last executing test programs:

607.85593ms ago: executing program 0 (id=2337):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r0, &(0x7f0000000480), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000040)={0x1d, r1}, 0x10)

556.839821ms ago: executing program 0 (id=2339):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCDELRT(r0, 0x8915, 0x0)

489.49756ms ago: executing program 0 (id=2341):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0c0100000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fc0000000000000000000000000000000c00028005000100000000003c0002800c00028005000100000000002c000180140003000000000000000000000000000000000114000400fe8000000000000000000000000000aa08000740000000007800068014000500fc0200000000000000000000000000010c000380060001000000000014000400fc0200000000000000000000000000002c000380"], 0x10c}}, 0x0)

418.217576ms ago: executing program 0 (id=2343):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001bc0)={0x34, r1, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x6b}, @val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x8000}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x3}]}, 0x34}, 0x1, 0x0, 0x0, 0x58844}, 0x80)

417.964778ms ago: executing program 1 (id=2344):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xb, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x83}}, &(0x7f0000000000)='GPL\x00'}, 0x94)

417.432244ms ago: executing program 0 (id=2345):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r1 = socket(0x11, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000005c0)={'gre0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$int_in(r3, 0x5421, &(0x7f0000001100)=0x2000000009)
connect$bt_sco(r3, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000fbe000)={0x3, &(0x7f0000000140)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006, 0xa}, {0x4, 0x9, 0x8, 0x873}]}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000003c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
r8 = accept4(r7, 0x0, 0x0, 0x80800)
sendmsg$alg(r8, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x810}, 0x20044000)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r8, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000008c0)=ANY=[], 0x8c0}, 0x1, 0x0, 0x0, 0x48810}, 0x4000)
recvmmsg$unix(r8, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000001d40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x12040, 0x0)
r9 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000000240)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0x11, 0x800}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "ec9700", 0x30, 0x2c, 0x0, @local, @mcast2, {[@fragment={0x3a}], @ndisc_redir={0x89, 0x2, 0x0, '\x00', @private0, @remote}}}}}, 0x66)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)={'team0\x00', <r10=>0x0})
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000030000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a3200000000240b0000060a010400000000000000000100000008000b4000000000fc0a048028000180080001006c6f67001c0002800e00024073797a6b616c6c65720000000800054000000008d00a01800e000100696d6d656469617465000000bc0a0280640002804c0002800900020073797a32000000000900020073797a310000000008000180fffffffc0900020073797a31000000000800034000009c920900020073797a300000000008000180ffffffff14000280080003400000000808000180fffffffb0800014000000002080001400000000b500002804b000100fa62d7ba9ceeacf9aa4f832b78f35731f355d63e192a72aef5e68a05d1b806151b6bd1e2d74abafd383790ad363fdc1b7766748630b48f9beefdb33c86d5835a470b5ffd20d7e9006c0102805c00028008000180fffffffe0900020073797a30000000000900020073797a320000000008000180ffffffff0900020073797a320000000008000180fffffffd0900020073797a310000000008000180fffffffc0800034000000e5628000280080003400000000608000340000000070900020073797a320000000008000180fffffffe540002800900020073797a320000000008000180fffffffe0800034000000000080003400000000008000340000000090900020073797a310000000008000180fffffffe080003400000800108000180fffffffd8e000100818ce881ff18470752e86442e8b77ddcfc7a4c87f05cd36147be26c85cc854cc117db1906007a5a8c298f4724c8c743d46ec7f3ba478d9dfb10bbe9e4fdfc2188d62db9bb1364fed383fe0b0c3fbbab83959470cb0ffb14765c32f10b54d99531d04caaf264214997543a1c63637d9a3a20b7ce9312e545626eb375c88462c198f35cf8a11616de4fa0c000098020280eb00010099c8e680eb4d0e7f78e1fb62226ae541d997c8cb51c5ebd0bb7e2730b61310dcd7525807288a7ad8c00f6aa230a1d1b876ddb0e188384e7c79cd8af94a02451a04d8f116bde38077da45650d82bdd1767b03e3f35bc4a5769e659d8cdb6d9d9d717c78b50f6b3ac899b07a9eaf2c989654de7d6609299bad01ca1f3fa8b6229a6c69627a07f627880e902231b20368f3ae64fd12fc37afeb95f14a4dc3d0bc5f6e2afd0fc8ef6982054cffa703ee1376654019ad6d2add9052c5d2f2e0ba3318f931b2c5f2dcce5cbca6093c64d23b64e2f2061da3dd5983644280de22d592b63b5d7f6b571beb005400010041bbc64da6bacaad1bebec23352accccbca40d6ba87943f82df945bf4ccc5250a0c2b2cb13793380f424b280bfb960885af6df4afa26efa8fcd7a1243389ef3fcf1d709f775a9cd1dfb2b84fd03e5d70f800010001950b7c0ec30534e476b721ba6e82d03078fe63b683918ecbbb9c339c8cdd63689339ac43acd5973f4aac8720a98d18e13b98e11e291f3f3621ed29c717639f84bdd28810da6ae30538775f15e00133741e9de3f96f69ab363752fa962b3c71041ba1e463a91d782a968d9febb648b66e71a6827c53b3be014b785f61c4fd46fef00658f64cdd465edb61ba4c5f00849b2935c485da99a38489ecc29837433ac5446c3922d73153fd8fb2368a5ce4201760ca6778f570b7fcb38be633a02d57c5884b6bcbaf3bc28ca7686edb5d59e1b823a8f0f5ff788625995d51c16413783c6290a9714bd4dcbd2a388139f3e46f69916f335c0002800900020073797a3000000000080003400000000908000180000000000900020073797a3000000000080003400000000808000180fffffffd080003400000000408000340fffffff908000180fffffffb0800034000000003a80002801c000280080003400000020008000340fffffff508000340000000001400028008000340000000050800034000000007720001001c2cce526d2ee30fb33f426450278cb35ac06b1cef15fefc26b5c17a8c9251bed316fccb5588f2e071fc355537fcf458cf14217f16ce4c12a4b559f3e807c94c6cc4f418baebc6024b74b9dbc5ef66dbbe91812ea247db80670c101ed494f105ad9c09b4eaf8d5c133b46a311c1a00001c0302802000028008000180fffffffc0900020073797a320000000008000340000000035c00028008000180fffffffc08000180fffffffc08000180fffffffb0900020073797a300000000008000340000000060900020073797a30000000000900020073797a31000000000900020073797a310000000008000180fffffffbf6000100330e5af714359ac9da33381a13071148dbe4293800e6be0290efbb549850cda132ca27a55553fd77c3067504c4596086f4001f53d49e8111395ebccb983c6b04735a58ab2617dfc62123b09c8dc5a47154667414dc28e8369829764b2e3cc23303a882890bad6d3a70d9e15701ec8c4c15a46d38c9ed6bc8658f8a45a02083f563324a27c649bab7cbcb485c289bd8df0a040128df6891ab48095977e0463f8e3ed7ba6df976ee30768954dfeb3f08c942b2c9384aa0b78baf92ecf5e4d73788afb1bc5a8f7c4b454897cd8bcac7f19cdd949fac66756da3b9311e13362eee317df853f6bc7e4638eb145a1484d3780e09b50000c8000100d5c1e4159bf770e02e6e1ebe911d7513709588175328d2e11f2ebf3f6967c49bedcb2a5459a45272bb8084e3bb55ea7a80166d97ec16457ed7d2a834d9aafdb2a54110ddc7975eaeda4f897ec7d533c27df0ce5ff92cfedadc67fff850ee5d07822d72b27af229d17ad2f8d802ae40d98f373e348a04b4f0270c71f82319de3a0331f165204896e0e448cf7ea0f8eb32a312fda6716f72f0234742fe6708ad0adf587ea21d94b8c8f5080028dda1e21d3d9ac82d8edd12941631b72b692ecc262d6ae12393000100c56deda494a09379df59bad8f0f17376b307ce49571034af728b1c4bf694e3b91406b976944238ab36ccaf40e3d92952ba87aa27af6353a82868c9508577a1b6a349fce75b3e4952b04b9527f496b5555e6db110dec07430b01446635eff12f136dbcb54fd4dc90b02e1bc6488ed74efd9eeb1b6de6e2a234f6c323df5c28a0352d03b34ee4f64ab614078125aa3cc0048000280080003400000000c08000340000000010900020073797a310000000008000180fffffffd0800034000008000080003400000dc5b08000180fffffffc08000180fffffffb2c0202804b000100cece2d8ff50c68c1060c2e691ddc50c6d87b46b4e5f6695010163d98bac2d9d7693cff0ec1e2107f58d3c305c78e5a596df92f1dbe80793dce5424be9e7951890023db7d0b9b2700e5000100f46e4b21dd4b92221713eece21b0e3bfb3fe995725eca78713a8d11ac82a6aefeeeab4720bd136479523ccafa34771afedeafc55275842bb7adb37ff3c93b19d9d5139f8b67ee81e380faa9506e6c8e5956cf7efc9828438d340aa4bfe771769c6ddb2f8c31049c1fc37e8f28812ea0aadd0caa7e32f6bb4b2b7a4473e5fa876c87bf285a503660ea12a0cfff6863a87c64ea83c31e737e278edcad77cb964828c7049d335e25156fd4d1c2faada6a8363794fe487155fbfd7c2e1b8504d4a744357734f51fca0426ffe929280df27411f8a90a067b285e970fa1e403722ae91dd000000f400010073e22ba6603d1c92836887468b100c2dc430efeb2ef19c66bd0582fe94df7b5a20292fdfbd2009980dbf9651685f7713bfb0f42583e452670f29e2cabf848fcdcb7a2067f0b257efd7dc927e540584b08f026e14be231afa797e36410d8ad6cbced8c5d2cce2f5a8b75713e57b3161b5b4ce78f283bf59a04f90bc1c5a4371abed0124c621ecb51b6166ad39f14216c09456232b7ea8dd7058bbbeae"], 0xb98}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newlink={0x54, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x5, 0x1}, @IFLA_BR_NF_CALL_IP6TABLES={0x5, 0x25, 0x1}, @IFLA_BR_VLAN_STATS_ENABLED={0x5}]}}}, @IFLA_MASTER={0x8, 0xa, r10}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
close(r3)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x4e6f, 0x4)
sendmsg$netlink(r1, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000003a0600ac141430e0000003808a8972bd0b72e4108296a3d206163944f8afc1bf505602da9168d6f9ce320068ff1f7e345a170d1423c2e18c8ed410c8aab9a20b514d2b583b90a86da4483488c0fdc6c2"], 0xdd12}], 0x1, 0x0, 0x0, 0x4000}, 0x1)

