last executing test programs:

1.063328936s ago: executing program 0 (id=1739):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x2, 0x1, 0x0, 0x0, 0x200}, 0x3a)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0x8, 0x4)

916.465356ms ago: executing program 0 (id=1744):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x44, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x76b60f1}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_STA_TX_POWER_SETTING={0x5}, @NL80211_ATTR_STA_FLAGS={0x8, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_AUTHENTICATED={0x4}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004c8c1}, 0x0)

859.720856ms ago: executing program 0 (id=1747):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
r1 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x1)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000200)={<r2=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x5}, 0x8)
sendmsg$inet_sctp(r3, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)='N', 0x1}], 0x1}, 0x4000891)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="b6c9f7e595b809a2b371bb6ca7dd7a403a7ec53e512cbf88767c7532812d4cff061b215d74930094e27d3d0629a8e6411d86c425f7bb18ff9048857d25b42b2add5be0e50d4bd7f4a0047e737bc0828156e909456580974e814c9cb7e7910dab33eb7c9fa1f983"], 0x8)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3b}}, {0x2, 0x4e21, @private=0xa010101}, {0x2, 0x4e24, @rand_addr=0x64010101}, 0x104, 0x0, 0x0, 0x0, 0x6e, &(0x7f0000000000)='pimreg\x00', 0x2, 0xc, 0xfffe})
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000000)={@remote, 0x35, r2})
r6 = socket(0xa, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
ioctl(r5, 0x8916, &(0x7f0000000000))
ioctl(r6, 0x8936, &(0x7f0000000000))
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000001005000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a32"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x7, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8b30, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x18}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})

858.594148ms ago: executing program 0 (id=1750):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000020000000000000000000001"], 0x0, 0x2a}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xa, &(0x7f0000000900)=ANY=[@ANYBLOB="180000000000000000000000000000001840000004000000000000000000000095000000000000009500000000000000950036000000000018400000feffffff480000000000000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x34, &(0x7f0000000100)=""/198, 0x41000, 0x0, '\x00', 0x0, 0x0, r0, 0x9, 0x0, 0x0, 0x10, &(0x7f0000000980), 0x10}, 0x94)

809.673564ms ago: executing program 0 (id=1753):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
listen(r0, 0x6)
setsockopt$inet_tcp_int(r0, 0x6, 0x17, &(0x7f0000000040), 0x4)

740.161163ms ago: executing program 0 (id=1755):
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
socket(0x2, 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)
pipe(&(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$cgroup_subtree(r1, &(0x7f0000000240)=ANY=[], 0xa)
ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0x9)
splice(r0, 0x0, r3, 0x0, 0xb11, 0x9)

355.594268ms ago: executing program 2 (id=1771):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e21, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30, 0x180}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={0x0, 0x7}, 0x8)

298.709235ms ago: executing program 2 (id=1773):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x54}}, 0x0)

250.181369ms ago: executing program 2 (id=1775):
r0 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000100)={<r1=>0x0, @initdev}, &(0x7f0000000140)=0xc)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x3, 0x55, @vifc_lcl_ifindex=r1, @empty}, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
unshare(0x2000a00)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_emit_ethernet(0x4a, &(0x7f00000005c0)={@broadcast, @multicast, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "d172f5", 0x10, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @mcast2, {[], @ni={0xc46ee13d8e75c188, 0x0, 0x0, 0xc2, 0x2, 0x9}}}}}}, 0x0)
r3 = socket(0x23, 0x80000, 0x6)
getsockopt$llc_int(r3, 0x10c, 0x2, &(0x7f0000000080), &(0x7f0000000180)=0x4)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x724d}}}, 0x32)

199.981262ms ago: executing program 2 (id=1778):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_RT_KEY={0x8}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd4}}, 0x0)

199.793078ms ago: executing program 2 (id=1779):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x1c, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b704000002ec0000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000008000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

129.819029ms ago: executing program 2 (id=1781):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='veth1_to_bond\x00', 0x10)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c)

129.639406ms ago: executing program 1 (id=1782):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r1, &(0x7f00000001c0)="c84b1ecc52", &(0x7f0000000100)=@tcp6=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20)

129.408404ms ago: executing program 1 (id=1783):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r0, r1, 0x5, 0x0, @void}, 0x10)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000240)={r2, r0, 0x4, r3}, 0x10)

74.861865ms ago: executing program 1 (id=1784):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a697000000005000400000000000900020073797a3000000000240007800c0002800800014080ffffff0c0001800800014080ffffff050014002000000005000500020000000500010006"], 0x6c}}, 0x0)

74.645046ms ago: executing program 1 (id=1785):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="020100070d000000ffffffff0000000003000500000000000200000000000000004000000000000005001a0000000000000000000000000000000000ac1414aa00000000000000000000000010001004030006003320000002"], 0x68}}, 0x0)

190.641µs ago: executing program 1 (id=1786):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0xb4}]}]}, 0x58}}, 0x2)

