last executing test programs:

2.442850265s ago: executing program 1 (id=1387):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100), 0x4)

2.393390497s ago: executing program 1 (id=1389):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$X25_QBITINCL(r0, 0x106, 0x1, &(0x7f0000000040), 0x4)

2.323119188s ago: executing program 1 (id=1392):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00000000c0)=0x7, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10)
setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)
recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

1.45353848s ago: executing program 1 (id=1407):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01f11800000000000000240000002400000002000000000000000200000400000003000000090000000000000000000000000000000c000000000000"], 0xffffffffffffffff, 0x3e, 0xb2, 0x2}, 0x20)

1.453361512s ago: executing program 1 (id=1408):
r0 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0xab, @empty, 0x1}, 0x1c)
ppoll(&(0x7f0000000040)=[{r0, 0x180}], 0x1, 0x0, 0x0, 0x0)

1.083879231s ago: executing program 2 (id=1413):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r2, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(0xffffffffffffffff, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
unshare(0x20000400)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="adffa88800000000140012800b0001006d616373656300000400028008000500", @ANYBLOB, @ANYRES32=r5], 0x44}}, 0x8000)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r6, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f00000001c0)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x4000891)

1.032334717s ago: executing program 0 (id=1416):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000007110b5000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

961.476893ms ago: executing program 0 (id=1417):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=@can_newroute={0x154, 0x18, 0x1, 0x70bd29, 0x25dfdbfd, {0x1d, 0x1, 0x4}, [@CGW_CS_CRC8={0x11e, 0x6, {0x1, 0xff, 0x3, 0x0, 0xff, "71ec6d721744cd5200080000f8cfcad4c4ec6511ec028c5028564abce83afe14c93e15e556c2baed7f897fe841c155a2b2a4b9f3052995cdf66a9c7922ff0300005b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd24689c0d11a5568fc3aaa9ad0d7766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c", 0x0, "5c8d586b2a88d818b56d2a5e15c8a95d29e5b2ea"}}, @CGW_CS_XOR={0x8, 0x5, {0x2, 0x6, 0xf5, 0x2}}, @CGW_MOD_SET={0x15, 0x4, {{{0x3, 0x1, 0x0, 0x1}, 0x0, 0x5, 0x0, 0x0, '\t\x00'}, 0x1}}]}, 0x154}}, 0x0)

961.273641ms ago: executing program 0 (id=1418):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
write$cgroup_devices(r1, 0x0, 0x9)

553.603626ms ago: executing program 1 (id=1419):
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c)
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000600)="ba", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)="16", 0x1}], 0x1}}], 0x2, 0xc8040)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0x6)

201.410502ms ago: executing program 2 (id=1420):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x2, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000005dc0)={&(0x7f00000006c0)=@nameseq={0x1e, 0x1, 0x2, {0x0, 0x0, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x4000)

201.212589ms ago: executing program 2 (id=1421):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000526d542b9bb4682186204296c16a18339de690e660778d555b3a3ed8c805b1b0718b7f0107e11ae6ade65ffbbfa855b39e763a34edf703a0321673cf4c4db593c61e5d81fab2da73dcc23e783896b0092b8d300934bcd5171664d1255603e22438497b03000000000000006160fd812aecfbf7aadcd942fe355194fe4eec"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff843e}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000200035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)

142.471782ms ago: executing program 2 (id=1422):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0)
sendmsg$inet(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4008000)

53.862567ms ago: executing program 2 (id=1423):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@gettaction={0x3c, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}]}, 0x3c}}, 0x48084)

53.709475ms ago: executing program 0 (id=1424):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @union={0x0, 0x0, 0x0, 0x5, 0x0, 0xdfa}]}}, &(0x7f0000000f40)=""/4089, 0x32, 0xff9, 0xa, 0x1}, 0x28)

408.299µs ago: executing program 0 (id=1425):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000009640)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="10", 0x1}], 0x1}}], 0x1, 0x8810)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x800000000000}, &(0x7f0000000000)={0x1f}, 0x0, 0x0, 0x0)

153.822µs ago: executing program 2 (id=1426):
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$alg(0x26, 0x5, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$packet(0x11, 0x2, 0x300)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r3, 0x4)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8)
sendmmsg$inet6(r1, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32=r3], 0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00'})

