6ad2085447ff00649cc88452ed83ec87ee59a583e2ed4275fbf5859b480fef8b50711934dcf31f3e10a3789b59284eb11b2e7b4231373a37709631a899a3d5f176c4552b05d6d0bd0222435e7ce86417e106025bdc34bbc2f0797758c500b0812ca2191998f07893399a5a6d10a0e2848389c4633e87cb3100ebc10ca55439b12c7641497f96972b811aba1b547e64effbeb6ac9bf36c116e9d4a501485d2ee508fb4bc220f37d38ea27fa2dcd24578a5eacab232fa0b3255d92bf032b27f9e84377182592a40df5ce080dd79be7a77b9f1125ec906035589445392af964a7163fb52078e15592192ffcd4dd3a21bba0fcbcdf9c7b2a6364be753acfe8ebb7510d8e3b3c07f2cb0a8de8933c61829cf417d6a92fc4417ca2768f9dd258023e0f2a06262e5c9fb77cb9ceeec98b2a70cbf1f909e0f04762d0e9eddc6523fb9eae93ef3e7120f55d31c6cb78ab176a1f6577a1444bdb51b4eea38b72ff90c3f73ccf29b90194327199383b8313064040d7d1ce6cb00b470a8d056d5e53514bde833e66b2bb3ab7b12a278afa0adcd0f1acb91ab06c3cb46278e32190213b89f782f977d0d2fdbb5c1261104eafa7de231a21f555605bc1347341c867d5399b5fd763ca74553f164d98d7ec460c202fe03021d1c4896e86ba072727914bf6494cc31416e82a7c4fc2970d943bb4e4533c2e5ffbc370725d006d3bf9297ce50416dde11775f2e96d56aa7f6842de48a869e8dee4d8f4bfd4d81a20aac2c0b2adc63e80df90b6311556249dcab80976ff7f23c80fd45e7a84645894db4b76b0dc024aeddf67fb7380023b592908f83872d3dbe7ef29d91110cc7ae4efdac5ba61668a4780058c4adbc651b737ee50837d5be59674bd9beee6a87d9ebdd6db12f5cba158eb0339a31a751b307df8b78b9ffcf9b1a9a8e3e274ff31c0592383aea2c268610e45c6331d71749b26800d09afa1e898fbc3ad17a98e5c9bd86913b0585f5fcc4b0eee50d4547e0d9c3588762c2fe361382da2ed0a474e74a8f8eb5069d10cb6632b442ff5b23b21d142e5ba5b3948ae7ee097613d66ac6ba2a57412034835299bbdf473ff95fa953616f6913c8e758a8c3a9593ac92b44d2e6b6e063280ad5fe71a6ba8cdcaa6122e825eb86a29554fa6cc3126666dfa79d6f5a17e1e15aed8e888b5a41cad844579b885986c7cfef7bd6be315d6f4b0b093f8f1e3ffd3e15a232b21cbec2b5a53782c3c5847658e50f0afc9cdc77e4cd1550a4662c18c75ebbc931a2ba663623c7d87520593b1bdaa52dbf37105eb6f091ce32ca31a4e80e8e01ad9e94fb6c5fd48f43afdce184a19a54a1117f80c25000e2620d100ec6112420d67ef8942b6981efb7f640130312e28fb1a356b5159db6bef96c454af5e4a13e3685aae346ed97eb3d5bc42168a2776cf57f8827e956cb1f27e7fb1ee22b08f41de52bd5fc7ccba524d52451d7a2a7efc19b5a862e7c2fd0b5081f113f23ffee179bbd1457aa0833a9b8de672b28f247078f262d4f1cda36a7897f52d3d7c27c13870e90d7b8ea59bda04aa4c65aaac690b12b479d98d7ee69d89bf4a6e166db055507c716428f362319a4dd8b2c63327eaf6a3f65c051648deda1e85e66df1a6e0df23ec1c17896e7135d1e54485b00b1dae8fff083d77e4382e07eeaf8d024e5f838341449812152baf86f6367002b93bfab5ba9bb5d80ebeac64485fda1f3194ecee49b35cee6ea99e2ce672e5cfedfc5e97f6d1746eea1e652fa2991c2162ae24aa8691d7d4136b26b15e5107f307c5dd59dff4c7fcf262888eba77886d3d02757a0709cbfccf0c2e11aa872e843c5987d119eba035de02a5a194e9b5396d5cfe1a2660740875817ca1d4752a6d91ce83f32fca13997e8b056ef33915aa68907ea49e06d3109924d3c13ddbac5ccf2275d795691e3429addd5cef66016890dcfab8af0f1f946587da1834c4ea51034401e330ce92845178742afb38a9e0aec0a8c14a187a8764f148f373d58d2a22cd474d1e55f30d3adc9f5b80be3d0e75af3a4c144471e5fd8c94ab06e66cf8e564367833f1d88103f91b736850599b24851826101e13d204570611f2a94089e90f5c6b3b2b186734d17b2a92d22f88da0992b20a235efbc0efa226ed5cebf824e3a410199faecaf0c6857542374122dce105841fdd3dbc37f03090d8c42cd28e550a719f0717e21d901d0a82bcc93bec1be2da97a20a9bb53203e5e2b312a04392c85f73f1dc639f49d61c002e990dd5fc6cb861f938c76f2add1be91aafe5026122ed3a0ab8d59f18d6c1f3fe5afe3b11efc59f522360717be2fac719d4fd7256755d90720c1ae4f778ee0a74b3dbdabf15475dd141cd2fef5ef6dd7a5d1a5991238dc317cbe4f00cf66620f00d5e5293a644c8ad0b8ee74f86dbb12b6a96099853a41591c36883874bef091d541d5e35e0a7ec5cf54ac2ae46f4362e8371762b391e7215345cb0ee758bf850aaf76ac833388742a476d87aa3507f18822a96789991ba37ab3323eef790d67a5f3a47a866f554a1a1b3e6904d8babb239fa5ed7a6c02fd5a54c7ae45478f0a2e36e676b334434f"})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = getpid()
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x0, r1})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_STOP_NAN(0xffffffffffffffff, &(0x7f0000001240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001200)={&(0x7f0000000140)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x24000001}, 0x50)
fcntl$setown(0xffffffffffffffff, 0x8, r1)
r3 = fsmount(0xffffffffffffffff, 0x1, 0x2)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000012c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000001380)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001340)={&(0x7f0000001300)={0x28, r4, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1f}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x0)

19:14:51 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}]}}]}, 0x434}}, 0x0)

[ 3284.659262][T19497] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[ 3284.673718][T19533] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[ 3284.683857][T19741] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
19:14:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x1c000000}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:51 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:51 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}]}}]}, 0x434}}, 0x0)

[ 3284.711942][T19747] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3284.737970][T19839] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
19:14:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x60000000}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3284.813163][T19854] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
19:14:51 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000]}]}}]}, 0x434}}, 0x0)

19:14:51 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = socket(0x10, 0x2, 0x4)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000900)={{{@in6, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@local}}}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c)
listen(0xffffffffffffffff, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f0000000580)=@abs={0x0, 0x0, 0x4e20}, 0x6e, 0x0, 0x0, &(0x7f0000000a40)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0x0, r1, 0xffffffffffffffff}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78, 0x6040000}, 0x20004000)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000140)='vfat\x00')
perf_event_open(&(0x7f0000000500)={0x4, 0x70, 0x6, 0x7, 0x9, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6200d61b, 0x2, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0xbfa}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0x0)
pivot_root(&(0x7f0000000280)='./file0\x00', &(0x7f0000000200)='./file0\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20000000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000000000000000000000000020850000002c00000095000000000000008f6072b9cd66f12bafbdd1cfd54b2cfea1ee537da31caf6b4f5417e6663213a7e0ae9b0b4e9522ba88bf88c4fa8c06fcf93aafe4de8b47f471c37f5a3706ad872845363420311beca9092e278e9cfe41b2a14cee5f06b6caa4317d15d6be56126c15f7f848c0f6d3ccaabb88bcacef79b244d5f30fdde058b71dfcf2abb7e54f4270b1da"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x18)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20000, 0x40014}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r3}]}, @IFLA_GROUP={0x8}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x8, 0x40000000}}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8, 0x5}}, {0x4}}]}]}, 0x68}}, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000640)={{{@in=@remote, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@ipv4}, 0x0, @in=@multicast1}}, &(0x7f0000000740)=0xe8)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000780)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00', 0x6, 0x7, 0x7, 0x400, 0x56, 0x180, r4})
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x210340, 0x0)