417.250895ms ago: executing program 1 (id=2346):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000020603000000000000000000ffea000005000100070000000900020073797a300000000014000780080012401b0000000800084000000000050005000000001005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0)

328.895796ms ago: executing program 1 (id=2347):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x60, 0x2, 0x6, 0x201, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x4}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x60}}, 0x0)

268.877383ms ago: executing program 1 (id=2350):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002})
writev(r0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="60b772204a47", 0x6}, {&(0x7f0000000080)="0bc3", 0x2}, {&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00\x00', 0x7}], 0x3)

240.443682ms ago: executing program 0 (id=2352):
unshare(0x20000400)
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6(0xa, 0x3, 0x84)
r2 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@mcast2, @in6=@loopback, 0x4e24, 0x0, 0x4e21, 0x0, 0xa, 0x0, 0x20, 0xc}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x3, 0x0, 0x804, 0x2}, {}, 0x0, 0x6e6bb9}, {{@in=@private=0xa010100, 0xfffffffb, 0x32}, 0x0, @in6=@mcast1, 0x0, 0x5, 0x1, 0x0, 0x200}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@local, @in=@empty, 0x0, 0x3, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x32}, {0x0, 0x15000000000000, 0x0, 0x2, 0x8001, 0xfffffffffffffffd, 0x0, 0xd3d}, {0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x89, 0x1, 0x1}, {{@in6=@empty, 0x4da, 0x3c}, 0xa, @in=@multicast2, 0xfffffffe, 0x1, 0x0, 0x0, 0x4, 0x0, 0x5}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
vmsplice(r0, &(0x7f0000000440)=[{&(0x7f00000007c0)}, {0x0}, {&(0x7f0000000740)="ea40fb486d881eb9ec6316f2dcc192a78556d73fe204e30d766cd679940088405d85e4d76b541899de6f3bc6c33639c6fedabb4493", 0x35}, {&(0x7f00000002c0)="2362c46679bd7492095bd8e223d5044d43e1e72caaf593cfb61a882fe57ea6662b61273a5e4e7d441a0d62792a36feb2", 0x30}], 0x4, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3}, @in6=@dev, 0x0, 0x0, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff80000000}, {0xfffffffffffffffc}, 0xfffffffc, 0x0, 0x1, 0x0, 0x4, 0x3}, {{@in=@rand_addr=0x64010102, 0x0, 0x33}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[], 0x0, 0x56}, 0x28)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b', @ANYRES32=0x0, @ANYRES32], 0x48)
ioctl$SIOCGETLINKNAME(r0, 0x89e0, &(0x7f00000006c0)={0x3, 0x3})
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r6, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r6}, 0x0, &(0x7f0000000300)=r7}, 0x20)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)={0x1c, 0x0, 0x331, 0x0, 0x25dfdbfb, {0xb}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
socket$inet6(0xa, 0x80003, 0xff)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r8, 0x400448e1, &(0x7f0000000000))
vmsplice(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x2)

237.847108ms ago: executing program 2 (id=2353):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x30, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1000000}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x13}]}, 0x30}}, 0x0)

132.549401ms ago: executing program 1 (id=2354):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf0fd26d4eef23248000000f858dbb8a19052343f", 0x26}, {&(0x7f0000000580)="051a00000e80006558f2878f0200000000000020", 0x14}], 0x2)

132.357498ms ago: executing program 2 (id=2355):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000007440000000c0a01020000000000000000010000000900020073797a320000000018000380140000800400018008000340000000019a930b800900010073797a3000"], 0xd0}}, 0x0)

131.909969ms ago: executing program 2 (id=2356):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="44000000180001f72bbd7000fbdbdf250aa48d00fd04c800002000000c00090008000808", @ANYRES32=0x0, @ANYBLOB="140005"], 0x44}, 0x1, 0x2}, 0x10)

70.025238ms ago: executing program 2 (id=2357):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r0, 0x0, 0x17, 0x0, 0x0)

69.825581ms ago: executing program 2 (id=2358):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="080004006f"], 0x2c}}, 0x0)

131.313µs ago: executing program 1 (id=2359):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@ipv4_newrule={0x24, 0x1e, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x1}, [@FRA_DST={0x8, 0x1, @empty}]}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x0)