0s ago: executing program 0 (id=1427):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r3}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r4}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:9669' (ED25519) to the list of known hosts.
syzkaller login: [   56.873558][ T5807] cgroup: Unknown subsys name 'net'
[   57.081117][ T5807] cgroup: Unknown subsys name 'cpuset'
[   57.086321][ T5807] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.484723][ T5807] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   62.602131][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.608044][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.611412][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.614701][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.617319][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.627398][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.630490][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.633307][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.636456][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.639534][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.678061][ T5211] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.681410][ T5211] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.686121][ T5211] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.691326][ T5211] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.698652][ T5211] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.822541][ T5821] chnl_net:caif_netlink_parms(): no params data found
[   62.913609][ T5825] chnl_net:caif_netlink_parms(): no params data found
[   62.956661][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.959716][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.962297][ T5821] bridge_slave_0: entered allmulticast mode
[   62.965202][ T5821] bridge_slave_0: entered promiscuous mode
[   62.996489][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.999848][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.002887][ T5821] bridge_slave_1: entered allmulticast mode
[   63.006163][ T5821] bridge_slave_1: entered promiscuous mode
[   63.050028][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.052441][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.054804][ T5825] bridge_slave_0: entered allmulticast mode
[   63.057586][ T5825] bridge_slave_0: entered promiscuous mode
[   63.070773][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.074287][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.076704][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.079830][ T5825] bridge_slave_1: entered allmulticast mode
[   63.082580][ T5825] bridge_slave_1: entered promiscuous mode
[   63.091291][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.130806][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.134685][ T5821] team0: Port device team_slave_0 added
[   63.136960][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   63.144489][ T5821] team0: Port device team_slave_1 added
[   63.147734][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.205788][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.208620][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.216753][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.222944][ T5825] team0: Port device team_slave_0 added
[   63.229428][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.232389][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.241529][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.246513][ T5825] team0: Port device team_slave_1 added
[   63.292360][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.294729][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.303203][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.314585][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.317013][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.319805][ T5830] bridge_slave_0: entered allmulticast mode
[   63.322583][ T5830] bridge_slave_0: entered promiscuous mode
[   63.325707][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.328457][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.336967][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.356798][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.359774][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.362107][ T5830] bridge_slave_1: entered allmulticast mode
[   63.364781][ T5830] bridge_slave_1: entered promiscuous mode
[   63.374499][ T5821] hsr_slave_0: entered promiscuous mode
[   63.376978][ T5821] hsr_slave_1: entered promiscuous mode
[   63.422916][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.447779][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.504956][ T5825] hsr_slave_0: entered promiscuous mode
[   63.509053][ T5825] hsr_slave_1: entered promiscuous mode
[   63.512481][ T5825] debugfs: 'hsr0' already exists in 'hsr'
[   63.515078][ T5825] Cannot create hsr debugfs directory
[   63.549685][ T5830] team0: Port device team_slave_0 added
[   63.565125][ T5830] team0: Port device team_slave_1 added
[   63.627115][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.630740][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.641922][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.662491][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.665428][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.678943][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.774028][ T5830] hsr_slave_0: entered promiscuous mode
[   63.776379][ T5830] hsr_slave_1: entered promiscuous mode
[   63.779291][ T5830] debugfs: 'hsr0' already exists in 'hsr'
[   63.781737][ T5830] Cannot create hsr debugfs directory
[   63.865084][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.896990][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.917476][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.929691][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.011538][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   64.021621][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   64.030764][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   64.036320][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   64.091607][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   64.108473][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   64.120393][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   64.130714][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   64.166558][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.192655][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   64.205313][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.208387][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.224330][   T32] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.227138][   T32] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.245904][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.280718][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   64.296511][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.298964][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.304859][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.325411][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.328012][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.351607][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   64.360920][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.363323][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.367332][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.370300][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.391334][ T5825] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   64.517324][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.537184][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.567623][ T5821] veth0_vlan: entered promiscuous mode
[   64.573141][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.587149][ T5821] veth1_vlan: entered promiscuous mode
[   64.600321][ T5830] veth0_vlan: entered promiscuous mode
[   64.610311][ T5830] veth1_vlan: entered promiscuous mode
[   64.628566][ T5827] Bluetooth: hci0: command tx timeout
[   64.631317][ T5821] veth0_macvtap: entered promiscuous mode
[   64.641695][ T5825] veth0_vlan: entered promiscuous mode
[   64.645043][ T5821] veth1_macvtap: entered promiscuous mode
[   64.656010][ T5825] veth1_vlan: entered promiscuous mode
[   64.662651][ T5830] veth0_macvtap: entered promiscuous mode
[   64.667388][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.681117][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.684073][ T5830] veth1_macvtap: entered promiscuous mode