0s ago: executing program 1 (id=1787):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=@delsa={0x28, 0x11, 0x1, 0x70bd2c, 0x25dfdbfe, {@in6=@remote, 0x4d3, 0x8, 0xff}}, 0x28}}, 0x840)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:51928' (ED25519) to the list of known hosts.
syzkaller login: [   56.521814][ T5823] cgroup: Unknown subsys name 'net'
[   56.645589][ T5823] cgroup: Unknown subsys name 'cpuset'
[   56.651825][ T5823] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.465640][ T5823] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.680486][ T5237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.687366][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.690271][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.694047][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.697064][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.700328][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.703945][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.733910][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.739754][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.745435][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.829416][ T5854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.833938][ T5854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.838015][ T5854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.842666][ T5854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.848751][ T5854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.029556][ T5852] chnl_net:caif_netlink_parms(): no params data found
[   64.206791][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.210029][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.215819][ T5852] bridge_slave_0: entered allmulticast mode
[   64.220098][ T5852] bridge_slave_0: entered promiscuous mode
[   64.226361][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.229598][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.233096][ T5852] bridge_slave_1: entered allmulticast mode
[   64.237269][ T5852] bridge_slave_1: entered promiscuous mode
[   64.260460][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   64.309675][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.355402][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.421777][ T5852] team0: Port device team_slave_0 added
[   64.447883][ T5852] team0: Port device team_slave_1 added
[   64.452576][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   64.502823][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.505776][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.508623][ T5848] bridge_slave_0: entered allmulticast mode
[   64.514594][ T5848] bridge_slave_0: entered promiscuous mode
[   64.519490][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.522767][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.531339][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.551647][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.554235][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.557128][ T5848] bridge_slave_1: entered allmulticast mode
[   64.560346][ T5848] bridge_slave_1: entered promiscuous mode
[   64.564359][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.567126][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.578051][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.647068][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.688164][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.698068][ T5852] hsr_slave_0: entered promiscuous mode
[   64.702255][ T5852] hsr_slave_1: entered promiscuous mode
[   64.722806][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.725465][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.728295][ T5857] bridge_slave_0: entered allmulticast mode
[   64.733198][ T5857] bridge_slave_0: entered promiscuous mode
[   64.738306][ T5848] team0: Port device team_slave_0 added
[   64.753992][ T5848] team0: Port device team_slave_1 added
[   64.764143][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.767081][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.769868][ T5857] bridge_slave_1: entered allmulticast mode
[   64.774197][ T5857] bridge_slave_1: entered promiscuous mode
[   64.842876][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.846504][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.848690][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.856945][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.863164][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.865289][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.874044][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.887642][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.925320][ T5857] team0: Port device team_slave_0 added
[   64.956906][ T5857] team0: Port device team_slave_1 added
[   65.050492][ T5848] hsr_slave_0: entered promiscuous mode
[   65.062851][ T5848] hsr_slave_1: entered promiscuous mode
[   65.065727][ T5848] debugfs: 'hsr0' already exists in 'hsr'
[   65.068088][ T5848] Cannot create hsr debugfs directory
[   65.073164][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.076115][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.087548][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.094186][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.096986][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.107339][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.157292][ T5857] hsr_slave_0: entered promiscuous mode
[   65.159973][ T5857] hsr_slave_1: entered promiscuous mode
[   65.162984][ T5857] debugfs: 'hsr0' already exists in 'hsr'
[   65.165298][ T5857] Cannot create hsr debugfs directory
[   65.299108][ T5852] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.321941][ T5852] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.355060][ T5852] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.368875][ T5852] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.518137][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.542947][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.556343][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.568369][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.657962][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.680362][ T5857] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.693831][ T5857] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.707359][ T5852] 8021q: adding VLAN 0 to HW filter on device team0
[   65.712042][ T5853] Bluetooth: hci1: command tx timeout
[   65.716582][ T5857] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.723875][ T5857] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.742453][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.745546][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.768395][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.771502][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.790855][ T5853] Bluetooth: hci0: command tx timeout
[   65.844483][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.871798][ T5853] Bluetooth: hci2: command tx timeout
[   65.888785][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   65.909477][ T3863] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.912525][ T3863] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.931972][ T3863] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.934974][ T3863] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.015649][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.026272][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.063462][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   66.084309][ T3863] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.087274][ T3863] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.108536][ T3863] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.111738][ T3863] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.138196][ T5852] veth0_vlan: entered promiscuous mode
[   66.177155][ T5852] veth1_vlan: entered promiscuous mode
[   66.189361][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.250330][ T5852] veth0_macvtap: entered promiscuous mode
[   66.274261][ T5852] veth1_macvtap: entered promiscuous mode
[   66.309232][ T5848] veth0_vlan: entered promiscuous mode
[   66.316836][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.329509][ T5848] veth1_vlan: entered promiscuous mode
[   66.338441][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.368809][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.375288][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.386631][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.397155][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.404167][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.427437][ T5848] veth0_macvtap: entered promiscuous mode
[   66.453432][ T5848] veth1_macvtap: entered promiscuous mode
[   66.513371][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.553243][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.556312][ T5857] veth0_vlan: entered promiscuous mode
[   66.571935][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.575117][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.590254][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.596798][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.621886][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.625508][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.637747][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.645335][ T5857] veth1_vlan: entered promiscuous mode
[   66.649041][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.715258][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.726421][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.734230][ T5857] veth0_macvtap: entered promiscuous mode
[   66.764974][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.768362][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.775148][ T5857] veth1_macvtap: entered promiscuous mode
