last executing test programs:

1.600992614s ago: executing program 0 (id=1197):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f1ea3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b2213fdc2881e1a6ec9d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232f0485a2ca9f37fc9c3d2688efcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdcdeb2af1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f925f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308c"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@bridge_newvlan={0x24, 0x76, 0x709, 0x2, 0x0, {0x7, 0x2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0xd, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x4}}]}, 0x24}, 0x1, 0x5502000000000000}, 0x4000)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c)
setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b177019716ea6ff1f4d7ed79c31e2e0f1da00000000230000002000", 0x1, 0x0, 0x3}, 0x3c)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x10, 0x4, 0x64, 0x2, 0x5, 0x4b, 0xa7, @loopback, @dev={0xac, 0x14, 0x14, 0x35}}}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe000031f, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c)
setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f00000003c0)=0xa, 0x4)
socket$inet(0x2, 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000480)={0x88, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvlan1\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}]}, 0x88}}, 0x20000000)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2033}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
bind$llc(0xffffffffffffffff, 0x0, 0x0)
socket$inet6(0xa, 0x803, 0x6)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

1.534369501s ago: executing program 2 (id=1199):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, 0x0, 0x0)

1.448546775s ago: executing program 2 (id=1200):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x82, &(0x7f0000000000)=@assoc_value, &(0x7f00000001c0)=0x8)

1.411283683s ago: executing program 2 (id=1202):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="40000000100039040000", @ANYRES32, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x4c094)
r2 = socket(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x800)
socket$kcm(0x10, 0x2, 0x4)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000005c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b51f69853362ac3407173ec23395152cd8714a2a2e1", 0x66}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r3, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x40000100)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x20040084)
socket$inet(0x2, 0x2, 0x0)
recvmsg$kcm(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)

1.403060066s ago: executing program 0 (id=1204):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001a80)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000600014002020c600e41b0200900ac000a0501000000160012000a00ff120048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x894)

1.284290654s ago: executing program 0 (id=1206):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
getsockopt$sock_buf(r0, 0x1, 0x3c, &(0x7f0000000000)=""/65, &(0x7f0000000080)=0x41)

1.226522621s ago: executing program 0 (id=1207):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
accept4(r0, 0x0, 0x0, 0x80000)

1.1548718s ago: executing program 0 (id=1208):
syz_emit_ethernet(0x32, &(0x7f0000000340)={@local, @dev, @void, {@ipv4={0x800, @generic={{0x9, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x35}, {[@ssrr={0x89, 0x7, 0xef, [@broadcast]}, @cipso={0x86, 0x6}]}}}}}}, 0x0)

1.096750584s ago: executing program 0 (id=1211):
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)="ba403c8e31749740db80392adaca093b62517c3e47e8b9aa5379926a5842c247bbe7834c570e333f41e62b1d5a5481275af0fcfe5caea9ee2e4b5eff845b992d27587b8239", 0x45}], 0x1}}], 0x1, 0xc8040)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x6)

1.036648438s ago: executing program 1 (id=1213):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x40)

974.797195ms ago: executing program 1 (id=1214):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newlink={0x4c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x50a10, 0x51a23}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x20}, @IFLA_GRE_FWMARK={0x8, 0x14, 0xa}, @IFLA_GRE_PMTUDISC={0x5}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x85}, 0x20040040)

81.31384ms ago: executing program 1 (id=1215):
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x2d75000)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x7, &(0x7f00000000c0)="f8ffffff", 0x4)

80.72078ms ago: executing program 1 (id=1216):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x54, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x24, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x0, 0x1}}, @TCA_GRED_DPS={0x10, 0x3, {0x0, 0x0, 0x0, 0x4}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x51}, 0x0)

73.453897ms ago: executing program 2 (id=1217):
r0 = socket$phonet(0x23, 0x2, 0x1)
sendmsg$inet(r0, &(0x7f00000034c0)={&(0x7f00000030c0)={0x2, 0x4e21, @broadcast}, 0x10, 0x0}, 0x80)

5.756638ms ago: executing program 2 (id=1218):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x90, 0x10, 0x421, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad, 0x60e1}, [@IFLA_LINKINFO={0x68, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x58, 0x2, 0x0, 0x1, [@IFLA_VLAN_EGRESS_QOS={0x4c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x800, 0x6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x400, 0x9}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfffff9d5, 0x2}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x4, 0x80}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x7, 0x3}}, @IFLA_VLAN_QOS_MAPPING={0x7, 0x1, {0x0, 0x86b7}}]}, @IFLA_VLAN_ID={0x6, 0x1, 0x400}]}}}, @IFLA_LINK={0x8}]}, 0x90}}, 0x2)

5.46564ms ago: executing program 1 (id=1219):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x10, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="91104e000000000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)

5.260363ms ago: executing program 2 (id=1220):
syz_emit_ethernet(0x46, &(0x7f0000000080)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60f4adf700102c00fe80000000000000000000000000fd00ff0200000000000000000000000000013c4b"], 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x24000050)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)