0s ago: executing program 2 (id=2360):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:11453' (ED25519) to the list of known hosts.
syzkaller login: [   48.658602][ T5756] cgroup: Unknown subsys name 'net'
[   48.800265][ T5756] cgroup: Unknown subsys name 'cpuset'
[   48.807132][ T5756] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.430632][ T5756] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   54.980586][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.984459][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.988246][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.002133][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.005823][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.088187][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.092428][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.096972][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.101391][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.105058][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.125101][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.128843][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.132863][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.137830][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.141521][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.411059][ T5829] chnl_net:caif_netlink_parms(): no params data found
[   55.420284][ T5824] chnl_net:caif_netlink_parms(): no params data found
[   55.477234][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   55.584880][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.587898][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.590362][ T5829] bridge_slave_0: entered allmulticast mode
[   55.594230][ T5829] bridge_slave_0: entered promiscuous mode
[   55.598374][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.600801][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.603640][ T5829] bridge_slave_1: entered allmulticast mode
[   55.606885][ T5829] bridge_slave_1: entered promiscuous mode
[   55.610511][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.613800][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.616706][ T5824] bridge_slave_0: entered allmulticast mode
[   55.619956][ T5824] bridge_slave_0: entered promiscuous mode
[   55.623774][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.626672][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.629574][ T5824] bridge_slave_1: entered allmulticast mode
[   55.632900][ T5824] bridge_slave_1: entered promiscuous mode
[   55.697897][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.718521][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.724388][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.730070][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.734103][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.737911][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.740998][ T5831] bridge_slave_0: entered allmulticast mode
[   55.746161][ T5831] bridge_slave_0: entered promiscuous mode
[   55.750897][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.754300][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.757267][ T5831] bridge_slave_1: entered allmulticast mode
[   55.761189][ T5831] bridge_slave_1: entered promiscuous mode
[   55.810310][ T5824] team0: Port device team_slave_0 added
[   55.814876][ T5824] team0: Port device team_slave_1 added
[   55.817787][ T5829] team0: Port device team_slave_0 added
[   55.849902][ T5829] team0: Port device team_slave_1 added
[   55.862705][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.867316][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.869869][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.878955][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.893925][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.898295][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.900602][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.909118][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.913601][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.915809][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.924219][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.946519][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.948785][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.957950][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.970917][ T5831] team0: Port device team_slave_0 added
[   55.975024][ T5831] team0: Port device team_slave_1 added
[   56.024821][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.027806][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.039196][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.057248][ T5824] hsr_slave_0: entered promiscuous mode
[   56.059746][ T5824] hsr_slave_1: entered promiscuous mode
[   56.065448][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.068255][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.077297][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.136159][ T5829] hsr_slave_0: entered promiscuous mode
[   56.139020][ T5829] hsr_slave_1: entered promiscuous mode
[   56.143844][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.146477][ T5829] Cannot create hsr debugfs directory
[   56.157157][ T5831] hsr_slave_0: entered promiscuous mode
[   56.159527][ T5831] hsr_slave_1: entered promiscuous mode
[   56.161817][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.164908][ T5831] Cannot create hsr debugfs directory
[   56.408642][ T5824] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.415614][ T5824] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.428748][ T5824] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.439563][ T5824] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.467882][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.475753][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.484313][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.490684][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.546121][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.556966][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.570577][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.575270][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.629413][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.644165][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.660772][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   56.671125][   T80] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.674404][   T80] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.680672][ T5824] 8021q: adding VLAN 0 to HW filter on device team0
[   56.695444][ T3562] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.698642][ T3562] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.710255][   T80] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.713270][   T80] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.725902][   T80] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.728295][   T80] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.770628][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.797507][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   56.824305][ T3562] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.827288][ T3562] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.837118][ T3562] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.840031][ T3562] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.919107][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.965303][ T5824] veth0_vlan: entered promiscuous mode
[   56.981082][ T5824] veth1_vlan: entered promiscuous mode
[   56.991125][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.003273][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.037739][ T5824] veth0_macvtap: entered promiscuous mode
[   57.049659][ T5824] veth1_macvtap: entered promiscuous mode
[   57.052646][   T54] Bluetooth: hci0: command tx timeout
[   57.068429][ T5831] veth0_vlan: entered promiscuous mode
[   57.074135][ T5829] veth0_vlan: entered promiscuous mode
[   57.080461][ T5831] veth1_vlan: entered promiscuous mode
[   57.090105][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.093201][ T5829] veth1_vlan: entered promiscuous mode
[   57.100039][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.117942][ T5660] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.120910][ T5660] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.129588][ T5831] veth0_macvtap: entered promiscuous mode
[   57.134133][   T54] Bluetooth: hci1: command tx timeout
[   57.135852][ T5660] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.140117][ T5660] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.148950][ T5831] veth1_macvtap: entered promiscuous mode
[   57.169104][ T5829] veth0_macvtap: entered promiscuous mode
[   57.205965][ T5829] veth1_macvtap: entered promiscuous mode
[   57.212159][   T54] Bluetooth: hci2: command tx timeout
[   57.214076][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.221306][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.226382][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.231544][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.261299][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.264830][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.273179][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.276350][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.279496][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.279967][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.289033][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.309171][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.328961][ T5885] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.357578][ T5885] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.361383][ T5824] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.374946][ T5885] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.394090][ T5885] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.447770][ T3562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.450407][ T3562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.479684][ T3562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.487052][ T3562] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.505429][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.507993][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.545200][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.547848][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.738014][ T5902] warning: `syz.2.7' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   58.389635][ T5920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14'.
[   58.435419][ T5922] netlink: 56 bytes leftover after parsing attributes in process `syz.0.15'.
[   58.438963][ T5922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15'.
[   58.445631][ T5922] netlink: 24 bytes leftover after parsing attributes in process `syz.0.15'.
[   59.058829][ T5953] Zero length message leads to an empty skb
[   59.133177][   T54] Bluetooth: hci0: command tx timeout
[   59.139815][ T5957] netlink: 'syz.1.31': attribute type 83 has an invalid length.
[   59.211921][   T54] Bluetooth: hci1: command tx timeout
[   59.294565][   T54] Bluetooth: hci2: command tx timeout
[   59.369035][ T5980] Bluetooth: MGMT ver 1.23
[   60.487963][ T6015] syzkaller1: entered promiscuous mode
[   60.490235][ T6015] syzkaller1: entered allmulticast mode
[   60.593486][ T6021] netlink: 'syz.2.58': attribute type 1 has an invalid length.
[   60.595987][ T6021] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.58'.
[   60.677738][ T6025] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.757706][ T6029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.62'.
[   61.145900][ T6055] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.212023][ T6000] Bluetooth: hci0: command tx timeout
[   61.299842][ T6000] Bluetooth: hci1: command tx timeout
[   61.373108][ T6000] Bluetooth: hci2: command tx timeout
[   61.408200][ T6073] ieee802154 phy0 wpan0: encryption failed: -90
[   61.455581][   T54] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   61.542574][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[   61.542763][ T6081] netlink: 4 bytes leftover after parsing attributes in process `syz.0.88'.
