syzkaller login: [  292.566411][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  304.513814][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  304.581791][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  345.183733][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:39202' (ECDSA) to the list of known hosts.
1970/01/01 00:06:18 fuzzer started
1970/01/01 00:06:32 dialing manager at localhost:38403
[  400.036964][ T2043] cgroup: Unknown subsys name 'net'
[  401.394627][ T2043] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:06:41 syscalls: 2819
1970/01/01 00:06:41 code coverage: enabled
1970/01/01 00:06:41 comparison tracing: enabled
1970/01/01 00:06:41 extra coverage: enabled
1970/01/01 00:06:41 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:06:41 setuid sandbox: enabled
1970/01/01 00:06:41 namespace sandbox: enabled
1970/01/01 00:06:41 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:06:41 fault injection: enabled
1970/01/01 00:06:41 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:06:41 net packet injection: enabled
1970/01/01 00:06:41 net device setup: enabled
1970/01/01 00:06:41 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:06:41 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:06:41 USB emulation: enabled
1970/01/01 00:06:41 hci packet injection: /dev/vhci does not exist
1970/01/01 00:06:41 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:06:41 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:06:41 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:06:49 fetching corpus: 50, signal 43225/46535 (executing program)
1970/01/01 00:06:55 fetching corpus: 100, signal 53440/58169 (executing program)
1970/01/01 00:06:58 fetching corpus: 149, signal 61970/67954 (executing program)
1970/01/01 00:07:01 fetching corpus: 199, signal 69305/76506 (executing program)
1970/01/01 00:07:04 fetching corpus: 249, signal 76450/84793 (executing program)
1970/01/01 00:07:09 fetching corpus: 299, signal 82348/91782 (executing program)
1970/01/01 00:07:13 fetching corpus: 349, signal 88997/99384 (executing program)
1970/01/01 00:07:15 fetching corpus: 399, signal 94707/105985 (executing program)
1970/01/01 00:07:19 fetching corpus: 448, signal 97653/109939 (executing program)
1970/01/01 00:07:22 fetching corpus: 498, signal 100736/113977 (executing program)
1970/01/01 00:07:27 fetching corpus: 548, signal 109562/123166 (executing program)
1970/01/01 00:07:30 fetching corpus: 598, signal 112320/126790 (executing program)
1970/01/01 00:07:33 fetching corpus: 648, signal 115217/130504 (executing program)
1970/01/01 00:07:36 fetching corpus: 698, signal 118234/134287 (executing program)
1970/01/01 00:07:39 fetching corpus: 748, signal 120672/137558 (executing program)
1970/01/01 00:07:42 fetching corpus: 798, signal 123529/141106 (executing program)
1970/01/01 00:07:44 fetching corpus: 848, signal 125560/143904 (executing program)
1970/01/01 00:07:46 fetching corpus: 898, signal 126708/145866 (executing program)
1970/01/01 00:07:50 fetching corpus: 948, signal 129872/149535 (executing program)
1970/01/01 00:07:53 fetching corpus: 998, signal 132069/152389 (executing program)
1970/01/01 00:07:55 fetching corpus: 1048, signal 133606/154612 (executing program)
1970/01/01 00:07:59 fetching corpus: 1098, signal 136413/157802 (executing program)
1970/01/01 00:08:05 fetching corpus: 1148, signal 138270/160195 (executing program)
1970/01/01 00:08:09 fetching corpus: 1198, signal 140846/163216 (executing program)
1970/01/01 00:08:15 fetching corpus: 1247, signal 143082/165878 (executing program)
1970/01/01 00:08:19 fetching corpus: 1296, signal 145765/168879 (executing program)
1970/01/01 00:08:21 fetching corpus: 1346, signal 147143/170789 (executing program)
1970/01/01 00:08:24 fetching corpus: 1396, signal 148814/172893 (executing program)
1970/01/01 00:08:29 fetching corpus: 1445, signal 150348/174914 (executing program)
1970/01/01 00:08:31 fetching corpus: 1495, signal 151510/176583 (executing program)
1970/01/01 00:08:34 fetching corpus: 1545, signal 152553/178165 (executing program)
1970/01/01 00:08:38 fetching corpus: 1595, signal 157144/182381 (executing program)
1970/01/01 00:08:41 fetching corpus: 1645, signal 158953/184515 (executing program)
1970/01/01 00:08:44 fetching corpus: 1695, signal 162941/188246 (executing program)
1970/01/01 00:08:59 fetching corpus: 1745, signal 165596/190844 (executing program)
1970/01/01 00:09:03 fetching corpus: 1794, signal 167048/192561 (executing program)
1970/01/01 00:09:05 fetching corpus: 1844, signal 169575/194991 (executing program)
1970/01/01 00:09:08 fetching corpus: 1894, signal 170736/196465 (executing program)
1970/01/01 00:09:12 fetching corpus: 1944, signal 172026/198038 (executing program)
1970/01/01 00:09:14 fetching corpus: 1994, signal 173000/199353 (executing program)
1970/01/01 00:09:18 fetching corpus: 2043, signal 174858/201244 (executing program)
1970/01/01 00:09:20 fetching corpus: 2093, signal 175969/202610 (executing program)
1970/01/01 00:09:23 fetching corpus: 2143, signal 177245/204073 (executing program)
1970/01/01 00:09:25 fetching corpus: 2193, signal 179047/205804 (executing program)
1970/01/01 00:09:27 fetching corpus: 2243, signal 181131/207696 (executing program)
1970/01/01 00:09:31 fetching corpus: 2293, signal 182512/209213 (executing program)
1970/01/01 00:09:33 fetching corpus: 2343, signal 183398/210313 (executing program)
1970/01/01 00:09:35 fetching corpus: 2393, signal 184892/211766 (executing program)
1970/01/01 00:09:40 fetching corpus: 2443, signal 187575/213925 (executing program)
1970/01/01 00:09:42 fetching corpus: 2493, signal 188595/215066 (executing program)
1970/01/01 00:09:46 fetching corpus: 2543, signal 189550/216148 (executing program)
1970/01/01 00:09:48 fetching corpus: 2593, signal 192039/218116 (executing program)
1970/01/01 00:09:52 fetching corpus: 2642, signal 193242/219308 (executing program)
1970/01/01 00:09:55 fetching corpus: 2692, signal 193904/220173 (executing program)
1970/01/01 00:09:59 fetching corpus: 2742, signal 194999/221227 (executing program)
1970/01/01 00:10:02 fetching corpus: 2792, signal 197076/222815 (executing program)