0s ago: executing program 1 (id=1221):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xe, 0x4, 0x4, 0xfffffff8}, 0x48)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6e", 0xaf)
r3 = socket$inet6(0xa, 0x3, 0x26)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1={0xfc, 0x1, '\x00', 0x2}, 0x4e20, 0x0, 0x4e20, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x5853, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@empty, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0)
r4 = socket(0x40000000015, 0x5, 0x0)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f0000005440)={0x0, 0x0, &(0x7f0000005400)={&(0x7f00000053c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010001007001040000000000000008000400ff03000004000180"], 0x20}, 0x1, 0x0, 0x0, 0x81}, 0x4008040)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000440)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x78, 0x0, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x2}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x9}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}]}, 0x78}, 0x1, 0x0, 0x0, 0x1}, 0x11)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendmsg(r4, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x80, 0x0, 0x0, &(0x7f0000000240)=[{0x10, 0x88, 0x2}, {0x10, 0x114, 0x5}], 0x20}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x7, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000005feffff720af0fff8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed000072030200200000001d440000000000006b0a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f1ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c107571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d1abf3cb17b40ac9b10968f38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d61f3b39c64307f9c82b2807c9ff4a269841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67a41b9e320146ee9f566a28"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x20, 0x10, &(0x7f0000000000)={0x0, 0x5}, 0xfffffffffffffd00}, 0x48)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r7, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x42, &(0x7f00000002c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300, {[@end]}}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x1c, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0)
r8 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r8, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c)
write$tun(r1, &(0x7f00000024c0)={@val={0x0, 0x800}, @val={0x0, 0x0, 0x3}, @mpls={[], @ipv4=@gre={{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x11, 0x0, 0x21, 0x0, @dev, @broadcast, {[@lsrr={0x83, 0x3, 0x74}]}}, {{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [], "50726483718ba3e6d08f7571cc59e627d3ed353e879da15784c220746fc2eba11f56fe932b544f53b43a34b265bd5d44fd38791b56b3b8767c382bc52ee2b8fcbbd661f151afd5315d5f502920c297a3916d7ea039eb558ebb06336662367e15363058de9b806035d5c980832248d1fc96c6b2fb2a4dffa91026dd0228974f70bea2a8e3fe0c9aae345d6e19f2"}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "ac10ef31176d1af88e863d588661a0756365388ef6f2d7b69fb82dc9e7de475e5aad52fa5b61fb1730a4f8ba342b81d86460c5cc35df8bdc3e55e1e92140c9ed10cfd396d4fb331e1901da8dfd47cd7431fd6cb967f7d84f0ba6de4a73b26c286edc3684534e70f60b30b7aefec9309c13a29b35e134d47c3579870d43bcc2babd71412ade39c68b036b5e7a6e90c25efe7a5b3ff3fae0fe7459e71cb431cb8f6a45a9a21d938cbd1de67fde856f05154095c3d86b9f4bac02987d8a06aae5f8d3da56748f1f6b1e9de4d1afaea08c70a943b080bf77494e5dcc17fe38bb0a0b36a008f7805cfdbe5a89e2e12e013b6ff42e3f9e825f3d604768f87273edad56c12c8a5eacd9b63ea6fa1ecf16139cb19c579c4f0a125a755439e6dc9c1637c0d23c1c281af2982cca306b2d3dbaede299bfe4f2ebd822abfabafef3f159049cc24f01a412fafe3d43841a6a4dbed78566e34544a074d4c01cedbb22527e955e8f93ef5a927fdec293a3c78693cae45de7481fdf0f65a43b50d26904594676b7af375752c99e2ba3e00286ab9d438af7b8834c0e71d245c0428ecc5a59f29ab0bca9b1913b9bb5373a94e1daae374d0ed7e7ffd0a1188c83e61e8ee28625483a96a246b9e1cdc8da085de61834a15afd5e7726d711c5ecc008914b9b9f35603330113e548e4509516bac6bc1150b2ace667a540ec84d22c0d0200056918fa3ac596cddd501f7b34f3b97c12c3c10e4b0c67ef01059c2feed93f9169498278daabd27d8537882a87b2edd4b2e6789b90d065ba7a064b2b4ecc1622c8662b3145844c12491ee85dd2acbe057479db9d24e500d9f1af37745f39e7fc7d4e513fa839556155db1ba6d62465a464184f2f4f9c4c822e64c6a357d7bc06caf64db283f0a3a427b400b7dd4df488c9e30db1fdb1774038d32557b69f9c1eba7ec66309bc68c19200aa5f05ec21c1cc9a12667cbae2863198913eac1de18df558c1b5fbceb0e6b521e120e98b39ecc8cabb6c25cdc31d827eeb549fe548f6b29d4f65b176ea0a20411d750f02c660cba2c62935fad8c51324f6f437daa53c81ff2e19b94140f1d72a2540b3fa74ffe85c696a4e4411d4449744ca4b5e8b921c7d62208b88a1df38030c4e09cd264a9c534259737ed6ea798cbc2d0054845dc84e97295efad0f5228fc61710e75a4445a889e230887845fa7f02be62593c352cb344a0f947bdb6c4cf3aab5ecedbd4fdde781c496db32a51f700b2fc19b2c36e257bbb2c735e0f03cd9e49700aee6edaa6952bdc2feef2d2e5463b6778fde3c7ef73477e22a181816883192beee132b3866c4ec977e0cd0b995de650c4c7d3e6e483685f75f9d82f69868d67e64a59e7320707847040bed7bb8c24d5e6a1da326d3226e71933484a2c619592a00db3b086d5fee139abaae14d65698937ef8c066acc7134f085e1e8ccd04a67e128c2d775740f0727c14dfbf8a2ed7f25d353285ab0fd03a8788d725163d27ac13ced25669301f672fb1f404451d85e92e1d0049fa9558c8492cc336ddd5133cb1b307f2901341fb6a021e1b751f22412e76fad6ea2b4a7d756559619fa47b22bc55ef8fdc19fbd6136becc60ff19748e60452e704752c82beb4861ea118875e9fe75a9e6c10c8b922dd8054ef8dd15963db6d505e7eab028322801bb4328d8257e726d937ca83c8efca320c8ecd24313eb5e8114c604781ed936a82740340ac6692bfc3613d2f49bf8284cf60cee6513fd154034e49af838146872e8735962da7f7bbd301f2fd85e597c1b6f8418352ebec83286f9dfab4a0b4dbb8b9c7b55aaf9ac1628d1493c1786c78a8a0b8c58596f1e1ba92b7fcdb80e867fdd299c78b902ac2de3c6d6bad6c5fb0c5db603b7c3c7ff8a64dc4488e07d2b506db960db1503ad72dab8ef405549a5f12a62052be8f7ad3fad32ba8560a8874c06f815ec9912dfcc16d8e0f8c9ab9afceae435a63dcdd1dc6b1e4d186f306ec1c8af08e69ad8fc9860c9bad1af0654c51e0711ecfa47c6b4411010076c975057db6609b47fda736f6ef81863387e3c971479a572145aab35a24475ffea35c1626b644ba12ef8d92cf9310f722b493b2da8ea4c5dcd99d75167e1404642aafbf5db3f8ce95382d7bbd550c0bae73af75dc913ead260ce475b30879d4279efeae49e88b0071661725e9ec5b3579c1716d70971fd301d8ee090a98120bf35ffa62101077362a2a3564022b0bff01e76e641fc01ff731a834509600aadeffe2f00276de348a3c57778865063bd8e348b6e68b5c74298ba911a184f5bfdefd6473272c174c9e644abdf22b3ac39e246ae947ffef4773bcfec3b2a8d03dc8971471dfc50cd5ef6d32ae3486f7d14b0137e80a313910d9bc87aed8c41c6563f646b39c2a26f4add083ab6efb5753fc6b78e7907b9cd8a2cabdf87e202239fffc99e0446915c3bc147635398f73201d7369902225184d8da01641759645bf92b5d73ab153f2150264c3333ce12747ce2642aa04aeeb85513170a67dd93b010e8fd0f3cb290e1fc0040d32bdad7d8b41c4f2d10a3c170dbc3e264e29714a34dd220c2bf3e273d7cb3a9397b16a47c85cca75e4cac2def7c976fb7f38b24bdb8f80486e9cec55574d9f2864085289fd2fc497a3a7fab762877629db9ff70201f07897246f9f5211ced9266b732e9988805669dc1bc8e4ddd235562c7785e2379f1f0dd1e71a98b6d204e6c1a1ee163ceb35f6c436bb2547522bed2a55814a3f5f53d3eceee6c847c12af75fdc8452116ab891a5c6424a79b33c4b56a5412700a907f3eca800fcfba133f8bab9ebae32c699b548aff3ac702699f293fceb7445a7107956adad16a6b73a2fe0c88232f2d9831b238b92c511e4a6e02f784ee328bd979c4728ba0f86cc4ed9a69c6d5bc23496729a6512c4664006afc08de2f4dd89e52108f7c081d11facccb91ebc82415691b6bf05818638b3a4d809ae307f4b2d867a34417dbaad8c01a3773d8ebe56890230bd4a2e2a027d59839e1710cb5d25cec245ed8f86b7d4ed8e4ec48c53387ab1ea059406bf2612a6c730750b41a47bdf51cbec2c3f1b07fd6aba2ea390e138868d71f0a73990e87b383757a199f53bcd25f93b15efaf84a9a3758f5cbc2223a809ba784a5af2d36a3b99e3d143310ecf2bb9d2dd8fe9defdfa3d82e005c52514f13beb97476fb7a0f7ab62892977c9da0b950dbbc89bdd58472619f3bdbf46def88488e7bdf0633ee908a4e4e795e92037b74db18672e168514e2ad0a2df94357f2dc2c593b251894657c6bea65abfcd76b7037bd5817ab73be94f00031150f375442e0f0d0e7236ed4150637c14f62ecb6713f897889d77d814ead5774d726f307fe32c020cdefda72151798fcde65af6fbe6594eeb078a8c414b949c0c2217a0cc82049c43f6fb3cb7c00fc0305b86dddde708dd8a61a63e799abdd49d6ff1c41b8ecb230891037ca36d7a7e1f6280f52a5d45ff872f11df408ae09fc9b9d371ccf4f2777626ad84426d925dac9bbacc785acb5c29cbf9d6aec77d5ac48778ab4682b7bb611f342a72c26417a5e432e5d956844e19739e61999a78c615acc09f415032031ac6cb839da764331d131acbe66b502e7f1a5b9dc68df7f5524e7bc6fdfa982b39af2cbff69052d04be78821282dbfc034e64943004375f16cf4741526aaafebfc1a6d4a38d4c345aa22c94922f145b6c449a216b6c382565598125156fad8097c2e7ea65063cdfe34e50fb75939f3b3cf5ab8a3448ead3cc36358f45b0eaabf8ff2b64a1923407226f24420978d03d6bcefc2b45a74425017c11146e25f6d41912f39afecaa19090123ea2605994978b00a347aba322cd10822933e3f5988477ce1b2aff651553ec4977b185e5c7aaa4c64b4fb49cfc0cad75e85c0617e19f26fd0932a4bba0821d5a4d9449773c2d3c25e8aee59155346502b72a4d6818f143695acd5b83a336d02e2d1b9da5740e287c4694012f9648656c51cd44431c54301ea55f48197d1280421793598db89820937aa6a41d69618f55fd9c40dc0742e77d4ddf4a68a6cecba47ff0a22e2734bc9556193642b92838c891b4ed109af35190332aabb9aab184076cfc99f08814bebe47fccd12005ad926a643c791ecda50458a1106a033408fb90da10f8d6e42b3a462e9f9a1a2752c21967884ea79a1148f3dd0304bef05747458c7859dbf7f6df08074e9ac221677b70546909329c5557adb255cc33c1f9b762188e2498a7744f066df3fb8bee6261db37489b63f9bda047a06cbc588ff1255e3b63a86a5ca353160e0dc4088ea691c768f5d36397cb64c6db2d5bd39473a9d1209d021b8017434874ed5f99d9fc27d5549eaecdcfb7093549acaea45610221192942e108def0efbc004bbfef195af7dcdc0b75097eba13d621c2ca5ee3bfd2845b21a910e8ea21536768e1e5081997ae7415a55e58e1294d8ff3bc95faf96a65501b922382f4f75a0f938b290fd66bb3ccdc33734bafa18a3765d23f151951b8c8c6939de018c4e9ca253dff4a1fc70a601bba8c2e146a79166745e5fd1748c638a7a945e5f5aea0a93c7861446ef5996e37231e573245dae58b168c0564c8b27ada3fde66bb00f51f7e47970855d1057739ccf583666055187173bfd1454a5fbcfd59f39b6ad63fbfbe0fea9a6b336a41ec316acedd38cc6fab7de1190c97bed6e8f1cdb47d59941955f87a59d953c0f60f68a63fcf8f6f76b3eb5d79d94a2eeb3fb28781b1bbd31937c6f6e2d6fa7d2f4134702fdc0a2250bbec420c73a89c1643379235a492c2cbb3280ec3e676fcc1b33aaa645234eebefb1c28c52646a33c1989a386d537cd5ebf89f50b575b37b9a337f653919a569229009"}, {}, {}, {0x8, 0x6558, 0x0, "20e62929c11cb0549208c925145acbdc02d1fec745f9b654f2d97c9269199fc2293765cfbba8e22fa0ba230c891eb5a9490864bc2e2993a2831d52a0f75fda3f213ec297d9acaa7a8aedc6826e3274b7f48681313b4b677b469a77dd667c84aaf2766d84d9f6dd1b6aa2ab1860b1394813e57c4c6d557a4d049d74cdc674b82da3e6c6f0b9a890edc47dd5a6801c24ba1da62ac03a3620d1f109122a34cd8f552730c4239a81f09bc9174d89403e8011a5436bc7abbd69d49f68a786837a51689f7a4b422061f4768c9052c000016fffffe700e53f083b13e53ef485d121779c5da2b6ce80f9cc4a030570a1cc071d9a6845b6018baaa77418d5fb030700f7b63620c369c466108465b7c7967c0c84a9b828118c9ba7808abfe69f783c3795ecbe1714d91d56b64b9e8e7f86d3fff9c8084b5ec69fcf586b23c29dc078db3fda0fe8cfaed8ab7a5a39bc2ec6a1410270ea7d41ecbd90e45fc60062bc"}}}}}, 0xfce)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:12375' (ED25519) to the list of known hosts.