[   66.783349][ T5852] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.805873][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.820341][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.854339][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.859387][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.864564][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.868007][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.908141][ T5914] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2'.
[   67.029304][ T3863] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.038674][ T3863] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.095365][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.102762][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.484861][ T5940] syz.0.8 uses obsolete (PF_INET,SOCK_PACKET)
[   67.636001][ T5948] warning: `syz.1.15' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   67.802141][ T5853] Bluetooth: hci1: command tx timeout
[   67.880781][ T5853] Bluetooth: hci0: command tx timeout
[   67.952166][ T5853] Bluetooth: hci2: command tx timeout
[   68.432416][ T5972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'.
[   68.435944][ T5972] netlink: 4 bytes leftover after parsing attributes in process `syz.1.27'.
[   68.438984][ T5972] netlink: 'syz.1.27': attribute type 7 has an invalid length.
[   68.873845][ T5998] Bluetooth: MGMT ver 1.23
[   69.279660][ T6016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.49'.
[   69.296034][ T6017] netlink: 'syz.2.48': attribute type 1 has an invalid length.
[   69.299273][ T6017] netlink: 224 bytes leftover after parsing attributes in process `syz.2.48'.
[   69.516248][ T6027] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.54'.
[   69.604470][ T6034] netlink: 'syz.1.57': attribute type 142 has an invalid length.
[   69.646181][ T6039] openvswitch: netlink: Multiple metadata blocks provided
[   69.872370][ T5853] Bluetooth: hci1: command tx timeout
[   69.950942][ T5853] Bluetooth: hci0: command tx timeout
[   70.031221][ T5853] Bluetooth: hci2: command tx timeout
[   70.037237][ T6062] tipc: Started in network mode
[   70.039464][ T6062] tipc: Node identity ff020000000000000000000000000001, cluster identity 4711
[   70.060229][ T6062] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   70.077923][ T6062] netlink: 32 bytes leftover after parsing attributes in process `syz.1.64'.
[   70.245092][ T6076] netlink: 176 bytes leftover after parsing attributes in process `syz.2.72'.
[   70.251787][ T6072] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.365734][ T6072] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.395199][ T6082] netlink: 68 bytes leftover after parsing attributes in process `syz.1.70'.
[   70.487506][ T6072] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.546245][ T6072] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   70.633790][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   70.644939][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   70.668390][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   70.700995][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.083980][ T6109] netlink: 'syz.1.84': attribute type 1 has an invalid length.
[   71.087127][ T6109] netlink: 144 bytes leftover after parsing attributes in process `syz.1.84'.
[   71.136105][ T6111] netlink: 'syz.1.85': attribute type 1 has an invalid length.
[   71.216028][ T6115] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   71.398293][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.400849][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.410000][   T95] IPVS: starting estimator thread 0...
[   71.420046][ T6120] ieee802154 phy0 wpan0: encryption failed: -22
[   71.498346][ T5900] IPVS: starting estimator thread 0...
[   71.510791][ T6123] IPVS: using max 54 ests per chain, 129600 per kthread
[   71.590682][ T6127] IPVS: using max 37 ests per chain, 88800 per kthread
[   71.715056][ T6137] sctp: [Deprecated]: syz.2.96 (pid 6137) Use of int in maxseg socket option.
[   71.715056][ T6137] Use struct sctp_assoc_value instead
[   71.828717][   T13] IPVS: stop unused estimator thread 0...
[   71.907668][ T6144] netlink: 'syz.2.99': attribute type 1 has an invalid length.
[   71.939887][ T6144] 8021q: adding VLAN 0 to HW filter on device bond1
[   71.952341][ T5853] Bluetooth: hci1: command tx timeout
[   72.032480][ T5853] Bluetooth: hci0: command tx timeout
[   72.046522][ T6144] bond1: (slave veth3): Enslaving as an active interface with a down link
[   72.064367][ T6150] gretap1: entered promiscuous mode
[   72.084632][ T6150] bond1: (slave gretap1): making interface the new active one
[   72.111342][ T5853] Bluetooth: hci2: command tx timeout
[   72.125851][ T6150] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   72.158364][ T6144] macvlan2: entered promiscuous mode
[   72.162966][ T6144] macvlan2: entered allmulticast mode
[   72.166088][ T6144] bond1: entered promiscuous mode
[   72.168983][ T6144] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   72.171585][ T6157] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   72.173249][ T6144] bond1: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[   72.183588][ T6144] bond1: left promiscuous mode
[   72.233844][ T6162] tc_dump_action: action bad kind
[   72.305321][ T6150] syz.2.99 (6150) used greatest stack depth: 19928 bytes left
[   72.654438][ T6187] __nla_validate_parse: 1 callbacks suppressed
[   72.654451][ T6187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.119'.
[   73.453479][ T6210] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.457041][ T6210] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.893598][ T6210] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.907724][ T6210] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.187657][ T5876] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.193714][ T5876] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.197172][ T5876] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.203776][ T5876] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   74.222174][ T6210] syz.0.129 (6210) used greatest stack depth: 19864 bytes left
[   74.708441][ T6253] wg1: entered promiscuous mode
[   74.722664][ T6253] wg1: entered allmulticast mode
[   74.843847][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.0.147'.
[   76.057715][ T6329] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   77.165166][ T6360] netlink: 52 bytes leftover after parsing attributes in process `syz.0.187'.
[   77.267372][ T6371] netlink: 'syz.0.194': attribute type 2 has an invalid length.
[   77.269959][ T6371] netlink: 'syz.0.194': attribute type 8 has an invalid length.
[   77.281422][ T6371] netlink: 132 bytes leftover after parsing attributes in process `syz.0.194'.
[   77.375665][ T6376] netlink: 24 bytes leftover after parsing attributes in process `syz.0.196'.
[   77.421415][ T6380] bond0: option fail_over_mac: unable to set because the bond device has slaves
[   78.336568][ T6418] lo speed is unknown, defaulting to 1000
[   78.339155][ T6418] lo speed is unknown, defaulting to 1000
[   78.348279][ T6418] lo speed is unknown, defaulting to 1000
[   78.357223][ T6418] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   78.369736][ T6418] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   78.427964][ T6418] lo speed is unknown, defaulting to 1000
[   78.434709][ T6418] lo speed is unknown, defaulting to 1000
[   78.438564][ T6418] lo speed is unknown, defaulting to 1000
[   78.490419][ T6418] Driver unsupported XDP return value 0 on prog  (id 29) dev N/A, expect packet loss!
[   78.986536][ T6440] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   79.181266][ T6452] netlink: 'syz.0.230': attribute type 5 has an invalid length.
[   79.227538][ T6456] netlink: 8 bytes leftover after parsing attributes in process `syz.1.231'.
[   79.261940][ T6456] netlink: 8 bytes leftover after parsing attributes in process `syz.1.231'.
[   79.346640][ T6464] netlink: 'syz.0.236': attribute type 2 has an invalid length.
[   79.349133][ T6464] netlink: 24 bytes leftover after parsing attributes in process `syz.0.236'.
[   79.476013][ T6466] netlink: 'syz.0.237': attribute type 1 has an invalid length.
[   80.059927][ T6498] Zero length message leads to an empty skb
[   80.124207][ T6498] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.207004][ T6498] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.292495][ T6498] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.370516][ T6498] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.481933][ T6509] netlink: 20 bytes leftover after parsing attributes in process `syz.0.257'.
[   80.572611][ T5876] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.580788][ T5876] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.604839][ T5876] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.607978][ T5876] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.808804][ T6525] netlink: 'syz.2.265': attribute type 1 has an invalid length.
[   80.883534][ T6533] erspan1: entered promiscuous mode
[   80.897034][ T6535] netlink: 4 bytes leftover after parsing attributes in process `syz.1.260'.
[   81.031542][ T6545] netlink: 4 bytes leftover after parsing attributes in process `syz.0.273'.
[   81.098766][ T6550] netlink: 260 bytes leftover after parsing attributes in process `syz.0.276'.
[   81.104010][ T6550] netlink: 260 bytes leftover after parsing attributes in process `syz.0.276'.
[   81.595545][ T6582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.288'.
[   81.662412][ T6584] netlink: 'syz.1.289': attribute type 101 has an invalid length.
[   81.671945][ T6584] netlink: 'syz.1.289': attribute type 7 has an invalid length.
[   82.245997][ T6644] ieee802154 phy0 wpan0: encryption failed: -22
[   82.248136][ T6644] ieee802154 phy0 wpan0: encryption failed: -22
[   82.541229][ T6666] lo speed is unknown, defaulting to 1000
[   82.873917][   T95] IPVS: starting estimator thread 0...
[   82.980765][ T6676] IPVS: using max 64 ests per chain, 153600 per kthread
[   83.464429][ T6702] netlink: 788 bytes leftover after parsing attributes in process `syz.2.341'.
[   83.974219][ T6718] lo speed is unknown, defaulting to 1000
[   84.510485][ T6733] __nla_validate_parse: 1 callbacks suppressed
[   84.510504][ T6733] netlink: 76 bytes leftover after parsing attributes in process `syz.0.354'.