1970/01/01 00:10:05 fetching corpus: 2842, signal 197915/223689 (executing program)
1970/01/01 00:10:09 fetching corpus: 2892, signal 198950/224673 (executing program)
1970/01/01 00:10:12 fetching corpus: 2942, signal 199626/225493 (executing program)
1970/01/01 00:10:14 fetching corpus: 2992, signal 200405/226384 (executing program)
1970/01/01 00:10:17 fetching corpus: 3042, signal 204247/228752 (executing program)
1970/01/01 00:10:21 fetching corpus: 3091, signal 205836/229931 (executing program)
1970/01/01 00:10:25 fetching corpus: 3141, signal 207440/231138 (executing program)
1970/01/01 00:10:30 fetching corpus: 3191, signal 208548/232021 (executing program)
1970/01/01 00:10:34 fetching corpus: 3241, signal 209127/232593 (executing program)
1970/01/01 00:10:37 fetching corpus: 3291, signal 209985/233340 (executing program)
1970/01/01 00:10:39 fetching corpus: 3341, signal 210782/234038 (executing program)
1970/01/01 00:10:42 fetching corpus: 3391, signal 211924/234952 (executing program)
1970/01/01 00:10:44 fetching corpus: 3441, signal 213077/235844 (executing program)
1970/01/01 00:10:50 fetching corpus: 3491, signal 213785/236470 (executing program)
1970/01/01 00:10:53 fetching corpus: 3541, signal 214817/237255 (executing program)
1970/01/01 00:10:56 fetching corpus: 3591, signal 215833/237994 (executing program)
1970/01/01 00:10:59 fetching corpus: 3641, signal 217111/238787 (executing program)
1970/01/01 00:11:02 fetching corpus: 3691, signal 218032/239503 (executing program)
1970/01/01 00:11:05 fetching corpus: 3741, signal 218960/240159 (executing program)
1970/01/01 00:11:08 fetching corpus: 3791, signal 219500/240681 (executing program)
1970/01/01 00:11:12 fetching corpus: 3841, signal 220302/241259 (executing program)
1970/01/01 00:11:15 fetching corpus: 3891, signal 220854/241758 (executing program)
1970/01/01 00:11:18 fetching corpus: 3941, signal 221824/242408 (executing program)
1970/01/01 00:11:20 fetching corpus: 3991, signal 222402/242882 (executing program)
1970/01/01 00:11:23 fetching corpus: 4041, signal 223156/243397 (executing program)
1970/01/01 00:11:26 fetching corpus: 4091, signal 223651/243871 (executing program)
1970/01/01 00:11:30 fetching corpus: 4141, signal 224444/244374 (executing program)
1970/01/01 00:11:33 fetching corpus: 4191, signal 225863/245082 (executing program)
1970/01/01 00:11:36 fetching corpus: 4241, signal 226718/245546 (executing program)
1970/01/01 00:11:39 fetching corpus: 4291, signal 227718/246111 (executing program)
1970/01/01 00:11:42 fetching corpus: 4341, signal 228364/246512 (executing program)
1970/01/01 00:11:44 fetching corpus: 4391, signal 229047/246909 (executing program)
1970/01/01 00:11:47 fetching corpus: 4441, signal 229818/247321 (executing program)
1970/01/01 00:11:49 fetching corpus: 4491, signal 231735/248060 (executing program)
1970/01/01 00:11:52 fetching corpus: 4541, signal 232584/248454 (executing program)
1970/01/01 00:11:56 fetching corpus: 4590, signal 233157/248774 (executing program)
1970/01/01 00:11:59 fetching corpus: 4640, signal 233734/249093 (executing program)
1970/01/01 00:12:02 fetching corpus: 4690, signal 234515/249439 (executing program)
1970/01/01 00:12:04 fetching corpus: 4740, signal 235752/249864 (executing program)
1970/01/01 00:12:07 fetching corpus: 4790, signal 236258/250128 (executing program)
1970/01/01 00:12:11 fetching corpus: 4840, signal 237431/250540 (executing program)
1970/01/01 00:12:14 fetching corpus: 4890, signal 238480/250900 (executing program)
1970/01/01 00:12:17 fetching corpus: 4940, signal 239172/251188 (executing program)
1970/01/01 00:12:19 fetching corpus: 4990, signal 239820/251433 (executing program)
1970/01/01 00:12:23 fetching corpus: 5040, signal 240480/251656 (executing program)
1970/01/01 00:12:26 fetching corpus: 5090, signal 241127/251906 (executing program)
1970/01/01 00:12:29 fetching corpus: 5140, signal 241943/252158 (executing program)
1970/01/01 00:12:33 fetching corpus: 5190, signal 242575/252370 (executing program)
1970/01/01 00:12:37 fetching corpus: 5238, signal 243266/252568 (executing program)
1970/01/01 00:12:41 fetching corpus: 5288, signal 243918/252779 (executing program)
1970/01/01 00:12:44 fetching corpus: 5338, signal 244896/253012 (executing program)
1970/01/01 00:12:47 fetching corpus: 5388, signal 246147/253276 (executing program)
1970/01/01 00:12:50 fetching corpus: 5438, signal 247128/253466 (executing program)
1970/01/01 00:12:54 fetching corpus: 5488, signal 247727/253587 (executing program)
1970/01/01 00:12:55 fetching corpus: 5497, signal 247803/253646 (executing program)
1970/01/01 00:12:55 fetching corpus: 5497, signal 247803/253688 (executing program)
1970/01/01 00:12:55 fetching corpus: 5497, signal 247803/253735 (executing program)
1970/01/01 00:12:56 fetching corpus: 5497, signal 247803/253793 (executing program)
1970/01/01 00:12:56 fetching corpus: 5497, signal 247803/253842 (executing program)
1970/01/01 00:12:56 fetching corpus: 5497, signal 247803/253886 (executing program)
1970/01/01 00:12:56 fetching corpus: 5497, signal 247803/253931 (executing program)
1970/01/01 00:12:56 fetching corpus: 5497, signal 247803/254000 (executing program)
1970/01/01 00:12:57 fetching corpus: 5497, signal 247803/254056 (executing program)
1970/01/01 00:12:57 fetching corpus: 5497, signal 247803/254120 (executing program)
1970/01/01 00:12:57 fetching corpus: 5497, signal 247803/254169 (executing program)
1970/01/01 00:12:57 fetching corpus: 5497, signal 247803/254215 (executing program)
1970/01/01 00:12:57 fetching corpus: 5497, signal 247803/254262 (executing program)
1970/01/01 00:12:58 fetching corpus: 5497, signal 247803/254310 (executing program)
1970/01/01 00:12:58 fetching corpus: 5497, signal 247803/254357 (executing program)
1970/01/01 00:12:58 fetching corpus: 5497, signal 247803/254412 (executing program)
1970/01/01 00:12:58 fetching corpus: 5497, signal 247803/254427 (executing program)
1970/01/01 00:12:58 fetching corpus: 5497, signal 247803/254427 (executing program)
1970/01/01 00:14:50 starting 2 fuzzer processes
00:14:50 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000940)={0x30, r1, 0x40d, 0x0, 0x0, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}}, 0x0)