[ 3284.865150][T19854] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[ 3284.917108][T19975] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
19:14:51 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}]}}]}, 0x434}}, 0x0)

19:14:51 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x9effffff}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3285.048586][T20073] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
19:14:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xc8630000}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3285.115097][T20073] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 3285.130686][T20073] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
19:14:51 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xeaffffff}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3285.235508][T20073] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check.
19:14:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xefffffff}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3285.307167][T20111] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[ 3285.315929][T20038] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[ 3285.333571][T20288] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
19:14:52 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
recvmmsg(r0, &(0x7f0000005640)=[{{&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000200)=""/95, 0x5f}, {&(0x7f0000000280)=""/71, 0x47}, {&(0x7f00000000c0)=""/50, 0x32}, {&(0x7f0000000300)=""/222, 0xde}, {&(0x7f0000000400)=""/126, 0x7e}, {&(0x7f0000000140)=""/40, 0x28}], 0x6}, 0xa}, {{&(0x7f0000000500)=@un=@abs, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000580)=""/23, 0x17}, {&(0x7f00000005c0)=""/165, 0xa5}, {&(0x7f0000000680)=""/233, 0xe9}, {&(0x7f0000000780)=""/95, 0x5f}, {&(0x7f0000000800)=""/14, 0xe}, {&(0x7f0000000840)=""/45, 0x2d}, {&(0x7f0000000880)=""/59, 0x3b}, {&(0x7f00000008c0)=""/202, 0xca}], 0x8, &(0x7f0000000a40)=""/29, 0x1d}, 0xc0000}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000a80)=""/51, 0x33}, {&(0x7f0000000ac0)=""/31, 0x1f}], 0x2, &(0x7f0000000b40)=""/4096, 0x1000}, 0x9}, {{&(0x7f0000001b40)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000002c40)=[{&(0x7f0000001bc0)=""/4096, 0x1000}, {&(0x7f0000002bc0)=""/124, 0x7c}], 0x2, &(0x7f0000002c80)=""/113, 0x71}, 0x3ff}, {{&(0x7f0000002d00)=@caif=@dbg, 0x80, &(0x7f0000004100)=[{&(0x7f0000002d80)=""/28, 0x1c}, {&(0x7f0000002dc0)=""/79, 0x4f}, {&(0x7f0000002e40)=""/187, 0xbb}, {&(0x7f0000002f00)=""/108, 0x6c}, {&(0x7f0000002f80)=""/4096, 0x1000}, {&(0x7f0000003f80)=""/16, 0x10}, {&(0x7f0000003fc0)=""/191, 0xbf}, {&(0x7f0000004080)=""/128, 0x80}], 0x8, &(0x7f0000004180)=""/180, 0xb4}, 0x6}, {{0x0, 0x0, &(0x7f00000046c0)=[{&(0x7f0000004240)=""/76, 0x4c}, {&(0x7f00000042c0)=""/161, 0xa1}, {&(0x7f0000004380)=""/242, 0xf2}, {&(0x7f0000004480)=""/144, 0x90}, {&(0x7f0000004540)=""/78, 0x4e}, {&(0x7f00000045c0)=""/221, 0xdd}], 0x6}, 0x1ff}, {{0x0, 0x0, &(0x7f0000004880)=[{&(0x7f0000004740)=""/198, 0xc6}, {&(0x7f0000004840)=""/8, 0x8}], 0x2}, 0x2}, {{0x0, 0x0, &(0x7f0000004a40)=[{&(0x7f00000048c0)=""/197, 0xc5}, {&(0x7f00000049c0)=""/102, 0x66}], 0x2, &(0x7f0000004a80)=""/254, 0xfe}, 0x3}, {{&(0x7f0000004b80)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000004e40)=[{&(0x7f0000004c00)=""/77, 0x4d}, {&(0x7f0000004c80)=""/149, 0x95}, {&(0x7f0000004d40)=""/13, 0xd}, {&(0x7f0000004d80)=""/61, 0x3d}, {&(0x7f0000004dc0)=""/40, 0x28}, {&(0x7f0000004e00)=""/33, 0x21}], 0x6, &(0x7f0000004ec0)=""/109, 0x6d}}, {{0x0, 0x0, &(0x7f0000005500)=[{&(0x7f0000004f40)=""/12, 0xc}, {&(0x7f0000004f80)=""/70, 0x46}, {&(0x7f0000005000)=""/251, 0xfb}, {&(0x7f0000005100)=""/38, 0x26}, {&(0x7f0000005140)=""/221, 0xdd}, {&(0x7f0000005240)=""/24, 0x18}, {&(0x7f0000005280)=""/211, 0xd3}, {&(0x7f0000005380)=""/123, 0x7b}, {&(0x7f0000005400)=""/233, 0xe9}], 0x9, &(0x7f00000055c0)=""/111, 0x6f}, 0xa614}], 0xa, 0x2022, &(0x7f00000058c0)={0x77359400})

[ 3285.351910][T20708] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
19:14:52 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000]}]}}]}, 0x434}}, 0x0)

[ 3285.474915][T20706] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
19:14:52 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 5:
move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x400c00)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x0, &(0x7f0000000080), &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xf0ffffff}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 3285.519910][T20821] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
19:14:52 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x4, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = fcntl$dupfd(r0, 0x406, r0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000001ac0)={'syztnl0\x00', &(0x7f00000019c0)={'ip_vti0\x00', <r2=>0x0, 0x10, 0x700, 0x5c4, 0x7f, {{0x2d, 0x4, 0x3, 0x1b, 0xb4, 0x66, 0x0, 0x2, 0x29, 0x0, @local, @remote, {[@rr={0x7, 0x1b, 0xc2, [@private=0xa010101, @broadcast, @rand_addr=0x64010102, @local, @empty, @private=0xa010100]}, @timestamp={0x44, 0xc, 0xd4, 0x0, 0x4, [0x80, 0x1]}, @lsrr={0x83, 0x27, 0xf5, [@broadcast, @remote, @private=0xa010100, @broadcast, @loopback, @dev={0xac, 0x14, 0x14, 0x3c}, @broadcast, @loopback, @multicast1]}, @lsrr={0x83, 0xb, 0x97, [@dev={0xac, 0x14, 0x14, 0x10}, @multicast1]}, @lsrr={0x83, 0xf, 0x5e, [@remote, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @ssrr={0x89, 0x23, 0x3d, [@private=0xa010101, @private=0xa010101, @broadcast, @remote, @local, @private=0xa010102, @multicast2, @multicast1]}, @noop, @generic={0x88, 0x10, "293214a46a9cfeadb049ffd02855"}, @end]}}}}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='block_split\x00', r0}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xd6, 0xda, &(0x7f0000000200)="52aeb41889dfa84e720a04ced9a481fb2e90dfeabdc5c9b5a07851673b107b4338c3b3c2e4b3fab8b89c9365c0e52d3a870a02b26a2de4da99b9744e75cea827375b93b5b14edd8102c18bbf28f133ebcbb11b981d7f2a4099eefb75340b0a17ede48d954fb9b37a2f1260f661899300e185671eab7a1fa275a3ae50a5743c3c930df53d8e85694d6d54da2b15610cdac8ada4660f1487e1be0adabae6d28d0256e0fee7d2ba35ec3e8fab988d9fe67b42f44fd56a6484635f31c4b86a93f28c1bd98cc0488d5e6e5ff2fed03ff2a0d3b93bade877ff", &(0x7f0000000300)=""/218, 0x20, 0x0, 0xba, 0xe9, &(0x7f0000000400)="da177367d03151ed12f90b6c2ce454dfff22b3e74ca932fd4f8606f5a4df190c16a1c8b3966de0908da55e010414ad3f2681d6b4f4006ddfab8339dbda57e65b67fcc4f099d732d70e7486b2559ad79337fcc06af32b779532549d1d6d083b9c9b2febbf8799d0eae736ea045e72c4904def8b9c7ca3c47b04f4a5c34bf86394581659f46ef4341213328fd754e96f8c6f050c7714ae28c4ab9891129e6fe2b6c4fd6737b66d86c31818fbb640173a9b69a4e3e3b34d2405b0c1", &(0x7f00000004c0)="f59f364381378fa4f254ca5775914b46943e5bc3ff9073528a1946cd9e8e1ca0877286073b5803115ea3bdc4146b1fe2c2d3de3453dfbf18619c1ded44010ce4fe83da5ae9bb42738085a8f0bd20cc37beb739384cf8c50618a62d1a6e75f48ae7418d53caeae128228f923a6887174fb1c2e572453a5a18b4c526b8fc89bd717eed0919222bfb8196b64f6630bd52a274492de4d191263e557d914b62161094ffd7ff2092241f42f51ae0aed57fe9c1d4da313f9d57db718d0207a5a0e0d9dbb12079a8d7ce33ebefadc94ade9926bf7a88437f16dc22a90e6c857a4e420a1a8cac224e54b9062fcc", 0x1, 0x6}, 0x48)
r3 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f00000000c0)={r2, 0x1, 0x6, @multicast}, 0x10)