[   84.811129][ T6750] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_bond, syncid = 0, id = 0
[   84.976320][ T6758] syzkaller1: entered promiscuous mode
[   84.978808][ T6758] syzkaller1: entered allmulticast mode
[   85.040142][ T6759] netlink: 'syz.0.366': attribute type 10 has an invalid length.
[   85.050964][ T6759] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   85.055515][ T6763] netlink: 16 bytes leftover after parsing attributes in process `syz.2.368'.
[   85.171691][ T6769] netlink: 'syz.2.371': attribute type 2 has an invalid length.
[   85.254115][ T6777] tipc: Started in network mode
[   85.256039][ T6777] tipc: Node identity 92881a6bcef5, cluster identity 4711
[   85.258906][ T6777] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   85.263127][ T6777] syzkaller0: entered promiscuous mode
[   85.265278][ T6777] syzkaller0: entered allmulticast mode
[   85.282684][ T6777] tipc: Resetting bearer <eth:syzkaller0>
[   85.285711][ T6781] netlink: 28 bytes leftover after parsing attributes in process `syz.2.376'.
[   85.302863][ T6776] tipc: Resetting bearer <eth:syzkaller0>
[   85.312180][ T6776] tipc: Disabling bearer <eth:syzkaller0>
[   85.817912][ T6808] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   85.831308][ T6810] netlink: 8 bytes leftover after parsing attributes in process `syz.1.390'.
[   85.953613][   T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   85.967789][   T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   85.983960][ T5315] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   86.320926][ T5885] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   86.413823][ T6845] netem: incorrect ge model size
[   86.416324][ T6845] netem: change failed
[   86.755211][   T10] cfg80211: failed to load regulatory.db
[   86.830818][ T5885] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   86.937887][ T6878] lo speed is unknown, defaulting to 1000
[   86.980130][ T6884] veth1_macvtap: left promiscuous mode
[   86.982586][ T6884] macsec0: entered promiscuous mode
[   86.984389][ T6884] macsec0: entered allmulticast mode
[   86.995239][ T6884] veth1_macvtap: entered promiscuous mode
[   86.997555][ T6884] veth1_macvtap: entered allmulticast mode
[   87.006199][ T6884] macsec0: left promiscuous mode
[   87.009158][ T6884] macsec0: left allmulticast mode
[   87.018006][ T6884] veth1_macvtap: left allmulticast mode
[   87.081432][ T6878] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   87.090336][ T6878] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   87.470819][ T5853] Bluetooth: hci2: command tx timeout
[   87.615513][ T6916] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   87.623908][ T6916] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   87.628850][ T6916] bond0 (unregistering): Released all slaves
[   87.682770][ T6878] syz.1.417 (6878) used greatest stack depth: 19128 bytes left
[   87.809581][ T6928] netlink: 256 bytes leftover after parsing attributes in process `syz.2.436'.
[   87.819041][ T6928] unsupported nlmsg_type 40
[   88.023838][ T6943] netlink: 12 bytes leftover after parsing attributes in process `syz.0.444'.
[   88.067327][ T6943] netlink: 4 bytes leftover after parsing attributes in process `syz.0.444'.
[   88.113759][ T6947] 8021q: VLANs not supported on lo
[   88.267333][ T6959] netlink: 24 bytes leftover after parsing attributes in process `syz.2.453'.
[   88.398651][ T6973] netlink: 28 bytes leftover after parsing attributes in process `syz.1.458'.
[   88.556484][ T6985] netlink: 20 bytes leftover after parsing attributes in process `syz.1.464'.
[   88.739017][ T7005] netlink: 'syz.1.475': attribute type 18 has an invalid length.
[   88.783457][ T7010] openvswitch: netlink: nsh attr 0 has unexpected len 33788 expected 0
[   88.786067][ T7010] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   89.209088][ T7049] bridge_slave_1: left allmulticast mode
[   89.219287][ T7049] bridge_slave_1: left promiscuous mode
[   89.219881][ T7039] raw_sendmsg: syz.1.491 forgot to set AF_INET. Fix it!
[   89.229926][ T7049] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.353003][ T7049] bridge_slave_0: left allmulticast mode
[   89.355274][ T7049] bridge_slave_0: left promiscuous mode
[   89.357683][ T7049] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.553618][ T7076] netlink: 'syz.2.504': attribute type 4 has an invalid length.
[   89.564829][ T7074] netlink: 'syz.1.503': attribute type 9 has an invalid length.
[   89.572955][ T7074] __nla_validate_parse: 6 callbacks suppressed
[   89.572972][ T7074] netlink: 147436 bytes leftover after parsing attributes in process `syz.1.503'.
[   89.649529][ T7080] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma?
[   89.653929][ T7080] netlink: 14 bytes leftover after parsing attributes in process `syz.2.505'.
[   89.790754][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   90.189190][ T7119] IPVS: set_ctl: invalid protocol: 137 172.20.20.187:20004
[   90.251009][ T7119] nbd0: detected capacity change from 0 to 127
[   90.254745][   T55] block nbd0: Receive control failed (result -32)
[   90.299375][ T7123] lo speed is unknown, defaulting to 1000
[   90.508128][ T7136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.527'.
[   90.513594][ T7136] netlink: 'syz.0.527': attribute type 2 has an invalid length.
[   90.885312][ T7159] bridge_slave_0: left allmulticast mode
[   90.887823][ T7159] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.896873][ T7159] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   91.677258][ T7204] netlink: 20 bytes leftover after parsing attributes in process `syz.0.558'.
[   91.907771][ T7224] netlink: 'syz.0.568': attribute type 1 has an invalid length.
[   92.046722][ T7239] netlink: 165 bytes leftover after parsing attributes in process `syz.1.576'.
[   92.194065][ T7254] openvswitch: netlink: Key type 29 is not supported
[   92.444371][ T7277] netlink: 4 bytes leftover after parsing attributes in process `syz.0.591'.
[   92.578839][ T7287] netlink: 4 bytes leftover after parsing attributes in process `syz.1.597'.
[   92.639088][ T7289] syzkaller1: entered promiscuous mode
[   92.643567][ T7289] syzkaller1: entered allmulticast mode
[   94.382229][ T7350] netlink: 'syz.2.625': attribute type 1 has an invalid length.
[   94.398534][ T7351] tun0: tun_chr_ioctl cmd 1074812118
[   94.560186][ T7362] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   94.573224][ T7362] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   94.703817][ T7369] netlink: 'syz.0.633': attribute type 1 has an invalid length.
[   94.707219][ T7369] netlink: 224 bytes leftover after parsing attributes in process `syz.0.633'.
[   94.903179][ T7377] team0: entered promiscuous mode
[   94.905506][ T7377] team_slave_0: entered promiscuous mode
[   94.908384][ T7377] team_slave_1: entered promiscuous mode
[   94.913318][ T7377] netlink: 4 bytes leftover after parsing attributes in process `syz.0.637'.
[   95.021073][ T7377] team0 (unregistering): left promiscuous mode
[   95.024122][ T7377] team_slave_0: left promiscuous mode
[   95.026663][ T7377] team_slave_1: left promiscuous mode
[   95.033435][ T7377] team0 (unregistering): Port device team_slave_0 removed
[   95.039899][ T7377] team0 (unregistering): Port device team_slave_1 removed
[   95.196660][ T7390] netlink: 12 bytes leftover after parsing attributes in process `syz.1.643'.
[   95.592750][ T7424] netlink: 12 bytes leftover after parsing attributes in process `syz.1.659'.
[   95.667355][ T7429] syzkaller1: entered promiscuous mode
[   95.669075][ T7429] syzkaller1: entered allmulticast mode
[   95.836906][ T7441] netlink: 36 bytes leftover after parsing attributes in process `syz.2.667'.
[   95.865664][ T7444] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   95.893647][ T7447] block nbd2: not configured, cannot reconfigure
[   95.949806][ T7452] netlink: 8 bytes leftover after parsing attributes in process `syz.2.672'.
[   95.955918][ T7452] netlink: 8 bytes leftover after parsing attributes in process `syz.2.672'.
[   96.431764][ T7480] bridge0: entered promiscuous mode
[   96.505965][ T7491] syzkaller0: refused to change device tx_queue_len
[   96.544869][ T7493] netlink: 'syz.1.692': attribute type 8 has an invalid length.
[   96.855372][ T7514] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (6)
[   96.917772][ T7519] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   97.175286][ T7528] netlink: 24 bytes leftover after parsing attributes in process `syz.1.708'.
[   97.293015][ T5878] nci: nci_rsp_packet: unsupported rsp opcode 0xf02
[   97.630994][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[   98.191462][ T7557] netlink: 276 bytes leftover after parsing attributes in process `syz.1.718'.
[   98.270507][ T7563] netlink: 8 bytes leftover after parsing attributes in process `syz.1.721'.
[   98.370420][ T7571] netlink: 'syz.1.726': attribute type 22 has an invalid length.
[   99.719748][ T7604] __nla_validate_parse: 4 callbacks suppressed
[   99.719768][ T7604] netlink: 277 bytes leftover after parsing attributes in process `syz.1.742'.
[   99.772084][ T7602] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[   99.944235][ T7621] sctp: [Deprecated]: syz.2.749 (pid 7621) Use of int in maxseg socket option.
[   99.944235][ T7621] Use struct sctp_assoc_value instead
[  100.017378][ T7627] batadv_slave_1: entered promiscuous mode
[  100.106333][ T7634] netlink: 72 bytes leftover after parsing attributes in process `syz.2.753'.
[  100.112490][ T7634] netlink: 4 bytes leftover after parsing attributes in process `syz.2.753'.
[  100.162783][ T7626] batadv_slave_1: left promiscuous mode
[  100.215128][ T7636] netlink: 152 bytes leftover after parsing attributes in process `syz.0.754'.
[  100.218617][ T7636] netlink: 16 bytes leftover after parsing attributes in process `syz.0.754'.
[  100.312861][ T5885] lo speed is unknown, defaulting to 1000
[  100.315583][ T5885] syz1: Port: 1 Link DOWN
[  100.556443][ T7658] netlink: 'syz.1.765': attribute type 1 has an invalid length.
[  100.559486][ T7658] netlink: 224 bytes leftover after parsing attributes in process `syz.1.765'.