[   61.550919][ T6081] netlink: 16 bytes leftover after parsing attributes in process `syz.0.88'.
[   61.789162][ T5519] IPVS: starting estimator thread 0...
[   61.794194][ T6091] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[   61.809950][ T6098] netlink: 28 bytes leftover after parsing attributes in process `syz.1.93'.
[   61.885220][ T6096] IPVS: using max 53 ests per chain, 127200 per kthread
[   62.265869][ T6120] netlink: 'syz.2.102': attribute type 5 has an invalid length.
[   62.268548][ T6120] netlink: 'syz.2.102': attribute type 5 has an invalid length.
[   62.622226][ T6143] netlink: 16 bytes leftover after parsing attributes in process `syz.2.113'.
[   63.292509][   T54] Bluetooth: hci0: command 0x0419 tx timeout
[   63.349172][ T6187] netlink: 'syz.1.128': attribute type 14 has an invalid length.
[   63.374308][   T54] Bluetooth: hci1: command tx timeout
[   63.444209][ T6193] __nla_validate_parse: 4 callbacks suppressed
[   63.444226][ T6193] netlink: 8 bytes leftover after parsing attributes in process `syz.0.131'.
[   63.453204][   T54] Bluetooth: hci2: command 0x0419 tx timeout
[   63.640024][    C0] Unknown status report in ack skb
[   63.755451][ T6212] tipc: Started in network mode
[   63.762495][ T6212] tipc: Node identity 3e36a705c42c, cluster identity 4711
[   63.768547][ T6212] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   63.779490][ T6212] syzkaller0: entered promiscuous mode
[   63.783559][ T6212] syzkaller0: entered allmulticast mode
[   63.825943][ T6212] tipc: Resetting bearer <eth:syzkaller0>
[   63.830991][ T6211] tipc: Resetting bearer <eth:syzkaller0>
[   63.855208][ T6211] tipc: Disabling bearer <eth:syzkaller0>
[   63.986645][ T6228] syz.0.147 uses obsolete (PF_INET,SOCK_PACKET)
[   64.093596][ T6231] openvswitch: netlink: Message has 1 unknown bytes.
[   64.101988][ T6231] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   64.736783][ T6261] netlink: 'syz.2.160': attribute type 10 has an invalid length.
[   64.751786][ T6261] team0: Port device dummy0 added
[   64.883957][ T6271] netlink: 60 bytes leftover after parsing attributes in process `syz.1.166'.
[   65.172653][ T6283] netlink: 28 bytes leftover after parsing attributes in process `syz.0.172'.
[   65.372286][   T54] Bluetooth: hci0: command 0x0419 tx timeout
[   65.532473][   T54] Bluetooth: hci2: command 0x0419 tx timeout
[   65.593277][ T6311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'.
[   65.596445][ T6311] openvswitch: netlink: nsh attribute has 2338 unknown bytes.
[   65.605302][ T6311] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   65.990510][ T6333] netlink: 'syz.2.193': attribute type 2 has an invalid length.
[   65.996351][ T6333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.193'.
[   66.333825][ T6364] netlink: 8 bytes leftover after parsing attributes in process `syz.2.206'.
[   66.343770][ T6366] netlink: 'syz.1.207': attribute type 1 has an invalid length.
[   66.399061][ T6366] bond1: (slave bridge2): making interface the new active one
[   66.403417][ T6366] bond1: (slave bridge2): Enslaving as an active interface with an up link
[   66.786343][ T6408] netlink: 52 bytes leftover after parsing attributes in process `syz.2.226'.
[   66.789484][ T6408] netlink: 'syz.2.226': attribute type 1 has an invalid length.
[   66.856084][ T6416] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[   66.893646][ T6418] vlan2: entered promiscuous mode
[   66.895895][ T6418] bridge0: entered promiscuous mode
[   67.587584][ T6455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.245'.
[   67.636850][ T6458] netlink: 100 bytes leftover after parsing attributes in process `syz.0.248'.
[   67.798583][ T6471] netlink: 12 bytes leftover after parsing attributes in process `syz.0.254'.
[   67.946895][ T6483] tipc: Started in network mode
[   67.948577][ T6483] tipc: Node identity ce3dbf754011, cluster identity 4711
[   67.951015][ T6483] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   67.953896][ T6483] syzkaller0: entered promiscuous mode
[   67.955763][ T6483] syzkaller0: entered allmulticast mode
[   67.972483][ T6483] sch_tbf: burst 12 is lower than device syzkaller0 mtu (1514) !
[   67.979133][ T6483] tipc: Resetting bearer <eth:syzkaller0>
[   68.002053][ T6482] tipc: Resetting bearer <eth:syzkaller0>
[   68.010576][ T6489] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0
[   68.019367][ T6482] tipc: Disabling bearer <eth:syzkaller0>
[   68.370491][ T6518] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   68.375826][ T6518] syzkaller0: entered promiscuous mode
[   68.377902][ T6518] syzkaller0: entered allmulticast mode
[   68.418383][ T6518] tipc: Resetting bearer <eth:syzkaller0>
[   68.425371][ T6515] tipc: Resetting bearer <eth:syzkaller0>
[   68.456935][ T6515] tipc: Disabling bearer <eth:syzkaller0>
[   69.054740][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[   69.189706][ T6547] xt_TPROXY: Can be used only with -p tcp or -p udp
[   69.271152][ T6551] netlink: 'syz.2.288': attribute type 10 has an invalid length.
[   69.351975][ T6555] netlink: 'syz.2.290': attribute type 11 has an invalid length.
[   69.362002][ T6555] __nla_validate_parse: 4 callbacks suppressed
[   69.362012][ T6555] netlink: 244 bytes leftover after parsing attributes in process `syz.2.290'.
[   69.407047][ T6559] netlink: 'syz.2.292': attribute type 5 has an invalid length.
[   69.423984][ T6559] netlink: 8 bytes leftover after parsing attributes in process `syz.2.292'.
[   69.549686][ T6569] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   69.555470][ T6569] syzkaller0: entered promiscuous mode
[   69.557927][ T6569] syzkaller0: entered allmulticast mode
[   69.579166][ T6569] tipc: Resetting bearer <eth:syzkaller0>
[   69.588928][ T6568] tipc: Resetting bearer <eth:syzkaller0>
[   69.614382][ T6568] tipc: Disabling bearer <eth:syzkaller0>
[   69.619753][ T6575] netlink: 224 bytes leftover after parsing attributes in process `syz.0.300'.
[   69.623260][ T6575] netlink: 16 bytes leftover after parsing attributes in process `syz.0.300'.
[   69.727225][ T6588] netlink: 24 bytes leftover after parsing attributes in process `syz.1.304'.
[   70.049286][ T6624] netlink: 20 bytes leftover after parsing attributes in process `syz.2.323'.
[   70.076707][ T6627] openvswitch: netlink: Actions may not be safe on all matching packets
[   70.174510][ T6637] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[   70.501409][ T6666] netlink: 'syz.1.338': attribute type 1 has an invalid length.
[   70.521513][ T6666] netlink: 'syz.1.338': attribute type 2 has an invalid length.
[   70.524780][ T6666] netlink: 1172 bytes leftover after parsing attributes in process `syz.1.338'.
[   70.678140][ T6679] netlink: zone id is out of range
[   70.680999][ T6679] netlink: zone id is out of range
[   70.725883][ T6679] netlink: zone id is out of range
[   70.803267][ T6679] netlink: zone id is out of range
[   70.822793][ T6679] netlink: zone id is out of range
[   70.832540][ T6679] netlink: zone id is out of range
[   70.834948][ T6679] netlink: zone id is out of range
[   70.837414][ T6679] netlink: zone id is out of range
[   70.987816][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   70.990372][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.223860][ T6715] batadv_slave_0: entered promiscuous mode
[   71.227917][ T6715] batadv_slave_0: left promiscuous mode
[   71.545720][ T6733] netlink: 28 bytes leftover after parsing attributes in process `syz.1.359'.
[   71.548638][ T6733] netlink: 28 bytes leftover after parsing attributes in process `syz.1.359'.
[   71.551485][ T6733] netlink: 'syz.1.359': attribute type 4 has an invalid length.
[   71.625109][ T6738] bond0: Unable to set up delay as MII monitoring is disabled
[   71.876613][ T6754] netlink: 4 bytes leftover after parsing attributes in process `syz.1.369'.
[   71.920234][ T6754] hsr_slave_1 (unregistering): left promiscuous mode
[   72.030402][ T6758] bridge1: the hash_elasticity option has been deprecated and is always 16
[   72.037265][ T6758] bridge1: entered allmulticast mode
[   73.298893][ T6801] netlink: 'syz.1.388': attribute type 7 has an invalid length.
[   73.557208][ T6825] netlink: 'syz.2.398': attribute type 2 has an invalid length.
[   73.839778][ T6851] v: renamed from ip6_vti0 (while UP)
[   74.292624][ T6868] block nbd0: server does not support multiple connections per device.
[   74.296890][ T6868] block nbd0: shutting down sockets
[   74.587516][ T6888] netlink: 'syz.0.427': attribute type 1 has an invalid length.
[   74.615242][ T6890] xt_TCPMSS: Only works on TCP SYN packets
[   74.648304][ T6892] __nla_validate_parse: 7 callbacks suppressed
[   74.648313][ T6892] netlink: 28 bytes leftover after parsing attributes in process `syz.2.429'.
[   74.653971][ T6892] netlink: 'syz.2.429': attribute type 7 has an invalid length.
[   74.656641][ T6892] netlink: 'syz.2.429': attribute type 8 has an invalid length.
[   74.659223][ T6892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.429'.
[   74.669145][ T6892] gretap0: entered promiscuous mode
[   74.672657][ T6892] batadv_slave_1: entered promiscuous mode
[   74.675070][ T6892] erspan0: entered promiscuous mode
[   74.717581][ T6900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.433'.
[   74.720685][ T6900] net_ratelimit: 8 callbacks suppressed
[   74.720698][ T6900] openvswitch: netlink: nsh attr 0 has unexpected len 7 expected 0
[   74.732950][ T6900] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   74.829173][ T6912] netlink: 24 bytes leftover after parsing attributes in process `syz.2.439'.
[   74.879816][ T6916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.441'.
[   74.989432][ T6924] Driver unsupported XDP return value 0 on prog  (id 48) dev N/A, expect packet loss!
[   75.083756][ T6932] netlink: 8 bytes leftover after parsing attributes in process `syz.2.448'.
[   75.227617][ T6944] netlink: 148 bytes leftover after parsing attributes in process `syz.1.454'.
[   75.249648][ T6946] netlink: 248 bytes leftover after parsing attributes in process `syz.2.455'.
[   75.370393][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.460'.
[   75.417494][ T6965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.462'.
[   75.696698][ T6992] netlink: 'syz.0.472': attribute type 15 has an invalid length.
[   75.897427][ T7019] bond0: option mode: unable to set because the bond device has slaves
[   75.906789][ T7016] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[   75.910028][ T7016] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0
[   76.009354][ T7034] openvswitch: netlink: Tunnel attr 7 has unexpected len 16 expected 0
[   76.144902][ T7048] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[   76.213416][ T7058] netlink: 'syz.2.495': attribute type 10 has an invalid length.
[   76.216296][ T7058] netlink: 'syz.2.495': attribute type 49 has an invalid length.
[   76.337272][ T7069] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[   76.659421][ T7105] netlink: 'syz.2.513': attribute type 21 has an invalid length.
[   76.668252][ T7105] netlink: 'syz.2.513': attribute type 4 has an invalid length.
[   76.672126][ T7105] netlink: 'syz.2.513': attribute type 3 has an invalid length.
[   76.681039][ T7107] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   77.127408][ T7135] tipc: Started in network mode
[   77.129077][ T7135] tipc: Node identity 8292238f6b97, cluster identity 4711
[   77.131420][ T7135] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   77.138407][ T7135] syzkaller0: entered promiscuous mode
[   77.140602][ T7135] syzkaller0: entered allmulticast mode
[   77.168216][ T7135] tipc: Resetting bearer <eth:syzkaller0>
[   77.173628][ T7134] tipc: Resetting bearer <eth:syzkaller0>
[   77.185192][ T7134] tipc: Disabling bearer <eth:syzkaller0>
[   77.426651][ T7155] netlink: 'syz.1.535': attribute type 21 has an invalid length.
[   77.429775][ T7155] netlink: 'syz.1.535': attribute type 1 has an invalid length.
[   77.817575][ T7174] netem: change failed
[   77.832070][ T7176] netlink: 'syz.1.545': attribute type 29 has an invalid length.
[   77.839651][ T7176] netlink: 'syz.1.545': attribute type 29 has an invalid length.
[   79.399686][ T7296] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x5