19:14:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xfeffffff}}, {0x4}}]}]}, 0x68}}, 0x0)

[ 3285.574997][T20819] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
19:14:52 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 5:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x9}}, './file0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x54}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @generic={0xc1, 0x2, 0x4, 0x9, 0x8001}]}, &(0x7f00000000c0)='syzkaller\x00', 0x2e, 0x0, 0x0, 0x40f00, 0x3, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000140)={0x2, 0x3}, 0x8, 0x10, &(0x7f0000000200)={0x0, 0xc, 0x800, 0x40}, 0x10}, 0x78)

19:14:52 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x400c00)
write$P9_RREADDIR(r0, &(0x7f0000000000)={0x49, 0x29, 0x1, {0x40, [{{0x8, 0x1}, 0x2, 0x0, 0x7, './file0'}, {{0x51, 0x1, 0x6}, 0x2, 0x9, 0x7, './file0'}]}}, 0x49)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x4107}, {0x4c, 0x18, {0x0, @media='udp\x00'}}}}, 0x68}}, 0x0)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r3, 0x300, 0x70bd2b, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0xffffffff}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x2040000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

[ 3285.681976][T21136] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=45 sclass=netlink_tcpdiag_socket pid=21136 comm=syz-executor.1
19:14:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xffffff7f}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:52 executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x400c00)
write$P9_RREADDIR(r0, &(0x7f0000000000)={0x49, 0x29, 0x1, {0x40, [{{0x8, 0x1}, 0x2, 0x0, 0x7, './file0'}, {{0x51, 0x1, 0x6}, 0x2, 0x9, 0x7, './file0'}]}}, 0x49)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x4107}, {0x4c, 0x18, {0x0, @media='udp\x00'}}}}, 0x68}}, 0x0)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r3, 0x300, 0x70bd2b, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0xffffffff}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x2040000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:52 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x10, r1, 0x1, 0x0, 0x0, {{}, {@void, @void, @void}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x20}}, 0x0)
r2 = signalfd(r0, &(0x7f0000000140)={[0x8]}, 0x8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x10, r4, 0x1, 0x0, 0x0, {{}, {@void, @void, @void}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x20}}, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, r4, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8, 0x40, 0x3}, @NL80211_ATTR_WIPHY_RETRY_LONG={0x5, 0x3e, 0x6}, @NL80211_ATTR_WIPHY_ANTENNA_TX={0x8, 0x69, 0x6}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x3}, @NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8}, @NL80211_ATTR_WIPHY_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x8010}, 0x3)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)={0x4c, r1, 0x2, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x840}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0xe7a}, @NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x2c3}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x1}, @NL80211_ATTR_CRIT_PROT_ID={0x6, 0xb3, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:52 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000]}]}}]}, 0x434}}, 0x0)