syzkaller login: [   56.316538][ T5830] cgroup: Unknown subsys name 'net'
[   56.456510][ T5830] cgroup: Unknown subsys name 'cpuset'
[   56.461895][ T5830] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.701653][ T5830] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.830564][ T5235] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.835268][ T5235] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.838647][ T5235] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.842336][ T5235] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.845801][ T5235] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.918795][ T5235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.922903][ T5235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.926883][ T5235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.930858][ T5235] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.934747][ T5235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.958764][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.964441][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.968723][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.974138][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.977795][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.222158][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   64.361320][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.364952][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.368249][ T5846] bridge_slave_0: entered allmulticast mode
[   64.372014][ T5846] bridge_slave_0: entered promiscuous mode
[   64.377104][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   64.384815][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.388142][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.391022][ T5846] bridge_slave_1: entered allmulticast mode
[   64.395064][ T5846] bridge_slave_1: entered promiscuous mode
[   64.446983][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   64.459779][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.494077][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.567480][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.569875][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.572791][ T5851] bridge_slave_0: entered allmulticast mode
[   64.575971][ T5851] bridge_slave_0: entered promiscuous mode
[   64.587755][ T5846] team0: Port device team_slave_0 added
[   64.590736][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.593891][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.596775][ T5851] bridge_slave_1: entered allmulticast mode
[   64.599831][ T5851] bridge_slave_1: entered promiscuous mode
[   64.611771][ T5846] team0: Port device team_slave_1 added
[   64.675831][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.678658][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.681704][ T5854] bridge_slave_0: entered allmulticast mode
[   64.685879][ T5854] bridge_slave_0: entered promiscuous mode
[   64.689356][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.691734][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.694523][ T5854] bridge_slave_1: entered allmulticast mode
[   64.697748][ T5854] bridge_slave_1: entered promiscuous mode
[   64.710939][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.724643][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.727478][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.736356][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.743676][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.766809][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.769043][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.778206][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.785157][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.799967][ T5851] team0: Port device team_slave_0 added
[   64.811252][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.815714][ T5851] team0: Port device team_slave_1 added
[   64.868316][ T5854] team0: Port device team_slave_0 added
[   64.881504][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.885224][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.894411][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.899534][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.901730][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.911757][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.917018][ T5854] team0: Port device team_slave_1 added
[   64.924517][ T5846] hsr_slave_0: entered promiscuous mode
[   64.928200][ T5846] hsr_slave_1: entered promiscuous mode
[   64.964811][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.967454][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.976675][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.000985][ T5851] hsr_slave_0: entered promiscuous mode
[   65.004688][ T5851] hsr_slave_1: entered promiscuous mode
[   65.007022][ T5851] debugfs: 'hsr0' already exists in 'hsr'
[   65.008949][ T5851] Cannot create hsr debugfs directory
[   65.011286][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.013977][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.021998][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.166460][ T5854] hsr_slave_0: entered promiscuous mode
[   65.169581][ T5854] hsr_slave_1: entered promiscuous mode
[   65.173692][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   65.176084][ T5854] Cannot create hsr debugfs directory
[   65.387673][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.399343][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.420574][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.447500][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.505591][ T5851] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.523837][ T5851] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.532898][ T5851] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.554519][ T5851] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.602147][ T5854] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.624171][ T5854] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.631093][ T5854] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.644612][ T5854] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.749733][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.783295][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   65.796978][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.817083][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.820173][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.838158][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.846668][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.849586][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.858316][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   65.891831][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.894922][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.899042][   T55] Bluetooth: hci0: command tx timeout
[   65.914369][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   65.924393][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.927317][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.953035][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.956000][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.966168][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.969020][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.984564][   T55] Bluetooth: hci1: command tx timeout
[   66.053336][   T55] Bluetooth: hci2: command tx timeout
[   66.259991][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.300561][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.316868][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.354927][ T5851] veth0_vlan: entered promiscuous mode
[   66.383731][ T5851] veth1_vlan: entered promiscuous mode
[   66.407567][ T5854] veth0_vlan: entered promiscuous mode
[   66.424111][ T5854] veth1_vlan: entered promiscuous mode
[   66.447949][ T5851] veth0_macvtap: entered promiscuous mode
[   66.461485][ T5846] veth0_vlan: entered promiscuous mode
[   66.474512][ T5851] veth1_macvtap: entered promiscuous mode
[   66.482294][ T5846] veth1_vlan: entered promiscuous mode
[   66.488906][ T5854] veth0_macvtap: entered promiscuous mode
[   66.499358][ T5854] veth1_macvtap: entered promiscuous mode
[   66.520718][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.534310][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.554023][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.558404][ T5875] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.570354][ T5846] veth0_macvtap: entered promiscuous mode
[   66.575006][ T5875] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.581178][ T5875] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.585487][ T5875] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.590106][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.599962][ T5846] veth1_macvtap: entered promiscuous mode
[   66.618825][ T5714] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.624548][ T5714] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.627528][ T5714] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.636234][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.655351][ T5714] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.665454][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.686894][ T5714] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.690465][ T5714] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.717630][ T5714] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.720696][ T5714] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.733853][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.738803][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.801022][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.805141][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.858746][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.861880][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.901331][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.906279][ T5851] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.908525][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.971276][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.976951][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.995523][ T5911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'.
[   66.999197][ T5911] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   67.020735][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.033309][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.233517][ T5917] tipc: Started in network mode
[   67.235641][ T5917] tipc: Node identity ac14142f, cluster identity 4711
[   67.238908][ T5917] tipc: New replicast peer: 0.0.0.0