[   79.438714][ T7300] netdevsim netdevsim2 : renamed from netdevsim0 (while UP)
[   79.539557][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803c4e3000: rx timeout, send abort
[   80.039952][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803c4e0800: rx timeout, send abort
[   80.043642][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803c4e3000: abort rx timeout. Force session deactivation
[   80.329743][ T7384] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   80.334454][ T7384] syzkaller0: entered promiscuous mode
[   80.336440][ T7384] syzkaller0: entered allmulticast mode
[   80.352777][ T7384] tipc: Resetting bearer <eth:syzkaller0>
[   80.362669][ T7383] tipc: Resetting bearer <eth:syzkaller0>
[   80.383275][ T7383] tipc: Disabling bearer <eth:syzkaller0>
[   80.542728][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803c4e0800: abort rx timeout. Force session deactivation
[   81.219634][   T24] cfg80211: failed to load regulatory.db
[   81.355735][ T7427] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.424503][ T7427] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.514684][ T7427] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.600705][ T7427] netdevsim netdevsim2  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.624302][ T7441] netlink: zone id is out of range
[   81.626791][ T7441] netlink: zone id is out of range
[   81.629277][ T7441] netlink: zone id is out of range
[   81.632021][ T7441] netlink: zone id is out of range
[   81.634910][ T7441] netlink: zone id is out of range
[   81.637297][ T7441] netlink: zone id is out of range
[   81.639868][ T7441] netlink: zone id is out of range
[   81.646213][ T7441] netlink: zone id is out of range
[   81.650134][ T7441] netlink: zone id is out of range
[   81.652933][ T7441] netlink: zone id is out of range
[   81.689513][ T5660] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.699393][ T5660] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.709474][ T5660] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.724837][ T5660] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.764537][ T7444] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.835358][ T7444] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.903783][ T7444] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.988218][ T7444] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.049799][   T12] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.066316][   T12] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.085666][   T12] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.092275][   T12] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.229172][ T7433] Bluetooth: hci0: Opcode 0x080f failed: -4
[   83.385991][ T7504] validate_nla: 27 callbacks suppressed
[   83.386007][ T7504] netlink: 'syz.0.688': attribute type 10 has an invalid length.
[   83.452169][   T54] Bluetooth: hci0: command 0x0419 tx timeout
[   83.464621][ T7511] netlink: 'syz.1.692': attribute type 7 has an invalid length.
[   83.467873][ T7511] netlink: 'syz.1.692': attribute type 8 has an invalid length.
[   83.507488][ T7518] IPv6: NLM_F_REPLACE set, but no existing node found!
[   83.596923][ T7526] __nla_validate_parse: 17 callbacks suppressed
[   83.596938][ T7526] netlink: 312 bytes leftover after parsing attributes in process `syz.2.699'.
[   83.835449][ T7550] netlink: 201916 bytes leftover after parsing attributes in process `syz.1.709'.
[   83.850320][ T7549] bridge2: entered promiscuous mode
[   84.099170][ T7580] ip6t_srh: unknown srh invflags 4449
[   84.099954][ T7581] netlink: 'syz.2.726': attribute type 1 has an invalid length.
[   85.102233][ T7657] netlink: 4 bytes leftover after parsing attributes in process `syz.1.761'.
[   85.142661][ T7659] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   85.145975][ T7659] syzkaller0: entered promiscuous mode
[   85.147729][ T7659] syzkaller0: entered allmulticast mode
[   85.157655][ T7659] tipc: Resetting bearer <eth:syzkaller0>
[   85.161338][ T7658] tipc: Resetting bearer <eth:syzkaller0>
[   85.169517][ T7658] tipc: Disabling bearer <eth:syzkaller0>
[   85.659732][ T7685] netlink: 4280 bytes leftover after parsing attributes in process `syz.2.773'.
[   85.664847][ T7685] netlink: 4280 bytes leftover after parsing attributes in process `syz.2.773'.
[   85.851482][ T7695] netlink: 16 bytes leftover after parsing attributes in process `syz.2.778'.
[   85.859846][ T7698] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg0, syncid = 4, id = 0
[   86.276362][ T7706] netlink: 104 bytes leftover after parsing attributes in process `syz.1.783'.
[   86.904761][ T7727] netlink: 252 bytes leftover after parsing attributes in process `syz.1.791'.
[   86.933886][ T7729] pimreg: entered allmulticast mode
[   86.941224][ T7729] pimreg: left allmulticast mode
[   86.967359][ T7731] netlink: 96 bytes leftover after parsing attributes in process `syz.0.793'.
[   87.089780][ T7743] netlink: 4 bytes leftover after parsing attributes in process `syz.0.797'.
[   87.173936][ T7743] hsr_slave_1 (unregistering): left promiscuous mode
[   87.913890][ T7801] team1 (uninitialized): Failed to send options change via netlink (err -105)
[   87.931323][ T7801] team1: entered promiscuous mode
[   87.934322][ T7801] team1: entered allmulticast mode
[   88.293777][ T7839] delete_channel: no stack
[   88.536359][   T12] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   88.676971][ T7875] syzkaller0: MTU too low for tipc bearer
[   88.679590][ T7875] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   88.686341][ T7877] __nla_validate_parse: 7 callbacks suppressed
[   88.686353][ T7877] netlink: 32 bytes leftover after parsing attributes in process `syz.0.840'.
[   89.205644][ T7919] lo: entered allmulticast mode
[   89.210197][ T7919] lo: left allmulticast mode
[   89.247537][ T7924] netlink: 'syz.0.861': attribute type 39 has an invalid length.
[   89.360436][ T7933] xt_policy: too many policy elements
[   89.530873][ T7947] netlink: 'syz.2.868': attribute type 12 has an invalid length.
[   89.551758][ T7947] netlink: 9472 bytes leftover after parsing attributes in process `syz.2.868'.
[   90.655842][ T8015] netlink: 36 bytes leftover after parsing attributes in process `syz.0.887'.
[   90.794878][ T8022] netlink: 52 bytes leftover after parsing attributes in process `syz.2.890'.
[   90.809728][ T8022] netlink: 52 bytes leftover after parsing attributes in process `syz.2.890'.
[   90.823770][ T8022] netlink: 52 bytes leftover after parsing attributes in process `syz.2.890'.
[   90.846917][ T8022] netlink: 16 bytes leftover after parsing attributes in process `syz.2.890'.
[   91.276224][ T8039] net_ratelimit: 6 callbacks suppressed
[   91.276235][ T8039] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[   91.313202][ T8041] netlink: 'syz.0.897': attribute type 1 has an invalid length.
[   91.551344][ T8044] bond2: entered promiscuous mode
[   91.570892][ T8044] bond2: entered allmulticast mode
[   91.591352][ T8044] 8021q: adding VLAN 0 to HW filter on device bond2
[   91.642939][ T8041] netlink: 'syz.0.897': attribute type 4 has an invalid length.
[   91.816626][ T8052] x_tables: duplicate entry at hook 1
[   92.156786][ T8060] netlink: 'syz.0.905': attribute type 10 has an invalid length.
[   92.159269][ T8060] netlink: 40 bytes leftover after parsing attributes in process `syz.0.905'.
[   92.164257][ T8060] dummy0: entered promiscuous mode
[   92.167085][ T8060] bridge0: port 3(dummy0) entered blocking state
[   92.169201][ T8060] bridge0: port 3(dummy0) entered disabled state
[   92.171472][ T8060] dummy0: entered allmulticast mode
[   92.178740][ T8060] bridge0: port 3(dummy0) entered blocking state
[   92.181092][ T8060] bridge0: port 3(dummy0) entered forwarding state
[   92.284312][ T8064] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   92.300844][ T8064] syzkaller0: entered promiscuous mode
[   92.302916][ T8064] syzkaller0: entered allmulticast mode
[   92.375580][ T8064] tipc: Resetting bearer <eth:syzkaller0>
[   92.389797][ T8063] tipc: Resetting bearer <eth:syzkaller0>
[   92.413586][ T8063] tipc: Disabling bearer <eth:syzkaller0>
[   92.797900][ T8078] netlink: 16 bytes leftover after parsing attributes in process `syz.2.914'.
[   92.916021][ T8082] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[   94.089710][ T8163] __nla_validate_parse: 3 callbacks suppressed
[   94.089720][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.953'.
[   94.094220][ T8167] veth0: entered promiscuous mode
[   94.100292][ T8167] netlink: 4 bytes leftover after parsing attributes in process `syz.2.956'.
[   94.115375][ T8163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.953'.
[   94.247275][ T8178] netlink: 'syz.0.963': attribute type 1 has an invalid length.
[   94.357492][ T8187] 8021q: adding VLAN 0 to HW filter on device bond4
[   94.374302][ T8187] bond3: (slave bond4): making interface the new active one
[   94.387028][ T8187] bond3: (slave bond4): Enslaving as an active interface with an up link
[   94.429176][   T33] audit: type=1804 audit(1753405399.783:2): pid=8194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.966" name="/newroot/292/cgroup.controllers" dev="tmpfs" ino=1488 res=1 errno=0
[   94.461897][   T33] audit: type=1800 audit(1753405399.783:3): pid=8194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.966" name="cgroup.controllers" dev="tmpfs" ino=1488 res=0 errno=0
[   94.882656][ T8218] netlink: 248 bytes leftover after parsing attributes in process `syz.0.977'.
[   94.943946][ T8220] netlink: 'syz.1.978': attribute type 29 has an invalid length.
[   94.953440][ T8220] netlink: 'syz.1.978': attribute type 29 has an invalid length.
[   95.243843][ T8234] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   95.246638][ T8234] syzkaller0: entered promiscuous mode
[   95.248520][ T8234] syzkaller0: entered allmulticast mode
[   95.298368][ T8234] tipc: Resetting bearer <eth:syzkaller0>
[   95.303542][ T8233] tipc: Resetting bearer <eth:syzkaller0>
[   95.336299][ T8233] tipc: Disabling bearer <eth:syzkaller0>
[   95.824543][ T8262] netlink: 244 bytes leftover after parsing attributes in process `syz.0.997'.
[   96.065747][ T8274] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1003'.
[   96.178361][ T8286] x_tables: unsorted entry at hook 3
[   96.604281][ T8325] netlink: 'syz.1.1027': attribute type 1 has an invalid length.
[   96.607599][ T8325] NCSI netlink: No device for ifindex 0
[   96.722134][ T8339] set match dimension is over the limit!
[   97.247077][ T8381] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1051'.
[   98.072729][ T8423] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1066'.
[   98.248005][ T8441] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1076'.
[   98.412843][ T8453] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.425831][ T8457] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1084'.
[   98.474959][ T8462] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   98.478283][ T8462] syzkaller0: entered promiscuous mode
[   98.483851][ T8462] syzkaller0: entered allmulticast mode
[   98.523138][ T8453] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.534254][ T8462] tipc: Resetting bearer <eth:syzkaller0>
[   98.538262][ T8460] tipc: Resetting bearer <eth:syzkaller0>
[   98.543176][ T8465] netlink: 'syz.0.1087': attribute type 1 has an invalid length.
[   98.550196][ T8460] tipc: Disabling bearer <eth:syzkaller0>
[   98.576511][ T8453] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.677779][ T8453] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   98.691277][ T8477] netlink: 'syz.2.1092': attribute type 11 has an invalid length.
[   98.743596][ T5885] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.780398][ T5885] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.791686][ T5885] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.825066][ T5885] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.295916][ T8495] trusted_key: syz.1.1098 sent an empty control message without MSG_MORE.
[   99.458762][ T8502] __nla_validate_parse: 2 callbacks suppressed
[   99.458777][ T8502] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1101'.
[   99.705157][ T8513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1106'.
[   99.871873][ T8523] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   99.880221][ T8523] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1111'.