[  100.615317][ T7656] netlink: 44 bytes leftover after parsing attributes in process `syz.2.762'.
[  100.694143][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.762'.
[  100.772872][ T7666] lo speed is unknown, defaulting to 1000
[  100.794357][ T7673] netlink: 16 bytes leftover after parsing attributes in process `syz.0.768'.
[  100.861038][ T7678] netlink: 16 bytes leftover after parsing attributes in process `syz.2.771'.
[  100.864395][ T7678] tipc: Invalid UDP bearer configuration
[  100.864424][ T7678] tipc: Enabling of bearer <udp:sy{> rejected, failed to enable media
[  101.068773][ T7691] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  101.079701][ T7691] syzkaller0: entered promiscuous mode
[  101.084728][ T7691] syzkaller0: entered allmulticast mode
[  101.128486][ T7691] tipc: Resetting bearer <eth:syzkaller0>
[  101.133528][ T7690] tipc: Resetting bearer <eth:syzkaller0>
[  101.153162][ T7690] tipc: Disabling bearer <eth:syzkaller0>
[  101.169133][ T7693] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  101.416812][ T5885] IPVS: starting estimator thread 0...
[  101.510989][ T7716] IPVS: using max 62 ests per chain, 148800 per kthread
[  101.615788][ T7734] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4300
[  101.668062][ T7736] delete_channel: no stack
[  101.865828][ T7748] 8021q: adding VLAN 0 to HW filter on device bond1
[  101.904700][ T7751] ipvlan2: entered promiscuous mode
[  101.908386][ T7751] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  102.379591][ T7771] netlink: 'syz.0.811': attribute type 39 has an invalid length.
[  102.706735][ T7793] ieee802154 phy1 wpan1: encryption failed: -22
[  102.742092][ T7794] lo speed is unknown, defaulting to 1000
[  103.200452][ T7817] netlink: 'syz.0.831': attribute type 1 has an invalid length.
[  103.686446][ T7828] pimreg: entered allmulticast mode
[  103.808803][ T7836] tipc: Started in network mode
[  103.816321][ T7836] tipc: Node identity 8a667e62f921, cluster identity 4711
[  103.820776][ T7836] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  103.828431][ T7836] syzkaller0: entered promiscuous mode
[  103.835617][ T7836] syzkaller0: entered allmulticast mode
[  103.866123][ T7836] tipc: Resetting bearer <eth:syzkaller0>
[  103.879825][ T7835] tipc: Resetting bearer <eth:syzkaller0>
[  103.898554][ T7835] tipc: Disabling bearer <eth:syzkaller0>
[  104.915652][ T7889] __nla_validate_parse: 12 callbacks suppressed
[  104.915681][ T7889] netlink: 16 bytes leftover after parsing attributes in process `syz.2.866'.
[  105.008522][ T7887] lo speed is unknown, defaulting to 1000
[  105.247548][ T7895] openvswitch: netlink: IP tunnel TTL not specified.
[  105.808812][ T7920] netlink: 'syz.0.879': attribute type 1 has an invalid length.
[  105.814925][ T7920] netlink: 224 bytes leftover after parsing attributes in process `syz.0.879'.
[  106.410932][ T7812] Set syz1 is full, maxelem 65536 reached
[  106.524458][ T7942] netlink: 'syz.2.890': attribute type 5 has an invalid length.
[  106.607332][ T7950] bond0: option xmit_hash_policy: invalid value (8)
[  106.975087][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.903'.
[  107.187042][ T7972] netlink: 'syz.1.904': attribute type 15 has an invalid length.
[  107.190299][ T7972] netlink: 24 bytes leftover after parsing attributes in process `syz.1.904'.
[  107.353797][ T7980] netlink: 20 bytes leftover after parsing attributes in process `syz.1.908'.
[  107.495497][ T7986] can: request_module (can-proto-0) failed.
[  107.557285][ T7991] netlink: 'syz.2.914': attribute type 1 has an invalid length.
[  107.563840][ T7993] netlink: 88 bytes leftover after parsing attributes in process `syz.0.912'.
[  107.582060][ T7991] bond0: entered promiscuous mode
[  107.584765][ T7991] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.588780][ T7992] netlink: 24 bytes leftover after parsing attributes in process `syz.1.913'.
[  107.605219][ T7991] bond0: (slave bridge0): making interface the new active one
[  107.607741][ T7991] bridge0: entered promiscuous mode
[  107.610432][ T7991] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  107.703680][ T7998] pim6reg1: entered promiscuous mode
[  107.706155][ T7998] pim6reg1: entered allmulticast mode
[  107.841245][ T8009] delete_channel: no stack
[  108.201085][ T8029] netlink: 24 bytes leftover after parsing attributes in process `syz.1.930'.
[  108.274784][ T8042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.937'.
[  108.393695][ T8050] netlink: 9 bytes leftover after parsing attributes in process `syz.1.943'.
[  108.397776][ T8050] gretap0: entered promiscuous mode
[  108.591160][ T5854] Bluetooth: hci2: command 0x0405 tx timeout
[  108.613026][ T8074] delete_channel: no stack
[  108.894379][ T8090] netlink: zone id is out of range
[  108.897416][ T8090] netlink: zone id is out of range
[  108.904390][ T8090] netlink: zone id is out of range
[  108.907535][ T8090] netlink: get zone limit has 8 unknown bytes
[  109.365387][ T8112] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  109.369359][ T8112] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  109.637065][ T8136] netlink: 'syz.2.978': attribute type 1 has an invalid length.
[  109.640261][ T8136] netlink: 'syz.2.978': attribute type 1 has an invalid length.
[  109.648106][ T8136] netlink: 'syz.2.978': attribute type 2 has an invalid length.
[  110.349662][ T8166] netlink: 'syz.1.992': attribute type 1 has an invalid length.
[  110.390956][ T8166] bond1: entered promiscuous mode
[  110.394479][ T8166] 8021q: adding VLAN 0 to HW filter on device bond1
[  110.407346][ T8169] batadv_slave_1: entered promiscuous mode
[  110.432111][ T8166] 8021q: adding VLAN 0 to HW filter on device bond1
[  110.435249][ T8166] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address
[  110.438826][ T8166] bond1: (slave vxcan1): Setting fail_over_mac to active for active-backup mode
[  110.448418][ T8166] bond1: (slave vxcan1): making interface the new active one
[  110.450975][ T8166] vxcan1: entered promiscuous mode
[  110.454836][ T8166] bond1: (slave vxcan1): Enslaving as an active interface with an up link
[  110.460232][ T8168] batadv_slave_1: left promiscuous mode
[  110.535037][ T8173] __nla_validate_parse: 5 callbacks suppressed
[  110.535051][ T8173] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.996'.
[  110.545895][ T8175] netlink: 8 bytes leftover after parsing attributes in process `syz.2.995'.
[  110.890189][ T8201] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1008'.
[  110.895776][ T8201] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1008'.
[  110.899371][ T8201] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1008'.
[  111.062685][ T8218] netlink: 'syz.2.1015': attribute type 1 has an invalid length.
[  111.110498][ T8218] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  111.116387][ T8218] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  111.132672][ T8218] bond2: (slave vcan1): making interface the new active one
[  111.136249][ T8218] bond2: (slave vcan1): Enslaving as an active interface with an up link
[  111.149564][ T8218] bond2: (slave vcan2): The slave device specified does not support setting the MAC address
[  111.157783][ T8218] bond2: (slave vcan2): Enslaving as a backup interface with an up link
[  111.167398][ T8218] 8021q: adding VLAN 0 to HW filter on device bond2
[  111.296182][ T8231] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1021'.
[  111.573206][ T8243] lo speed is unknown, defaulting to 1000
[  111.772564][ T8251] netlink: 'syz.1.1029': attribute type 21 has an invalid length.
[  111.779286][ T8251] netlink: 'syz.1.1029': attribute type 22 has an invalid length.
[  111.790196][ T8251] netlink: 'syz.1.1029': attribute type 23 has an invalid length.
[  111.799204][ T8251] netlink: 136 bytes leftover after parsing attributes in process `syz.1.1029'.
[  111.824358][ T8253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1031'.
[  111.828526][ T8253] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1031'.
[  111.840495][ T8253] netlink: 'syz.0.1031': attribute type 5 has an invalid length.
[  112.469039][ T8291] netlink: 212160 bytes leftover after parsing attributes in process `syz.0.1046'.
[  112.586542][ T8300] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  112.591489][ T8300] syzkaller0: entered promiscuous mode
[  112.593720][ T8300] syzkaller0: entered allmulticast mode
[  112.612884][ T8300] tipc: Resetting bearer <eth:syzkaller0>
[  112.616584][ T8298] tipc: Resetting bearer <eth:syzkaller0>
[  112.623104][ T8301] validate_nla: 4 callbacks suppressed
[  112.623139][ T8301] netlink: 'syz.0.1050': attribute type 12 has an invalid length.
[  112.634927][ T8298] tipc: Disabling bearer <eth:syzkaller0>
[  113.630840][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  113.705814][ T8370] netlink: 'syz.1.1083': attribute type 3 has an invalid length.
[  113.715741][ T8372] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present
[  113.718743][ T8372] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9)
[  114.531787][ T8417] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  114.535190][ T8417] syzkaller0: entered promiscuous mode
[  114.537473][ T8417] syzkaller0: entered allmulticast mode
[  114.549403][ T8417] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  114.564875][ T8417] tipc: Resetting bearer <eth:syzkaller0>
[  114.568157][ T8415] tipc: Resetting bearer <eth:syzkaller0>
[  114.580761][ T8415] tipc: Disabling bearer <eth:syzkaller0>
[  115.135435][ T8465] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  115.225229][ T8473] netlink: 'syz.2.1130': attribute type 1 has an invalid length.
[  115.228543][ T8473] netlink: 'syz.2.1130': attribute type 1 has an invalid length.
[  115.361221][ T8480] syzkaller0: entered promiscuous mode
[  115.363679][ T8480] syzkaller0: entered allmulticast mode
[  117.695911][ T8538] __nla_validate_parse: 12 callbacks suppressed
[  117.695929][ T8538] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1159'.
[  117.977112][ T8559] team0: Device gtp0 is of different type
[  118.080452][ T8566] gretap1: entered promiscuous mode
[  118.147759][ T5854] Bluetooth: hci2: link tx timeout