[   67.241972][ T5917] tipc: Enabled bearer <udp:syz2>, priority 10
[   67.253895][ T5917] tipc: New replicast peer: 255.255.255.255
[   67.361441][ T5929] netlink: 'syz.2.10': attribute type 11 has an invalid length.
[   67.747895][ T5952] netlink: 240 bytes leftover after parsing attributes in process `syz.0.22'.
[   67.978157][   T55] Bluetooth: hci0: command tx timeout
[   68.063578][   T55] Bluetooth: hci1: command tx timeout
[   68.133688][   T55] Bluetooth: hci2: command tx timeout
[   68.279356][ T5973] Zero length message leads to an empty skb
[   68.353751][    T9] tipc: Node number set to 2886997039
[   69.103863][ T6006] netlink: 20 bytes leftover after parsing attributes in process `syz.0.45'.
[   69.163983][ T6009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.47'.
[   69.168337][ T6009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.47'.
[   69.933729][ T6034] warning: `syz.1.57' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   70.063104][   T55] Bluetooth: hci0: command tx timeout
[   70.086340][ T6044] tipc: Started in network mode
[   70.088047][ T6044] tipc: Node identity 42ff3106e8ca, cluster identity 4711
[   70.090462][ T6044] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   70.094736][ T6044] syzkaller0: entered promiscuous mode
[   70.100090][ T6044] syzkaller0: entered allmulticast mode
[   70.125636][ T6044] tipc: Resetting bearer <eth:syzkaller0>
[   70.131977][ T6041] tipc: Resetting bearer <eth:syzkaller0>
[   70.134045][   T55] Bluetooth: hci1: command tx timeout
[   70.149527][ T6041] tipc: Disabling bearer <eth:syzkaller0>
[   70.213234][   T55] Bluetooth: hci2: command tx timeout
[   70.408016][ T6066] netlink: 'syz.2.74': attribute type 4 has an invalid length.
[   70.463575][ T6070] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   70.468455][ T6070] syzkaller0: entered promiscuous mode
[   70.470261][ T6070] syzkaller0: entered allmulticast mode
[   70.484687][ T6070] netlink: 27 bytes leftover after parsing attributes in process `syz.1.73'.
[   70.489740][ T6070] tipc: Resetting bearer <eth:syzkaller0>
[   70.498184][ T6069] tipc: Resetting bearer <eth:syzkaller0>
[   70.512064][ T6069] tipc: Disabling bearer <eth:syzkaller0>
[   70.916835][ T6083] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.81'.
[   71.210125][ T6101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.88'.
[   71.216895][ T6101] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[   71.220081][ T6101] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   71.259867][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.262623][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.334483][ T6105] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   71.337510][ T6105] syzkaller0: entered promiscuous mode
[   71.339652][ T6105] syzkaller0: entered allmulticast mode
[   71.355960][ T6105] tipc: Resetting bearer <eth:syzkaller0>
[   71.360518][ T6104] tipc: Resetting bearer <eth:syzkaller0>
[   71.370832][ T6104] tipc: Disabling bearer <eth:syzkaller0>
[   72.134984][ T5235] Bluetooth: hci0: command tx timeout
[   72.215080][ T5235] Bluetooth: hci1: command tx timeout
[   72.293642][ T5235] Bluetooth: hci2: command tx timeout
[   72.848890][ T6126] syz_tun: entered allmulticast mode
[   72.908133][ T6123] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.911706][ T6123] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.950244][ T6129] netlink: 40 bytes leftover after parsing attributes in process `syz.1.99'.
[   73.006283][ T6132] netlink: 40 bytes leftover after parsing attributes in process `syz.1.99'.
[   73.038450][ T6123] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.045926][ T6123] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.180940][ T5874] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.194334][ T5874] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.197894][ T5874] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.201390][ T5874] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.615236][ T6163] bridge_slave_0: left allmulticast mode
[   73.617630][ T6163] bridge_slave_0: left promiscuous mode
[   73.622312][ T6163] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.629028][ T6163] bridge_slave_1: left allmulticast mode
[   73.637071][ T6163] bridge_slave_1: left promiscuous mode
[   73.639444][ T6163] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.658292][ T6163] bond0: (slave bond_slave_0): Releasing backup interface
[   73.666070][ T6163] bond0: (slave bond_slave_1): Releasing backup interface
[   73.676041][ T6163] team0: Port device team_slave_0 removed
[   73.681165][ T6166] netlink: 24 bytes leftover after parsing attributes in process `syz.0.116'.
[   73.689286][ T6163] team0: Port device team_slave_1 removed
[   73.692138][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_0
[   73.701964][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_1
[   73.722322][ T6166] team0: Failed to send options change via netlink (err -105)
[   73.729656][ T6166] team0: Mode changed to "loadbalance"
[   74.094756][ T6179] netlink: 136 bytes leftover after parsing attributes in process `syz.0.120'.
[   74.384220][ T5235] Bluetooth: hci2: command 0x0405 tx timeout
[   74.806023][ T6203] netlink: 'syz.1.130': attribute type 2 has an invalid length.
[   74.809181][ T6203] netlink: 'syz.1.130': attribute type 1 has an invalid length.
[   74.812292][ T6203] netlink: 224 bytes leftover after parsing attributes in process `syz.1.130'.
[   75.012206][ T6211] IPVS: Scheduler module ip_vs_sip not found
[   75.186866][ T6229] tipc: Started in network mode
[   75.188460][ T6229] tipc: Node identity 8a62bdf95b08, cluster identity 4711
[   75.196923][ T6229] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   75.205476][ T6229] syzkaller0: entered promiscuous mode
[   75.217201][ T6229] syzkaller0: entered allmulticast mode
[   75.239237][ T6235] netlink: 'syz.1.145': attribute type 4 has an invalid length.
[   75.250109][ T6229] tipc: Resetting bearer <eth:syzkaller0>
[   75.267612][ T6228] tipc: Resetting bearer <eth:syzkaller0>
[   75.280417][ T6228] tipc: Disabling bearer <eth:syzkaller0>
[   75.349216][ T6239] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   75.353288][ T6239] syzkaller0: entered promiscuous mode
[   75.355482][ T6239] syzkaller0: entered allmulticast mode
[   75.361162][ T6239] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   75.418604][ T6239] tipc: Resetting bearer <eth:syzkaller0>
[   75.444915][ T6238] tipc: Resetting bearer <eth:syzkaller0>
[   75.464434][ T6238] tipc: Disabling bearer <eth:syzkaller0>
[   75.625428][ T6251] syz.1.152 uses obsolete (PF_INET,SOCK_PACKET)
[   75.914168][ T6273] netlink: 'syz.0.163': attribute type 1 has an invalid length.
[   75.948119][ T6273] 8021q: adding VLAN 0 to HW filter on device bond1
[   75.964687][ T6279] netlink: 'syz.1.165': attribute type 12 has an invalid length.
[   75.979787][ T6273] bond1: (slave ip6gretap1): making interface the new active one
[   75.987154][ T6273] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[   76.017858][ T6273] veth3: entered promiscuous mode
[   76.023690][ T6273] bond1: (slave veth3): Enslaving as an active interface with a down link
[   76.036847][ T6273] erspan0: entered allmulticast mode
[   76.043853][ T6273] bond1: (slave erspan0): Enslaving as an active interface with an up link
[   76.669032][ T6316] netlink: 348 bytes leftover after parsing attributes in process `syz.0.184'.
[   76.711725][ T6319] netlink: 8 bytes leftover after parsing attributes in process `syz.0.185'.
[   77.226708][ T6354] netlink: 12 bytes leftover after parsing attributes in process `syz.1.201'.
[   78.466126][ T6363] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   78.809991][ T6392] netlink: 216 bytes leftover after parsing attributes in process `syz.0.216'.
[   78.813834][ T6392] netlink: 24 bytes leftover after parsing attributes in process `syz.0.216'.
[   78.817605][ T6392] netlink: 16 bytes leftover after parsing attributes in process `syz.0.216'.
[   78.986184][ T6404] netlink: 16386 bytes leftover after parsing attributes in process `syz.1.220'.
[   79.371089][ T6417] vlan2: entered promiscuous mode
[   79.374634][ T6417] macvtap0: entered promiscuous mode
[   79.422779][ T6419] netlink: 104 bytes leftover after parsing attributes in process `syz.1.226'.
[   79.701099][ T6434] netlink: 'syz.2.234': attribute type 5 has an invalid length.
[   79.707311][ T6434] netlink: 28 bytes leftover after parsing attributes in process `syz.2.234'.
[   79.824349][ T6439] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   79.828011][ T6439] syzkaller0: entered promiscuous mode
[   79.830202][ T6439] syzkaller0: entered allmulticast mode
[   79.865242][ T6439] tipc: Resetting bearer <eth:syzkaller0>
[   79.879035][ T6438] tipc: Resetting bearer <eth:syzkaller0>
[   79.913200][ T6438] tipc: Disabling bearer <eth:syzkaller0>
[   79.925949][ T6450] netlink: 24 bytes leftover after parsing attributes in process `syz.2.242'.
[   80.226681][ T6467] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   82.021160][ T6567] netlink: 8 bytes leftover after parsing attributes in process `syz.0.297'.
[   82.043507][ T6564] netlink: 172 bytes leftover after parsing attributes in process `syz.2.296'.
[   82.082839][ T6567] Illegal XDP return value 4294967289 on prog  (id 51) dev N/A, expect packet loss!
[   82.418719][ T6594] netlink: 8 bytes leftover after parsing attributes in process `syz.0.311'.
[   82.428231][ T6595] syzkaller1: entered promiscuous mode
[   82.430487][ T6595] syzkaller1: entered allmulticast mode
[   82.504605][ T6601] ieee802154 phy0 wpan0: encryption failed: -22
[   82.527779][ T6603] syzkaller1: tun_chr_ioctl cmd 1074025677
[   82.530097][ T6603] syzkaller1: linktype set to 6
[   82.679571][ T6619] bridge2: entered allmulticast mode
[   82.695743][ T6621] netlink: 'syz.1.324': attribute type 4 has an invalid length.
[   82.730717][ T6621] block nbd0: not configured, cannot reconfigure
[   83.122035][ T6663] 8021q: adding VLAN 0 to HW filter on device bond1
[   83.142395][ T6663] bond_slave_0: entered promiscuous mode
[   83.145175][ T6663] bond_slave_1: entered promiscuous mode
[   83.149691][ T6663] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   83.150349][ T6668] openvswitch: netlink: Geneve opt len 30 is not a multiple of 4.
[   83.158196][ T6663] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[   84.287785][   T33] audit: type=1800 audit(1757211880.342:2): pid=6722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.367" name="memory.events" dev="tmpfs" ino=536 res=0 errno=0
[   84.905303][ T6773] __nla_validate_parse: 7 callbacks suppressed