[ 3285.817956][T21163] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=45 sclass=netlink_tcpdiag_socket pid=21163 comm=syz-executor.1
19:14:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xffffff9e}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:52 executing program 5:
getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000000000)=0x3, &(0x7f0000000040)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000e8ffffffffffffff9500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:52 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffea]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 5:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='pagemap\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x400c00)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, &(0x7f0000000200), &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:52 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4888]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xffffffea}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000740), 0xffffffffffffffff)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x12}]}}]}, 0x434}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005300)={&(0x7f0000005200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000052c0)={&(0x7f0000005240)=@gettfilter={0x54, 0x2e, 0x800, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x5, 0x9}, {0x9, 0xfff2}, {0x9, 0x6}}, [{0x8, 0xb, 0x9}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0x8}, {0x8, 0xb, 0x7ff}, {0x8, 0xb, 0x7}, {0x8, 0xb, 0x80000000}]}, 0x54}}, 0x40040010)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x12}]}}]}, 0x434}}, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f00000051c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000005180)={&(0x7f0000003980)={0x17ec, r0, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x154, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x25, 0x5, "077774c1ddf8afa7ee4fe2abf11d53c897e36f5d319ba98f66a10a6c7f4d743080"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1020}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5}, @ETHTOOL_A_BITSET_MASK={0x84, 0x5, "8ccb8300c203fd7b71df8021ee49fe4f68b882a865346b2f4f66129ed95b51446db27f2eb5e67e3328a92027a6f671b2258fed4a13f0f70214f27ea23d4b1cd32fd0249c6704d04cbdc356cb40bf4db4c79e492d0902fbf3edf7b244b07b4afb99a383724d04db8a50cbd42c1992cb9b00db7b6deb07561093ccae88ecb6680c"}, @ETHTOOL_A_BITSET_MASK={0x6f, 0x5, "f57e7bd22dc089d161147ca36bba3c22065700307d77666f065b46a1c980f5edf32823d1333f6b74110d4d3a3f12bf3a4fac2f2ac28c8f1db41c0da811e5087ae2772b0e6b86e4b45a17cea77b1db64bea9d1e9c680de5e8674e6d66f3c7fe06c79852f96d433b645d50da"}, @ETHTOOL_A_BITSET_MASK={0x9, 0x5, "787b4cc217"}, @ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x40}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}]}, @ETHTOOL_A_DEBUG_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x1128, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, ')\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'mirred\x00'}]}]}, @ETHTOOL_A_BITSET_VALUE={0x1004, 0x4, "bd5d0cf18b48df5892c391e4ff8974ba83c0981767f2f6c5dfdc0ddc8998ee066a3b0fb6f84d84dfb232d328391cd3c4194e9d7c56bc759890263e18d478b52e5956377c75cfb0e749efc49a4744b3228277e6cb90652ffac45155fe81ec203b35a6eef21091a7adc8028a2cc4638436a1268d8d803243df3aef36ce17949bec2ecebab71dc6758e1967fc66cfd8fb7add5243e7cbb762d87d02286ad662caac365d728aa7adb70bcf1ee3b3f064c305c651347095994cab4ae6935ee9a3deafddc346d828dc230f53918fcfe55c73a5df779ff598cf1ef319e24a142d29af6750be20b61048b7ae27421c7263205cb68873e866a5e39f3655c217363a49650f6f4e57bc19e87e05757b003ef1a4ba30683bff493ca81c0f29b760f8e8d0d6327dd98cd9d6b5a6bd63280a16df848cdbfd1c7fbf3143491d8336a5212d14a7248fed7bb70f215876740b932a202b8848fb07df2432dddb6c77536f7c063dc32ff5af386f9cf27aac9e2f0b92208844206bb31d556117eded4e9183801ab78ca708d565f902924090197902f6096740cb17f05b49d5d1e382362a4d04e1b24f268849d8279b25cf317ff920dfb6c1ffe9489f6b57730efc2572c2e6e1b9b8fd15fe34946fd4f2e927c0f4612218ee1c59fb9fdbf3f19ce6ff7f594b8db3094689bc0d224fdffd8a4423d411bd8ff8b51bbc879d378aadbaa4f531a31a945e7a2e9e83d8013445f5434c48759fcb70d664f93db7f35505ca9f870b5041c80da519c40f6f50e7a4f67b597be28c2cde42143145a1d6401c2466327057bf4446a6ed2589661119fae68c06048a705414dad454a510f282ee07e52c9e0d40e23ca245a607f86a6c11356e2f08386f067af746f08ec7a06292b75988ab0c942a0e8eae5c7a6916a2e5f7a02022babc9dee7ba5f6a652bcb6772ad0b65892d76ebf959a224f6dd01986b92c71fac5954994d5d19e6e15688dcb1f9382d5f7a2ccd6fd358f37917ce91abcc528fceeaa453def9f3c8cc215a217d12317f6c379b6b4db4a28b657f8b9662aff677bc01b66ae8424db00f4ed0742d507474c3ee81f5aa4ec782f1144e542b88ac3d9e4947f5763417fd3f46e9a81f03f29e0a75e42aa20b3273f15dfd078141e3016db359d3bb385906404071f0697105da39010b6dc4693d351fcb21ff7ca4ba84ee3bbdfa0fc2f600ef00cf5b9313b4f1d3bc4b9b9234a23ac6129db01f47d602cdcffe49c6d0a81a551351388205f268f012140dcac74207c679d5508501a8292c2eb19b6ea8ccbdb399b59ec037ad7c544e7d144120a93725d61dd0eed9fdc4a82b202f70791a201739fadf4f23080e077cbd20cc4ca81d7deb15a0777bdc38d67182b11f669e9ad8cf293d7080b56ab7d0962d1e5f774a286c4a7e2a8eb9c19edcce0f780f23b83ff2cca9de9612ab57fa1cdb6d50d6db3279012d6735500682bf4aa1e43ed8be4878552e1682a4ca9bb9d4d7d6d62751443c86083a9b0348b02bf4c5f041b530333077cb67893777ba48f3fe4c57092b3b3e405aa4bbbe56e601f086cf7021a7088875fda9cc07c4c69781a5ace9bb3390f2451ebfd7e84c4bc0735901e1c87da9fb72fa5a07b88b16ea50c8ab5311af0f638d90a0379da081c2eff82f0ddbac253a8b9796f828bda510631c0a30f1632ed53953f79097f613598fbab1967b0a464e050e5f31a3ee98a64efa43cae999b6cdfb0e3622139b94f7d46ca52b458487740441260ff69d0229226bac053e452c32fd88a77282d11681af7dd77dc9ec65e3c3cd2b25e442ef05b8b7691a242a85418b283ca5b5cef4ac936a288737c831cb55b3269f52af80bf7cba754d3241c60709f0fa790273b5300db3c1caaef3729e5df32a6c0a7f804b87428aa2dd1aafbec6da7b5df0e38960a3ec308a07086a0ba26dab2930724577f7aad5970322cb46dca18645f9960e0e8d07d9b4e6fa7a7a9a5422a265e2b23ffb15544465c9dba702f43c3d19164e70ce1c00f46951ff8163f711a601d6a18d30a4615c32fb77473a083c517d16f9531a62eef041e063ee30dc77ac826ba26ee521ff53c1312ce40e1446254471ae96f015cafbe54ead08067d14288b13bda905af23f7331c0e6cd49952ce3922bbb3c4810468b2e1eed1c1bdb044eed72f9395e0ae80b4efb273c4a2a718fa9c6e1f352930733a4b548010da4b44b3cd3bb1dd5fa6d094b5b3577bcd2f02d8392103609c2103d80b10ff347a71afe3ca444b5d1c134904c75fcd1c7881e43d995c5e5aff41be5b0d1d7c58a5708df948eda64c013d176549817b3909a30b3fb3319019ebe9ae454b9b1074f3243b00954fe2d663de01163b26f082c4ef35fb261eb6f5eb671974990a43726a7d63b4d35f326f0a630a1f94903fdc18a2d00cf7d8a203f02483033b83ed34d3c4441643ae7b08c75caa23d2d2b90ce0a46ff8de3c25c7f703b7d17b3c9fde682bfeb05b5c0f5f9b68ecaaf4b23aa8a6b4b1d91cd69da124ad0f93584689f47b918b8bde431edfdec205dbe1b72835b94e483b0220af4e5777199b0b3dc78213e44af79332bd0988f42a1cf1194f9e56fc6ee048c5101e828afc652c39c79891dd259fda62437f0c915f59043e0e77dbfcf480fa4bf3c93489dd257aab238a37ae66272caf0505b41975d8e05ea8a4954b265cfdf57100748874df9704d72e6fa905bab072be4a9f291bf01b52a5016f6c36aec5d54da6a82e7cf498d984f3ad30f9b58b719609808e34342447c12dedc87e574e34032eaf946a02899042ad8731e352427fc05cd98737b5ce82608ecb29cdda24523b82d27c43949e4d6d1d3f931a42ab0e374b2c3b6981bd123f840aa53514fecc1a1b608fd24e9a861621ca5cb6888a9a07420270effb0a9f708230cd1e9275316d81cecf13e64fdfe7f4ad65d0b3ed6115c14dbb385ab7ef3bdbc83938bca62a32d2d484e968b9f91fcca28f87729df1cabf4279be0863990e50fb6016485b9e36d48365443137d5ffcc2810ebcba08dd1d467c53ecce7fe6fd6214098f2953bd43e463753c12d607f72efd9fee398bfc2d0b7552d3a82ee70a45d62814edbb3d34a6ba2f117010a872f831f4ff0f3013269b9e123445455e60d75916e8301d9cc954b3ee9415190a0769e7bc1c734e480046bb6f9b383f4d94c409261a683d289ac3687dc8340eef753b2f62a532a07389f50e3928ebb9ec0320c659e4061520412a235bff28bf094aa017e6a0874313b247e6a9f66eeca523ed49a59be512cae076695742b7ef7d4545674e35240f03a24de78f2e6c8f8dcd8a91d5ebef003290cd4f58ca39747cda3f7c6e98418a579ce4bc12fde1ae4a1c671646894593b92ef6c521d165efd8d89e286ebe48b6a7e0596894125f8500bb91a705bedec5fdc295b815039faaf7073ca6c483c3552455d32604444ea7d0ec67f5eba47a8a8de555ba3ba59644a87128173025ba12f22dfdbbafc05451f82531c77a04a4cf6ca66e39716adef87e01dabebc88b2206df80bec107d99ffa3535b1c4c8cfccb5f5048cd08690b86b2338f5564d2219421d18d54277e7d5f5f066cfe9a4f02877bdd0bdddd82b5840827d72f61b19b1f75b84a0e679d44a5d2e72628fd5a84c775fdab8e87d29072177e960b7ecac2e2189878eae4b42bddf869f7e245f07a48c731ca1220d913436060c6bb35009cd274e55383e8749c5c6dbd8492cdbd85022b0ea4e1e0fba5431066c1337fce33e607da5605c4d17b5df8fce56f1296115e8ec4cd4ba7f80f5e054b92efb24395ef21119d493ec0829367b38bcf328ee56683529d21bc8fe4e0a49a15606c15839635820cf19bc2de262ab827297cb5df9e7f3a6452ffc23db44ebaa74083350d81