[  118.152712][ T5854] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  118.201926][ T8580] xt_socket: unknown flags 0xfc
[  118.343082][ T8593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1186'.
[  118.465730][ T8604] team_slave_0: entered promiscuous mode
[  118.468383][ T8604] team_slave_1: entered promiscuous mode
[  118.472347][ T8604] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  118.475329][ T8604] team0: Device macvtap1 is already an upper device of the team interface
[  118.485250][ T8604] team_slave_0: left promiscuous mode
[  118.487238][ T8604] team_slave_1: left promiscuous mode
[  119.025610][ T8625] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1201'.
[  119.138365][ T8636] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1205'.
[  119.270278][ T8646] netlink: 'syz.2.1210': attribute type 29 has an invalid length.
[  119.275738][ T8646] netlink: 'syz.2.1210': attribute type 29 has an invalid length.
[  119.282812][ T8646] netlink: 500 bytes leftover after parsing attributes in process `syz.2.1210'.
[  119.362877][ T8650] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1212'.
[  119.365807][ T8650] netlink: 'syz.2.1212': attribute type 5 has an invalid length.
[  119.368321][ T8650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1212'.
[  119.652579][ T8682] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1226'.
[  119.736354][ T8686] lo speed is unknown, defaulting to 1000
[  120.097321][   T33] audit: type=1800 audit(1757211761.196:2): pid=8695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1231" name="cgroup.controllers" dev="tmpfs" ino=2270 res=0 errno=0
[  120.177510][ T8709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1237'.
[  120.193339][ T5854] Bluetooth: hci2: command 0x0405 tx timeout
[  120.423964][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1245'.
[  120.496013][ T8726] syzkaller0: entered promiscuous mode
[  120.498295][ T8726] syzkaller0: entered allmulticast mode
[  121.872544][ T8780] netlink: 'syz.1.1266': attribute type 14 has an invalid length.
[  121.907229][ T8782] team_slave_0: entered promiscuous mode
[  121.909594][ T8782] team_slave_1: entered promiscuous mode
[  121.919591][ T8782] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  121.928913][ T8782] team0: Device macvtap1 is already an upper device of the team interface
[  121.947746][ T8782] team_slave_0: left promiscuous mode
[  121.949982][ T8782] team_slave_1: left promiscuous mode
[  122.134497][ T8805] 8021q: adding VLAN 0 to HW filter on device bond2
[  122.148265][ T8805] bridge_slave_1: left allmulticast mode
[  122.156019][ T8805] bridge_slave_1: left promiscuous mode
[  122.157981][ T8805] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.165378][ T8805] bond0: (slave bond_slave_0): Releasing backup interface
[  122.175642][ T8805] bond0: (slave bond_slave_1): Releasing backup interface
[  122.188574][ T8805] team0: Port device team_slave_0 removed
[  122.196811][ T8805] team0: Port device team_slave_1 removed
[  122.199278][ T8805] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.202841][ T8805] batman_adv: batadv0: Removing interface: batadv_slave_0
[  122.208235][ T8805] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.212289][ T8805] batman_adv: batadv0: Removing interface: batadv_slave_1
[  122.226292][ T8805] bond1: (slave vxcan1): Releasing backup interface
[  122.229347][ T8805] vxcan1: left promiscuous mode
[  122.238803][ T8812] lo speed is unknown, defaulting to 1000
[  123.011891][ T8853] lo speed is unknown, defaulting to 1000
[  123.718929][ T8894] __nla_validate_parse: 7 callbacks suppressed
[  123.718977][ T8894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1312'.
[  123.763204][ T8892] netlink: 'syz.2.1308': attribute type 1 has an invalid length.
[  123.766310][ T8892] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1308'.
[  123.769878][ T8892] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1308'.
[  123.996847][ T8906] gretap0: left promiscuous mode
[  124.151073][ T8906] wg1: left promiscuous mode
[  124.153470][ T8906] wg1: left allmulticast mode
[  124.176323][ T8906] bridge_slave_0: left promiscuous mode
[  124.456482][ T8906] ipvlan2: left promiscuous mode
[  124.463232][ T8906] bond1: left promiscuous mode
[  124.473839][ T8906] gretap1: left promiscuous mode
[  124.482810][   T13] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  124.491493][   T13] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  124.495480][   T13] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  124.498787][   T13] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  124.647922][ T8924] netlink: 'syz.2.1325': attribute type 4 has an invalid length.
[  124.728399][ T8930] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1328'.
[  124.839908][ T8934] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  124.849369][ T5892] lo speed is unknown, defaulting to 1000
[  124.856199][ T5892] syz1: Port: 1 Link ACTIVE
[  125.043461][ T8953] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  125.046907][ T8953] syzkaller0: entered promiscuous mode
[  125.049167][ T8953] syzkaller0: entered allmulticast mode
[  125.064770][ T8953] tipc: Resetting bearer <eth:syzkaller0>
[  125.074745][ T8953] tipc: Resetting bearer <eth:syzkaller0>
[  125.084043][ T8953] tipc: Disabling bearer <eth:syzkaller0>
[  125.179014][ T8957] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1341'.
[  125.224777][ T8957] team0: Port device team_slave_0 removed
[  125.250374][ T8958] _Z`Ԁ@: entered promiscuous mode
[  125.396432][ T8964] netlink: 'syz.2.1344': attribute type 1 has an invalid length.
[  125.401490][ T8964] netlink: 6 bytes leftover after parsing attributes in process `syz.2.1344'.
[  125.449729][ T8966] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1345'.
[  125.553852][ T8970] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1347'.
[  125.557562][ T8970] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1347'.
[  125.575898][ T8970] lo speed is unknown, defaulting to 1000
[  125.580515][ T8970] lo speed is unknown, defaulting to 1000
[  125.584447][ T8970] lo speed is unknown, defaulting to 1000
[  125.634691][ T8971] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  125.775316][ T8970] infiniband syz0: set active
[  125.778919][ T5892] lo speed is unknown, defaulting to 1000
[  125.782033][ T8970] infiniband syz0: added lo
[  125.816543][ T8970] RDS/IB: syz0: added
[  125.818929][ T8970] smc: adding ib device syz0 with port count 1
[  125.823716][ T8970] smc:    ib device syz0 port 1 has no pnetid
[  125.827960][ T5892] lo speed is unknown, defaulting to 1000
[  125.832984][ T8970] lo speed is unknown, defaulting to 1000
[  125.848174][ T8974] netlink: 'syz.0.1348': attribute type 13 has an invalid length.
[  126.039060][ T8970] lo speed is unknown, defaulting to 1000
[  126.164500][ T8981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1351'.
[  126.165453][ T8970] lo speed is unknown, defaulting to 1000
[  126.650047][ T9003] tc_dump_action: action bad kind
[  126.796985][ T9009] sctp: [Deprecated]: syz.2.1364 (pid 9009) Use of struct sctp_assoc_value in delayed_ack socket option.
[  126.796985][ T9009] Use struct sctp_sack_info instead
[  127.312693][ T9061] netlink: 'syz.2.1387': attribute type 1 has an invalid length.
[  127.375894][ T9067] IPVS: Unknown mcast interface: vcan0
[  127.411811][ T9069] gretap0: entered promiscuous mode
[  127.414474][ T9069] gretap0: left promiscuous mode
[  127.424766][ T9071] pim6reg1: entered promiscuous mode
[  127.426816][ T9071] pim6reg1: entered allmulticast mode
[  127.590824][ T9075] nbd1: detected capacity change from 0 to 127
[  127.595616][   T55] block nbd1: Receive control failed (result -32)
[  128.417057][ T9110] veth2: entered allmulticast mode
[  129.531078][ T9130] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  129.536013][ T9130] syzkaller0: entered promiscuous mode
[  129.538359][ T9130] syzkaller0: entered allmulticast mode
[  129.564410][ T9130] tipc: Resetting bearer <eth:syzkaller0>
[  129.568991][ T9129] tipc: Resetting bearer <eth:syzkaller0>
[  129.580266][ T9129] tipc: Disabling bearer <eth:syzkaller0>
[  129.625933][ T9134] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  129.969231][ T9140] pimreg: left allmulticast mode
[  130.509628][ T9211] IPVS: length: 24 != 55320
[  130.876905][ T9238] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  131.022671][ T9250] __nla_validate_parse: 7 callbacks suppressed
[  131.022688][ T9250] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1475'.
[  131.654674][ T9295] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1491'.
[  131.989699][ T9313] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  132.086141][ T9319] bridge0: entered allmulticast mode
[  132.089518][ T9319] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1503'.
[  132.095169][ T9319] bridge_slave_1: left allmulticast mode
[  132.107805][ T9319] bridge_slave_1: left promiscuous mode
[  132.110293][ T9319] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.116748][ T9319] bridge_slave_0: left allmulticast mode
[  132.119225][ T9319] bridge_slave_0: left promiscuous mode
[  132.122400][ T9319] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.143055][ T9319] bridge0 (unregistering): left allmulticast mode
[  132.518842][ T9348] syz_tun: entered promiscuous mode
[  132.529654][ T9348] syz_tun: left promiscuous mode
[  132.586529][ T9350] lo speed is unknown, defaulting to 1000
[  132.592179][ T9350] lo speed is unknown, defaulting to 1000
[  132.836703][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  133.327475][ T9411] syzkaller1: entered promiscuous mode
[  133.329367][ T9411] syzkaller1: entered allmulticast mode
[  133.509217][ T9426] lo speed is unknown, defaulting to 1000
[  133.537616][ T9426] lo speed is unknown, defaulting to 1000
[  135.617328][ T9482] netlink: 'syz.2.1575': attribute type 1 has an invalid length.
[  135.810549][ T9499] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1582'.
[  135.993203][ T9515] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1589'.
[  136.018635][ T9517] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1590'.