[   84.905321][ T6773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.380'.
[   84.912114][ T6773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.380'.
[   84.972978][ T6776] syzkaller1: entered promiscuous mode
[   84.981118][ T6776] syzkaller1: entered allmulticast mode
[   85.036843][ T6783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.383'.
[   85.158132][ T6789] ieee802154 phy0 wpan0: encryption failed: -22
[   85.196295][ T6791] netlink: 'syz.2.387': attribute type 2 has an invalid length.
[   85.839660][ T6843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.409'.
[   85.860953][ T6843] netlink: 32 bytes leftover after parsing attributes in process `syz.2.409'.
[   85.945812][ T6849] netlink: 40 bytes leftover after parsing attributes in process `syz.2.413'.
[   86.617465][   T47] cfg80211: failed to load regulatory.db
[   87.048351][ T6878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.426'.
[   87.064995][ T5875] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   87.065037][ T6878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.426'.
[   87.068673][ T5875] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   87.068733][ T5875] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   87.082708][ T5875] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   87.531554][ T6915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.445'.
[   87.752639][ T6927] netlink: 'syz.0.449': attribute type 2 has an invalid length.
[   88.051978][ T6940] netlink: 12 bytes leftover after parsing attributes in process `syz.0.455'.
[   88.064051][ T6940] netlink: 'syz.0.455': attribute type 1 has an invalid length.
[   88.107505][ T6940] 8021q: adding VLAN 0 to HW filter on device bond3
[   88.114060][ T6940] bond2: (slave bond3): making interface the new active one
[   88.118179][ T6940] bond2: (slave bond3): Enslaving as an active interface with an up link
[   88.815577][ T6998] tipc: Invalid UDP bearer configuration
[   88.815609][ T6998] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   88.937354][ T7008] Bluetooth: MGMT ver 1.23
[   89.274777][ T7035] bond0: entered promiscuous mode
[   89.277086][ T7035] bond_slave_0: entered promiscuous mode
[   89.279675][ T7035] bond_slave_1: entered promiscuous mode
[   89.285073][ T7035] batadv0: entered promiscuous mode
[   89.288660][ T7035] hsr1: entered allmulticast mode
[   89.290792][ T7035] bond0: entered allmulticast mode
[   89.293550][ T7035] bond_slave_0: entered allmulticast mode
[   89.296802][ T7035] bond_slave_1: entered allmulticast mode
[   89.299261][ T7035] batadv0: entered allmulticast mode
[   89.301862][ T7035] 8021q: adding VLAN 0 to HW filter on device hsr1
[   89.308183][ T7035] bond0: left promiscuous mode
[   89.310233][ T7035] bond_slave_0: left promiscuous mode
[   89.312761][ T7035] bond_slave_1: left promiscuous mode
[   89.316231][ T7035] batadv0: left promiscuous mode
[   89.946167][ T7075] __nla_validate_parse: 2 callbacks suppressed
[   89.946182][ T7075] netlink: 28 bytes leftover after parsing attributes in process `syz.1.516'.
[   90.156005][ T7091] veth1_to_bond: entered allmulticast mode
[   90.161544][ T7091] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   90.171273][ T7091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.523'.
[   90.201387][ T7091] bond0: (slave bond_slave_1): Releasing backup interface
[   90.215798][ T7091] veth1_to_bond (unregistering): left allmulticast mode
[   90.222146][ T7094] netlink: 'syz.1.525': attribute type 1 has an invalid length.
[   90.245035][ T7098] netlink: 4 bytes leftover after parsing attributes in process `syz.0.527'.
[   90.371474][ T7111] netlink: 'syz.2.534': attribute type 7 has an invalid length.
[   90.376649][ T7111] netlink: 224 bytes leftover after parsing attributes in process `syz.2.534'.
[   90.710840][ T7145] netlink: 100 bytes leftover after parsing attributes in process `syz.1.550'.
[   90.799096][ T7152] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[   90.941578][ T7166] netlink: 8 bytes leftover after parsing attributes in process `syz.1.559'.
[   90.945578][ T7166] netlink: 52 bytes leftover after parsing attributes in process `syz.1.559'.
[   91.072791][ T7178] netlink: 44 bytes leftover after parsing attributes in process `syz.2.565'.
[   91.097044][  T791] IPVS: starting estimator thread 0...
[   91.182885][ T7179] IPVS: using max 34 ests per chain, 81600 per kthread
[   91.220931][ T7189] netlink: 'syz.0.563': attribute type 6 has an invalid length.
[   91.349076][ T7201] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[   91.546566][ T7223] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   92.370136][ T7275] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   92.378363][ T7275] syzkaller0: entered promiscuous mode
[   92.380690][ T7275] syzkaller0: entered allmulticast mode
[   92.402962][ T7275] tipc: Resetting bearer <eth:syzkaller0>
[   92.409203][ T7274] tipc: Resetting bearer <eth:syzkaller0>
[   92.425058][ T7274] tipc: Disabling bearer <eth:syzkaller0>
[   92.506821][ T7279] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode 802.3ad(4)
[   92.538704][ T7281] netlink: 'syz.2.597': attribute type 1 has an invalid length.
[   92.868852][ T7309] netlink: 'syz.1.611': attribute type 3 has an invalid length.
[   92.923108][ T7307] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[   93.238578][ T7329] netlink: 32 bytes leftover after parsing attributes in process `syz.0.618'.
[   93.297823][ T7331] netlink: 'syz.0.619': attribute type 12 has an invalid length.
[   93.983179][ T7355] netlink: 16 bytes leftover after parsing attributes in process `syz.0.627'.
[   94.337569][ T7382] batadv1: entered promiscuous mode
[   94.479381][ T7387] netlink: 'syz.2.642': attribute type 12 has an invalid length.
[   94.730889][ T7390] syzkaller0: entered promiscuous mode
[   94.733399][ T7390] syzkaller0: entered allmulticast mode
[   95.624793][ T7394] syz_tun: entered promiscuous mode
[   95.627278][ T7394] batadv_slave_0: entered promiscuous mode
[   95.689359][ T7403] __nla_validate_parse: 2 callbacks suppressed
[   95.689372][ T7403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.648'.
[   95.734972][ T7408] vcan0: tx drop: invalid da for name 0x0000000000080002
[   95.792616][  T791] IPVS: starting estimator thread 0...
[   95.884898][ T7412] IPVS: using max 46 ests per chain, 110400 per kthread
[   95.974360][ T7425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.658'.
[   96.275103][ T7449] netlink: 108 bytes leftover after parsing attributes in process `syz.1.668'.
[   96.278790][ T7449] netlink: 108 bytes leftover after parsing attributes in process `syz.1.668'.
[   96.282319][ T7449] netlink: 48 bytes leftover after parsing attributes in process `syz.1.668'.
[   96.290039][ T7449] netlink: 108 bytes leftover after parsing attributes in process `syz.1.668'.
[   96.294606][ T7449] netlink: 108 bytes leftover after parsing attributes in process `syz.1.668'.
[   96.298265][ T7449] netlink: 48 bytes leftover after parsing attributes in process `syz.1.668'.
[   96.440344][ T7465] netlink: 24 bytes leftover after parsing attributes in process `syz.0.676'.
[   96.452228][ T7467] vlan3: entered promiscuous mode
[   96.455078][ T7467] bridge0: entered promiscuous mode
[   96.457980][ T7467] bridge0: port 3(vlan3) entered blocking state
[   96.460096][ T7467] bridge0: port 3(vlan3) entered disabled state
[   96.462200][ T7467] vlan3: entered allmulticast mode
[   96.464058][ T7467] bridge0: entered allmulticast mode
[   96.468332][ T7467] vlan3: left allmulticast mode
[   96.470259][ T7467] bridge0: left allmulticast mode
[   96.649649][ T7485] netlink: 16 bytes leftover after parsing attributes in process `syz.1.685'.
[   96.680615][ T7479] netlink: 'syz.0.683': attribute type 5 has an invalid length.
[   96.688090][   T10] IPVS: starting estimator thread 0...
[   96.691820][ T7479] ieee802154 phy0 wpan0: encryption failed: -22
[   96.785065][ T7490] IPVS: using max 64 ests per chain, 153600 per kthread
[   96.849761][ T7503] netlink: 'syz.1.693': attribute type 1 has an invalid length.
[   96.981289][ T7510] netlink: 'syz.1.696': attribute type 2 has an invalid length.
[   97.009890][ T5875] IPVS: stop unused estimator thread 0...
[   97.913394][ T7568] netlink: 'syz.0.724': attribute type 62 has an invalid length.
[   98.319502][ T7592] gretap1: entered promiscuous mode
[   98.321647][ T7592] gretap1: entered allmulticast mode
[   98.891262][ T7619] netlink: 'syz.0.746': attribute type 5 has an invalid length.
[   99.317567][ T7593] syz.1.735: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   99.325332][ T7593] CPU: 0 UID: 0 PID: 7593 Comm: syz.1.735 Not tainted syzkaller #0 PREEMPT(full) 
[   99.325346][ T7593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   99.325351][ T7593] Call Trace:
[   99.325355][ T7593]  <TASK>
[   99.325360][ T7593]  dump_stack_lvl+0x189/0x250
[   99.325377][ T7593]  ? __pfx_dump_stack_lvl+0x10/0x10
[   99.325387][ T7593]  ? __pfx__printk+0x10/0x10
[   99.325401][ T7593]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   99.325419][ T7593]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[   99.325428][ T7593]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[   99.325439][ T7593]  warn_alloc+0x214/0x310
[   99.325456][ T7593]  ? __pfx_warn_alloc+0x10/0x10
[   99.325472][ T7593]  ? __get_vm_area_node+0x28f/0x300
[   99.325484][ T7593]  ? hash_netport4_resize+0x235/0x1b60
[   99.325497][ T7593]  __vmalloc_node_range_noprof+0x67e/0x12f0
[   99.325521][ T7593]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   99.325536][ T7593]  ? rcu_is_watching+0x15/0xb0
[   99.325546][ T7593]  ? hash_netport4_resize+0x235/0x1b60
[   99.325555][ T7593]  ? hash_netport4_resize+0x235/0x1b60
[   99.325570][ T7593]  __kvmalloc_node_noprof+0x3b8/0x5f0
[   99.325584][ T7593]  ? hash_netport4_resize+0x235/0x1b60
[   99.325596][ T7593]  hash_netport4_resize+0x235/0x1b60
[   99.325605][ T7593]  ? hash_netport4_uadt+0xc97/0xf30
[   99.325617][ T7593]  ? __pfx_hash_netport4_add+0x10/0x10
[   99.325626][ T7593]  ? __pfx_hash_netport4_uadt+0x10/0x10
[   99.325640][ T7593]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   99.325654][ T7593]  call_ad+0x44e/0xb00
[   99.325671][ T7593]  ? __pfx_call_ad+0x10/0x10
[   99.325689][ T7593]  ? __nla_parse+0x40/0x60
[   99.325699][ T7593]  ip_set_ad+0x791/0x930
[   99.325715][ T7593]  ? __pfx_ip_set_ad+0x10/0x10
[   99.325743][ T7593]  nfnetlink_rcv_msg+0xb4d/0x1130
[   99.325759][ T7593]  ? nfnetlink_rcv_msg+0x20d/0x1130
[   99.325778][ T7593]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   99.325789][ T7593]  ? kasan_save_free_info+0x46/0x50
[   99.325820][ T7593]  netlink_rcv_skb+0x208/0x470