ecb323c2253fe9c5f5e016e44de6dc7064525c80292354a0f7d251fb0a8517f9f86bc59aa1b197f390f70ab769528d5ec8c78bbd65988f25d1573861fea97f15ad177c1e1222c813e4e081ed1891ce38e9ca6c39a27cb74fad3ccee34571a9ccc8bbb91a29bf12de07dc88bd25e607eb7ddb01f6b219c21b5333995a877791edd1bd3f033a0c92004680271f9f3b16bc139f08ae831133a5a60ed46a33550199b473f44ed84ee84b66feaf67cf65e1fdc67e44ad487cc1f9a23d6333a536a51400dcab5c7a13879d2b8fdc68daa144c87fef61f6147735fe6da72ff96873193d03670eb01f9e3e2efc0bb15ce9b2a83dc52b472dc200b1b7ffc9e095e7c46c867ed9a3f8655e473e70df62adfe62fa0a44826c39c6c5e9e0cd3287db67113b01c5387961c478ca248d5ec83d9f8510a5de4e26014037f54064b80f3bdd2465808cc6833b7dbae9874b031eb266a278ecbc1b50ed88f11b4715be9e3d76cbb23c31f4b77db63c7c5ba308581b6f413c091d1089c2843546c4119631ed8f467b29bd0a2f28742f782121c03233a98aff0dcbdd9b1c86ef909a281db088d03b5b8c755ead704cc8b7068dcd36d1c5b71d76975f017b2168c000cafd092d319147f9963f682862735ab9639a1fa9241f7e6d46caefcb358d56e8fef14b12697673b8add3724a6ab0d4a2bbf23afdb7ee76444ba848efabc4e14f94be3f302a1d98af171b310bff3e5eaab3e438f22cf923fb4a4b244bf175bc4c8a03ce14f093511c1ce2cbaaf9485851945801ba6a4c78be53635935f0a8586fbfa3be3452231b4527ea3fc1c31e5e1ff88ce18bf0bcc2e4bbf11882fdba6f3742f343a2e7732465a0e0de762d72b610282ca3ec23533b178e8d75e1a00adc732ef50463a1863a3574e2ab2a731b29d6bb1c4e9b3f1da543f048c894c004554a785a2231dd29a0ac2447fcad3f4f03747ba90bc81a9e744557e2974fed041764425bb07b436e84e532507a2b3b3346c8dc52ba2f14387cc5d497351a42248eaeedfcf4a721b60d502a85ce29d8c88e9d692511eb4e7f338757b682f65c9e567bb1905d6d52b8872bb83ff6203e9410484d44250e960c1b5e2d5bc97988c03700e71718de28d10e24d8f6a89e5e7812e8dc676ca9b6355cd10b7ed9df222f47c6f9c3526a2d838a7b26621379d42fd7557a70ffa8e7fb60e0716e1702c275d55de8d822c94f5d4341be5eea7de045f9e017a4a14104e17e69e70c19a43b17538443af070bfd5f54014f07ee39596b2e69d1f632a4e8b12c18839be3eb61695c8d8eca572cc0a59d320a7483454faa8ba14d970c88d456155dc87435859e5a96193319e78293cddba53a0f5f4d8b695fbb6d9b771fbc7f77a1f5bc12fe6081f7585e0e3f4a768f613acf04c0aa4abb46b06f1f2f9d3120c3d82ec6a154196963b7bb19aee126aa0ba9e60526cfbe13a5e348e7622225702f1e8ab9bb1889ff94db455672569fdd05b19e96842bece27a9a9b07c03cfda73f54efc7c2de2cb56111da2779d5202aed09a47ec84490f6d103b934c10958a4c8d5246e51bf3eb67e6b13b9a129c57faa77fca27917412020894121ca4ec273588e8de2a9dbf29d9283e3e6b991d555fe9a4cb3b612ed9469e7dd446a7158761ea864a93ddfe2b2daed0d902b85c704f75302c35ca70abf895419705648e98289592323f68100bee2ce959039f3fbf9bbb53da6eb63f7556bbe45d7050ad5cee46933aff0ff5868dd8db071fe18a6f7b5ec83a1e7861a8957b374ada97f681bd35282979881aea006bf0a91510dc6d2cce81f2a73e1a41cddde61c7e2c8809af0638b7d5414d3d678e73ff963a590a955626e05e5f64bd0c7702d0086878f1ca2da48d3b0c7507b9167978fafe1f30af86ad9bdf09aa6bb"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x48c}, @ETHTOOL_A_BITSET_VALUE={0x75, 0x4, "839416a214c2dfcf80151a8f90534efecbb039c73735e1ded8d3c51c02d8782107a059fff320d09730843581085405856eeb4f8f6fc7312709182592d842355b62ab2fae98f4e2f2440a7822120eb907555e0c39128027e568c11ac61f1de01d722d3c3aa6a52dc348b80da0d7c6f99ff9"}, @ETHTOOL_A_BITSET_MASK={0x7d, 0x5, "62a3c2564b267a4ad9ae6e4ce2036a2ad0337122e94a6b86d2af84e316e7c9d20f3887678d49ef7717e67eccda6924064ddec706dde82b3a42535716192563dc2f945d55af123b3a3511f7484975955b402a72ebcbe07d3392e583b7182025084a4a1e810446784328267f6d4bfc16f15672de097efb82972b"}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x1d0, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x7f, 0x5, "12090309720ee4e5cd397360fd984ae6f6333888cab96af738c784f2fd5a3ad033198fe8294322229067153b927c6e57f108e55213bc0f6196fd9a5f2487f74613adbdb5165f966524b09ab43bcc88e16923cf143814976c39073cbcb716b35c3760c88d251b0eff35ff912b9fe10b3b3107403d695e94f88afc19"}, @ETHTOOL_A_BITSET_MASK={0xec, 0x5, "9374597d82df2bc8a894d414ae57786938bbe331b7f3d8be3a7a88d234dcaf01cbfc4574df3faf69ddebc02611fce40f970978cb3157d414c3ecae5f7101bd88dda70d08d7e4900a151e1f926c3b48b8a767a7f97be8fd531e447ac573da62ea23485ac0425781cfbf17daf5ceec05071ed0cff69dd328edb317ea44d90a778a2c9b88563691d8d4f4b3ce9f0250a45cb726e1e8d3d5c6ae4dd463c389169ffaca0ab06f0ab2ce9cc970d9546c5f1fc77eea56585744a8a92083b815db501f1e418376baaa4cbe42890892c9fe44e8e1ba6810804d4aa82d79034dfafaf3fc054c0a4097cd2a3980"}, @ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_VALUE={0x5c, 0x4, "d554d6376be0700472a7273d097f624509b893ebaacdb12f3f86ac6a3c99fac869d26f9b8fd9bbdd2cd4ea51ab6d1646dce6a270b21d6ccddcadffc11084049bd2eb79c1e905d129e72cc2032d7726eaf96d917abaf0b0f6"}]}, @ETHTOOL_A_DEBUG_HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_batadv\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xb0, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xa8, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xcb}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'mirred\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'vlan\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'bpf\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}, @ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_DEBUG_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x1ec, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xf2, 0x5, "9277e7a0c512b43363c7dc10ffeeec5445f2875c15953ced2749db1b133f3aed038182e5b578aedb8ae31d9690ba0ec6010078324f03cdb46cebb4ae77385758a2e9080ef0e1bad64af85d4879e2255294a4d1e5fe289aa603a7d0a308ff91bef2dbf4f9fd9b6e70cb6dd3615786906a8de527402c336c51db05c17133f970074d0b1ea546acb0ad9f5a47d0ef6ea0875b7f835db110818fb5e887e6a5452b5c280f4e53e7cdd944dd5f9a9639e30d3eca4589eab2e14264dc4eb7fe656656aab6c76fe7ddedaeb035137da1f44037a6315f4ca8a87c54b36e79b73c51ad61bd36fddaa52f56ca92dbd547f31e85"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0xd7, 0x4, "7298ceeed4c859f2f68f0a54ff96d0c3c01f8eea9f51065b745d1ea5d4c87aa1569174457219c0a7366b3bbb426dc1ca1f3b8380ec7a0ef105d38480bcaf81152ee230cf95eb66115c0e6bab40ed04286125500262ed935ad5775586d6e65b1b07ec3fc1e57583acc3b28b894a93e07ffa3c3cad02dbaf7df451e214e8cf9394fb67b4d306daebc7983ae29bc856102d2d56328b6b00487adde40bc27bedb8d58156b1b73c7fd7a3ca4af7de7bd8e45a3f281bbf396e78a02796149b32e06f6722aea0dbcf479a2162a11894dfc38394bdab41"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8}, @ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x4}]}]}, 0x17ec}, 0x1, 0x0, 0x0, 0x40001}, 0x60008c5)
r6 = socket(0x10, 0x3, 0x4)
recvmsg$unix(r6, &(0x7f0000000600)={&(0x7f0000000300)=@abs, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000380)=""/90, 0x5a}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/76, 0x4c}, {&(0x7f00000017c0)=""/4096, 0x1000}, {&(0x7f00000027c0)=""/4096, 0x1000}], 0x5, &(0x7f0000000500)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r7=>0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xe0}, 0x2001)
sendmsg$nl_route_sched(r7, &(0x7f00000006c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000680)={&(0x7f00000037c0)=@deltaction={0x188, 0x31, 0x300, 0x70bd29, 0x25dfdbff, {}, [@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0xa, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}]}, @TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3a}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3ff}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}]}, @TCA_ACT_TAB={0x4}, @TCA_ACT_TAB={0x3c, 0x1, [{0xc, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0x10, 0x17, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}, @TCA_ACT_TAB={0x18, 0x1, [{0x14, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}, @TCA_ACT_TAB={0x60, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3d}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x101}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}]}, @TCA_ACT_TAB={0x38, 0x1, [{0xc, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x101}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0x10, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x20000084}, 0x40)
sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x70, 0x14, 0x200, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x8}}, [@TCA_STAB={0x4c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, {0xa, 0x2, [0x0, 0xffc0, 0x1]}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x70}}, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @multicast1}, 0x1c})
sendmsg$nl_route(r6, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10030400}, 0xc, &(0x7f0000000280)={&(0x7f00000000c0)=@bridge_setlink={0x40, 0x13, 0x2, 0x70bd2a, 0x25dfdbfd, {0x7, 0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_IFNAME={0x14, 0x3, 'nr0\x00'}, @IFLA_IFALIASn={0x4}, @IFLA_LINK_NETNSID={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x801}, 0x44011)