[  100.006855][ T8529] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1115'.
[  100.032342][ T8533] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1116'.
[  100.043412][ T8535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1117'.
[  100.050311][ T8535] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  100.053873][ T8535] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  100.076280][ T8537] netlink: 288 bytes leftover after parsing attributes in process `syz.1.1118'.
[  100.116605][ T8540] 8021q: VLANs not supported on ipvlan1
[  100.126988][ T5519] IPVS: starting estimator thread 0...
[  100.223306][ T8545] IPVS: using max 48 ests per chain, 115200 per kthread
[  100.259857][ T8554] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1125'.
[  100.522540][ T8572] netlink: 'syz.0.1134': attribute type 1 has an invalid length.
[  100.679204][ T8578] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1137'.
[  100.682423][ T8578] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1137'.
[  101.229030][ T8619] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  101.295578][ T8625] unsupported nlmsg_type 40
[  102.029154][ T8703] delete_channel: no stack
[  102.475661][   T54] Bluetooth: hci2: link tx timeout
[  102.477740][   T54] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  102.601357][ T8751] xt_bpf: check failed: parse error
[  103.433831][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  103.634043][ T8813] netlink: 'syz.1.1244': attribute type 22 has an invalid length.
[  103.743600][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  104.193538][ T8820] syz.0.1247: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  104.198999][ T8820] CPU: 1 UID: 0 PID: 8820 Comm: syz.0.1247 Not tainted 6.16.0-rc7-syzkaller-01630-g8b5a19b4ff6a-dirty #0 PREEMPT(full) 
[  104.199014][ T8820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  104.199020][ T8820] Call Trace:
[  104.199025][ T8820]  <TASK>
[  104.199029][ T8820]  dump_stack_lvl+0x189/0x250
[  104.199047][ T8820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.199059][ T8820]  ? __pfx__printk+0x10/0x10
[  104.199071][ T8820]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  104.199084][ T8820]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  104.199095][ T8820]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  104.199107][ T8820]  warn_alloc+0x214/0x310
[  104.199116][ T8820]  ? stack_depot_save_flags+0x40/0x900
[  104.199128][ T8820]  ? __pfx_warn_alloc+0x10/0x10
[  104.199136][ T8820]  ? kasan_save_track+0x4f/0x80
[  104.199146][ T8820]  ? xskq_create+0x56/0x170
[  104.199155][ T8820]  ? xsk_init_queue+0xb0/0x110
[  104.199162][ T8820]  ? xsk_setsockopt+0x4dc/0x8d0
[  104.199174][ T8820]  ? do_sock_setsockopt+0x17c/0x1b0
[  104.199183][ T8820]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  104.199194][ T8820]  ? do_syscall_64+0xfa/0x3b0
[  104.199204][ T8820]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.199215][ T8820]  __vmalloc_node_range_noprof+0x125/0x12f0
[  104.199237][ T8820]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  104.199250][ T8820]  ? __kasan_kmalloc+0x93/0xb0
[  104.199261][ T8820]  vmalloc_user_noprof+0xad/0xf0
[  104.199272][ T8820]  ? xskq_create+0xbf/0x170
[  104.199279][ T8820]  xskq_create+0xbf/0x170
[  104.199287][ T8820]  xsk_init_queue+0xb0/0x110
[  104.199295][ T8820]  xsk_setsockopt+0x4dc/0x8d0
[  104.199307][ T8820]  ? __pfx_xsk_setsockopt+0x10/0x10
[  104.199317][ T8820]  ? __pfx_aa_sk_perm+0x10/0x10
[  104.199327][ T8820]  ? aa_sock_opt_perm+0x74/0x110
[  104.199336][ T8820]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  104.199344][ T8820]  ? __pfx_xsk_setsockopt+0x10/0x10
[  104.199355][ T8820]  do_sock_setsockopt+0x17c/0x1b0
[  104.199366][ T8820]  __x64_sys_setsockopt+0x13f/0x1b0
[  104.199376][ T8820]  do_syscall_64+0xfa/0x3b0
[  104.199383][ T8820]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.199391][ T8820]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.199398][ T8820]  ? exc_page_fault+0x9f/0xf0
[  104.199405][ T8820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.199413][ T8820] RIP: 0033:0x7fa29678e9a9
[  104.199421][ T8820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.199427][ T8820] RSP: 002b:00007fa2976c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  104.199436][ T8820] RAX: ffffffffffffffda RBX: 00007fa2969b5fa0 RCX: 00007fa29678e9a9
[  104.199441][ T8820] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003
[  104.199445][ T8820] RBP: 00007fa296810d69 R08: 0000000000000004 R09: 0000000000000000
[  104.199450][ T8820] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.199454][ T8820] R13: 0000000000000000 R14: 00007fa2969b5fa0 R15: 00007ffd64b24248
[  104.199465][ T8820]  </TASK>
[  104.199468][ T8820] Mem-Info:
[  104.306948][ T8820] active_anon:5268 inactive_anon:11 isolated_anon:0
[  104.306948][ T8820]  active_file:1085 inactive_file:24699 isolated_file:0
[  104.306948][ T8820]  unevictable:1768 dirty:329 writeback:0
[  104.306948][ T8820]  slab_reclaimable:8557 slab_unreclaimable:54214
[  104.306948][ T8820]  mapped:18258 shmem:2454 pagetables:1283
[  104.306948][ T8820]  sec_pagetables:0 bounce:0
[  104.306948][ T8820]  kernel_misc_reclaimable:0
[  104.306948][ T8820]  free:316140 free_pcp:14373 free_cma:0
[  104.310008][ T8827] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  104.323019][ T8820] Node 0 active_anon:13808kB inactive_anon:44kB active_file:3820kB inactive_file:83796kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36824kB dirty:1212kB writeback:0kB shmem:4948kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:6236kB pagetables:3136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  104.323075][ T8820] Node 1 active_anon:7264kB inactive_anon:0kB active_file:520kB inactive_file:15000kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36208kB dirty:104kB writeback:0kB shmem:4868kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:5232kB pagetables:1996kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  104.323098][ T8820] Node 0 DMA free:14980kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:360kB local_pcp:0kB free_cma:0kB
[  104.323125][ T8820] lowmem_reserve[]: 0 812 812 812 812
[  104.323145][ T8820] Node 0 DMA32 free:336380kB boost:4096kB min:37752kB low:46164kB high:54576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13808kB inactive_anon:44kB active_file:3820kB inactive_file:83796kB unevictable:3536kB writepending:1212kB present:1556484kB managed:831784kB mlocked:0kB bounce:0kB free_pcp:23496kB local_pcp:17836kB free_cma:0kB
[  104.323171][ T8820] lowmem_reserve[]: 0 0 0 0 0
[  104.323190][ T8820] Node 1 DMA32 free:458492kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:116kB local_pcp:116kB free_cma:0kB
[  104.323214][ T8820] lowmem_reserve[]: 0 0 854 854 854
[  104.323233][ T8820] Node 1 
[  104.342589][ T8828] bridge_slave_0: left allmulticast mode
[  104.349256][ T8820] Normal free:454708kB boost:0kB min:36616kB low:45768kB high:54920kB reserved_highatomic:0KB free_highatomic:0KB active_anon:7264kB inactive_anon:0kB active_file:520kB inactive_file:15000kB unevictable:3536kB writepending:104kB present:1048576kB managed:875016kB mlocked:0kB bounce:0kB free_pcp:33516kB local_pcp:14588kB free_cma:0kB
[  104.368106][ T8828] bridge_slave_0: left promiscuous mode
[  104.381665][ T8820] lowmem_reserve[]:
[  104.392186][ T8828] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.402495][ T8820]  0 0 0 0 0
[  104.408405][ T8820] Node 0 DMA: 5*4kB (U) 6*8kB (U) 6*16kB (U) 5*32kB (U) 5*64kB (U) 6*128kB (U) 5*256kB (U) 6*512kB (U) 5*1024kB (U) 2*2048kB (UM) 0*4096kB = 14980kB
[  104.416127][ T8820] Node 0 DMA32: 1277*4kB (UM) 1727*8kB (UME) 629*16kB (UME) 458*32kB (UM) 373*64kB (UME) 232*128kB (UME) 166*256kB (UME) 112*512kB (UME) 82*1024kB (UM) 5*2048kB (U) 11*4096kB (UM) = 336316kB
[  104.426349][ T8820] Node 1 DMA32: 3*4kB (UM) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 2*128kB (UM) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UM) 3*2048kB (UM) 109*4096kB (M) = 458492kB
[  104.427417][ T8828] bridge_slave_1: left allmulticast mode
[  104.435665][ T8820] Node 1 Normal: 5*4kB (UME) 341*8kB (UE) 969*16kB (UME) 478*32kB (UME) 392*64kB (UME) 200*128kB (UME) 131*256kB (UM) 96*512kB (UM) 79*1024kB (UME) 3*2048kB (UM) 49*4096kB (M) = 454668kB
[  104.437769][ T8828] bridge_slave_1: left promiscuous mode
[  104.442345][ T8820] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  104.444415][ T8828] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.447332][ T8820] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  104.453358][ T8820] 28238 total pagecache pages
[  104.455054][ T8820] 0 pages in swap cache
[  104.456419][ T8820] Free swap  = 124996kB
[  104.458169][ T8820] Total swap = 124996kB
[  104.458464][ T8828] bond0: (slave bond_slave_0): Releasing backup interface
[  104.459579][ T8820] 786301 pages RAM
[  104.463653][ T8820] 0 pages HighMem/MovableOnly
[  104.465284][ T8820] 241107 pages reserved
[  104.466767][ T8820] 0 pages cma reserved
[  104.468719][ T8828] bond0: (slave bond_slave_1): Releasing backup interface
[  104.475566][ T8828] team0: Port device team_slave_0 removed
[  104.480947][ T8828] team0: Port device team_slave_1 removed
[  104.486112][ T8828] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  104.491802][   T54] Bluetooth: hci2: command 0x0419 tx timeout
[  104.494553][ T8828] batman_adv: batadv0: Removing interface: batadv_slave_0
[  104.500622][ T8828] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  104.503565][ T8828] batman_adv: batadv0: Removing interface: batadv_slave_1
[  104.512187][ T8828] bond1: (slave bridge2): Releasing active interface
[  104.547394][ T8827] syzkaller0: entered promiscuous mode
[  104.549242][ T8827] syzkaller0: entered allmulticast mode
[  104.564033][ T8831] tipc: Resetting bearer <eth:syzkaller0>
[  104.568900][ T8828] syz.1.1250 (8828) used greatest stack depth: 19832 bytes left
[  104.573744][ T8826] tipc: Resetting bearer <eth:syzkaller0>
[  104.646968][ T8841] __nla_validate_parse: 9 callbacks suppressed
[  104.646981][ T8841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1256'.
[  105.403920][ T8826] tipc: Disabling bearer <eth:syzkaller0>
[  105.792582][ T8870] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1269'.
[  105.904090][ T8854] IPv6: NLM_F_CREATE should be specified when creating new route
[  106.127855][ T8880] syzkaller1: entered promiscuous mode
[  106.130404][ T8880] syzkaller1: entered allmulticast mode
[  106.193241][ T8884] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1275'.
[  106.247902][ T8886] geneve1: entered promiscuous mode
[  106.250303][ T8886] geneve1: entered allmulticast mode
[  106.757997][ T8932] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1297'.
[  107.022955][ T8943] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[  107.550076][ T8951] netlink: 'syz.0.1301': attribute type 1 has an invalid length.
[  107.554079][ T8951] netlink: 208 bytes leftover after parsing attributes in process `syz.0.1301'.
[  107.558031][ T8951] netlink: 'syz.0.1301': attribute type 1 has an invalid length.
[  107.561361][ T8951] netlink: 'syz.0.1301': attribute type 2 has an invalid length.
[  107.976448][ T8978] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check.
[  108.370939][ T9004] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1326'.
[  108.375345][ T9004] netlink: 'syz.0.1326': attribute type 20 has an invalid length.
[  108.379017][ T9004] netlink: 'syz.0.1326': attribute type 21 has an invalid length.
[  108.877783][ T9033] netlink: 'syz.0.1340': attribute type 2 has an invalid length.
[  108.881267][ T9033] netlink: 'syz.0.1340': attribute type 1 has an invalid length.
[  108.890390][ T9033] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1340'.
[  109.026729][ T9044] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1346'.
[  109.075269][ T9045] netlink: 'syz.1.1345': attribute type 10 has an invalid length.
[  109.083812][ T9045] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1345'.
[  109.088957][ T9045] dummy0: entered promiscuous mode
[  109.092257][ T9045] dummy0: entered allmulticast mode
[  109.095823][ T9045] bridge0: port 1(dummy0) entered blocking state