[   99.325830][ T7593]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   99.325842][ T7593]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   99.325855][ T7593]  ? bpf_lsm_capable+0x9/0x20
[   99.325867][ T7593]  ? security_capable+0x7e/0x2e0
[   99.325884][ T7593]  nfnetlink_rcv+0x26a/0x2520
[   99.325897][ T7593]  ? __dev_queue_xmit+0x1d79/0x3b50
[   99.325914][ T7593]  ? __dev_queue_xmit+0x27b/0x3b50
[   99.325929][ T7593]  ? __pfx_nfnetlink_rcv+0x10/0x10
[   99.325941][ T7593]  ? __pfx___dev_queue_xmit+0x10/0x10
[   99.325957][ T7593]  ? ref_tracker_free+0x63a/0x7d0
[   99.325969][ T7593]  ? __asan_memcpy+0x40/0x70
[   99.326024][ T7593]  ? __pfx_ref_tracker_free+0x10/0x10
[   99.326038][ T7593]  ? __skb_clone+0x63/0x7a0
[   99.326055][ T7593]  ? __skb_clone+0x483/0x7a0
[   99.326068][ T7593]  ? skb_clone+0x246/0x3a0
[   99.326079][ T7593]  ? __netlink_deliver_tap+0x807/0x850
[   99.326087][ T7593]  ? netlink_deliver_tap+0x2e/0x1b0
[   99.326098][ T7593]  ? netlink_deliver_tap+0x2e/0x1b0
[   99.326109][ T7593]  netlink_unicast+0x82f/0x9e0
[   99.326126][ T7593]  ? __pfx_netlink_unicast+0x10/0x10
[   99.326139][ T7593]  ? netlink_sendmsg+0x642/0xb30
[   99.326146][ T7593]  ? skb_put+0x11b/0x210
[   99.326156][ T7593]  netlink_sendmsg+0x805/0xb30
[   99.326168][ T7593]  ? __pfx_netlink_sendmsg+0x10/0x10
[   99.326178][ T7593]  ? aa_sock_msg_perm+0xf1/0x1d0
[   99.326187][ T7593]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   99.326197][ T7593]  ? __pfx_netlink_sendmsg+0x10/0x10
[   99.326206][ T7593]  __sock_sendmsg+0x21c/0x270
[   99.326221][ T7593]  ____sys_sendmsg+0x505/0x830
[   99.326233][ T7593]  ? __pfx_____sys_sendmsg+0x10/0x10
[   99.326247][ T7593]  ? import_iovec+0x74/0xa0
[   99.326259][ T7593]  ___sys_sendmsg+0x21f/0x2a0
[   99.326269][ T7593]  ? __pfx____sys_sendmsg+0x10/0x10
[   99.326295][ T7593]  ? __fget_files+0x2a/0x420
[   99.326302][ T7593]  ? __fget_files+0x3a0/0x420
[   99.326313][ T7593]  __x64_sys_sendmsg+0x19b/0x260
[   99.326324][ T7593]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   99.326338][ T7593]  ? rcu_is_watching+0x15/0xb0
[   99.326348][ T7593]  ? do_syscall_64+0xbe/0x3b0
[   99.326360][ T7593]  do_syscall_64+0xfa/0x3b0
[   99.326369][ T7593]  ? lockdep_hardirqs_on+0x9c/0x150
[   99.326378][ T7593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.326386][ T7593]  ? exc_page_fault+0x9f/0xf0
[   99.326395][ T7593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.326402][ T7593] RIP: 0033:0x7f4a0518ebe9
[   99.326415][ T7593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   99.326422][ T7593] RSP: 002b:00007f4a0602f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.326431][ T7593] RAX: ffffffffffffffda RBX: 00007f4a053c5fa0 RCX: 00007f4a0518ebe9
[   99.326436][ T7593] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000005
[   99.326441][ T7593] RBP: 00007f4a05211e19 R08: 0000000000000000 R09: 0000000000000000
[   99.326446][ T7593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   99.326450][ T7593] R13: 00007f4a053c6038 R14: 00007f4a053c5fa0 R15: 00007ffe325e3998
[   99.326463][ T7593]  </TASK>
[   99.326544][ T7593] Mem-Info:
[   99.512267][ T7593] active_anon:4413 inactive_anon:0 isolated_anon:0
[   99.512267][ T7593]  active_file:1356 inactive_file:38238 isolated_file:0
[   99.512267][ T7593]  unevictable:1768 dirty:267 writeback:0
[   99.512267][ T7593]  slab_reclaimable:9753 slab_unreclaimable:53029
[   99.512267][ T7593]  mapped:19028 shmem:2432 pagetables:933
[   99.512267][ T7593]  sec_pagetables:0 bounce:0
[   99.512267][ T7593]  kernel_misc_reclaimable:0
[   99.512267][ T7593]  free:301598 free_pcp:16321 free_cma:0
[   99.530458][ T7593] Node 0 active_anon:9396kB inactive_anon:0kB active_file:3120kB inactive_file:149856kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:33936kB dirty:796kB writeback:0kB shmem:4904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5408kB pagetables:1764kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   99.541793][ T7593] Node 1 active_anon:8256kB inactive_anon:0kB active_file:2304kB inactive_file:3096kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:42176kB dirty:272kB writeback:0kB shmem:4824kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5952kB pagetables:2104kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[   99.554138][ T7593] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   99.565604][ T7593] lowmem_reserve[]: 0 811 811 811 811
[   99.567820][ T7593] Node 0 DMA32 free:277880kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:9396kB inactive_anon:0kB active_file:3120kB inactive_file:149856kB unevictable:3536kB writepending:796kB present:1556484kB managed:830868kB mlocked:0kB bounce:0kB free_pcp:28636kB local_pcp:12788kB free_cma:0kB
[   99.580421][ T7593] lowmem_reserve[]: 0 0 0 0 0
[   99.582281][ T7593] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   99.594073][ T7593] lowmem_reserve[]: 0 0 854 854 854
[   99.596118][ T7593] Node 1 Normal free:454536kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8256kB inactive_anon:0kB active_file:2304kB inactive_file:3096kB unevictable:3536kB writepending:272kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:37456kB local_pcp:15580kB free_cma:0kB
[   99.607100][ T7593] lowmem_reserve[]: 0 0 0 0 0
[   99.608999][ T7593] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   99.613480][ T7593] Node 0 DMA32: 1*4kB (E) 6*8kB (UE) 43*16kB (UE) 139*32kB (UME) 84*64kB (UM) 20*128kB (UME) 8*256kB (UM) 9*512kB (ME) 10*1024kB (UM) 7*2048kB (UME) 57*4096kB (M) = 277828kB
[   99.620554][ T7593] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[   99.626796][ T7593] Node 1 Normal: 108*4kB (ME) 334*8kB (UME) 365*16kB (UM) 382*32kB (UME) 97*64kB (UME) 31*128kB (UME) 7*256kB (M) 7*512kB (UME) 6*1024kB (UME) 3*2048kB (UM) 99*4096kB (UM) = 454512kB
[   99.634309][ T7593] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   99.638126][ T7593] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   99.641788][ T7593] 42026 total pagecache pages
[   99.652623][ T7593] 0 pages in swap cache
[   99.654379][ T7593] Free swap  = 124996kB
[   99.656180][ T7593] Total swap = 124996kB
[   99.657877][ T7593] 786301 pages RAM
[   99.659423][ T7593] 0 pages HighMem/MovableOnly
[   99.661373][ T7593] 241352 pages reserved
[   99.662934][ T7593] 0 pages cma reserved
[   99.776409][ T7666] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  100.058827][ T7690] netlink: 'syz.1.778': attribute type 26 has an invalid length.
[  101.223989][ T7703] __nla_validate_parse: 11 callbacks suppressed
[  101.224005][ T7703] netlink: 208 bytes leftover after parsing attributes in process `syz.0.782'.
[  101.230069][ T7703] netlink: 208 bytes leftover after parsing attributes in process `syz.0.782'.
[  101.234078][ T7704] tap0: tun_chr_ioctl cmd 1074025677
[  101.236039][ T7704] tap0: linktype set to 270
[  101.299541][ T7707] dvmrp8: entered allmulticast mode
[  101.313193][ T7709] batadv1: entered allmulticast mode
[  101.317116][ T7709] 8021q: adding VLAN 0 to HW filter on device batadv1
[  101.338827][ T7711] netlink: 44 bytes leftover after parsing attributes in process `syz.1.785'.
[  101.542547][ T7726] netlink: 8 bytes leftover after parsing attributes in process `syz.0.790'.
[  102.035060][ T7772] netlink: 'syz.1.812': attribute type 15 has an invalid length.
[  102.637569][ T7818] netlink: 12 bytes leftover after parsing attributes in process `syz.1.833'.
[  102.656936][ T7826] 8021q: adding VLAN 0 to HW filter on device bond4
[  102.690951][ T7831] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  102.691607][ T7833] netlink: 'syz.2.838': attribute type 83 has an invalid length.
[  102.695803][ T7831] bond4: (slave macvlan2): Enslaving as a backup interface with a down link
[  102.705854][ T7826] bond1: (slave erspan0): Releasing active interface
[  102.708303][ T7826] ip6gretap1: entered promiscuous mode
[  102.715006][ T7826] bond1: (slave ip6gretap1): Releasing active interface
[  102.717594][ T7826] bond1: (slave ip6gretap1): the permanent HWaddr of slave - 1a:3c:fc:1e:66:9d - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  102.726750][ T7826] ip6gretap1: left promiscuous mode
[  102.737749][ T7826] bond1: (slave veth3): Releasing active interface
[  102.767886][ T7826] bond2: (slave bond3): Releasing backup interface
[  102.779795][ T7826] bond4: (slave macvlan2): Releasing backup interface
[  102.918944][ T7849] netlink: 16 bytes leftover after parsing attributes in process `syz.0.846'.
[  102.940099][ T7852] netlink: 8 bytes leftover after parsing attributes in process `syz.2.847'.
[  102.953489][ T7852] gretap0: entered promiscuous mode
[  103.129067][ T7872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.857'.
[  103.271556][ T7886] netlink: 2 bytes leftover after parsing attributes in process `syz.0.863'.
[  103.795626][ T7926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.883'.
[  104.323084][ T7966] netlink: 'syz.2.902': attribute type 1 has an invalid length.
[  104.900544][ T8000] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  104.928119][ T8002] sit0: entered promiscuous mode
[  104.930450][ T8002] netlink: 'syz.0.919': attribute type 1 has an invalid length.
[  105.072335][ T8015] netlink: 'syz.0.925': attribute type 1 has an invalid length.
[  105.075670][ T8015] netlink: 'syz.0.925': attribute type 1 has an invalid length.
[  105.930347][ T8072] netlink: 'syz.2.948': attribute type 8 has an invalid length.
[  106.375203][ T8083] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  106.700089][   T24] IPVS: starting estimator thread 0...
[  106.803066][ T8095] IPVS: using max 64 ests per chain, 153600 per kthread
[  106.827933][ T8101] __nla_validate_parse: 7 callbacks suppressed
[  106.827949][ T8101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.959'.
[  107.178535][ T8128] netlink: 12 bytes leftover after parsing attributes in process `syz.2.971'.
[  107.287034][ T8132] netlink: 4 bytes leftover after parsing attributes in process `syz.1.973'.
[  107.288962][ T8136] bond4: option mode: unable to set because the bond device is up
[  107.306597][ T8136] bond4: (slave ip6gretap2): Enslaving as a backup interface with an up link
[  107.315914][ T5874] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  107.829051][ T8177] netlink: 47 bytes leftover after parsing attributes in process `syz.2.994'.
[  107.955001][ T8189] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  107.959829][ T8190] ieee802154 phy0 wpan0: encryption failed: -22
[  107.968933][ T8192] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1000'.
[  108.029551][ T8196] batadv0: entered promiscuous mode
[  108.032125][ T8196] vlan3: entered promiscuous mode