[   64.694551][ T5844] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.699661][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.705457][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.708930][ T5827] Bluetooth: hci1: command tx timeout
[   64.711157][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.717267][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.734333][ T5825] veth0_macvtap: entered promiscuous mode
[   64.744347][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.749564][ T5825] veth1_macvtap: entered promiscuous mode
[   64.766127][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.781719][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.785621][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.788977][ T5827] Bluetooth: hci2: command tx timeout
[   64.803486][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.822202][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.834792][ T3623] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.836797][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.845962][ T3623] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.873407][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.876351][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.891945][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.895580][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.915071][ T3623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.919669][ T3623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.952790][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.956072][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.002289][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   65.014999][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.038518][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.055962][ T2964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.060574][ T2964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.104669][ T3623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.128255][ T3623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.315526][ T5902] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   65.812339][ T5927] syz.2.14 uses obsolete (PF_INET,SOCK_PACKET)
[   65.838273][ T5919] netlink: 'syz.0.12': attribute type 303 has an invalid length.
[   65.848291][ T5919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12'.
[   66.036644][ T5932] tipc: Started in network mode
[   66.041961][ T5932] tipc: Node identity f6bdc9a9c9c1, cluster identity 4711
[   66.050339][ T5932] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   66.055656][ T5932] syzkaller0: entered promiscuous mode
[   66.058710][ T5932] syzkaller0: entered allmulticast mode
[   66.092563][ T5932] tipc: Resetting bearer <eth:syzkaller0>
[   66.105106][ T5931] tipc: Resetting bearer <eth:syzkaller0>
[   66.125713][ T5931] tipc: Disabling bearer <eth:syzkaller0>
[   66.286058][ T5936] netlink: 48 bytes leftover after parsing attributes in process `syz.2.18'.
[   66.529623][  T972] cfg80211: failed to load regulatory.db
[   66.642233][ T5954] syz.1.27 (5954) used obsolete PPPIOCDETACH ioctl
[   66.719935][ T5827] Bluetooth: hci0: command tx timeout
[   66.731424][ T5959] netlink: 12 bytes leftover after parsing attributes in process `syz.0.29'.
[   66.788155][ T5827] Bluetooth: hci1: command tx timeout
[   66.825960][ T5966] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   66.868739][ T5827] Bluetooth: hci2: command tx timeout
[   66.938222][ T5973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.36'.
[   67.154111][ T5993] netlink: 26 bytes leftover after parsing attributes in process `syz.0.44'.
[   67.356446][ T6002] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.387166][ T6062] netlink: 28 bytes leftover after parsing attributes in process `syz.2.75'.
[   68.724336][ T6091] warning: `syz.0.88' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.792492][ T5827] Bluetooth: hci0: command tx timeout
[   68.870185][ T5827] Bluetooth: hci1: command tx timeout
[   68.948120][ T5827] Bluetooth: hci2: command tx timeout
[   69.736138][ T6152] Zero length message leads to an empty skb
[   70.280843][ T6208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.137'.
[   70.376286][ T6213] smc: net device bond0 applied user defined pnetid SYZ2
[   70.576241][ T6226] netlink: 'syz.1.146': attribute type 1 has an invalid length.
[   70.841655][ T6256] netlink: 16 bytes leftover after parsing attributes in process `syz.2.157'.
[   70.873654][ T5827] Bluetooth: hci0: command tx timeout
[   70.896179][ T6262] netlink: 'syz.1.159': attribute type 1 has an invalid length.
[   70.948015][ T5827] Bluetooth: hci1: command tx timeout
[   71.027963][ T5827] Bluetooth: hci2: command tx timeout
[   71.187026][ T6286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   71.192529][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.194759][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.256590][ T6286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   71.322178][ T6286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   71.806702][ T6338] netlink: 'syz.2.197': attribute type 5 has an invalid length.
[   72.375200][ T6375] openvswitch: netlink: Key 6 has unexpected len 4 expected 2
[   73.475815][ T6461] netlink: 'syz.0.235': attribute type 10 has an invalid length.
[   73.495766][ T6461] team0: Port device dummy0 added
[   73.509559][ T6461] netlink: 'syz.0.235': attribute type 10 has an invalid length.
[   73.520447][ T6461] team0: Port device dummy0 removed
[   73.525869][ T6461] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   73.571582][ T6461] syz.0.235 (6461) used greatest stack depth: 19480 bytes left
[   73.776138][ T6484] netlink: 'syz.0.239': attribute type 1 has an invalid length.
[   73.822172][ T6484] 8021q: adding VLAN 0 to HW filter on device bond1
[   73.833844][ T6484] bond1: (slave bridge1): making interface the new active one
[   73.837247][ T6484] bond1: (slave bridge1): Enslaving as an active interface with an up link
[   73.845882][ T6484] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[   74.960588][ T6564] netlink: 8 bytes leftover after parsing attributes in process `syz.2.257'.
[   74.984264][ T6566] tipc: Started in network mode
[   74.986449][ T6566] tipc: Node identity ae5f85e6e38d, cluster identity 4711
[   74.998224][ T6566] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   75.012429][ T6566] syzkaller0: entered promiscuous mode
[   75.014763][ T6566] syzkaller0: entered allmulticast mode
[   75.031188][ T6566] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   75.067803][ T6566] tipc: Resetting bearer <eth:syzkaller0>
[   75.072448][ T6565] tipc: Resetting bearer <eth:syzkaller0>
[   75.101130][ T6565] tipc: Disabling bearer <eth:syzkaller0>
[   75.113655][ T6573] netlink: 96 bytes leftover after parsing attributes in process `syz.2.261'.
[   75.160359][ T6575] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   75.165033][ T6575] syzkaller0: entered promiscuous mode
[   75.166955][ T6575] syzkaller0: entered allmulticast mode
[   75.192551][ T6575] tipc: Resetting bearer <eth:syzkaller0>
[   75.197003][ T6574] tipc: Resetting bearer <eth:syzkaller0>
[   75.208165][ T6574] tipc: Disabling bearer <eth:syzkaller0>
[   75.538225][ T6596] nbd2: detected capacity change from 0 to 63
[   75.548752][ T6600] block nbd2: NBD_DISCONNECT
[   75.557290][ T6600] block nbd2: Disconnected due to user request.
[   75.568816][ T6600] block nbd2: shutting down sockets
[   75.572090][ T5828] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.587469][ T5828] Buffer I/O error on dev nbd2, logical block 0, async page read
[   75.592385][   T25] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 0
[   75.596365][   T25] Buffer I/O error on dev nbd2, logical block 1, async page read
[   75.601083][   T25] Buffer I/O error on dev nbd2, logical block 2, async page read
[   75.604495][   T25] Buffer I/O error on dev nbd2, logical block 3, async page read
[   75.612113][ T5828] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.616102][ T5828] Buffer I/O error on dev nbd2, logical block 0, async page read
[   75.634256][ T5828] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.638811][ T5828] Buffer I/O error on dev nbd2, logical block 1, async page read
[   75.643314][ T5828] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.654818][ T5828] Buffer I/O error on dev nbd2, logical block 2, async page read
[   75.661916][ T5828] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.666136][ T5828] Buffer I/O error on dev nbd2, logical block 3, async page read
[   75.675008][ T5828] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.684042][ T5828] Buffer I/O error on dev nbd2, logical block 0, async page read