00:14:50 executing program 1:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

[  924.604110][ T2057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  924.746390][ T2057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  927.207975][ T2056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  927.334267][ T2056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  939.099319][ T2057] device hsr_slave_0 entered promiscuous mode
[  939.165815][ T2057] device hsr_slave_1 entered promiscuous mode
[  941.409199][ T2056] device hsr_slave_0 entered promiscuous mode
[  941.457726][ T2056] device hsr_slave_1 entered promiscuous mode
[  941.528866][ T2056] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  941.537030][ T2056] Cannot create hsr debugfs directory
[  948.806488][ T2057] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  949.158891][ T2057] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  949.438186][ T2057] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  949.815984][ T2057] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  951.873547][ T2056] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  952.109012][ T2056] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  952.296438][ T2056] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  952.477192][ T2056] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  963.288137][ T2057] 8021q: adding VLAN 0 to HW filter on device bond0
[  964.501213][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  964.604098][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  966.924038][ T2056] 8021q: adding VLAN 0 to HW filter on device bond0
[  967.598053][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  967.674099][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  975.806622][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  975.859309][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  976.177576][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  976.206662][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  976.502590][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  976.657826][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  977.319475][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  977.506225][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  977.836415][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  977.958946][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  978.232787][ T2057] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  978.526043][ T2678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  978.577576][ T2678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  979.193147][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  979.266024][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  979.433049][ T2678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  979.742816][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  979.748200][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  979.988450][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  980.843079][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  980.895676][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  981.344611][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  981.373673][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  981.693918][ T2056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  983.177170][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  983.205925][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1001.116898][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1001.135688][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1003.652658][ T2678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1003.687592][ T2678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1011.006714][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1011.127539][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1011.362250][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1011.404882][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1011.605901][ T2057] device veth0_vlan entered promiscuous mode
[ 1012.841654][ T2057] device veth1_vlan entered promiscuous mode
[ 1015.382377][ T2057] device veth0_macvtap entered promiscuous mode
[ 1015.855014][ T2057] device veth1_macvtap entered promiscuous mode
[ 1015.985115][ T2681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1016.073465][ T2681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1016.148487][ T2681] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1016.349257][ T2296] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1017.885684][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1017.937871][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1018.044290][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1018.127869][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1018.267453][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1018.343475][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1018.639387][ T2056] device veth0_vlan entered promiscuous mode
[ 1018.985060][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1019.094237][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1019.476461][ T2057] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.487629][ T2057] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.504870][ T2057] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1019.507101][ T2057] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1020.003668][ T2056] device veth1_vlan entered promiscuous mode
[ 1024.093143][ T2056] device veth0_macvtap entered promiscuous mode
[ 1024.329520][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1024.422050][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1024.818657][ T2681] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1024.959494][ T2056] device veth1_macvtap entered promiscuous mode
[ 1027.225887][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1027.324311][ T2680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1027.728340][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1027.797220][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1028.138499][ T2056] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1028.161669][ T2056] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1028.163591][ T2056] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1028.165235][ T2056] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
00:17:15 executing program 1:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

00:17:18 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000940)={0x30, r1, 0x40d, 0x0, 0x0, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}}, 0x0)

00:17:21 executing program 1:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

00:17:23 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000940)={0x30, r1, 0x40d, 0x0, 0x0, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}}, 0x0)

00:17:26 executing program 1:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

00:17:26 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000940)={0x30, r1, 0x40d, 0x0, 0x0, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}}, 0x0)

00:17:31 executing program 0:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

00:17:31 executing program 1:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