[  108.290143][   T33] audit: type=1800 audit(1757211904.342:3): pid=8199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1003" name="memory.events" dev="tmpfs" ino=1776 res=0 errno=0
[  108.521136][ T8223] syzkaller1: entered promiscuous mode
[  108.523279][ T8223] syzkaller1: entered allmulticast mode
[  109.078898][ T8252] netlink: 'syz.2.1024': attribute type 1 has an invalid length.
[  109.082056][ T8252] netlink: 208 bytes leftover after parsing attributes in process `syz.2.1024'.
[  109.138925][ T8256] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1026'.
[  109.383958][ T8278] netlink: 'syz.0.1036': attribute type 4 has an invalid length.
[  109.435664][ T8281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1037'.
[  109.819712][ T8323] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1058'.
[  109.932924][ T8331] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1062'.
[  109.936750][ T8331] vcan0: Master is either lo or non-ether device
[  111.079840][ T8402] netlink: 'syz.2.1094': attribute type 1 has an invalid length.
[  111.140593][ T8402] bond2: (slave bridge5): making interface the new active one
[  111.144596][ T8402] bond2: (slave bridge5): Enslaving as an active interface with an up link
[  111.949853][ T8453] __nla_validate_parse: 5 callbacks suppressed
[  111.949874][ T8453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1118'.
[  112.056141][ T8459] netlink: 'syz.2.1122': attribute type 10 has an invalid length.
[  112.058995][ T8459] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.061406][ T8459] bridge0: port 1(bridge_slave_0) entered disabled state
[  112.069674][ T8459] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.072306][ T8459] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.075466][ T8459] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.077881][ T8459] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.087985][ T8459] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  112.242388][ T8459] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  112.680671][ T8479] netlink: 'syz.2.1131': attribute type 21 has an invalid length.
[  112.684349][ T8379] Set syz1 is full, maxelem 65536 reached
[  112.686389][ T8479] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1131'.
[  112.811736][ T8491] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  112.814984][ T8491] IPv6: NLM_F_CREATE should be set when creating new route
[  112.817987][ T8491] IPv6: NLM_F_CREATE should be set when creating new route
[  112.820724][ T8491] IPv6: NLM_F_CREATE should be set when creating new route
[  112.836900][ T8491] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  112.927689][ T8502] tls_set_device_offload: netdev not found
[  112.986861][ T8507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1140'.
[  113.000308][ T8507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1140'.
[  113.059602][ T8515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1142'.
[  113.160617][ T5874] nci: nci_rx_work: unknown MT 0x1
[  113.191304][ T8535] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1151'.
[  113.282234][ T8545] syz_tun: left allmulticast mode
[  113.284520][ T8545] dvmrp8: left allmulticast mode
[  113.463519][ T8559] IPv6: sit3: Disabled Multicast RS
[  113.466192][ T8559] sit3: entered allmulticast mode
[  114.094843][ T8592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1174'.
[  114.153348][ T8592] bridge_slave_1: left allmulticast mode
[  114.155714][ T8592] bridge_slave_1: left promiscuous mode
[  114.158152][ T8592] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.168422][ T8592] bridge_slave_0: left allmulticast mode
[  114.171075][ T8592] bridge_slave_0: left promiscuous mode
[  114.173723][ T8592] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.497517][ T8616] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  114.513338][ T8616] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  114.784440][ T8638] netlink: 'syz.0.1197': attribute type 3 has an invalid length.
[  114.808330][ T8638] ip6_vti0: entered allmulticast mode
[  114.824126][ T8638] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  114.838806][ T8638] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  114.870088][ T8643] erspan0: left allmulticast mode
[  114.873757][ T8643] sit0: left promiscuous mode
[  114.879640][ T8643] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.884847][ T8643] 8021q: adding VLAN 0 to HW filter on device team0
[  114.889204][ T8643] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  114.923940][ T8637] ip6_vti0: left allmulticast mode
[  114.974138][ T8650] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1202'.
[  115.006899][ T8651] netlink: 'syz.1.1203': attribute type 1 has an invalid length.
[  115.012753][ T8651] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1203'.
[  115.014974][ T8653] netlink: 'syz.0.1204': attribute type 6 has an invalid length.
[  115.016415][ T8651] netlink: 'syz.1.1203': attribute type 1 has an invalid length.
[  115.019744][ T8653] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1204'.
[  116.430728][ T8693] ==================================================================
[  116.434281][ T8693] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[  116.437684][ T8693] Read of size 1 at addr ffff88810eeac330 by task syz.1.1221/8693
[  116.441985][ T8693] 
[  116.442840][ T8693] CPU: 0 UID: 0 PID: 8693 Comm: syz.1.1221 Not tainted syzkaller #0 PREEMPT(full) 
[  116.442853][ T8693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  116.442859][ T8693] Call Trace:
[  116.442865][ T8693]  <TASK>
[  116.442870][ T8693]  dump_stack_lvl+0x189/0x250
[  116.442883][ T8693]  ? __kasan_check_byte+0x12/0x40
[  116.442921][ T8693]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.442931][ T8693]  ? lock_release+0x4b/0x3e0
[  116.442947][ T8693]  ? __virt_addr_valid+0x4a5/0x5c0
[  116.442959][ T8693]  print_report+0xca/0x240
[  116.442969][ T8693]  ? xfrm_state_find+0x2cf2/0x5400
[  116.442978][ T8693]  kasan_report+0x118/0x150
[  116.442990][ T8693]  ? xfrm_state_find+0x2cf2/0x5400
[  116.443001][ T8693]  xfrm_state_find+0x2cf2/0x5400
[  116.443014][ T8693]  ? xfrm_state_find+0x1da/0x5400
[  116.443023][ T8693]  ? __pfx_xfrm_state_find+0x10/0x10
[  116.443031][ T8693]  ? ip6_pol_route+0x547/0x1180
[  116.443042][ T8693]  ? fib6_rule_saddr+0xc0/0x420
[  116.443053][ T8693]  ? __pfx_ip6_pol_route+0x10/0x10
[  116.443063][ T8693]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  116.443081][ T8693]  ? fib_rules_lookup+0x96/0xe90
[  116.443091][ T8693]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  116.443101][ T8693]  ? __lock_acquire+0xab9/0xd20
[  116.443116][ T8693]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  116.443128][ T8693]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  116.443139][ T8693]  ? xfrm_expand_policies+0x41f/0x6a0
[  116.443153][ T8693]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  116.443166][ T8693]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  116.443182][ T8693]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  116.443195][ T8693]  ? txopt_get+0x335/0x3f0
[  116.443207][ T8693]  ? aa_label_sk_perm+0x4cd/0x630
[  116.443226][ T8693]  ? __pfx_txopt_get+0x10/0x10
[  116.443241][ T8693]  xfrm_lookup_route+0x3c/0x1c0
[  116.443257][ T8693]  rawv6_sendmsg+0xdab/0x1820
[  116.443274][ T8693]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  116.443291][ T8693]  ? finish_task_switch+0x266/0x950
[  116.443325][ T8693]  ? __pfx_aa_sk_perm+0x10/0x10
[  116.443348][ T8693]  ? sock_rps_record_flow+0x19/0x410
[  116.443369][ T8693]  ? inet_sendmsg+0x2f4/0x370
[  116.443387][ T8693]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  116.443407][ T8693]  __sock_sendmsg+0x19c/0x270
[  116.443428][ T8693]  ____sys_sendmsg+0x52d/0x830
[  116.443446][ T8693]  ? __pfx_____sys_sendmsg+0x10/0x10
[  116.443464][ T8693]  ? import_iovec+0x74/0xa0
[  116.443478][ T8693]  ___sys_sendmsg+0x21f/0x2a0
[  116.443494][ T8693]  ? __pfx____sys_sendmsg+0x10/0x10
[  116.443519][ T8693]  ? __fget_files+0x2a/0x420
[  116.443531][ T8693]  ? __fget_files+0x3a0/0x420
[  116.443550][ T8693]  __sys_sendmmsg+0x227/0x430
[  116.443571][ T8693]  ? __pfx___sys_sendmmsg+0x10/0x10
[  116.443586][ T8693]  ? do_futex+0x333/0x420
[  116.443611][ T8693]  ? __pfx___se_sys_futex+0x10/0x10
[  116.443630][ T8693]  __x64_sys_sendmmsg+0xa0/0xc0
[  116.443645][ T8693]  do_syscall_64+0xfa/0x3b0
[  116.443659][ T8693]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.443675][ T8693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.443691][ T8693]  ? exc_page_fault+0x9f/0xf0
[  116.443705][ T8693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.443720][ T8693] RIP: 0033:0x7f4a0518ebe9
[  116.443734][ T8693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.443748][ T8693] RSP: 002b:00007f4a0602f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  116.443764][ T8693] RAX: ffffffffffffffda RBX: 00007f4a053c5fa0 RCX: 00007f4a0518ebe9
[  116.443776][ T8693] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000006
[  116.443785][ T8693] RBP: 00007f4a05211e19 R08: 0000000000000000 R09: 0000000000000000
[  116.443793][ T8693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  116.443800][ T8693] R13: 00007f4a053c6038 R14: 00007f4a053c5fa0 R15: 00007ffe325e3998
[  116.443813][ T8693]  </TASK>
[  116.443818][ T8693] 
[  116.582490][ T8693] Allocated by task 6462:
[  116.583914][ T8693]  kasan_save_track+0x3e/0x80
[  116.585420][ T8693]  __kasan_slab_alloc+0x6c/0x80
[  116.587203][ T8693]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  116.588994][ T8693]  xfrm_state_alloc+0x24/0x2f0
[  116.590480][ T8693]  __find_acq_core+0x8a7/0x1c00
[  116.592045][ T8693]  xfrm_find_acq+0x78/0xa0
[  116.593548][ T8693]  xfrm_alloc_userspi+0x6b3/0xc90
[  116.595251][ T8693]  xfrm_user_rcv_msg+0x7a3/0xab0
[  116.597045][ T8693]  netlink_rcv_skb+0x208/0x470
[  116.598874][ T8693]  xfrm_netlink_rcv+0x79/0x90
[  116.600713][ T8693]  netlink_unicast+0x82f/0x9e0
[  116.602245][ T8693]  netlink_sendmsg+0x805/0xb30
[  116.603821][ T8693]  __sock_sendmsg+0x21c/0x270
[  116.605650][ T8693]  ____sys_sendmsg+0x505/0x830
[  116.607562][ T8693]  ___sys_sendmsg+0x21f/0x2a0
[  116.609262][ T8693]  __x64_sys_sendmsg+0x19b/0x260
[  116.610866][ T8693]  do_syscall_64+0xfa/0x3b0
[  116.612596][ T8693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.614822][ T8693] 
[  116.615813][ T8693] Freed by task 24:
[  116.617283][ T8693]  kasan_save_track+0x3e/0x80
[  116.619082][ T8693]  kasan_save_free_info+0x46/0x50
[  116.620999][ T8693]  __kasan_slab_free+0x5b/0x80
[  116.622916][ T8693]  kmem_cache_free+0x18f/0x400
[  116.624830][ T8693]  xfrm_state_gc_task+0x52d/0x6b0
[  116.626820][ T8693]  process_scheduled_works+0xae1/0x17b0
[  116.629086][ T8693]  worker_thread+0x8a0/0xda0