[   75.689126][ T6612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.279'.
[   75.691129][ T5828] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.696013][ T5828] Buffer I/O error on dev nbd2, logical block 1, async page read
[   75.708536][ T5828] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.712619][ T5828] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.722856][ T5828] ldm_validate_partition_table(): Disk read failed.
[   75.727528][ T5828] Dev nbd2: unable to read RDB block 0
[   75.732102][ T5828]  nbd2: unable to read partition table
[   75.769174][ T5828] ldm_validate_partition_table(): Disk read failed.
[   75.782571][ T5828] Dev nbd2: unable to read RDB block 0
[   75.786889][ T5828]  nbd2: unable to read partition table
[   76.097636][ T6628] syzkaller0: entered promiscuous mode
[   76.107977][ T6628] syzkaller0: entered allmulticast mode
[   76.212765][ T6632] netlink: 24 bytes leftover after parsing attributes in process `syz.2.288'.
[   76.517292][    C1] vcan0: j1939_tp_rxtimer: 0xffff88811fc30c00: rx timeout, send abort
[   76.521228][    C1] vcan0: j1939_tp_rxtimer: 0xffff88810ad87000: rx timeout, send abort
[   76.524076][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88811fc30c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   76.529851][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88810ad87000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   77.165949][ T6656] Illegal XDP return value 4294967274 on prog  (id 68) dev N/A, expect packet loss!
[   77.571733][ T6698] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check.
[   77.921295][ T6734] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.334'.
[   77.974463][ T6736] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   77.987228][ T6725] syzkaller0: entered promiscuous mode
[   77.994486][ T6725] syzkaller0: entered allmulticast mode
[   78.026878][ T6725] tipc: Resetting bearer <eth:syzkaller0>
[   78.044190][ T6724] tipc: Resetting bearer <eth:syzkaller0>
[   78.059022][ T6724] tipc: Disabling bearer <eth:syzkaller0>
[   78.741504][ T6786] netlink: 28 bytes leftover after parsing attributes in process `syz.1.358'.
[   78.804377][ T6792] smc: net device bond0 erased user defined pnetid SYZ2
[   79.155162][   T10] IPVS: starting estimator thread 0...
[   79.251135][ T6827] IPVS: using max 46 ests per chain, 110400 per kthread
[   79.290128][ T6837] netlink: 'syz.2.378': attribute type 1 has an invalid length.
[   79.298052][ T6837] netlink: 2 bytes leftover after parsing attributes in process `syz.2.378'.
[   81.016293][ T6946] netlink: 'syz.2.429': attribute type 46 has an invalid length.
[   81.034658][ T6948] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[   82.627185][ T7024] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.465'.
[   82.921989][ T7041] netlink: 8 bytes leftover after parsing attributes in process `syz.0.472'.
[   82.989046][ T7045] netlink: 40 bytes leftover after parsing attributes in process `syz.0.475'.
[   82.999420][ T7045] netlink: 40 bytes leftover after parsing attributes in process `syz.0.475'.
[   83.252625][ T7071] netlink: 'syz.2.485': attribute type 10 has an invalid length.
[   83.265071][ T7071] team0: Port device dummy0 added
[   83.271524][ T7071] netlink: 'syz.2.485': attribute type 10 has an invalid length.
[   83.275678][ T7071] team0: Failed to send port change of device dummy0 via netlink (err -105)
[   83.287803][ T7071] team0: Failed to send options change via netlink (err -105)
[   83.291640][ T7071] team0: Failed to send port change of device dummy0 via netlink (err -105)
[   83.296762][ T7071] team0: Port device dummy0 removed
[   83.311225][ T7071] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   83.939663][ T7106] netlink: 68 bytes leftover after parsing attributes in process `syz.0.499'.
[   83.943359][ T7106] netlink: 'syz.0.499': attribute type 1 has an invalid length.
[   84.479269][ T7142] netlink: 'syz.0.517': attribute type 4 has an invalid length.
[   84.546391][ T7148] netlink: 40 bytes leftover after parsing attributes in process `syz.1.520'.
[   84.853881][ T7173] bond_slave_0: entered promiscuous mode
[   84.856385][ T7173] bond_slave_1: entered promiscuous mode
[   84.858540][ T7173] dummy0: entered promiscuous mode
[   84.861214][ T7173] vlan2: entered promiscuous mode
[   84.863334][ T7173] bond0: entered promiscuous mode
[   84.874497][ T7180] netlink: 4 bytes leftover after parsing attributes in process `syz.1.534'.
[   85.083432][ T7202] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   85.172813][ T7213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.551'.
[   85.179084][ T7211] netlink: 'syz.1.549': attribute type 21 has an invalid length.
[   85.181788][ T7211] netlink: 20 bytes leftover after parsing attributes in process `syz.1.549'.
[   85.304457][ T7228] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   85.679271][ T7280] netlink: 40 bytes leftover after parsing attributes in process `syz.0.582'.
[   86.681044][ T7296] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[   86.775009][ T7304] geneve2: entered promiscuous mode
[   86.776798][ T7304] geneve2: entered allmulticast mode
[   86.906310][ T7322] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   86.913071][ T7322] syzkaller0: entered promiscuous mode
[   86.914938][ T7322] syzkaller0: entered allmulticast mode
[   86.934477][ T7322] tipc: Resetting bearer <eth:syzkaller0>
[   86.937599][ T7321] tipc: Resetting bearer <eth:syzkaller0>
[   86.950949][ T7321] tipc: Disabling bearer <eth:syzkaller0>
[   87.112625][ T7340] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   87.115124][ T7340] IPv6: NLM_F_CREATE should be set when creating new route
[   87.117566][ T7340] IPv6: NLM_F_CREATE should be set when creating new route
[   87.413096][ T7361] netlink: 'syz.2.615': attribute type 13 has an invalid length.
[   87.415712][ T7361] netlink: 'syz.2.615': attribute type 17 has an invalid length.
[   87.496299][ T7361] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   87.763164][ T7388] __nla_validate_parse: 3 callbacks suppressed
[   87.763179][ T7388] netlink: 8 bytes leftover after parsing attributes in process `syz.2.624'.
[   87.932739][ T7407] tap0: tun_chr_ioctl cmd 1074025677
[   87.934771][ T7407] tap0: linktype set to 825
[   88.032381][ T7418] netlink: 'syz.0.639': attribute type 1 has an invalid length.
[   88.204694][ T7422] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.263058][ T7422] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.319723][ T7422] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.369763][ T7445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.651'.
[   88.396163][ T7422] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.463618][ T5844] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.483962][ T5844] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.496848][ T5844] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.508698][   T13] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.759486][ T7471] netlink: 108 bytes leftover after parsing attributes in process `syz.2.662'.
[   88.910948][ T7479] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.965689][ T7487] tipc: Started in network mode
[   88.970754][ T7487] tipc: Node identity 4643c67b1fe, cluster identity 4711
[   88.973990][ T7487] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.993969][ T7479] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.005861][ T7487] syzkaller0: entered promiscuous mode
[   89.009456][ T7487] syzkaller0: entered allmulticast mode
[   89.023713][ T7487] tipc: Resetting bearer <eth:syzkaller0>
[   89.027356][ T7486] tipc: Resetting bearer <eth:syzkaller0>
[   89.034312][ T7486] tipc: Disabling bearer <eth:syzkaller0>
[   89.049564][ T7479] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.130286][ T7479] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   89.183211][   T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.192914][ T5844] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   89.202623][ T5844] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   89.213472][ T5844] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.345696][ T7510] tls_set_device_offload_rx: netdev not found
[   90.006364][ T7550] netlink: 'syz.1.696': attribute type 21 has an invalid length.
[   90.699569][ T7550] netlink: 132 bytes leftover after parsing attributes in process `syz.1.696'.
[   90.799439][ T7562] netlink: 'syz.0.701': attribute type 13 has an invalid length.
[   90.802675][ T7562] netlink: 'syz.0.701': attribute type 17 has an invalid length.