[  136.125503][ T9523] netlink: 'syz.2.1589': attribute type 10 has an invalid length.
[  136.971898][   T55] block nbd2: Receive control failed (result -32)
[  137.089131][ T9547] lo speed is unknown, defaulting to 1000
[  137.093432][ T9547] lo speed is unknown, defaulting to 1000
[  137.207821][ T9561] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  137.212023][ T9561] syzkaller0: entered promiscuous mode
[  137.214270][ T9561] syzkaller0: entered allmulticast mode
[  137.258359][ T9561] tipc: Resetting bearer <eth:syzkaller0>
[  137.268452][ T9560] tipc: Resetting bearer <eth:syzkaller0>
[  137.295409][ T9560] tipc: Disabling bearer <eth:syzkaller0>
[  137.483491][ T9581] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1615'.
[  137.629245][ T9593] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1621'.
[  137.701438][ T9598] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  137.889738][ T9611] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1630'.
[  137.893631][ T9611] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1630'.
[  138.003407][ T9621] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.006018][ T9621] syzkaller0: entered promiscuous mode
[  138.007811][ T9621] syzkaller0: entered allmulticast mode
[  138.035125][ T9621] sch_fq: defrate 257 ignored.
[  138.045567][ T9621] tipc: Resetting bearer <eth:syzkaller0>
[  138.060167][ T9620] tipc: Resetting bearer <eth:syzkaller0>
[  138.081413][ T9620] tipc: Disabling bearer <eth:syzkaller0>
[  138.144681][ T9629] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1639'.
[  138.177813][ T9632] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1640'.
[  138.187103][ T9632] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1640'.
[  138.332503][ T9645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1645'.
[  138.567284][ T9660] pim6reg1: entered promiscuous mode
[  138.569113][ T9660] pim6reg1: entered allmulticast mode
[  139.546003][ T9684] netlink: 'syz.0.1657': attribute type 1 has an invalid length.
[  139.553406][ T9684] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1657'.
[  139.557844][ T9686] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1658'.
[  139.599755][ T9690] netlink: 'syz.0.1659': attribute type 10 has an invalid length.
[  139.748664][ T9698] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  140.773154][ T9822] netlink: 'syz.0.1724': attribute type 1 has an invalid length.
[  140.983767][ T9841] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  140.986402][ T9841] syzkaller0: entered promiscuous mode
[  140.988178][ T9841] syzkaller0: entered allmulticast mode
[  141.015186][ T9841] tipc: Resetting bearer <eth:syzkaller0>
[  141.022227][ T9840] tipc: Resetting bearer <eth:syzkaller0>
[  141.049925][ T9840] tipc: Disabling bearer <eth:syzkaller0>
[  141.063178][ T9849] sctp: [Deprecated]: syz.1.1736 (pid 9849) Use of int in max_burst socket option.
[  141.063178][ T9849] Use struct sctp_assoc_value instead
[  141.067766][ T9848] netlink: 'syz.2.1735': attribute type 13 has an invalid length.
[  141.127217][ T5915] lo speed is unknown, defaulting to 1000
[  141.144505][ T5915] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  141.192231][ T9856] pim6reg: entered allmulticast mode
[  141.196889][ T9856] pim6reg: left allmulticast mode
[  141.533225][ T9895] netlink: 'syz.1.1758': attribute type 3 has an invalid length.
[  141.670808][ T5915] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  141.709293][ T9910] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  141.713953][ T9910] syzkaller0: entered promiscuous mode
[  141.715777][ T9910] syzkaller0: entered allmulticast mode
[  141.725684][ T9910] tipc: Resetting bearer <eth:syzkaller0>
[  141.731611][ T9909] tipc: Resetting bearer <eth:syzkaller0>
[  141.740862][ T9909] tipc: Disabling bearer <eth:syzkaller0>
[  142.226920][ T9956] ==================================================================
[  142.229864][ T9956] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  142.233033][ T9956] Read of size 2 at addr ffff88801e569342 by task syz.1.1787/9956
[  142.235983][ T9956] 
[  142.237049][ T9956] CPU: 0 UID: 0 PID: 9956 Comm: syz.1.1787 Not tainted syzkaller #0 PREEMPT(full) 
[  142.237060][ T9956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  142.237067][ T9956] Call Trace:
[  142.237072][ T9956]  <TASK>
[  142.237077][ T9956]  dump_stack_lvl+0x189/0x250
[  142.237092][ T9956]  ? __kasan_check_byte+0x12/0x40
[  142.237106][ T9956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.237115][ T9956]  ? lock_release+0x4b/0x3e0
[  142.237132][ T9956]  ? __virt_addr_valid+0x4a5/0x5c0
[  142.237144][ T9956]  print_report+0xca/0x240
[  142.237153][ T9956]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  142.237162][ T9956]  kasan_report+0x118/0x150
[  142.237173][ T9956]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  142.237183][ T9956]  __xfrm_state_lookup+0x6ad/0x8d0
[  142.237195][ T9956]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  142.237205][ T9956]  ? xfrm_state_lookup+0x45/0x1e0
[  142.237216][ T9956]  xfrm_state_lookup+0x11e/0x1e0
[  142.237228][ T9956]  xfrm_user_state_lookup+0x231/0x370
[  142.237240][ T9956]  ? __pfx_xfrm_user_state_lookup+0x10/0x10
[  142.237254][ T9956]  xfrm_del_sa+0xf1/0x3e0
[  142.237264][ T9956]  ? __pfx_xfrm_del_sa+0x10/0x10
[  142.237274][ T9956]  ? apparmor_capable+0x137/0x1b0
[  142.237285][ T9956]  ? __nla_parse+0x40/0x60
[  142.237293][ T9956]  xfrm_user_rcv_msg+0x7a3/0xab0
[  142.237304][ T9956]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  142.237320][ T9956]  ? __pfx___mutex_trylock_common+0x10/0x10
[  142.237329][ T9956]  ? rcu_is_watching+0x15/0xb0
[  142.237338][ T9956]  ? trace_contention_end+0x39/0x120
[  142.237346][ T9956]  ? __mutex_lock+0x335/0x1350
[  142.237358][ T9956]  netlink_rcv_skb+0x208/0x470
[  142.237367][ T9956]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  142.237377][ T9956]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  142.237387][ T9956]  ? netlink_deliver_tap+0x2e/0x1b0
[  142.237395][ T9956]  ? netlink_deliver_tap+0x2e/0x1b0
[  142.237402][ T9956]  xfrm_netlink_rcv+0x79/0x90
[  142.237412][ T9956]  netlink_unicast+0x82f/0x9e0
[  142.237425][ T9956]  ? __pfx_netlink_unicast+0x10/0x10
[  142.237436][ T9956]  ? netlink_sendmsg+0x642/0xb30
[  142.237444][ T9956]  ? skb_put+0x11b/0x210
[  142.237453][ T9956]  netlink_sendmsg+0x805/0xb30
[  142.237463][ T9956]  ? __pfx_netlink_sendmsg+0x10/0x10
[  142.237471][ T9956]  ? aa_sock_msg_perm+0xf1/0x1d0
[  142.237485][ T9956]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  142.237495][ T9956]  ? __pfx_netlink_sendmsg+0x10/0x10
[  142.237504][ T9956]  __sock_sendmsg+0x21c/0x270
[  142.237519][ T9956]  ____sys_sendmsg+0x505/0x830
[  142.237530][ T9956]  ? __pfx_____sys_sendmsg+0x10/0x10
[  142.237541][ T9956]  ? import_iovec+0x74/0xa0
[  142.237551][ T9956]  ___sys_sendmsg+0x21f/0x2a0
[  142.237562][ T9956]  ? __pfx____sys_sendmsg+0x10/0x10
[  142.237578][ T9956]  ? __fget_files+0x2a/0x420
[  142.237585][ T9956]  ? __fget_files+0x3a0/0x420
[  142.237593][ T9956]  __x64_sys_sendmsg+0x19b/0x260
[  142.237602][ T9956]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  142.237613][ T9956]  ? rcu_is_watching+0x15/0xb0
[  142.237621][ T9956]  ? do_syscall_64+0xbe/0x3b0
[  142.237632][ T9956]  do_syscall_64+0xfa/0x3b0
[  142.237640][ T9956]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.237648][ T9956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.237656][ T9956]  ? exc_page_fault+0x9f/0xf0
[  142.237664][ T9956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.237671][ T9956] RIP: 0033:0x7f73ae58ebe9
[  142.237681][ T9956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.237688][ T9956] RSP: 002b:00007f73af3e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  142.237697][ T9956] RAX: ffffffffffffffda RBX: 00007f73ae7c5fa0 RCX: 00007f73ae58ebe9
[  142.237702][ T9956] RDX: 0000000000000840 RSI: 0000200000000780 RDI: 0000000000000003
[  142.237708][ T9956] RBP: 00007f73ae611e19 R08: 0000000000000000 R09: 0000000000000000
[  142.237713][ T9956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  142.237718][ T9956] R13: 00007f73ae7c6038 R14: 00007f73ae7c5fa0 R15: 00007ffcc1f4a458
[  142.237727][ T9956]  </TASK>
[  142.237731][ T9956] 
[  142.362211][ T9956] Allocated by task 6791:
[  142.363644][ T9956]  kasan_save_track+0x3e/0x80
[  142.365138][ T9956]  __kasan_slab_alloc+0x6c/0x80
[  142.366661][ T9956]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  142.368381][ T9956]  xfrm_state_alloc+0x24/0x2f0
[  142.370325][ T9956]  __find_acq_core+0x8a7/0x1c00
[  142.371983][ T9956]  xfrm_find_acq+0x78/0xa0
[  142.373389][ T9956]  xfrm_alloc_userspi+0x6b3/0xc90
[  142.374930][ T9956]  xfrm_user_rcv_msg+0x7a3/0xab0
[  142.376624][ T9956]  netlink_rcv_skb+0x208/0x470
[  142.378147][ T9956]  xfrm_netlink_rcv+0x79/0x90
[  142.379637][ T9956]  netlink_unicast+0x82f/0x9e0
[  142.381159][ T9956]  netlink_sendmsg+0x805/0xb30
[  142.382691][ T9956]  __sock_sendmsg+0x21c/0x270
[  142.384172][ T9956]  ____sys_sendmsg+0x505/0x830
[  142.385647][ T9956]  ___sys_sendmsg+0x21f/0x2a0
[  142.387113][ T9956]  __x64_sys_sendmsg+0x19b/0x260
[  142.388918][ T9956]  do_syscall_64+0xfa/0x3b0
[  142.390336][ T9956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.392172][ T9956] 
[  142.392933][ T9956] Freed by task 5885:
[  142.394166][ T9956]  kasan_save_track+0x3e/0x80
[  142.395681][ T9956]  kasan_save_free_info+0x46/0x50
[  142.397171][ T9956]  __kasan_slab_free+0x5b/0x80
[  142.398834][ T9956]  kmem_cache_free+0x18f/0x400
[  142.400687][ T9956]  xfrm_state_gc_task+0x52d/0x6b0
[  142.402427][ T9956]  process_scheduled_works+0xae1/0x17b0
[  142.404624][ T9956]  worker_thread+0x8a0/0xda0
[  142.406488][ T9956]  kthread+0x711/0x8a0
[  142.408130][ T9956]  ret_from_fork+0x3fc/0x770
[  142.409635][ T9956]  ret_from_fork_asm+0x1a/0x30
[  142.411241][ T9956] 
[  142.412016][ T9956] The buggy address belongs to the object at ffff88801e569200
[  142.412016][ T9956]  which belongs to the cache xfrm_state of size 928
[  142.416641][ T9956] The buggy address is located 322 bytes inside of
[  142.416641][ T9956]  freed 928-byte region [ffff88801e569200, ffff88801e5695a0)