[  116.630963][ T8693]  kthread+0x711/0x8a0
[  116.632628][ T8693]  ret_from_fork+0x3fc/0x770
[  116.634561][ T8693]  ret_from_fork_asm+0x1a/0x30
[  116.636524][ T8693] 
[  116.637501][ T8693] The buggy address belongs to the object at ffff88810eeac000
[  116.637501][ T8693]  which belongs to the cache xfrm_state of size 928
[  116.642914][ T8693] The buggy address is located 816 bytes inside of
[  116.642914][ T8693]  freed 928-byte region [ffff88810eeac000, ffff88810eeac3a0)
[  116.647958][ T8693] 
[  116.648755][ T8693] The buggy address belongs to the physical page:
[  116.650985][ T8693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88810eead680 pfn:0x10eeac
[  116.654807][ T8693] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  116.658090][ T8693] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  116.661096][ T8693] page_type: f5(slab)
[  116.662721][ T8693] raw: 057ff00000000040 ffff88801cb593c0 dead000000000122 0000000000000000
[  116.666120][ T8693] raw: ffff88810eead680 00000000800e000a 00000000f5000000 0000000000000000
[  116.669571][ T8693] head: 057ff00000000040 ffff88801cb593c0 dead000000000122 0000000000000000
[  116.673073][ T8693] head: ffff88810eead680 00000000800e000a 00000000f5000000 0000000000000000
[  116.676542][ T8693] head: 057ff00000000002 ffffea00043bab01 00000000ffffffff 00000000ffffffff
[  116.680054][ T8693] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  116.683480][ T8693] page dumped because: kasan: bad access detected
[  116.686055][ T8693] page_owner tracks the page as allocated
[  116.688321][ T8693] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6462, tgid 6461 (syz.1.247), ts 80167535678, free_ts 78887740616
[  116.694811][ T8693]  post_alloc_hook+0x240/0x2a0
[  116.696359][ T8693]  get_page_from_freelist+0x21e4/0x22c0
[  116.698257][ T8693]  __alloc_frozen_pages_noprof+0x181/0x370
[  116.700514][ T8693]  alloc_pages_mpol+0x232/0x4a0
[  116.702497][ T8693]  allocate_slab+0x8a/0x370
[  116.704301][ T8693]  ___slab_alloc+0xbeb/0x1420
[  116.706238][ T8693]  kmem_cache_alloc_noprof+0x283/0x3c0
[  116.708298][ T8693]  xfrm_state_alloc+0x24/0x2f0
[  116.710089][ T8693]  __find_acq_core+0x8a7/0x1c00
[  116.711872][ T8693]  xfrm_find_acq+0x78/0xa0
[  116.713666][ T8693]  xfrm_alloc_userspi+0x6b3/0xc90
[  116.715660][ T8693]  xfrm_user_rcv_msg+0x7a3/0xab0
[  116.717656][ T8693]  netlink_rcv_skb+0x208/0x470
[  116.719583][ T8693]  xfrm_netlink_rcv+0x79/0x90
[  116.721516][ T8693]  netlink_unicast+0x82f/0x9e0
[  116.723492][ T8693]  netlink_sendmsg+0x805/0xb30
[  116.725415][ T8693] page last free pid 5854 tgid 5854 stack trace:
[  116.728015][ T8693]  __free_frozen_pages+0xbc4/0xd30
[  116.730064][ T8693]  __put_partials+0x156/0x1a0
[  116.731932][ T8693]  put_cpu_partial+0x17c/0x250
[  116.733794][ T8693]  __slab_free+0x2d5/0x3c0
[  116.735626][ T8693]  qlist_free_all+0x97/0x140
[  116.737546][ T8693]  kasan_quarantine_reduce+0x148/0x160
[  116.739786][ T8693]  __kasan_slab_alloc+0x22/0x80
[  116.741753][ T8693]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  116.743874][ T8693]  alloc_pid+0x9f/0xab0
[  116.745590][ T8693]  copy_process+0x198e/0x3c00
[  116.747479][ T8693]  kernel_clone+0x21e/0x840
[  116.749315][ T8693]  __x64_sys_clone+0x18b/0x1e0
[  116.751252][ T8693]  do_syscall_64+0xfa/0x3b0
[  116.753071][ T8693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.755418][ T8693] 
[  116.756407][ T8693] Memory state around the buggy address:
[  116.758663][ T8693]  ffff88810eeac200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.761833][ T8693]  ffff88810eeac280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.764642][ T8693] >ffff88810eeac300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  116.767709][ T8693]                                      ^
[  116.769928][ T8693]  ffff88810eeac380: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  116.772746][ T8693]  ffff88810eeac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  116.775502][ T8693] ==================================================================
[  116.784812][ T8693] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  116.787743][ T8693] CPU: 0 UID: 0 PID: 8693 Comm: syz.1.1221 Not tainted syzkaller #0 PREEMPT(full) 
[  116.790780][ T8693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  116.793967][ T8693] Call Trace:
[  116.795050][ T8693]  <TASK>
[  116.796034][ T8693]  dump_stack_lvl+0x99/0x250
[  116.797494][ T8693]  ? __asan_memcpy+0x40/0x70
[  116.798966][ T8693]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.800756][ T8693]  ? __pfx__printk+0x10/0x10
[  116.802388][ T8693]  vpanic+0x281/0x750
[  116.803764][ T8693]  ? preempt_schedule+0xae/0xc0
[  116.805506][ T8693]  ? __pfx_vpanic+0x10/0x10
[  116.807108][ T8693]  ? preempt_schedule_common+0x83/0xd0
[  116.809090][ T8693]  ? preempt_schedule+0xae/0xc0
[  116.810977][ T8693]  ? __pfx_preempt_schedule+0x10/0x10
[  116.812910][ T8693]  panic+0xb9/0xc0
[  116.814201][ T8693]  ? __pfx_panic+0x10/0x10
[  116.815729][ T8693]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  116.817707][ T8693]  ? xfrm_state_find+0x2cf2/0x5400
[  116.819478][ T8693]  check_panic_on_warn+0x89/0xb0
[  116.821168][ T8693]  ? xfrm_state_find+0x2cf2/0x5400
[  116.823114][ T8693]  end_report+0x78/0x160
[  116.824735][ T8693]  kasan_report+0x129/0x150
[  116.826261][ T8693]  ? xfrm_state_find+0x2cf2/0x5400
[  116.827984][ T8693]  xfrm_state_find+0x2cf2/0x5400
[  116.829637][ T8693]  ? xfrm_state_find+0x1da/0x5400
[  116.831323][ T8693]  ? __pfx_xfrm_state_find+0x10/0x10
[  116.833491][ T8693]  ? ip6_pol_route+0x547/0x1180
[  116.835486][ T8693]  ? fib6_rule_saddr+0xc0/0x420
[  116.837167][ T8693]  ? __pfx_ip6_pol_route+0x10/0x10
[  116.839034][ T8693]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  116.841369][ T8693]  ? fib_rules_lookup+0x96/0xe90
[  116.843342][ T8693]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  116.845926][ T8693]  ? __lock_acquire+0xab9/0xd20
[  116.847814][ T8693]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  116.849982][ T8693]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  116.852145][ T8693]  ? xfrm_expand_policies+0x41f/0x6a0
[  116.854349][ T8693]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  116.856508][ T8693]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  116.858793][ T8693]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  116.861154][ T8693]  ? txopt_get+0x335/0x3f0
[  116.862716][ T8693]  ? aa_label_sk_perm+0x4cd/0x630
[  116.864699][ T8693]  ? __pfx_txopt_get+0x10/0x10
[  116.866596][ T8693]  xfrm_lookup_route+0x3c/0x1c0
[  116.868306][ T8693]  rawv6_sendmsg+0xdab/0x1820
[  116.870149][ T8693]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  116.872136][ T8693]  ? finish_task_switch+0x266/0x950
[  116.873953][ T8693]  ? __pfx_aa_sk_perm+0x10/0x10
[  116.875597][ T8693]  ? sock_rps_record_flow+0x19/0x410
[  116.877316][ T8693]  ? inet_sendmsg+0x2f4/0x370
[  116.878934][ T8693]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  116.880564][ T8693]  __sock_sendmsg+0x19c/0x270
[  116.882242][ T8693]  ____sys_sendmsg+0x52d/0x830
[  116.883830][ T8693]  ? __pfx_____sys_sendmsg+0x10/0x10
[  116.885622][ T8693]  ? import_iovec+0x74/0xa0
[  116.887109][ T8693]  ___sys_sendmsg+0x21f/0x2a0
[  116.888728][ T8693]  ? __pfx____sys_sendmsg+0x10/0x10
[  116.890328][ T8693]  ? __fget_files+0x2a/0x420
[  116.891768][ T8693]  ? __fget_files+0x3a0/0x420
[  116.893269][ T8693]  __sys_sendmmsg+0x227/0x430
[  116.894800][ T8693]  ? __pfx___sys_sendmmsg+0x10/0x10
[  116.896525][ T8693]  ? do_futex+0x333/0x420
[  116.897998][ T8693]  ? __pfx___se_sys_futex+0x10/0x10
[  116.899580][ T8693]  __x64_sys_sendmmsg+0xa0/0xc0
[  116.901126][ T8693]  do_syscall_64+0xfa/0x3b0
[  116.902525][ T8693]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.904341][ T8693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.906228][ T8693]  ? exc_page_fault+0x9f/0xf0
[  116.907685][ T8693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.909525][ T8693] RIP: 0033:0x7f4a0518ebe9
[  116.910931][ T8693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.917617][ T8693] RSP: 002b:00007f4a0602f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  116.920518][ T8693] RAX: ffffffffffffffda RBX: 00007f4a053c5fa0 RCX: 00007f4a0518ebe9
[  116.923030][ T8693] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000006
[  116.925679][ T8693] RBP: 00007f4a05211e19 R08: 0000000000000000 R09: 0000000000000000
[  116.928149][ T8693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  116.930638][ T8693] R13: 00007f4a053c6038 R14: 00007f4a053c5fa0 R15: 00007ffe325e3998
[  116.933112][ T8693]  </TASK>
[  116.934803][ T8693] Kernel Offset: disabled
[  116.936274][ T8693] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:25:12  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000038 RBX=0000000000000038 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000010ad RDI=00000000000010ae RBP=00000000000003f8 RSP=ffffc90006b0e810
R8 =ffff888106e90237 R9 =1ffff11020dd2046 R10=dffffc0000000000 R11=ffffffff854f4b80
R12=dffffc0000000000 R13=ffffffff99b018f3 R14=ffffffff99df6420 R15=0000000000000000
RIP=ffffffff854f4bfc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4a0602f6c0 ffffffff 00c00000
GS =0000 ffff8880b8614000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f55a84f56c0 CR3=0000000109718000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f4a05397498 00007f4a05397470 XMM03=00007f4a053974a8 00007f4a053974a0
XMM04=00007f4a05efd100 00007f4a05397460 XMM05=00007f4a05397478 00007f4a053974c0
XMM06=00007f4a053974b8 00007f4a053974b0 XMM07=00007f4a053974a8 00007f4a053974a0
XMM08=0000000000000000 00007f4a05212ee7 XMM09=0000000000000000 00007f4a05212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffc90007680000 RBX=1ffff1100450a25a RCX=ffff888021213980 RDX=0000000000010000
RSI=ffff888022850000 RDI=0000000000000017 RBP=0000000000000080 RSP=ffffc900001e0dc0
R8 =ffffffff8fa39837 R9 =1ffffffff1f47306 R10=dffffc0000000000 R11=ffffffff8699f830
R12=dffffc0000000000 R13=ffff8880228512d0 R14=ffff888022850000 R15=dffffc0000000000
RIP=ffffffff8699f878 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555569e60500 ffffffff 00c00000
GS =0000 ffff8881a3c14000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055edf3807000 CR3=000000010e33e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=02ffff0283561c9b af080ce55e8f0662
XMM02=3905e9e9d8024f02 4008ab00083103ff XMM03=5a3e0bff98b44a17 717f0005e6802a06
XMM04=0a016dae000000aa 8cde237bdfb6471b XMM05=0104981000038004 2008000008000100
XMM06=000008060a016dae 000000aa8cde237b XMM07=dfb6471b5a3e0bff 98b44a17717f0005
XMM08=e6802a063905e9e9 d8024f024008ab00 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