[   90.850222][ T7562] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   91.192373][ T5873] IPVS: starting estimator thread 0...
[   91.277961][ T7589] IPVS: using max 79 ests per chain, 189600 per kthread
[   92.182725][ T7605] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.186034][ T7605] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.348193][ T7605] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   92.358780][ T7605] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.578661][ T5844] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.587917][ T5844] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.617148][ T5844] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.631710][ T5844] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.789904][ T7657] bridge0: port 3(erspan0) entered blocking state
[   92.792371][ T7657] bridge0: port 3(erspan0) entered disabled state
[   92.794660][ T7657] erspan0: entered allmulticast mode
[   92.797340][ T7657] erspan0: entered promiscuous mode
[   92.800020][ T7657] bridge0: port 3(erspan0) entered blocking state
[   92.802806][ T7657] bridge0: port 3(erspan0) entered forwarding state
[   92.809022][ T7657] erspan0: left allmulticast mode
[   92.810783][ T7657] erspan0: left promiscuous mode
[   92.812946][ T7657] bridge0: port 3(erspan0) entered disabled state
[   94.447531][ T7760] netlink: 'syz.0.789': attribute type 1 has an invalid length.
[   94.451665][ T7760] netlink: 'syz.0.789': attribute type 1 has an invalid length.
[   94.454294][ T7760] netlink: 216 bytes leftover after parsing attributes in process `syz.0.789'.
[   94.793782][ T7784] netlink: 'syz.0.801': attribute type 1 has an invalid length.
[   94.826986][ T7788] netlink: 12 bytes leftover after parsing attributes in process `syz.1.803'.
[   94.837392][ T7788] smc: net device bond0 applied user defined pnetid SYZ
[   94.890631][ T7794] sctp: [Deprecated]: syz.2.807 (pid 7794) Use of struct sctp_assoc_value in delayed_ack socket option.
[   94.890631][ T7794] Use struct sctp_sack_info instead
[   95.641926][ T7864] netlink: 'syz.2.838': attribute type 21 has an invalid length.
[   95.645054][ T7864] IPv6: NLM_F_CREATE should be specified when creating new route
[   95.648931][ T7864] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   95.651894][ T7864] IPv6: NLM_F_CREATE should be set when creating new route
[   95.654875][ T7864] IPv6: NLM_F_CREATE should be set when creating new route
[   95.657775][ T7864] IPv6: NLM_F_CREATE should be set when creating new route
[   95.961643][ T7884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.846'.
[   96.487624][ T7901] netlink: 4 bytes leftover after parsing attributes in process `syz.0.854'.
[   96.920215][ T7925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.865'.
[   97.432215][ T7946] tun0: tun_chr_ioctl cmd 2148045848
[   97.551163][ T7950] netlink: 'syz.1.877': attribute type 1 has an invalid length.
[   97.609539][ T7950] 8021q: adding VLAN 0 to HW filter on device bond1
[   97.639700][ T7956] 8021q: adding VLAN 0 to HW filter on device bond1
[   97.642108][ T7956] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[   97.650219][ T7956] bond1: (slave vxcan3): Error -95 calling set_mac_address
[   97.715736][ T7950] veth3: entered promiscuous mode
[   97.730975][ T7950] bond1: (slave veth3): Enslaving as an active interface with a down link
[   97.803268][ T7963] netlink: 'syz.0.882': attribute type 7 has an invalid length.
[   97.805797][ T7963] netlink: 'syz.0.882': attribute type 8 has an invalid length.
[   97.969507][ T7970] netlink: 27 bytes leftover after parsing attributes in process `syz.1.885'.
[   98.284254][ T7980] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20003
[   98.358554][ T8004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.898'.
[   98.806099][ T8038] netlink: 'syz.2.914': attribute type 3 has an invalid length.
[   98.874491][ T8042] netlink: 4608 bytes leftover after parsing attributes in process `syz.2.916'.
[   98.883693][ T8042] netlink: 28 bytes leftover after parsing attributes in process `syz.2.916'.
[   98.886974][ T8042] netlink: 28 bytes leftover after parsing attributes in process `syz.2.916'.
[   98.894645][ T8042] team0: entered promiscuous mode
[   98.896809][ T8042] team_slave_0: entered promiscuous mode
[   98.901720][ T8042] team_slave_1: entered promiscuous mode
[   98.906863][ T8042] bond0: entered promiscuous mode
[   98.909245][ T8042] bond_slave_0: entered promiscuous mode
[   98.911790][ T8042] bond_slave_1: entered promiscuous mode
[   98.914274][ T8042] dummy0: entered promiscuous mode
[   98.917556][ T8042] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network
[   98.923004][ T8042] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network
[   98.927449][ T8042] 8021q: adding VLAN 0 to HW filter on device hsr1
[   99.385789][ T8072] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   99.420249][ T8074] raw_sendmsg: syz.2.932 forgot to set AF_INET. Fix it!
[   99.692319][ T8106] netlink: 'syz.0.948': attribute type 12 has an invalid length.
[   99.725719][ T8109] geneve2: entered promiscuous mode
[   99.729975][   T12] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[   99.739030][   T12] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[   99.750325][   T12] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[   99.760747][   T12] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  100.712657][ T8165] __nla_validate_parse: 1 callbacks suppressed
[  100.712670][ T8165] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.972'.
[  100.822606][ T8172] netlink: 'syz.2.975': attribute type 2 has an invalid length.
[  100.825679][ T8172] netlink: 'syz.2.975': attribute type 5 has an invalid length.
[  100.871225][ T8174] netlink: 'syz.1.976': attribute type 8 has an invalid length.
[  101.262452][ T8202] netlink: 28 bytes leftover after parsing attributes in process `syz.1.988'.
[  101.265511][ T8202] netlink: 28 bytes leftover after parsing attributes in process `syz.1.988'.
[  101.275841][ T8202] netlink: 28 bytes leftover after parsing attributes in process `syz.1.988'.
[  102.323802][ T8236] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  102.364768][ T8236] syzkaller0: entered promiscuous mode
[  102.367045][ T8236] syzkaller0: entered allmulticast mode
[  102.371413][ T8236] tipc: Resetting bearer <eth:syzkaller0>
[  102.393695][ T8235] tipc: Resetting bearer <eth:syzkaller0>
[  102.416552][ T8240] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1003'.
[  103.236475][ T8235] tipc: Disabling bearer <eth:syzkaller0>
[  103.328041][   T33] audit: type=1804 audit(1754570021.890:2): pid=8254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1009" name="memory.events" dev="tmpfs" ino=1526 res=1 errno=0
[  103.346432][   T33] audit: type=1800 audit(1754570021.900:3): pid=8254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1009" name="memory.events" dev="tmpfs" ino=1526 res=0 errno=0
[  104.212995][   T10] IPVS: starting estimator thread 0...
[  104.301384][ T8317] IPVS: using max 48 ests per chain, 115200 per kthread
[  105.077373][ T8347] syzkaller1: entered promiscuous mode
[  105.079916][ T8347] syzkaller1: entered allmulticast mode
[  105.252737][ T8361] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1053'.
[  105.550222][ T8389] Bluetooth: MGMT ver 1.23
[  105.615404][ T8397] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1067'.
[  105.620331][ T8397] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  105.836443][ T8419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1075'.
[  105.883514][ T8424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  105.974937][ T8430] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  105.983554][ T8430] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  105.995393][ T8433] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  106.383134][ T8444] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1087'.
[  106.386398][ T8444] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1087'.
[  106.598934][ T8455] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  106.601775][ T8455] syzkaller0: entered promiscuous mode
[  106.603684][ T8455] syzkaller0: entered allmulticast mode
[  106.617626][ T8455] tipc: Resetting bearer <eth:syzkaller0>
[  106.621988][ T8454] tipc: Resetting bearer <eth:syzkaller0>
[  106.632934][ T8454] tipc: Disabling bearer <eth:syzkaller0>
[  107.092617][ T8489] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  107.094977][ T8489] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  107.499096][ T8516] netlink: 'syz.2.1118': attribute type 2 has an invalid length.