[ 1056.708842][ T2774] syz-executor.0: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0
[ 1056.788288][ T2774] CPU: 0 PID: 2774 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[ 1056.792903][ T2774] Hardware name: riscv-virtio,qemu (DT)
[ 1056.795235][ T2774] Call Trace:
[ 1056.796591][ T2774] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[ 1056.798093][ T2774] [<ffffffff831668cc>] show_stack+0x34/0x40
[ 1056.799467][ T2774] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[ 1056.801700][ T2774] [<ffffffff83175742>] dump_stack+0x1c/0x24
[ 1056.803197][ T2774] [<ffffffff80417ab6>] warn_alloc+0x170/0x212
[ 1056.804625][ T2774] [<ffffffff8040c8de>] __vmalloc_node_range+0xa36/0xab2
[ 1056.806001][ T2774] [<ffffffff8040cdae>] vzalloc+0x76/0x8c
[ 1056.807361][ T2774] [<ffffffff80d7409e>] n_tty_open+0x28/0xf4
[ 1056.808773][ T2774] [<ffffffff80d7dde8>] tty_ldisc_setup+0x88/0x136
[ 1056.810787][ T2774] [<ffffffff80d70ff2>] tty_init_dev.part.0+0x162/0x362
[ 1056.813065][ T2774] [<ffffffff80d7125e>] tty_init_dev+0x6c/0x70
[ 1056.814601][ T2774] [<ffffffff80d86b64>] ptmx_open+0x11e/0x276
[ 1056.815936][ T2774] [<ffffffff804d21b0>] chrdev_open+0x1d4/0x478
[ 1056.817290][ T2774] [<ffffffff804bed6c>] do_dentry_open+0x2a4/0x7d4
[ 1056.818642][ T2774] [<ffffffff804c22ce>] vfs_open+0x52/0x5e
[ 1056.820645][ T2774] [<ffffffff804ecc4c>] path_openat+0x12b6/0x189e
[ 1056.822826][ T2774] [<ffffffff804efc60>] do_filp_open+0x10e/0x22a
[ 1056.824206][ T2774] [<ffffffff804c2a46>] do_sys_openat2+0x174/0x31e
[ 1056.825584][ T2774] [<ffffffff804c3446>] sys_openat+0xdc/0x164
[ 1056.827014][ T2774] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[ 1056.866029][ T2774] Mem-Info:
[ 1056.867843][ T2774] active_anon:47 inactive_anon:47114 isolated_anon:0
[ 1056.867843][ T2774]  active_file:1833 inactive_file:3794 isolated_file:0
[ 1056.867843][ T2774]  unevictable:768 dirty:13 writeback:0
[ 1056.867843][ T2774]  slab_reclaimable:5365 slab_unreclaimable:23306
[ 1056.867843][ T2774]  mapped:10422 shmem:818 pagetables:366 bounce:0
[ 1056.867843][ T2774]  kernel_misc_reclaimable:0
[ 1056.867843][ T2774]  free:238977 free_pcp:1205 free_cma:4096
[ 1056.912954][ T2774] Node 0 active_anon:188kB inactive_anon:188456kB active_file:7332kB inactive_file:15176kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:41688kB dirty:52kB writeback:0kB shmem:3272kB writeback_tmp:0kB kernel_stack:2816kB pagetables:1464kB all_unreclaimable? no
[ 1056.938127][ T2774] Node 0 DMA32 free:955908kB boost:0kB min:4684kB low:6056kB high:7428kB reserved_highatomic:0KB active_anon:188kB inactive_anon:188456kB active_file:7332kB inactive_file:15176kB unevictable:3072kB writepending:52kB present:2095104kB managed:1375480kB mlocked:0kB bounce:0kB free_pcp:4784kB local_pcp:2948kB free_cma:16384kB
[ 1057.045366][ T2774] lowmem_reserve[]: 0 0 0
[ 1057.048115][ T2774] Node 0 DMA32: 143*4kB (UME) 37*8kB (ME) 12*16kB (ME) 17*32kB (UM) 5*64kB (UME) 3*128kB (UM) 3*256kB (UME) 1*512kB (M) 0*1024kB 3*2048kB (UME) 231*4096kB (MC) = 955908kB
[ 1057.352351][ T2774] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1057.354072][ T2774] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1057.355634][ T2774] 6445 total pagecache pages
[ 1057.356689][ T2774] 0 pages in swap cache
[ 1057.357651][ T2774] Swap cache stats: add 0, delete 0, find 0/0
[ 1057.358833][ T2774] Free swap  = 0kB
[ 1057.417913][ T2774] Total swap = 0kB
[ 1057.419339][ T2774] 523776 pages RAM
[ 1057.434781][ T2774] 0 pages HighMem/MovableOnly
[ 1057.435944][ T2774] 179906 pages reserved
[ 1057.436928][ T2774] 4096 pages cma reserved
[ 1057.507331][ T2774] ptm ptm1: ldisc open failed (-12), clearing slot 1
00:17:37 executing program 0:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

00:17:38 executing program 1:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

00:17:42 executing program 0:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

00:17:43 executing program 1:
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(0xffffffffffffffff, 0x8008af26, 0xe9002)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x40a6071, 0xffffffffffffffff, 0x0)
munlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
ioctl$TCXONC(r0, 0x540f, 0xea007)
msync(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4)

00:17:49 executing program 1:
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = dup(r0)
bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmsg$rds(r0, &(0x7f0000001800)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001740)=[@rdma_args={0x48, 0x114, 0x3, {{}, {0x0}, 0x0}}], 0x48}, 0x0)

00:17:49 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)

00:17:52 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)

00:17:52 executing program 1:
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = dup(r0)
bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmsg$rds(r0, &(0x7f0000001800)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001740)=[@rdma_args={0x48, 0x114, 0x3, {{}, {0x0}, 0x0}}], 0x48}, 0x0)