19:14:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xffffffef}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:52 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4788]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf]}]}}]}, 0x434}}, 0x0)

19:14:52 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xfffffff0}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:52 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0x400c00)
write$UHID_CREATE(r0, &(0x7f0000000300)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000200)=""/244, 0xf4, 0x3, 0x401, 0xfff, 0x8, 0x7}}, 0x120)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00'/20, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000440008801c000100000000000000000000000000000000000000000000000000040002001c000100090e0800000000000000000000000000000000000000000004000200"], 0x68}}, 0x0)
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000), 0x10)

[ 3286.306366][T21954] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=21954 comm=syz-executor.5
[ 3286.327393][T21974] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=21974 comm=syz-executor.5
19:14:53 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0xfffffffe}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:53 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000000]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 5:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff})
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000600)={r2, &(0x7f0000000400)="84960e430593be92e0c2b3ea123ee9e6260530828fb465d944b18c5371a930eafc2f0e0f47504fe7ff5db37e61c4d07227b1552d082bf89a9f83af0e3f50ceb74b015fc35c3f2e5e596531afb73e25be7c877ca9ef3e02e96bf3e6a565c876639858f18bcd91de62c77be5dbdcc6e87922b1cd5cdf31ae291d99ad54d634b7baafc7b7ab63b0dbb73aa3b7f03e899cdd978434719df962918afb59d300b0ec12c2c13caa6e0b52d9986e89ba71ea5288ae2bfc310638b8a8152773004241d2cd97ebae86c0a2547cf3edeed648b027aa495f0aae85c0a2645aaf004ff09995c25d", &(0x7f0000000500)=@buf="c4459247fd0b9f37f9f5a2d2a5491042e8a7b43b79345cb8611aebee45af92a6804a5f538d882818a498cb4ef30468222f11ad3c9e3758ef2c8bfa552011dc79a4aa07951b98331e34aa258ed506112d1ac8e88dff3f0a2479ddabddc0a1e0ba1ee6f3d6a6889974748ce54604dc19d725f0681f196b5062958f1cdd3156f402e6580946a81e0e056b5baf654e536c9a02c473664bc6b16bb2baa9542bde1094746b8fcff7c207a686f5bd611d6c794618ac2041bc93628009fd0c4a54471b4f98b821d85bce05"}, 0x20)
r3 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, [@alu={0x4, 0x0, 0x9, 0x1, 0x4, 0x10, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0xe1, &(0x7f0000000200)=""/225, 0x41100, 0x1, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f00000000c0)={0x7, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x5, 0xf, 0x7, 0x3}, 0x10, 0x59ce, r0}, 0x78)
r4 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x12}]}}]}, 0x434}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000700)={'gretap0\x00', &(0x7f0000000640)={'tunl0\x00', r9, 0x7, 0x8000, 0x3, 0x8, {{0x28, 0x4, 0x2, 0x1, 0xa0, 0x66, 0x0, 0x0, 0x2f, 0x0, @empty, @loopback, {[@timestamp_prespec={0x44, 0x1c, 0x50, 0x3, 0xe, [{@private=0xa010102, 0x1}, {@private=0xa010102, 0x1f}, {@multicast1, 0x8}]}, @ssrr={0x89, 0x1f, 0x4d, [@broadcast, @dev={0xac, 0x14, 0x14, 0x2c}, @empty, @empty, @broadcast, @private=0xa010100, @rand_addr=0x64010100]}, @timestamp_addr={0x44, 0x1c, 0x8a, 0x1, 0x0, [{@loopback, 0x5}, {@local, 0xfff}, {@loopback, 0x20}]}, @timestamp_addr={0x44, 0x34, 0xd2, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x40}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xd94}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4}, {@private=0xa010100, 0x81}, {@multicast1, 0x2}]}]}}}}})

19:14:53 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:53 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x2}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:53 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 5:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
fallocate(r0, 0x73, 0x2, 0x8)
write$cgroup_int(r1, &(0x7f0000000200), 0x400c00)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/keys\x00', 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_ext={0x1c, 0x6, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x10001}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @call={0x85, 0x0, 0x0, 0x7c}, @generic={0x6, 0x5, 0x5, 0xd3, 0x1}]}, &(0x7f0000000040)='syzkaller\x00', 0x8977, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x1, 0x6, 0xfffffffb}, 0x10, 0x215d7, r2}, 0x78)

19:14:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x3}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:53 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81ffffff]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000095000000000000008bd54c0000000000100000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x4, &(0x7f0000000080)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000bc0)={0x0, 0x59, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0xc044000}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000800)={{0x1, 0x1, 0x18, <r6=>r3}, './file0\x00'})
getsockname$packet(r6, &(0x7f0000000840)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000880)=0x14)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a80)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000f94521ce31024efaf5f69c78f0e52e08d7ab98d1654f9dd4cdd155a20ba908ab46563e1f97e48a70bc9ecd723ff5ccae587f92e2133deac7432638df26fce7b676fd675d2de781f6071a493f54a4453f5aa8507a7cfba82be8ec600695bc425d04f5051a4abb37b6c52a6ac0552e60f5e6e759ddab172c", @ANYRES32=r7, @ANYBLOB="01000000000000000000676500000000000000000000a629c71224b8780983bccc2b5ecca4b14e2ef5132a1f694ce75c6a5fcbeff21c7401cdef0c01402683648bb326ca183a83acc908c612837cea248c6da4ca8f63767482bb6ba7f141000099dfb93bc8586daaf714657ee70d5acd87b083"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000900)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000008c0)={&(0x7f0000000740)=@getqdisc={0x38, 0x26, 0x800, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xd, 0xb}, {0x2, 0xd}, {0x7, 0x7}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f00000009c0)={'ip6tnl0\x00', &(0x7f0000000940)={'syztnl0\x00', <r8=>r7, 0x4, 0x2, 0xf7, 0x514, 0x2, @private1, @local, 0x7800, 0x700, 0x7fff, 0x4}})
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000a00)=@newqdisc={0x4c, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}, @TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_PTAB={0x404, 0x12}]}}]}, 0x434}}, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private1, @in=@empty, 0x4e21, 0x8a, 0x4e24, 0x3, 0xa, 0x80, 0x20, 0x2b, r7}, {0x8, 0x7, 0x2, 0x0, 0x8, 0x7, 0x101, 0x81}, {0x4, 0x646cded5, 0x7ff, 0x4}, 0x100, 0x6e6bbb, 0x1, 0x1, 0x2, 0x2}, {{@in=@remote, 0x4d3, 0x6c}, 0x2, @in=@rand_addr=0x64010102, 0x3506, 0x0, 0x2, 0x1, 0x3e, 0xd0, 0x1}}, 0xe8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='block_split\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='block_bio_queue\x00', r0}, 0x10)