[  109.099162][ T9045] bridge0: port 1(dummy0) entered disabled state
[  109.109370][ T9045] bridge0: port 1(dummy0) entered blocking state
[  109.112376][ T9045] bridge0: port 1(dummy0) entered forwarding state
[  109.155536][ T9056] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1350'.
[  109.201509][ T9056] bond5: entered promiscuous mode
[  109.204635][ T9056] bond5: entered allmulticast mode
[  109.206594][ T9056] 8021q: adding VLAN 0 to HW filter on device bond5
[  109.545043][ T9094] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  109.555669][ T9094] syz_tun: entered allmulticast mode
[  109.562258][ T9094] dvmrp8: entered allmulticast mode
[  109.568604][ T9093] syz_tun: left allmulticast mode
[  109.675852][ T9100] __nla_validate_parse: 1 callbacks suppressed
[  109.675871][ T9100] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1371'.
[  109.773973][ T9104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1373'.
[  110.654064][ T9134] netlink: 'syz.1.1386': attribute type 1 has an invalid length.
[  110.726037][ T9134] 8021q: adding VLAN 0 to HW filter on device bond2
[  110.760539][ T9139] xt_CT: You must specify a L4 protocol and not use inversions on it
[  110.866095][ T9137] bond2: (slave ip6gretap2): making interface the new active one
[  110.894508][ T9137] bond2: (slave ip6gretap2): Enslaving as an active interface with an up link
[  110.925162][ T9134] veth3: entered promiscuous mode
[  110.935212][ T9134] bond2: (slave veth3): Enslaving as an active interface with a down link
[  110.983940][ T9134] erspan0: entered allmulticast mode
[  110.994980][ T9134] bond2: (slave erspan0): Enslaving as an active interface with an up link
[  111.588331][ T9174] tipc: Enabled bearer <udp:s>, priority 10
[  111.967305][   T33] audit: type=1800 audit(1753405417.323:4): pid=9191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1408" name="memory.events" dev="tmpfs" ino=2455 res=0 errno=0
[  111.990467][ T9194] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1409'.
[  112.071198][ T9200] netlink: 'syz.2.1413': attribute type 2 has an invalid length.
[  112.086766][ T9200] : entered promiscuous mode
[  112.394561][ T9232] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1427'.
[  112.398766][ T9232] netlink: zone id is out of range
[  112.400994][ T9232] netlink: zone id is out of range
[  112.403663][ T9232] netlink: zone id is out of range
[  112.405896][ T9232] netlink: get zone limit has 8 unknown bytes
[  112.451069][ T9237] ieee802154 phy0 wpan0: encryption failed: -90
[  112.649897][ T9258] netlink: 'syz.1.1441': attribute type 1 has an invalid length.
[  112.702640][   T10] tipc: Node number set to 3909428111
[  113.002874][ T9293] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1455'.
[  113.826238][ T9324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1469'.
[  113.836181][ T9322] xt_CT: No such helper "snmp"
[  113.997720][ T9335] 8021q: adding VLAN 0 to HW filter on device bond3
[  114.007178][ T9342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  114.080550][ T9335] bond3 (unregistering): Released all slaves
[  114.094560][ T9343] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  114.117835][ T9340] D: renamed from syzkaller0
[  114.121343][ T9340] tipc: Disabling bearer <eth:syzkaller0>
[  114.262284][ T9353] nbd: must specify at least one socket
[  114.266838][ T9353] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1478'.
[  114.738572][ T9372] netlink: 'syz.0.1484': attribute type 1 has an invalid length.
[  114.743239][ T9372] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1484'.
[  115.140244][ T9395] netlink: 'syz.2.1494': attribute type 1 has an invalid length.
[  115.161384][ T9395] 8021q: adding VLAN 0 to HW filter on device bond1
[  115.187461][ T9395] bond1: (slave gretap1): making interface the new active one
[  115.195590][ T9395] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  115.465136][ T9402] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.536887][ T9402] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.594942][ T9402] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.672989][ T9402] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.776082][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.779181][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.823019][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.826184][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.734826][ T9467] xt_CT: You must specify a L4 protocol and not use inversions on it
[  116.879903][ T9485] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1535'.
[  116.988111][ T9496] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1540'.
[  116.993686][ T9496] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1540'.
[  116.997645][ T9496] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1540'.
[  117.008942][ T9496] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1540'.
[  117.012940][ T9496] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1540'.
[  117.016880][ T9496] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1540'.
[  117.927951][ T9514] netlink: 'syz.0.1548': attribute type 22 has an invalid length.
[  118.006714][ T9520] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  118.044571][ T9526] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1553'.
[  118.048689][ T9526] netlink: 'syz.1.1553': attribute type 7 has an invalid length.
[  118.052453][ T9526] netlink: 'syz.1.1553': attribute type 8 has an invalid length.
[  118.055609][ T9526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1553'.
[  118.323397][ T9546] netlink: 'syz.1.1561': attribute type 21 has an invalid length.
[  118.327034][ T9546] netlink: 'syz.1.1561': attribute type 6 has an invalid length.
[  119.033899][ T9588] pim6reg1: entered promiscuous mode
[  119.036223][ T9588] pim6reg1: entered allmulticast mode
[  119.847805][ T9659] netlink: 'syz.2.1603': attribute type 1 has an invalid length.
[  119.875954][ T9659] bond2: entered promiscuous mode
[  119.878120][ T9659] bond2: entered allmulticast mode
[  119.880609][ T9659] 8021q: adding VLAN 0 to HW filter on device bond2
[  120.375088][ T9691] netlink: 'syz.2.1616': attribute type 1 has an invalid length.
[  120.377991][ T9691] __nla_validate_parse: 5 callbacks suppressed
[  120.378000][ T9691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1616'.
[  120.387699][ T9691] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1616'.
[  120.421326][ T9695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1617'.
[  120.425599][ T9695] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1617'.
[  120.429450][ T9695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1617'.
[  120.508378][ T9699] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1619'.
[  120.970596][ T9725] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1631'.
[  121.378089][ T9772] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1653'.
[  122.474626][ T9820] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1671'.
[  122.572841][ T9828] netlink: 'syz.1.1678': attribute type 4 has an invalid length.
[  122.637258][ T9834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1680'.
[  123.189934][ T9885] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  123.446033][ T9904] netlink: 'syz.0.1713': attribute type 13 has an invalid length.
[  123.448727][ T9904] netlink: 'syz.0.1713': attribute type 17 has an invalid length.
[  123.520117][ T9904] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  123.604663][ T9899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  123.663071][ T9904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  123.736248][ T9899] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  123.891549][ T9929] bridge0: port 3(syz_tun) entered blocking state
[  123.895213][ T9929] bridge0: port 3(syz_tun) entered disabled state
[  123.898227][ T9929] syz_tun: entered allmulticast mode
[  123.903625][ T9929] syz_tun: entered promiscuous mode
[  123.906842][ T9929] bridge0: port 3(syz_tun) entered blocking state
[  123.909792][ T9929] bridge0: port 3(syz_tun) entered forwarding state
[  124.248313][ T9899] syz.0.1713 (9899) used greatest stack depth: 19408 bytes left
[  125.770676][T10008] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  125.877908][T10012] netlink: 'syz.1.1758': attribute type 12 has an invalid length.
[  125.881179][T10012] __nla_validate_parse: 8 callbacks suppressed
[  125.881189][T10012] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.1758'.
[  126.117271][T10014] netlink: 'syz.1.1759': attribute type 83 has an invalid length.
[  126.275832][T10018] openvswitch: netlink: IPv4 tunnel dst address is zero
[  126.355896][T10020] netlink: 'syz.1.1762': attribute type 1 has an invalid length.
[  126.446791][T10020] bond4: (slave ip6gretap3): Enslaving as a backup interface with an up link
[  126.466210][T10020] 8021q: adding VLAN 0 to HW filter on device bond4
[  126.469747][   T13] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  126.571948][ T5885] bond4: (slave ip6gretap3): link status up again after 0 ms
[  126.592377][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  126.597050][ T5885] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  126.691858][T10023] netlink: 'syz.0.1763': attribute type 4 has an invalid length.
[  126.694395][T10023] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1763'.
[  126.731986][ T5660] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  126.855297][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  126.975567][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  126.993719][T10035] xt_TCPMSS: Only works on TCP SYN packets
[  127.423286][T10046] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1774'.
[  127.477383][T10051] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  127.494296][T10051] syzkaller0: entered promiscuous mode
[  127.496583][T10051] syzkaller0: entered allmulticast mode
[  127.534097][T10051] tipc: Resetting bearer <eth:syzkaller0>
[  127.552951][T10050] tipc: Resetting bearer <eth:syzkaller0>
[  127.567236][T10050] tipc: Disabling bearer <eth:syzkaller0>
[  128.161023][T10076] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1788'.
[  128.244605][T10087] xt_l2tp: v2 doesn't support IP mode
[  128.244777][   T12] net_ratelimit: 11 callbacks suppressed
[  128.244793][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  128.329308][T10100] dvmrp1: tun_chr_ioctl cmd 1074025677
[  128.331541][T10100] dvmrp1: linktype set to 773
[  128.351749][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  128.462059][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  128.572342][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  128.650810][T10130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1812'.
[  128.692013][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  128.812636][T10142] netlink: 'syz.0.1820': attribute type 11 has an invalid length.
[  128.815996][T10142] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1820'.
[  128.816628][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  128.941843][ T5660] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  129.040557][T10159] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1827'.
[  129.052072][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  129.161875][ T5660] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  129.277594][ T5660] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  129.300243][ T2929] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.303217][ T2929] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.365836][T10186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1839'.
[  129.602936][T10200] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1847'.
[  130.235341][T10190] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  131.361319][T10255] gtp0: entered promiscuous mode
[  131.452060][ T5219] Bluetooth: hci0: command 0x0419 tx timeout
[  131.864854][T10276] vlan1: entered promiscuous mode
[  131.866834][T10276] bridge0: entered promiscuous mode
[  131.868954][T10276] vlan1: entered allmulticast mode
[  131.871120][T10276] bridge0: entered allmulticast mode
[  132.289283][T10285] TCP: TCP_TX_DELAY enabled
[  132.442473][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  132.853870][T10300] netlink: 'syz.1.1885': attribute type 1 has an invalid length.