00:17:56 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)

00:17:58 executing program 1:
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = dup(r0)
bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmsg$rds(r0, &(0x7f0000001800)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001740)=[@rdma_args={0x48, 0x114, 0x3, {{}, {0x0}, 0x0}}], 0x48}, 0x0)

00:17:59 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)

00:18:01 executing program 1:
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = dup(r0)
bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmsg$rds(r0, &(0x7f0000001800)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001740)=[@rdma_args={0x48, 0x114, 0x3, {{}, {0x0}, 0x0}}], 0x48}, 0x0)

00:18:06 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x30, 0x2, 0x9, 0x3, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x30}}, 0x0)

00:18:06 executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000000)=0x6, 0x4)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000001180)=@ieee802154={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x80)

[ 1088.845089][ T2806] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
00:18:08 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x30, 0x2, 0x9, 0x3, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x30}}, 0x0)

00:18:09 executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000000)=0x6, 0x4)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000001180)=@ieee802154={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x80)

[ 1092.504131][ T2810] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
00:18:12 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x30, 0x2, 0x9, 0x3, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x30}}, 0x0)

00:18:13 executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000000)=0x6, 0x4)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000001180)=@ieee802154={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x80)

[ 1095.556308][ T2813] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
00:18:15 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x30, 0x2, 0x9, 0x3, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x30}}, 0x0)

00:18:15 executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000000)=0x6, 0x4)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000001180)=@ieee802154={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x80)

[ 1099.365887][ T2819] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
00:18:19 executing program 1:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x30, 0x2, 0x9, 0x3, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x30}}, 0x0)

[ 1102.857960][ T2821] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
00:18:22 executing program 0:
socket(0x27, 0x0, 0x0)

00:18:22 executing program 1:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x30, 0x2, 0x9, 0x3, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x30}}, 0x0)

00:18:24 executing program 0:
socket(0x27, 0x0, 0x0)

[ 1106.053895][ T2825] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
00:18:25 executing program 1:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x30, 0x2, 0x9, 0x3, 0x0, 0x0, {}, [@NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x30}}, 0x0)

00:18:27 executing program 0:
socket(0x27, 0x0, 0x0)

[ 1109.058432][ T2829] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
00:18:29 executing program 1:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:30 executing program 0:
socket(0x27, 0x0, 0x0)

00:18:32 executing program 1:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:32 executing program 0:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:35 executing program 1:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:36 executing program 0:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:38 executing program 1:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:39 executing program 0:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:40 executing program 1:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:42 executing program 0:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:43 executing program 1:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:46 executing program 0:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:50 executing program 1:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:51 executing program 0:
r0 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$user(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, &(0x7f00000001c0)="9c", 0x1, r0)
r2 = add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, &(0x7f00000003c0)='2', 0x1, r0)
r3 = request_key(&(0x7f0000000840)='user\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r1, r2}, 0x0, 0x0, 0x0)

00:18:56 executing program 1:
setuid(0xee00)
setreuid(0x0, 0x0)

00:18:59 executing program 0:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
pread64(r0, &(0x7f0000001640)=""/4096, 0x1000, 0x7)

00:19:02 executing program 1:
setuid(0xee00)
setreuid(0x0, 0x0)

00:19:04 executing program 0:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
pread64(r0, &(0x7f0000001640)=""/4096, 0x1000, 0x7)

00:19:06 executing program 1:
setuid(0xee00)
setreuid(0x0, 0x0)

00:19:07 executing program 0:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
pread64(r0, &(0x7f0000001640)=""/4096, 0x1000, 0x7)

00:19:09 executing program 1:
setuid(0xee00)
setreuid(0x0, 0x0)

00:19:11 executing program 0:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
pread64(r0, &(0x7f0000001640)=""/4096, 0x1000, 0x7)

00:19:11 executing program 1:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
pread64(r0, &(0x7f0000001640)=""/4096, 0x1000, 0x7)

00:19:15 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000000)={{{@in, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in6=@private1}}, 0x14a)

00:19:15 executing program 1:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
pread64(r0, &(0x7f0000001640)=""/4096, 0x1000, 0x7)

00:19:17 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000000)={{{@in, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in6=@private1}}, 0x14a)

00:19:18 executing program 1:
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
pread64(r0, &(0x7f0000001640)=""/4096, 0x1000, 0x7)

00:19:20 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000000)={{{@in, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in6=@private1}}, 0x14a)

00:19:23 executing program 1:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
prctl$PR_SET_MM_EXE_FILE(0x1c, 0xd, 0xffffffffffffffff)

00:19:23 executing program 0:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000000)={{{@in, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in6=@private1}}, 0x14a)

00:19:26 executing program 1:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
prctl$PR_SET_MM_EXE_FILE(0x1c, 0xd, 0xffffffffffffffff)

00:19:27 executing program 0:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
prctl$PR_SET_MM_EXE_FILE(0x1c, 0xd, 0xffffffffffffffff)

00:19:29 executing program 1:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
prctl$PR_SET_MM_EXE_FILE(0x1c, 0xd, 0xffffffffffffffff)

00:19:30 executing program 0:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
prctl$PR_SET_MM_EXE_FILE(0x1c, 0xd, 0xffffffffffffffff)

00:19:33 executing program 1:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
prctl$PR_SET_MM_EXE_FILE(0x1c, 0xd, 0xffffffffffffffff)

00:19:34 executing program 0:
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000080))
ioctl$NS_GET_PARENT(r0, 0x5460, 0xec000)
prctl$PR_SET_MM_EXE_FILE(0x1c, 0xd, 0xffffffffffffffff)

00:19:35 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, &(0x7f0000000140))

00:19:39 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, &(0x7f0000000140))