[  107.506514][ T8516] netlink: 'syz.2.1118': attribute type 1 has an invalid length.
[  107.559579][ T8520] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[  107.605139][ T8520] tipc: Resetting bearer <eth:syzkaller0>
[  107.623436][ T8519] tipc: Resetting bearer <eth:syzkaller0>
[  108.558543][ T8519] tipc: Disabling bearer <eth:syzkaller0>
[  108.565694][ T8531] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  108.568996][ T8536] syzkaller0: entered promiscuous mode
[  108.570831][ T8536] syzkaller0: entered allmulticast mode
[  108.576935][ T8547] tipc: Resetting bearer <eth:syzkaller0>
[  108.579496][ T8526] tipc: Resetting bearer <eth:syzkaller0>
[  108.588883][ T8526] tipc: Disabling bearer <eth:syzkaller0>
[  109.117015][ T8590] netlink: 'syz.0.1145': attribute type 39 has an invalid length.
[  109.882454][ T8622] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1159'.
[  110.064605][ T8642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1168'.
[  110.074609][ T8642] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1168'.
[  110.084185][ T8642] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1168'.
[  110.087464][ T8642] netlink: 540 bytes leftover after parsing attributes in process `syz.0.1168'.
[  110.126294][ T8646] sock: sock_timestamping_bind_phc: sock not bind to device
[  110.249872][ T8654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  110.543049][ T8669] Bluetooth: hci0: Opcode 0x0c03 failed: -112
[  110.557536][ T8675] netlink: 'syz.1.1182': attribute type 7 has an invalid length.
[  110.967163][ T8715] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  110.972101][ T8715] syzkaller0: entered promiscuous mode
[  110.974220][ T8715] syzkaller0: entered allmulticast mode
[  111.024645][ T8715] tipc: Resetting bearer <eth:syzkaller0>
[  111.040890][ T8714] tipc: Resetting bearer <eth:syzkaller0>
[  111.060147][ T8714] tipc: Disabling bearer <eth:syzkaller0>
[  111.173430][ T8731] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1202'.
[  111.187465][ T8731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1202'.
[  111.219097][ T8731] netlink: 'syz.1.1202': attribute type 12 has an invalid length.
[  111.222445][ T8731] netlink: 'syz.1.1202': attribute type 14 has an invalid length.
[  111.316794][ T8744] netlink: 'syz.0.1207': attribute type 1 has an invalid length.
[  111.591919][ T8766] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  112.278524][ T8805] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1234'.
[  112.305383][ T8805] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1234'.
[  112.548288][ T5827] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  112.722249][ T8825] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1243'.
[  112.748661][ T8827] trusted_key: syz.0.1244 sent an empty control message without MSG_MORE.
[  112.766207][ T8825] veth1: entered promiscuous mode
[  112.772854][ T8825] bridge2: entered promiscuous mode
[  112.776309][ T8825] hsr2: Slave A (veth1) is not up; please bring it up to get a fully working HSR network
[  112.780229][ T8825] hsr2: entered promiscuous mode
[  112.808439][ T8829] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1245'.
[  112.813046][ T8829] netlink: 788 bytes leftover after parsing attributes in process `syz.0.1245'.
[  112.913844][ T8829] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1245'.
[  113.222951][ T8870] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1263'.
[  113.232635][ T8870] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  113.552460][ T5821] cgroup: fork rejected by pids controller in /syz0
[  113.791493][   T12] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.854139][   T12] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.913009][   T12] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.969923][   T12] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.171951][   T12] bridge_slave_1: left allmulticast mode
[  114.174082][   T12] bridge_slave_1: left promiscuous mode
[  114.177139][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.191329][   T12] bridge_slave_0: left allmulticast mode
[  114.193295][   T12] bridge_slave_0: left promiscuous mode
[  114.195569][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.347552][ T5211] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  114.353524][ T5211] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  114.357020][ T5211] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  114.366629][ T5211] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  114.371068][ T5211] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  114.625491][   T12] bond1 (unregistering): (slave bridge1): Releasing active interface
[  114.707202][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  114.711915][   T12] bond_slave_0: left promiscuous mode
[  114.715965][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  114.719740][   T12] bond_slave_1: left promiscuous mode
[  114.722996][   T12] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  114.726991][   T12] dummy0: left promiscuous mode
[  114.735524][   T12] bond0 (unregistering): Released all slaves
[  114.800048][   T12] bond1 (unregistering): Released all slaves
[  114.938188][   T12] tipc: Left network mode
[  115.153641][ T8938] chnl_net:caif_netlink_parms(): no params data found
[  115.256036][ T8970] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1303'.
[  115.464267][ T8938] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.470244][ T8938] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.473468][ T8938] bridge_slave_0: entered allmulticast mode
[  115.477606][ T8938] bridge_slave_0: entered promiscuous mode
[  115.484437][ T8938] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.487556][ T8938] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.493902][ T8938] bridge_slave_1: entered allmulticast mode
[  115.499650][ T8938] bridge_slave_1: entered promiscuous mode
[  115.572218][ T8938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.597455][   T12] hsr_slave_0: left promiscuous mode
[  115.604070][   T12] hsr_slave_1: left promiscuous mode
[  115.606765][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  115.610646][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  115.614856][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  115.620286][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  115.630105][   T12] veth1_macvtap: left promiscuous mode
[  115.632425][   T12] veth0_macvtap: left promiscuous mode
[  115.635810][   T12] veth1_vlan: left promiscuous mode
[  115.640648][   T12] veth0_vlan: left promiscuous mode
[  116.347703][   T12] team0 (unregistering): Port device team_slave_1 removed
[  116.370217][   T12] team0 (unregistering): Port device team_slave_0 removed
[  116.388207][ T5827] Bluetooth: hci0: command tx timeout
[  116.636947][ T8938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.695211][ T8938] team0: Port device team_slave_0 added
[  116.712093][ T8938] team0: Port device team_slave_1 added
[  116.781152][ T8938] batman_adv: batadv0: Adding interface: batadv_slave_0
[  116.783964][ T8938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.810200][ T8938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  116.821583][ T8938] batman_adv: batadv0: Adding interface: batadv_slave_1
[  116.824402][ T8938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  116.844429][ T8938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  116.920882][ T9024] __nla_validate_parse: 1 callbacks suppressed
[  116.920897][ T9024] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.1322'.
[  116.926082][ T8938] hsr_slave_0: entered promiscuous mode
[  116.930217][ T8938] hsr_slave_1: entered promiscuous mode
[  116.959819][   T12] IPVS: stop unused estimator thread 0...
[  117.426421][ T8938] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  117.433602][ T8938] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  117.440219][ T8938] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  117.444748][ T8938] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  117.492664][ T8938] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.504960][ T8938] 8021q: adding VLAN 0 to HW filter on device team0
[  117.513070][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.515485][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.523341][ T2964] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.525785][ T2964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.551543][ T8938] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  117.636626][ T8938] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.660439][ T8938] veth0_vlan: entered promiscuous mode