19:14:53 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x4}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:53 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}]}}]}, 0x434}}, 0x0)

[ 3286.817709][T22848] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=38 sclass=netlink_tcpdiag_socket pid=22848 comm=syz-executor.5
19:14:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:53 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12c]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:53 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 5:
r0 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff}, './file0\x00'})
sendfile(r0, r1, &(0x7f0000000040)=0x9, 0x1f)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0xc}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:53 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x301201, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0x400c00)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1a, 0x7, 0x3f, 0xffffffff, 0xa00, r0, 0x8000, '\x00', 0x0, r1, 0x0, 0x4, 0x1}, 0x40)

19:14:53 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0xf}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:53 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1845f435e57b00e20f8de19645e04700000095000000001091004000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:53 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:53 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
ioctl$sock_ipv6_tunnel_SIOCDELPRL(0xffffffffffffffff, 0x89f6, &(0x7f0000002000)={'ip6tnl0\x00', &(0x7f0000001f80)={'ip6_vti0\x00', <r0=>0x0, 0x4, 0x7f, 0xcc, 0x3, 0xe2, @private0, @local, 0x7, 0x7, 0x637e}})
pipe(&(0x7f0000002040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_dev$vcsa(&(0x7f0000000540), 0x488, 0x40001)
recvfrom$packet(r3, &(0x7f0000000580)=""/78, 0x4e, 0x2000, &(0x7f0000000600)={0x11, 0x1a, r0, 0x1, 0x1, 0x6, @multicast}, 0x14)
r4 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
ioctl(r4, 0xfff, &(0x7f0000000200)="cb2b12ec8501ecf6ba2e1aeddaf95914f371b8af1b87e16a8b9115b109b70390a424f998a40eb377c4ae6fe1fc5f2761e1e8a46fa55f1ad6305c73488afa5ecd27d1770901314fd7808ffe035ddf49efe0abeae6a830a044d1db5b742ba198affa064cf6e789f3de1a834afb310e326201e8f4a1f9444266598ff94a0a128a0f7fe34b77a7cbdd259d6e2d04012f7a1f2d233dd7914899d1b7e139996c11004a7847ff95dce8636005da6254e4ef03b2f168795e37abb67ad7ea56c5d5384a44e2fa9d07d45fb528c9e2335de834d80546b0e117d9b5288abe1072f7231191e5")
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r5, 0x8982, &(0x7f0000000300)={0x2, 'veth0_to_team\x00', {0xfffffff9}, 0x1})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002100)=@bpf_tracing={0x1a, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa6}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, @jmp={0x5, 0x1, 0xa, 0x1, 0x3, 0x0, 0x10}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}, @func={0x85, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f00000000c0)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x40f00, 0x0, '\x00', r0, 0x19, r2, 0x8, &(0x7f0000002080)={0x9, 0x4}, 0x8, 0x10, &(0x7f00000020c0)={0x4, 0x5, 0x0, 0x15}, 0x10, 0x2c1c7}, 0x78)

19:14:53 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x1c}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:54 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c4b40]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 5:
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r0=>0x0})
r1 = fork()
ptrace(0x10, r1)
r2 = getpid()
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x0, r2})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000800)=[{{&(0x7f0000000280)=@abs, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000300)=""/52, 0x34}, {&(0x7f0000000340)=""/253, 0xfd}], 0x2, &(0x7f0000000480)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f00000004c0)=@abs, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000540)=""/251, 0xfb}, {&(0x7f0000000640)=""/226, 0xe2}], 0x2, &(0x7f0000000780)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r3=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}}], 0x2, 0x40000042, 0x0)
r4 = fork()
ptrace(0x10, r4)
clock_gettime(0x0, &(0x7f0000000f00)={<r5=>0x0, <r6=>0x0})
recvmmsg$unix(r3, &(0x7f0000000e80)=[{{&(0x7f0000000880), 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000900)=""/252, 0xfc}, {&(0x7f0000000a00)=""/55, 0x37}, {&(0x7f0000000a40)=""/122, 0x7a}], 0x3, &(0x7f0000000b00)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x58}}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000b80)=""/138, 0x8a}, {&(0x7f0000000c40)=""/186, 0xba}], 0x2, &(0x7f0000000d40)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="14000000000000000100000001000000", @ANYRES32, @ANYBLOB="0000000018000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000002c000000000000000100000001000000", @ANYRES32, @ANYRES32=<r7=>0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="925fe062844bbee8fddaf4c500000000decc0001", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32], 0x118}}], 0x2, 0x0, &(0x7f0000000f40)={r5, r6+10000000})
r8 = getpid()
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x0, r8})
r9 = getpid()
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x0, r9})
r10 = getpid()
fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x0, r10})
fcntl$getown(r7, 0x9)
r11 = getpgrp(0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000f80)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042bbd7000fddbdf253100000008000100680000000c009900020000005f00000008000300", @ANYRES32=r0, @ANYBLOB='\b\x00R\x00', @ANYRES32=r11, @ANYBLOB="080001007100000008000300", @ANYRES32=0x0, @ANYBLOB="38000300", @ANYRES32=0x0, @ANYBLOB="627cfad3e050c681fbcbdd44647973ede721c9d8fbd958e7"], 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:54 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3593c5cb]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x60}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:54 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b4000000000000000afff91c10c240e21985667156720852eed0ba54ce0d378e5ecc4ac7480cb122db9ad6fec333592c93a3cfd9d8"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x300}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:54 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 5:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000a2ff2c5d2a4cbdc21e1c091eeb7e6e23004f464af89b0000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='rxrpc_rtt_tx\x00', r0}, 0x10)

19:14:54 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39360000]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x9, 0x3, &(0x7f0000000040)=ANY=[@ANYRESDEC=0x0], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:54 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0xc00}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:54 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, [@generic={0x1f, 0x8, 0x4, 0x4, 0x40}, @exit]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)

19:14:54 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0xf00}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:54 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x65580000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}]}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x2c, r1, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x800)

19:14:54 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000]}]}}]}, 0x434}}, 0x0)