00:19:39 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x30, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x30}}, 0x0)

00:19:42 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x30, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x30}}, 0x0)

00:19:42 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, &(0x7f0000000140))

00:19:45 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x30, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x30}}, 0x0)

00:19:46 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, 0x0, &(0x7f0000000140))

00:19:49 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x30, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x30}}, 0x0)

00:19:50 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
getpeername$netlink(r0, &(0x7f0000000000), &(0x7f00000000c0)=0xc)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32, @ANYBLOB="0000000000000000280012800a000100767863616e00000018000280140001"], 0x48}}, 0x0)

[ 1195.258230][    C0] ==================================================================
[ 1195.263382][    C0] BUG: KASAN: use-after-free in walk_stackframe+0x11c/0x260
[ 1195.265277][    C0] Read of size 8 at addr ffffaf802034be60 by task syz-executor.1/2921
[ 1195.267010][    C0] 
[ 1195.268656][    C0] CPU: 0 PID: 2921 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[ 1195.270372][    C0] Hardware name: riscv-virtio,qemu (DT)
[ 1195.271816][    C0] Call Trace:
[ 1195.272790][    C0] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[ 1195.274070][    C0] [<ffffffff831668cc>] show_stack+0x34/0x40
[ 1195.275330][    C0] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[ 1195.276834][    C0] [<ffffffff8047479e>] print_address_description.constprop.0+0x2a/0x330
[ 1195.278684][    C0] [<ffffffff80474d4c>] kasan_report+0x184/0x1e0
[ 1195.281115][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[ 1195.283240][    C0] [<ffffffff8000a052>] walk_stackframe+0x11c/0x260
[ 1195.284880][    C0] [<ffffffff8000a4a4>] arch_stack_walk+0x2c/0x3c
[ 1195.286402][    C0] [<ffffffff80162ac8>] stack_trace_save+0xa6/0xd8
[ 1195.288061][    C0] [<ffffffff80473abe>] kasan_save_stack+0x2c/0x58
[ 1195.289740][    C0] 
[ 1195.290995][    C0] Allocated by task 11:
[ 1195.292281][    C0] (stack is not available)
[ 1195.293103][    C0] 
[ 1195.293793][    C0] Last potentially related work creation:
[ 1195.294735][    C0] ------------[ cut here ]------------
[ 1195.295749][    C0] slab index 432092 out of bounds (337) for stack id 040697dc
[ 1195.301040][    C0] WARNING: CPU: 0 PID: 2921 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70
[ 1195.303269][    C0] Modules linked in:
[ 1195.304668][    C0] CPU: 0 PID: 2921 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[ 1195.306452][    C0] Hardware name: riscv-virtio,qemu (DT)
[ 1195.307771][    C0] epc : stack_depot_print+0x66/0x70
[ 1195.309308][    C0]  ra : stack_depot_print+0x66/0x70
[ 1195.311649][    C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf802034bd20
[ 1195.312984][    C0]  gp : ffffffff85863ac0 tp : ffffaf800ce0c8c0 t0 : ffffffff86bcb657
[ 1195.314209][    C0]  t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf802034bd30
[ 1195.315527][    C0]  s1 : ffffaf807af57d18 a0 : 000000000000003b a1 : 00000000000f0000
[ 1195.317029][    C0]  a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 776248205322e400
[ 1195.318554][    C0]  a5 : 776248205322e400 a6 : 0000000000f00000 a7 : ffffaf805a9c8863
[ 1195.320629][    C0]  s2 : ffffaf802034be60 s3 : ffffaf80072e9000 s4 : ffffaf802034be00
[ 1195.322802][    C0]  s5 : ffffaf802034bea8 s6 : 0000000000003fff s7 : ffffaf802034be00
[ 1195.324130][    C0]  s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf802034bee0
[ 1195.325468][    C0]  s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c
[ 1195.326628][    C0]  t5 : fffff5ef0b53910d t6 : ffffaf802034b818
[ 1195.327702][    C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003
[ 1195.329002][    C0] [<ffffffff80474a70>] print_address_description.constprop.0+0x2fc/0x330
[ 1195.331180][    C0] [<ffffffff80474d4c>] kasan_report+0x184/0x1e0
[ 1195.332826][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[ 1195.334036][    C0] [<ffffffff8000a052>] walk_stackframe+0x11c/0x260
[ 1195.335481][    C0] [<ffffffff8000a4a4>] arch_stack_walk+0x2c/0x3c
[ 1195.336951][    C0] [<ffffffff80162ac8>] stack_trace_save+0xa6/0xd8
[ 1195.338444][    C0] [<ffffffff80473abe>] kasan_save_stack+0x2c/0x58
[ 1195.340732][    C0] irq event stamp: 3861
[ 1195.342177][    C0] hardirqs last  enabled at (3860): [<ffffffff831afd54>] _raw_spin_unlock_irqrestore+0x68/0x98
[ 1195.344214][    C0] hardirqs last disabled at (3861): [<ffffffff831afa4e>] _raw_spin_lock_irqsave+0x60/0x62
[ 1195.346083][    C0] softirqs last  enabled at (3768): [<ffffffff831b0bd0>] __do_softirq+0x618/0x8fc
[ 1195.347990][    C0] softirqs last disabled at (3817): [<ffffffff80061288>] __irq_exit_rcu+0x142/0x1f8
[ 1195.349980][    C0] ---[ end trace 0000000000000000 ]---
[ 1195.352287][    C0] 
[ 1195.353140][    C0] Second to last potentially related work creation:
[ 1195.354785][    C0] ------------[ cut here ]------------
[ 1195.355812][    C0] slab index 2094576 out of bounds (337) for stack id 1ffff5f0
[ 1195.359824][    C0] WARNING: CPU: 0 PID: 2921 at lib/stackdepot.c:304 stack_depot_print+0x66/0x70
[ 1195.361897][    C0] Modules linked in:
[ 1195.363075][    C0] CPU: 0 PID: 2921 Comm: syz-executor.1 Tainted: G        W         5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[ 1195.364594][    C0] Hardware name: riscv-virtio,qemu (DT)
[ 1195.365644][    C0] epc : stack_depot_print+0x66/0x70
[ 1195.367036][    C0]  ra : stack_depot_print+0x66/0x70
[ 1195.368482][    C0] epc : ffffffff80c00b8a ra : ffffffff80c00b8a sp : ffffaf802034bd20
[ 1195.370074][    C0]  gp : ffffffff85863ac0 tp : ffffaf800ce0c8c0 t0 : ffffffff86bcb657
[ 1195.372292][    C0]  t1 : fffff5ef0b53910c t2 : 0000000000000000 s0 : ffffaf802034bd30
[ 1195.373782][    C0]  s1 : ffffaf807af57d18 a0 : 000000000000003c a1 : 00000000000f0000