[  142.421443][ T9956] 
[  142.422416][ T9956] The buggy address belongs to the physical page:
[  142.424458][ T9956] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801e56b600 pfn:0x1e568
[  142.427535][ T9956] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  142.430077][ T9956] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  142.432400][ T9956] page_type: f5(slab)
[  142.433611][ T9956] raw: 00fff00000000040 ffff888104f85b40 dead000000000122 0000000000000000
[  142.436094][ T9956] raw: ffff88801e56b600 00000000800e0003 00000000f5000000 0000000000000000
[  142.438711][ T9956] head: 00fff00000000040 ffff888104f85b40 dead000000000122 0000000000000000
[  142.441352][ T9956] head: ffff88801e56b600 00000000800e0003 00000000f5000000 0000000000000000
[  142.444094][ T9956] head: 00fff00000000002 ffffea0000795a01 00000000ffffffff 00000000ffffffff
[  142.446815][ T9956] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  142.449433][ T9956] page dumped because: kasan: bad access detected
[  142.451375][ T9956] page_owner tracks the page as allocated
[  142.453213][ T9956] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5950, tgid 5949 (syz.2.17), ts 67747740530, free_ts 67694889568
[  142.459006][ T9956]  post_alloc_hook+0x240/0x2a0
[  142.460644][ T9956]  get_page_from_freelist+0x21e4/0x22c0
[  142.462454][ T9956]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.464287][ T9956]  alloc_pages_mpol+0x232/0x4a0
[  142.465767][ T9956]  allocate_slab+0x8a/0x370
[  142.467147][ T9956]  ___slab_alloc+0xbeb/0x1420
[  142.468565][ T9956]  kmem_cache_alloc_noprof+0x283/0x3c0
[  142.470231][ T9956]  xfrm_state_alloc+0x24/0x2f0
[  142.471705][ T9956]  xfrm_add_sa+0x17d1/0x4070
[  142.473144][ T9956]  xfrm_user_rcv_msg+0x7a3/0xab0
[  142.474700][ T9956]  netlink_rcv_skb+0x208/0x470
[  142.476258][ T9956]  xfrm_netlink_rcv+0x79/0x90
[  142.477685][ T9956]  netlink_unicast+0x82f/0x9e0
[  142.479127][ T9956]  netlink_sendmsg+0x805/0xb30
[  142.480598][ T9956]  __sock_sendmsg+0x21c/0x270
[  142.482290][ T9956]  ____sys_sendmsg+0x505/0x830
[  142.483933][ T9956] page last free pid 5297 tgid 5297 stack trace:
[  142.485943][ T9956]  __free_frozen_pages+0xbc4/0xd30
[  142.487919][ T9956]  __slab_free+0x303/0x3c0
[  142.489672][ T9956]  qlist_free_all+0x97/0x140
[  142.491501][ T9956]  kasan_quarantine_reduce+0x148/0x160
[  142.493662][ T9956]  __kasan_slab_alloc+0x22/0x80
[  142.495575][ T9956]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  142.497693][ T9956]  getname_flags+0xb8/0x540
[  142.499412][ T9956]  do_readlinkat+0xbc/0x500
[  142.501160][ T9956]  __x64_sys_readlink+0x7f/0x90
[  142.503070][ T9956]  do_syscall_64+0xfa/0x3b0
[  142.504873][ T9956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.507164][ T9956] 
[  142.508135][ T9956] Memory state around the buggy address:
[  142.510319][ T9956]  ffff88801e569200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  142.513428][ T9956]  ffff88801e569280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  142.516321][ T9956] >ffff88801e569300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  142.519076][ T9956]                                            ^
[  142.521570][ T9956]  ffff88801e569380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  142.524756][ T9956]  ffff88801e569400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  142.527270][ T9956] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  142.535833][ T9956] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  142.538261][ T9956] CPU: 0 UID: 0 PID: 9956 Comm: syz.1.1787 Not tainted syzkaller #0 PREEMPT(full) 
[  142.541246][ T9956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  142.545333][ T9956] Call Trace:
[  142.546672][ T9956]  <TASK>
[  142.547865][ T9956]  dump_stack_lvl+0x99/0x250
[  142.549678][ T9956]  ? __asan_memcpy+0x40/0x70
[  142.551530][ T9956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.553574][ T9956]  ? __pfx__printk+0x10/0x10
[  142.555469][ T9956]  vpanic+0x281/0x750
[  142.557078][ T9956]  ? preempt_schedule+0xae/0xc0
[  142.558992][ T9956]  ? __pfx_vpanic+0x10/0x10
[  142.560795][ T9956]  ? preempt_schedule_common+0x83/0xd0
[  142.563002][ T9956]  ? preempt_schedule+0xae/0xc0
[  142.564972][ T9956]  ? __pfx_preempt_schedule+0x10/0x10
[  142.567277][ T9956]  panic+0xb9/0xc0
[  142.568825][ T9956]  ? __pfx_panic+0x10/0x10
[  142.570605][ T9956]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  142.572954][ T9956]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  142.575084][ T9956]  check_panic_on_warn+0x89/0xb0
[  142.577089][ T9956]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  142.579185][ T9956]  end_report+0x78/0x160
[  142.580947][ T9956]  kasan_report+0x129/0x150
[  142.582818][ T9956]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  142.584961][ T9956]  __xfrm_state_lookup+0x6ad/0x8d0
[  142.587157][ T9956]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  142.589415][ T9956]  ? xfrm_state_lookup+0x45/0x1e0
[  142.591446][ T9956]  xfrm_state_lookup+0x11e/0x1e0
[  142.593433][ T9956]  xfrm_user_state_lookup+0x231/0x370
[  142.595599][ T9956]  ? __pfx_xfrm_user_state_lookup+0x10/0x10
[  142.597963][ T9956]  xfrm_del_sa+0xf1/0x3e0
[  142.599680][ T9956]  ? __pfx_xfrm_del_sa+0x10/0x10
[  142.601657][ T9956]  ? apparmor_capable+0x137/0x1b0
[  142.603629][ T9956]  ? __nla_parse+0x40/0x60
[  142.605401][ T9956]  xfrm_user_rcv_msg+0x7a3/0xab0
[  142.607343][ T9956]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  142.609497][ T9956]  ? __pfx___mutex_trylock_common+0x10/0x10
[  142.611815][ T9956]  ? rcu_is_watching+0x15/0xb0
[  142.613694][ T9956]  ? trace_contention_end+0x39/0x120
[  142.615869][ T9956]  ? __mutex_lock+0x335/0x1350
[  142.617847][ T9956]  netlink_rcv_skb+0x208/0x470
[  142.619739][ T9956]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  142.621950][ T9956]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  142.624062][ T9956]  ? netlink_deliver_tap+0x2e/0x1b0
[  142.626149][ T9956]  ? netlink_deliver_tap+0x2e/0x1b0
[  142.628226][ T9956]  xfrm_netlink_rcv+0x79/0x90
[  142.630044][ T9956]  netlink_unicast+0x82f/0x9e0
[  142.631992][ T9956]  ? __pfx_netlink_unicast+0x10/0x10
[  142.634182][ T9956]  ? netlink_sendmsg+0x642/0xb30
[  142.635914][ T9956]  ? skb_put+0x11b/0x210
[  142.637193][ T9956]  netlink_sendmsg+0x805/0xb30
[  142.638677][ T9956]  ? __pfx_netlink_sendmsg+0x10/0x10
[  142.640370][ T9956]  ? aa_sock_msg_perm+0xf1/0x1d0
[  142.642096][ T9956]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  142.644075][ T9956]  ? __pfx_netlink_sendmsg+0x10/0x10
[  142.645903][ T9956]  __sock_sendmsg+0x21c/0x270
[  142.647500][ T9956]  ____sys_sendmsg+0x505/0x830
[  142.648976][ T9956]  ? __pfx_____sys_sendmsg+0x10/0x10
[  142.650561][ T9956]  ? import_iovec+0x74/0xa0
[  142.651955][ T9956]  ___sys_sendmsg+0x21f/0x2a0
[  142.653566][ T9956]  ? __pfx____sys_sendmsg+0x10/0x10
[  142.655610][ T9956]  ? __fget_files+0x2a/0x420
[  142.657447][ T9956]  ? __fget_files+0x3a0/0x420
[  142.659356][ T9956]  __x64_sys_sendmsg+0x19b/0x260
[  142.661346][ T9956]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  142.663484][ T9956]  ? rcu_is_watching+0x15/0xb0
[  142.665409][ T9956]  ? do_syscall_64+0xbe/0x3b0
[  142.667302][ T9956]  do_syscall_64+0xfa/0x3b0
[  142.669148][ T9956]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.671243][ T9956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.673655][ T9956]  ? exc_page_fault+0x9f/0xf0
[  142.675548][ T9956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.677928][ T9956] RIP: 0033:0x7f73ae58ebe9
[  142.679715][ T9956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.687283][ T9956] RSP: 002b:00007f73af3e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  142.690593][ T9956] RAX: ffffffffffffffda RBX: 00007f73ae7c5fa0 RCX: 00007f73ae58ebe9
[  142.693747][ T9956] RDX: 0000000000000840 RSI: 0000200000000780 RDI: 0000000000000003
[  142.696926][ T9956] RBP: 00007f73ae611e19 R08: 0000000000000000 R09: 0000000000000000
[  142.700001][ T9956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  142.703105][ T9956] R13: 00007f73ae7c6038 R14: 00007f73ae7c5fa0 R15: 00007ffcc1f4a458
[  142.706167][ T9956]  </TASK>
[  142.708069][ T9956] Kernel Offset: disabled
[  142.709800][ T9956] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:23:03  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000006b RBX=000000000000006b RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000010b1 RDI=00000000000010b2 RBP=00000000000003f8 RSP=ffffc90008936970
R8 =ffff888020d08237 R9 =1ffff110041a1046 R10=dffffc0000000000 R11=ffffffff854f4b80
R12=dffffc0000000000 R13=ffffffff99b01906 R14=ffffffff99df6420 R15=0000000000000000
RIP=ffffffff854f4bfc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f73af3e96c0 ffffffff 00c00000
GS =0000 ffff8880b8614000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005555720dd808 CR3=000000011eeb0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f73ae797498 00007f73ae797470 XMM03=00007f73ae7974a8 00007f73ae7974a0
XMM04=00007f73af2fd100 00007f73ae797460 XMM05=00007f73ae797478 00007f73ae7974c0
XMM06=00007f73ae7974b8 00007f73ae7974b0 XMM07=00007f73ae7974a8 00007f73ae7974a0
XMM08=0000000000000000 00007f73ae612ee7 XMM09=0000000000000000 00007f73ae612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=1ffff11009608341 RCX=ffff888023eb8000 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc900031bf700 RSP=ffffc900031bf580
R8 =ffffffff8fa39837 R9 =1ffffffff1f47306 R10=dffffc0000000000 R11=fffffbfff1f47307
R12=ffff88804b041a08 R13=dffffc0000000000 R14=ffff88813663b1c0 R15=0000000000000000
RIP=ffffffff81b44fb4 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c14000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f97f04f7d60 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00007f97ef9976c3 00007f97ef9976c3 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 00ff000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000ff0000 XMM05=000055557ee75595 000055557ee75430
XMM06=000055557ee7b9e4 000055557ee7b9e0 XMM07=001ec0030210001e b0035010001d9003
XMM08=03fe02001fcc0310 04001fc80313a604 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