19:14:54 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x1c00}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:55 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x6000}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:55 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0x63c8}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:55 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x65580000]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000001e000000070000ffde000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000740), 0x4)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x9, 0xe, 0x8}}, {0x4}}]}]}, 0x68}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHG6RD(0xffffffffffffffff, 0x89fb, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'ip6_vti0\x00', <r2=>0x0, 0x6, 0x18, 0x1, 0x40, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8, 0x8, 0x25, 0x1}})
bind$packet(r1, &(0x7f00000003c0)={0x11, 0x5, r2, 0x1, 0x7, 0x6, @multicast}, 0x14)
r3 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x615}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001cc0)=ANY=[@ANYBLOB="850000000800000027000000000000009500000000000000a579753dec29fe276240f076000753bc7b952ab5ad939c40c5f89f8b5c13a24800a26b3c68cea54994e702d609331ab3c70aa6b030ed69efddccea3e793e8287051d4f5fef499e2a4ce758601229b94574e7825441222e81748b4ee09cc6d847ef6943a143669ef5fc545ab7ffef72fd2ca305f386142d7835f213e7ff0b00001731859eba975d4a1809acbc7b716441ef6bac34d0c99d62456cc766ae4825548e085c7866d7ac33165a2178a5c647457a8713e7b70a85bbdb078320eafa48d43c96aebc3da20d188f590ec28e549e8e3d4fe60c9fea00000000000100019efc0060c9e1263ca5507f633b5b0402ffa95acb51428785ae09fdae241f51f7ff22745696f1ffe2ca9ed226213275a566ae3f64fb2dfe777d16832bbb703ea39868fcf0fe11894d2c876e4809a16ce03ba31d2e364151341d1008ae03265f8f99ae15d9b711f4b6746dce6ec1ce34d2e2d5241435b5ddc91e9e99ad6b9cbe55e294f5b1e5dc8f1c7bdd3cf375c0f8ffffffffffffff0f0cb39bc98d678d7e258d5d74a133278866780ddac5fe771e6ae67da6e2df4a560436fa3cb7598f923c7316bb7c31f8e867734a5a66f0465d7183fc05c0d804ac719fa87f64cd637deb88254e9ded8cb00c1276b1aaffb3cf86fb92efc51802cdd76a73fd639edea01662abbc567a9db53997aa9abd409b5cb990ea1bc76127057ad3ae000000000000000000000000000000000000000000444e477613181b1c6fb1f9c3cb0f5b0a187994d25c55dd04442f2f739ce0b3e4377f3d9887cdf898a4463717adcf4c5d83e93d581b815950e21279f8bcb5167247a3987501000000000000006c6ea752b63551125eda435b0100008000000000a77508c2cd9fb2636db3abed6453179e3ca03bd3a3dbc4b61dbbfce11ce2d9dbeb6844a883481972a1379d22fb6ea97a4f734953d3697cad93d588172c99700fc4f2983edf5d8bb2ec6dc0cc7537d94819cad6ea1f872d0000000000ddad9444a6f712c20fd0d908c376316a7b26cbaad28bc703c9492f01de1f5d2093213aa1354e783b15f627834d840c6738f8916b80cc0b0582a3aa02553979e47bdf3716228c4ff4676997286042b43c6cb7e2a01a16ae5757072574afadf69c2a40ed57025b5a3897db7f94e8d5ba14fd018c5b302942916cf713ad3470923c05dd08f199314e3c9a00a378771ee3c704a39478497b79f4ea1f031cd8432a27bc2cb985d55dc9dda125e9f2a1b5b0b83cd1d13fefd1c9cbd59763825fd88381f9060663b6197051686e5c0946a848dd6fe8dba37b22239ce7207ccb00f104154b8c33f9c4851e4161239223b4053cc0f712cde893385f15ced02202d9e896e73cb4392d24c508663b51195ac52ca07b4ce16beefd9be78caffc64c68de6018fa4b13619a671f76da83fd582861468f3224a125944d017cfb4472bb6b67e8256eaa48bbb0335ce3509aacc0a8aa4e9b7be7904c39f77851af626ca757eeba451bd40547f3cd4bb6e30f34cd4710ccceac91a96edf443dea386f8adbf3610c50da7c06f9d1c110b4e0858aeff023adfc6582dd8b64189e700309b0f784b3097792da9f5026ea86f0ccd4ba3c744fb92a6ce4ca85ab5267b90e77dc3bfd980ca2a6a9cf45733bfceae94ad61dbec5c9137561f964ca2c3032a7bc0dfccb9f1ebf86048fd0bfb459de888783be74553f0964bad81139aaa6fb9ebb3d100e6622da98cadc1d79fa3faf122d47b536a03917aac4c738aea879c5a5c7b24ff98830bfba533487c618e65138b6888ca0b65b76c1cd287b7c0b8a2"], &(0x7f0000000000)='GPL\x00', 0x5, 0xfd39, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
r5 = bpf$ITER_CREATE(0x21, &(0x7f00000007c0), 0x8)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000062c0)={r4, 0xc0, &(0x7f0000006200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001b80)=0x100000007f, 0x0, <r6=>0x0, 0x0, &(0x7f0000001bc0)={0x7, 0x2}, 0x0, 0x0, 0x0, &(0x7f0000001c40), 0x0, 0x0, 0x0, 0x0, &(0x7f0000001c80)=0x4}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000006300)={0x17, 0xb, &(0x7f0000000800)=@raw=[@generic={0xe9, 0x5, 0xb, 0x0, 0x7fff}, @ldst={0x1, 0x0, 0x6, 0x2, 0xa, 0x18, 0xffffffffffffffff}, @generic={0x3f, 0x0, 0x2, 0x8000, 0x10001}, @ldst={0x3, 0x0, 0x2, 0x407b9baefe281d1b, 0x6, 0x8, 0xfffffffffffffff0}, @ldst={0x3, 0x3, 0x0, 0x7, 0x8, 0xffffffffffffffff, 0x4}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x1}, @map={0x18, 0x5, 0x1, 0x0, r5}, @generic={0x24, 0x4, 0x0, 0x4, 0x7fffffff}, @ldst={0x3, 0x0, 0x6, 0x9, 0x1, 0x100, 0x10}], &(0x7f0000000880)='GPL\x00', 0xc0cb, 0x19, &(0x7f00000008c0)=""/25, 0x41100, 0x0, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x8, &(0x7f0000001b00)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000001b40)={0x0, 0xf, 0x9, 0x3f}, 0x40, r6, r0}, 0x78)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r7, &(0x7f0000000200), 0x400c00)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0x1, &(0x7f0000000000)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x2}], &(0x7f0000000040)='GPL\x00', 0x20, 0x67, &(0x7f0000000200)=""/103, 0x41000, 0x11, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0x4, 0x20, 0x4}, 0x10, r6, r7}, 0x78)

19:14:55 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0xd, 0x0, 0x0, 0x0, 0xc863}}, {0x4}}]}]}, 0x68}}, 0x0)

19:14:55 executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x4, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81000000]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 1:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 0:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe4b]}]}}]}, 0x434}}, 0x0)

19:14:55 executing program 3:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x434, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb00]}]}}]}, 0x434}}, 0x0)

[ 3293.642949][T25513] validate_nla: 77 callbacks suppressed
[ 3293.642967][T25513] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[ 3293.664673][T25515] __nla_validate_parse: 159 callbacks suppressed
[ 3293.664690][T25515] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 3293.714559][T25516] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[ 3339.769218][ T1800] ==================================================================
[ 3339.777341][ T1800] BUG: KCSAN: data-race in do_sync_mmap_readahead / do_sync_mmap_readahead
[ 3339.785947][ T1800] 
[ 3339.788265][ T1800] write to 0xffff888102cafa98 of 8 bytes by task 1797 on cpu 0:
[ 3339.795880][ T1800]  do_sync_mmap_readahead+0x2cf/0x370
[ 3339.801240][ T1800]  filemap_fault+0x267/0xa10
[ 3339.805822][ T1800]  handle_mm_fault+0xba6/0x1590
[ 3339.810711][ T1800]  do_user_addr_fault+0x609/0xbe0
[ 3339.815749][ T1800]  exc_page_fault+0x91/0x290
[ 3339.820333][ T1800]  asm_exc_page_fault+0x1e/0x30
[ 3339.825178][ T1800] 
[ 3339.827494][ T1800] write to 0xffff888102cafa98 of 8 bytes by task 1800 on cpu 1:
[ 3339.835112][ T1800]  do_sync_mmap_readahead+0x2cf/0x370
[ 3339.840487][ T1800]  filemap_fault+0x267/0xa10
[ 3339.845078][ T1800]  handle_mm_fault+0xba6/0x1590
[ 3339.849913][ T1800]  do_user_addr_fault+0x609/0xbe0
[ 3339.854922][ T1800]  exc_page_fault+0x91/0x290
[ 3339.859496][ T1800]  asm_exc_page_fault+0x1e/0x30
[ 3339.864330][ T1800] 
[ 3339.866637][ T1800] value changed: 0x0000000000000033 -> 0x0000000000000aa5
[ 3339.873731][ T1800] 
[ 3339.876063][ T1800] Reported by Kernel Concurrency Sanitizer on:
[ 3339.882202][ T1800] CPU: 1 PID: 1800 Comm: syz-fuzzer Tainted: G        W         5.15.0-syzkaller #0
[ 3339.891561][ T1800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 3339.901781][ T1800] ==================================================================