[ 1195.375148][    C0]  a2 : 0000000000000505 a3 : ffffffff8012252a a4 : 776248205322e400
[ 1195.376514][    C0]  a5 : 776248205322e400 a6 : 0000000000f00000 a7 : ffffaf805a9c8863
[ 1195.377880][    C0]  s2 : ffffaf802034be60 s3 : ffffaf80072e9000 s4 : ffffaf802034be00
[ 1195.379363][    C0]  s5 : ffffaf802034bea8 s6 : 0000000000003fff s7 : ffffaf802034be00
[ 1195.381858][    C0]  s8 : 0000000000400000 s9 : ffffffffffffc000 s10: ffffaf802034bee0
[ 1195.384330][    C0]  s11: 0000000000000008 t3 : fffffffff3f3f300 t4 : fffff5ef0b53910c
[ 1195.385697][    C0]  t5 : fffff5ef0b53910d t6 : ffffaf802034b818
[ 1195.386891][    C0] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003
[ 1195.388228][    C0] [<ffffffff80474a22>] print_address_description.constprop.0+0x2ae/0x330
[ 1195.390464][    C0] [<ffffffff80474d4c>] kasan_report+0x184/0x1e0
[ 1195.392095][    C0] [<ffffffff80475b20>] __asan_load8+0x6e/0x96
[ 1195.393483][    C0] [<ffffffff8000a052>] walk_stackframe+0x11c/0x260
[ 1195.395045][    C0] [<ffffffff8000a4a4>] arch_stack_walk+0x2c/0x3c
[ 1195.396518][    C0] [<ffffffff80162ac8>] stack_trace_save+0xa6/0xd8
[ 1195.398023][    C0] [<ffffffff80473abe>] kasan_save_stack+0x2c/0x58
[ 1195.399344][    C0] irq event stamp: 3861
[ 1195.400359][    C0] hardirqs last  enabled at (3860): [<ffffffff831afd54>] _raw_spin_unlock_irqrestore+0x68/0x98
[ 1195.402048][    C0] hardirqs last disabled at (3861): [<ffffffff831afa4e>] _raw_spin_lock_irqsave+0x60/0x62
[ 1195.403512][    C0] softirqs last  enabled at (3768): [<ffffffff831b0bd0>] __do_softirq+0x618/0x8fc
[ 1195.404888][    C0] softirqs last disabled at (3817): [<ffffffff80061288>] __irq_exit_rcu+0x142/0x1f8
[ 1195.406618][    C0] ---[ end trace 0000000000000000 ]---
[ 1195.407790][    C0] 
[ 1195.408563][    C0] The buggy address belongs to the object at ffffaf802034be00
[ 1195.408563][    C0]  which belongs to the cache fs_cache of size 168
[ 1195.410920][    C0] The buggy address is located 96 bytes inside of
[ 1195.410920][    C0]  168-byte region [ffffaf802034be00, ffffaf802034bea8)
[ 1195.412953][    C0] The buggy address belongs to the page:
[ 1195.414519][    C0] page:ffffaf807af57d18 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffaf802034b400 pfn:0xa054b
[ 1195.416552][    C0] flags: 0xa000000200(slab|section=20|node=0|zone=0)
[ 1195.419301][    C0] raw: 000000a000000200 ffffaf807aace2b0 0000000000000007 ffffaf80072e9000
[ 1195.421443][    C0] raw: ffffaf802034b400 0000000080100000 00000001ffffffff 0000000000000000
[ 1195.422609][    C0] raw: 00000000000007ff
[ 1195.423496][    C0] page dumped because: kasan: bad access detected
[ 1195.424661][    C0] page_owner tracks the page as allocated
[ 1195.425736][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 2061, ts 933194771600, free_ts 933074337100
[ 1195.428132][    C0]  __set_page_owner+0x48/0x136
[ 1195.429668][    C0]  post_alloc_hook+0xd0/0x10a
[ 1195.431415][    C0]  get_page_from_freelist+0x8da/0x12d8
[ 1195.432790][    C0]  __alloc_pages+0x150/0x3b6
[ 1195.434283][    C0]  alloc_pages+0x132/0x2a6
[ 1195.435624][    C0]  alloc_slab_page.constprop.0+0xc2/0xfa
[ 1195.437072][    C0]  new_slab+0x76/0x2cc
[ 1195.438357][    C0]  ___slab_alloc+0x56e/0x918
[ 1195.439779][    C0]  __slab_alloc.constprop.0+0x50/0x8c
[ 1195.441591][    C0]  kmem_cache_alloc+0x39c/0x3de
[ 1195.442787][    C0]  copy_fs_struct+0x3a/0x158
[ 1195.443893][    C0]  copy_process+0x2400/0x3c34
[ 1195.445059][    C0]  kernel_clone+0xee/0x920
[ 1195.446375][    C0]  kernel_thread+0xf8/0x130
[ 1195.447711][    C0]  call_usermodehelper_exec_work+0xc8/0x122
[ 1195.449176][    C0]  process_one_work+0x654/0xffe
[ 1195.451149][    C0] page last free stack trace:
[ 1195.452631][    C0]  __reset_page_owner+0x4a/0xea
[ 1195.453799][    C0]  free_pcp_prepare+0x29c/0x45e
[ 1195.454859][    C0]  free_unref_page_list+0x148/0x7fe
[ 1195.456108][    C0]  release_pages+0x3f0/0xad0
[ 1195.457370][    C0]  free_pages_and_swap_cache+0x74/0x86
[ 1195.458787][    C0]  tlb_finish_mmu+0xe8/0x29a
[ 1195.460637][    C0]  exit_mmap+0x170/0x412
[ 1195.462314][    C0]  mmput+0xee/0x2c2
[ 1195.463420][    C0]  do_exit+0x6f2/0x18fc
[ 1195.464419][    C0]  do_group_exit+0x90/0x17e
[ 1195.465604][    C0]  __wake_up_parent+0x0/0x4a
[ 1195.466844][    C0]  ret_from_syscall+0x0/0x2
[ 1195.468314][    C0] 
[ 1195.469148][    C0] Memory state around the buggy address:
[ 1195.471507][    C0]  ffffaf802034bd00: 00 00 00 00 00 00 00 00 00 00 00 00 fb fb fb fb
[ 1195.472995][    C0]  ffffaf802034bd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 1195.474296][    C0] >ffffaf802034be00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1195.475506][    C0]                                                        ^
[ 1195.476683][    C0]  ffffaf802034be80: fb fb fb fb fb fc fc fc f1 f1 f1 f1 00 00 00 f3
[ 1195.477845][    C0]  ffffaf802034bf00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 1195.479071][    C0] ==================================================================
[ 1195.480874][    C0] Disabling lock debugging due to kernel taint
[ 1195.484664][ T2921] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[ 1195.486111][ T2921] CPU: 0 PID: 2921 Comm: syz-executor.1 Tainted: G    B   W         5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[ 1195.487702][ T2921] Hardware name: riscv-virtio,qemu (DT)
[ 1195.488569][ T2921] Call Trace:
[ 1195.489235][ T2921] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[ 1195.491226][ T2921] [<ffffffff831668cc>] show_stack+0x34/0x40
[ 1195.492493][ T2921] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[ 1195.493827][ T2921] [<ffffffff83175742>] dump_stack+0x1c/0x24
[ 1195.495098][ T2921] [<ffffffff83166fa8>] panic+0x24a/0x634
[ 1195.496248][ T2921] [<ffffffff831a688a>] schedule+0x0/0x14c
[ 1195.497461][ T2921] [<ffffffff831a70f8>] preempt_schedule_irq+0x4a/0x13e
[ 1195.498825][ T2921] [<ffffffff800057cc>] resume_kernel+0x16/0x18
[ 1195.501110][ T2921] SMP: stopping secondary CPUs
[ 1195.504082][ T2921] Rebooting in 86400 seconds..