[  117.665333][ T8938] veth1_vlan: entered promiscuous mode
[  117.683790][ T8938] veth0_macvtap: entered promiscuous mode
[  117.697750][ T8938] veth1_macvtap: entered promiscuous mode
[  117.714764][ T8938] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.725002][ T8938] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.733856][ T5860] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.736752][ T5860] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.761599][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.766511][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.805775][ T4010] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.810468][ T4010] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.839267][   T85] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.842446][   T85] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.468468][ T5827] Bluetooth: hci0: command tx timeout
[  119.175831][ T9132] sctp: [Deprecated]: syz.2.1349 (pid 9132) Use of int in max_burst socket option deprecated.
[  119.175831][ T9132] Use struct sctp_assoc_value instead
[  119.939720][ T9142] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1354'.
[  119.972544][ T9145] netlink: 212296 bytes leftover after parsing attributes in process `syz.1.1355'.
[  119.987442][ T9147] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1356'.
[  120.281035][ T9173] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1368'.
[  120.340727][ T9178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1370'.
[  120.413105][   T33] audit: type=1800 audit(1754570038.980:4): pid=9165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1363" name="cgroup.controllers" dev="tmpfs" ino=63 res=0 errno=0
[  120.429134][ T9188] netlink: 788 bytes leftover after parsing attributes in process `syz.1.1375'.
[  120.498322][ T9192] pim6reg1: entered promiscuous mode
[  120.500282][ T9192] pim6reg1: entered allmulticast mode
[  120.549536][ T5827] Bluetooth: hci0: command tx timeout
[  120.659121][ T9206] tun0: tun_chr_ioctl cmd 1074025681
[  120.758939][ T9219] tipc: Started in network mode
[  120.761102][ T9219] tipc: Node identity de41c09f8324, cluster identity 4711
[  120.763794][ T9219] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  120.766654][ T9219] syzkaller0: entered promiscuous mode
[  120.769233][ T9219] syzkaller0: entered allmulticast mode
[  120.796290][ T9220] hsr2: left promiscuous mode
[  120.803149][ T9219] tipc: Resetting bearer <eth:syzkaller0>
[  120.806568][ T9217] tipc: Resetting bearer <eth:syzkaller0>
[  120.818619][ T9217] tipc: Disabling bearer <eth:syzkaller0>
[  120.827136][ T9220] @: renamed from veth0_vlan
[  121.066180][ T9234] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1396'.
[  121.083343][ T9234] batman_adv: batadv0: Removing interface: batadv_slave_0
[  121.283599][ T9250] bridge4: the hash_elasticity option has been deprecated and is always 16
[  121.549718][ T9258] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1405'.
[  121.563099][ T5860] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  121.566670][ T5860] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  121.571925][ T5860] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  121.575532][ T5860] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  121.620520][ T9261] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  121.641316][ T9261] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input4
[  122.022299][ T9277] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1413'.
[  122.628146][ T5827] Bluetooth: hci0: command tx timeout
[  122.901689][ T9295] netlink: 'syz.2.1421': attribute type 21 has an invalid length.
[  122.904875][ T9295] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1421'.
[  123.365672][    C1] ==================================================================
[  123.369209][    C1] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x696/0xca0
[  123.372654][    C1] Write of size 8 at addr ffff88810e75c930 by task syz.0.1427/9308
[  123.376884][    C1] 
[  123.377979][    C1] CPU: 1 UID: 0 PID: 9308 Comm: syz.0.1427 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[  123.377995][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  123.378003][    C1] Call Trace:
[  123.378039][    C1]  <TASK>
[  123.378047][    C1]  dump_stack_lvl+0x189/0x250
[  123.378066][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  123.378081][    C1]  ? rcu_is_watching+0x15/0xb0
[  123.378098][    C1]  ? __kasan_check_byte+0x12/0x40
[  123.378116][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.378127][    C1]  ? rcu_is_watching+0x15/0xb0
[  123.378144][    C1]  ? lock_release+0x4b/0x3e0
[  123.378161][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  123.378174][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[  123.378188][    C1]  print_report+0xca/0x240
[  123.378205][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  123.378223][    C1]  kasan_report+0x118/0x150
[  123.378241][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  123.378260][    C1]  __xfrm_state_delete+0x696/0xca0
[  123.378281][    C1]  xfrm_timer_handler+0x18f/0xa00
[  123.378300][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  123.378315][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  123.378330][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.378347][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  123.378361][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  123.378376][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  123.378392][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  123.378408][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  123.378432][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  123.378448][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  123.378468][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  123.378481][    C1]  handle_softirqs+0x286/0x870
[  123.378498][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  123.378515][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  123.378534][    C1]  __irq_exit_rcu+0xca/0x1f0
[  123.378551][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  123.378570][    C1]  irq_exit_rcu+0x9/0x30
[  123.378590][    C1]  sysvec_apic_timer_interrupt+0x57/0xc0
[  123.378606][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  123.378620][    C1] RIP: 0033:0x7f5beadb7320
[  123.378632][    C1] Code: 83 c0 16 83 e0 f7 74 12 50 48 8d 3d aa 3d 08 00 e8 15 90 f8 ff 0f 1f 44 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <83> ff 21 74 0b c3 66 2e 0f 1f 84 00 00 00 00 00 55 53 48 89 f3 48
[  123.378643][    C1] RSP: 002b:00007f5bebb95ef8 EFLAGS: 00000297
[  123.378655][    C1] RAX: 0000000000000000 RBX: 00007f5bebb96d30 RCX: 0000000000000999
[  123.378663][    C1] RDX: 00007f5bebb95f00 RSI: 00007f5bebb96030 RDI: 0000000000000021
[  123.378671][    C1] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  123.378679][    C1] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000073
[  123.378686][    C1] R13: 00007f5bebb96eb0 R14: 9999999999999999 R15: 0000000000000000
[  123.378700][    C1]  </TASK>
[  123.378704][    C1] 
[  123.497393][    C1] Allocated by task 7704:
[  123.499191][    C1]  kasan_save_track+0x3e/0x80
[  123.501220][    C1]  __kasan_slab_alloc+0x6c/0x80
[  123.503319][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  123.505573][    C1]  xfrm_state_alloc+0x24/0x2f0
[  123.507547][    C1]  __find_acq_core+0x8a7/0x1c00
[  123.509560][    C1]  xfrm_find_acq+0x78/0xa0
[  123.511027][    C1]  xfrm_alloc_userspi+0x6b3/0xc90
[  123.513001][    C1]  xfrm_user_rcv_msg+0x7a3/0xab0
[  123.515166][    C1]  netlink_rcv_skb+0x208/0x470
[  123.516754][    C1]  xfrm_netlink_rcv+0x79/0x90
[  123.518325][    C1]  netlink_unicast+0x82f/0x9e0
[  123.519959][    C1]  netlink_sendmsg+0x805/0xb30
[  123.521557][    C1]  __sock_sendmsg+0x21c/0x270
[  123.523182][    C1]  ____sys_sendmsg+0x505/0x830
[  123.524949][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  123.526562][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  123.528206][    C1]  do_syscall_64+0xfa/0x3b0
[  123.529774][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.531753][    C1] 
[  123.532562][    C1] Freed by task 24:
[  123.534121][    C1]  kasan_save_track+0x3e/0x80
[  123.536199][    C1]  kasan_save_free_info+0x46/0x50
[  123.538177][    C1]  __kasan_slab_free+0x62/0x70
[  123.539773][    C1]  kmem_cache_free+0x18f/0x400
[  123.541426][    C1]  xfrm_state_gc_task+0x518/0x6a0
[  123.543148][    C1]  process_scheduled_works+0xae1/0x17b0
[  123.545248][    C1]  worker_thread+0x8a0/0xda0