VM DIAGNOSIS:
05:38:19  Registers:
info registers vcpu 0
 pc       ffffffff801229fc
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80112e3c
 sepc     ffffffff831afd22
 mcause   8000000000000007
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff801229f8 x2/sp ffffaf802034b920 x3/gp ffffffff85863ac0
 x4/tp ffffaf800ce0c8c0 x5/t0 ffffffff86bdb8b8 x6/t1 fffff5ef0406972c x7/t2 0000000000000000
 x8/s0 ffffaf802034b9f0 x9/s1 ffffaf802034bae0 x10/a0 0000000000000000 x11/a1 00000000000f0000
 x12/a2 0000000000000505 x13/a3 ffffffff801229f8 x14/a4 ffffaf800ce0c8c0 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 ffffaf802034b967 x18/s2 0000000000000020 x19/s3 ffffaf802034bae8
 x20/s4 ffffffff85889780 x21/s5 1ffff5f004069728 x22/s6 ffffffff84b3da68 x23/s7 00000000ffffe353
 x24/s8 00000000ffffe353 x25/s9 1ffff5f00406974c x26/s10 ffffffff85889780 x27/s11 ffffaf802034bae0
 x28/t3 1ffff5f004069794 x29/t4 fffff5ef0406972c x30/t5 fffff5ef0406972d x31/t6 ffffffff86bdb8bb
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff8011295c
 mhartid  0000000000000001
 mstatus  00000000000001a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff8000569e
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff831a18d8 x2/sp ffffaf800750bad0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800ec748c0 x5/t0 0000000000046000 x6/t1 776248205322e400 x7/t2 00007fffc2b7c1b7
 x8/s0 ffffaf800750bb30 x9/s1 ffffffff836290e0 x10/a0 0000000000000120 x11/a1 00000000000f0000
 x12/a2 1ffff5f001d8ea4e x13/a3 ffffffff8176b8ea x14/a4 0000000000000000 x15/a5 ffffffff85799fd2
 x16/a6 0000000000f00000 x17/a7 ffffffff8176b8f4 x18/s2 ffffffff84b78280 x19/s3 ffffffff84b73ec0
 x20/s4 ffffaf800ec758c0 x21/s5 ffffffff831a2658 x22/s6 0000000000000000 x23/s7 ffffffff86c1a628
 x24/s8 ffffffff8176b8f4 x25/s9 ffffffff85889780 x26/s10 0000000000000000 x27/s11 ffffaf800ec748c0
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f000ea172c x31/t6 0000000000000000
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000