[  123.546816][    C1]  kthread+0x711/0x8a0
[  123.548180][    C1]  ret_from_fork+0x3fc/0x770
[  123.549720][    C1]  ret_from_fork_asm+0x1a/0x30
[  123.551339][    C1] 
[  123.552147][    C1] The buggy address belongs to the object at ffff88810e75c900
[  123.552147][    C1]  which belongs to the cache xfrm_state of size 928
[  123.556687][    C1] The buggy address is located 48 bytes inside of
[  123.556687][    C1]  freed 928-byte region [ffff88810e75c900, ffff88810e75cca0)
[  123.561130][    C1] 
[  123.561897][    C1] The buggy address belongs to the physical page:
[  123.564341][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88810e75d680 pfn:0x10e75c
[  123.567586][    C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  123.570305][    C1] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  123.572810][    C1] page_type: f5(slab)
[  123.574346][    C1] raw: 057ff00000000040 ffff888104e89780 dead000000000122 0000000000000000
[  123.578166][    C1] raw: ffff88810e75d680 00000000800e000b 00000000f5000000 0000000000000000
[  123.581655][    C1] head: 057ff00000000040 ffff888104e89780 dead000000000122 0000000000000000
[  123.585254][    C1] head: ffff88810e75d680 00000000800e000b 00000000f5000000 0000000000000000
[  123.588042][    C1] head: 057ff00000000002 ffffea000439d701 00000000ffffffff 00000000ffffffff
[  123.590851][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  123.594422][    C1] page dumped because: kasan: bad access detected
[  123.597184][    C1] page_owner tracks the page as allocated
[  123.599632][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6390, tgid 6382 (syz.2.220), ts 72615669528, free_ts 72541398066
[  123.607225][    C1]  post_alloc_hook+0x240/0x2a0
[  123.608812][    C1]  get_page_from_freelist+0x21e4/0x22c0
[  123.611069][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  123.613601][    C1]  alloc_pages_mpol+0x232/0x4a0
[  123.615703][    C1]  allocate_slab+0x8a/0x3b0
[  123.617681][    C1]  ___slab_alloc+0xbfc/0x1480
[  123.619705][    C1]  kmem_cache_alloc_noprof+0x283/0x3c0
[  123.622036][    C1]  xfrm_state_alloc+0x24/0x2f0
[  123.624057][    C1]  xfrm_state_find+0x37d4/0x5400
[  123.626173][    C1]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  123.628803][    C1]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  123.631126][    C1]  xfrm_lookup_route+0x3c/0x1c0
[  123.633215][    C1]  __ip4_datagram_connect+0x9a5/0x1270
[  123.635571][    C1]  __ip6_datagram_connect+0x9f0/0x1150
[  123.637989][    C1]  ip6_datagram_connect_v6_only+0x63/0xa0
[  123.640461][    C1]  __sys_connect+0x316/0x440
[  123.642451][    C1] page last free pid 5828 tgid 5828 stack trace:
[  123.644955][    C1]  __free_frozen_pages+0xc71/0xe70
[  123.646680][    C1]  __slab_free+0x326/0x400
[  123.648171][    C1]  qlist_free_all+0x97/0x140
[  123.649707][    C1]  kasan_quarantine_reduce+0x148/0x160
[  123.651504][    C1]  __kasan_slab_alloc+0x22/0x80
[  123.653242][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  123.655148][    C1]  getname_flags+0xb8/0x540
[  123.656655][    C1]  do_sys_openat2+0xbc/0x1c0
[  123.658201][    C1]  __x64_sys_openat+0x138/0x170
[  123.659812][    C1]  do_syscall_64+0xfa/0x3b0
[  123.661331][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.663437][    C1] 
[  123.664486][    C1] Memory state around the buggy address:
[  123.666864][    C1]  ffff88810e75c800: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  123.670320][    C1]  ffff88810e75c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  123.673339][    C1] >ffff88810e75c900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  123.675903][    C1]                                      ^
[  123.677748][    C1]  ffff88810e75c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  123.680380][    C1]  ffff88810e75ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  123.683127][    C1] ==================================================================
[  123.686936][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  123.689402][    C1] CPU: 1 UID: 0 PID: 9308 Comm: syz.0.1427 Not tainted 6.16.0-syzkaller-06600-g1dbf1d590d10-dirty #0 PREEMPT(full) 
[  123.693380][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  123.696664][    C1] Call Trace:
[  123.697763][    C1]  <TASK>
[  123.698773][    C1]  dump_stack_lvl+0x99/0x250
[  123.700271][    C1]  ? __asan_memcpy+0x40/0x70
[  123.701808][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.703788][    C1]  ? __pfx__printk+0x10/0x10
[  123.705627][    C1]  panic+0x2db/0x790
[  123.706919][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.708665][    C1]  ? __pfx_panic+0x10/0x10
[  123.710155][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  123.712141][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  123.714171][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  123.716213][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  123.718231][    C1]  check_panic_on_warn+0x89/0xb0
[  123.719862][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  123.721645][    C1]  end_report+0x78/0x160
[  123.723126][    C1]  kasan_report+0x129/0x150
[  123.724956][    C1]  ? __xfrm_state_delete+0x696/0xca0
[  123.726632][    C1]  __xfrm_state_delete+0x696/0xca0
[  123.728244][    C1]  xfrm_timer_handler+0x18f/0xa00
[  123.729923][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  123.731740][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  123.733795][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  123.735578][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  123.738097][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  123.740832][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  123.743219][    C1]  ? __pfx_xfrm_timer_handler+0x10/0x10
[  123.745621][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  123.747892][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  123.750102][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  123.751980][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  123.753724][    C1]  handle_softirqs+0x286/0x870
[  123.755320][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  123.756899][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  123.758624][    C1]  __irq_exit_rcu+0xca/0x1f0
[  123.760192][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  123.761913][    C1]  irq_exit_rcu+0x9/0x30
[  123.763578][    C1]  sysvec_apic_timer_interrupt+0x57/0xc0
[  123.765773][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  123.767755][    C1] RIP: 0033:0x7f5beadb7320
[  123.769250][    C1] Code: 83 c0 16 83 e0 f7 74 12 50 48 8d 3d aa 3d 08 00 e8 15 90 f8 ff 0f 1f 44 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <83> ff 21 74 0b c3 66 2e 0f 1f 84 00 00 00 00 00 55 53 48 89 f3 48
[  123.776303][    C1] RSP: 002b:00007f5bebb95ef8 EFLAGS: 00000297
[  123.778284][    C1] RAX: 0000000000000000 RBX: 00007f5bebb96d30 RCX: 0000000000000999
[  123.780996][    C1] RDX: 00007f5bebb95f00 RSI: 00007f5bebb96030 RDI: 0000000000000021
[  123.783753][    C1] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000
[  123.786381][    C1] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000073
[  123.788968][    C1] R13: 00007f5bebb96eb0 R14: 9999999999999999 R15: 0000000000000000
[  123.791577][    C1]  </TASK>
[  123.793377][    C1] Kernel Offset: disabled
[  123.794827][    C1] Rebooting in 86400 seconds..

VM DIAGNOSIS:
12:34:02  Registers:
info registers vcpu 0

CPU#0
RAX=7a34ced67f6fad00 RBX=ffffffff81969b18 RCX=7a34ced67f6fad00 RDX=0000000000000001
RSI=ffffffff8d9792cd RDI=ffffffff8be30a00 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa07bf0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a18
RIP=ffffffff8b6fc4f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c316afb CR3=0000000029048000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=9500000008000000 8500000075000000 XMM03=85ec11c34b000000 0000000021000001
XMM04=00007f5bebaed100 00007f5beaf87460 XMM05=00007f5beaf87478 00007f5beaf874c0
XMM06=00007f5beaf874b8 00007f5beaf874b0 XMM07=00007f5beaf874a8 00007f5beaf874a0
XMM08=0000000000000000 00007f5beae12ee7 XMM09=0000000000000000 00007f5beae12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000066 RBX=0000000000000066 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90006db72f0
R8 =ffff888107c88237 R9 =1ffff11020f91046 R10=dffffc0000000000 R11=ffffffff854c1d90
R12=dffffc0000000000 R13=ffffffff99a95913 R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1e0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f5bebb976c0 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4fa81e8d58 CR3=0000000029048000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