[  133.352579][   T12] net_ratelimit: 35 callbacks suppressed
[  133.352597][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  133.458932][T10351] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1909'.
[  133.463530][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  133.463876][T10351] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  133.572581][   T13] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  133.637881][T10365] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  133.683962][   T13] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  133.793087][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  133.902521][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  133.912070][T10387] netlink: 1360 bytes leftover after parsing attributes in process `syz.0.1921'.
[  133.917116][T10387] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1921'.
[  134.012662][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  134.096777][T10385] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1921'.
[  134.105807][T10385] IPv6: NLM_F_REPLACE set, but no existing node found!
[  134.122182][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  134.267296][T10415] netlink: 'syz.2.1937': attribute type 21 has an invalid length.
[  134.270508][T10415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1937'.
[  134.318942][T10419] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1940'.
[  134.323366][T10419] netlink: 'syz.2.1940': attribute type 1 has an invalid length.
[  134.397027][T10429] netlink: 'syz.1.1944': attribute type 1 has an invalid length.
[  134.399983][T10429] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1944'.
[  134.410501][T10431] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.455992][T10435] netlink: 'syz.1.1947': attribute type 1 has an invalid length.
[  134.459885][T10435] netlink: 'syz.1.1947': attribute type 1 has an invalid length.
[  134.470736][T10431] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.527302][T10431] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.535353][T10438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1948'.
[  134.580485][T10431] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.694399][   T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  134.716392][   T13] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  134.753642][   T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  134.761356][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.975090][T10464] netlink: 'syz.0.1960': attribute type 21 has an invalid length.
[  134.978537][T10464] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1960'.
[  135.021795][T10467] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1961'.
[  135.358342][T10483] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  135.364663][T10483] syzkaller0: entered promiscuous mode
[  135.367121][T10483] syzkaller0: entered allmulticast mode
[  135.385954][T10483] tipc: Resetting bearer <eth:syzkaller0>
[  135.391462][T10482] tipc: Resetting bearer <eth:syzkaller0>
[  135.414574][T10482] tipc: Disabling bearer <eth:syzkaller0>
[  135.590211][   T13] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  136.834152][T10553] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  137.065102][T10568] IPv6: NLM_F_REPLACE set, but no existing node found!
[  137.617539][T10611] IPVS: Error connecting to the multicast addr
[  137.669489][T10617] netlink: 'syz.2.2022': attribute type 1 has an invalid length.
[  137.843832][T10638] ip6gretap0: entered promiscuous mode
[  138.139761][T10666] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  138.472294][ T5885] net_ratelimit: 37 callbacks suppressed
[  138.472309][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  138.582061][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  138.667230][T10690] __nla_validate_parse: 11 callbacks suppressed
[  138.667251][T10690] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2056'.
[  138.692466][   T13] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  138.723801][T10693] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2057'.
[  138.803521][   T13] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  138.911941][   T13] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  139.033728][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  139.080424][T10707] af_packet: tpacket_rcv: packet too big, clamped from 584 to 4294967272. macoff=96
[  139.145437][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  139.207175][T10711] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2063'.
[  139.252241][   T13] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  139.361948][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  139.473721][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  139.499651][T10725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2069'.
[  140.239919][T10768] bridge0: port 4(vxlan1) entered blocking state
[  140.244453][T10768] bridge0: port 4(vxlan1) entered disabled state
[  140.247246][T10768] vxlan1: entered allmulticast mode
[  140.251024][T10768] vxlan1: entered promiscuous mode
[  140.874096][T10811] atomic_op ffff88803afb1998 conn xmit_atomic 0000000000000000
[  141.085223][T10831] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2117'.
[  141.090849][T10831] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2117'.
[  141.193436][T10835] veth1_to_batadv: entered promiscuous mode
[  141.226968][T10841] netlink: 'syz.1.2122': attribute type 21 has an invalid length.
[  141.260452][T10845] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2124'.
[  141.411749][T10859] netlink: 'syz.1.2131': attribute type 2 has an invalid length.
[  141.415172][T10859] netlink: 'syz.1.2131': attribute type 1 has an invalid length.
[  141.432599][T10859] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2131'.
[  141.636009][ T5872] IPVS: starting estimator thread 0...
[  141.702874][T10883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2142'.
[  141.706736][T10883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2142'.
[  141.721769][T10879] IPVS: using max 43 ests per chain, 103200 per kthread
[  142.009237][T10903] netlink: 'syz.1.2150': attribute type 1 has an invalid length.
[  142.069230][T10907] ipt_REJECT: ECHOREPLY no longer supported.
[  144.032407][   T13] net_ratelimit: 30 callbacks suppressed
[  144.032423][   T13] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  144.192849][T10680] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  144.260965][T10970] sctp: [Deprecated]: syz.0.2179 (pid 10970) Use of struct sctp_assoc_value in delayed_ack socket option.
[  144.260965][T10970] Use struct sctp_sack_info instead
[  144.302215][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  144.422156][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  144.542233][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  144.667341][T11006] vlan0: entered promiscuous mode
[  144.669565][T11006] bond0: entered promiscuous mode
[  144.673794][T11006] bond_slave_0: entered promiscuous mode
[  144.676318][T11006] bond_slave_1: entered promiscuous mode
[  144.702260][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  144.825302][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  144.844862][T11023] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2204'.
[  144.929423][T11030] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  144.951850][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  144.998268][T11035] netlink: 'syz.0.2209': attribute type 4 has an invalid length.
[  145.067690][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  145.171939][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  145.706415][T11063] xt_connbytes: Forcing CT accounting to be enabled
[  145.717581][T11063] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  145.727687][T11063] xt_bpf: check failed: parse error
[  145.854026][T11072] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2223'.
[  145.973678][T11086] netlink: 16386 bytes leftover after parsing attributes in process `syz.0.2230'.
[  145.989109][T11088] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2231'.
[  146.032119][T11092] syzkaller1: entered promiscuous mode
[  146.034124][T11092] syzkaller1: entered allmulticast mode
[  146.039719][T11094] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2234'.
[  146.236032][T11116] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2245'.
[  146.786638][T11135] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.2254'.
[  146.863421][T11141] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2257'.
[  147.050975][T11162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2268'.
[  147.109521][T11167] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2270'.
[  147.266299][T11167] bond0 (unregistering): Released all slaves
[  147.463043][T11195] netlink: 'syz.2.2282': attribute type 1 has an invalid length.
[  147.674300][T11214] bridge0: port 3(syz_tun) entered disabled state
[  147.683270][T11214] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.687106][T11214] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.748628][T11214] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  147.755530][T11214] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  147.799863][T11220] netlink: 'syz.0.2290': attribute type 10 has an invalid length.
[  147.811412][T11214] geneve1: left promiscuous mode
[  147.813919][T11214] geneve1: left allmulticast mode
[  147.828209][T11214] bridge1: left allmulticast mode
[  147.831182][T11214] bridge2: left promiscuous mode
[  147.837420][T11214] bond2: left promiscuous mode
[  147.839017][T11214] bond2: left allmulticast mode
[  147.841062][T11214] vlan1: left promiscuous mode
[  147.843021][T11214] bridge0: left promiscuous mode
[  147.844721][T11214] vlan1: left allmulticast mode
[  147.846333][T11214] bridge0: left allmulticast mode
[  147.880069][T11219] dummy0: left allmulticast mode
[  147.883462][T11219] dummy0: left promiscuous mode
[  147.885437][T11219] bridge0: port 3(dummy0) entered disabled state
[  147.893941][T11219] bridge_slave_0: left allmulticast mode
[  147.896297][T11219] bridge_slave_0: left promiscuous mode
[  147.899537][T11219] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.905542][T11219] bridge_slave_1: left allmulticast mode
[  147.907802][T11219] bridge_slave_1: left promiscuous mode
[  147.910162][T11219] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.926983][T11219] bond0: (slave bond_slave_0): Releasing backup interface
[  147.930525][T11219] bond_slave_0: left promiscuous mode
[  147.946450][T11219] bond0: (slave bond_slave_1): Releasing backup interface
[  147.957200][T11219] bond_slave_1: left promiscuous mode
[  147.968251][T11219] team0: Port device team_slave_0 removed
[  147.976599][T11219] team0: Port device team_slave_1 removed
[  147.983091][T11219] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  147.986308][T11219] batman_adv: batadv0: Removing interface: batadv_slave_0
[  147.991089][T11219] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  147.996041][T11219] batman_adv: batadv0: Removing interface: batadv_slave_1
[  148.008729][T11219] bond3: (slave bond4): Releasing backup interface
[  148.016095][T11219] vxlan1: left allmulticast mode
[  148.018379][T11219] vxlan1: left promiscuous mode
[  148.020754][T11219] bridge0: port 4(vxlan1) entered disabled state
[  148.028731][T11220] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  148.037604][T11220] bond0: (slave wlan1): refused to change device type
[  148.040553][T10680] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  148.045691][T10680] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.049383][T10680] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  148.054804][T10680] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.068112][T10680] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  148.071458][T10680] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.092128][T10680] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  148.095681][T10680] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  149.121973][T10680] net_ratelimit: 26 callbacks suppressed
[  149.121985][T10680] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  149.242148][T10680] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  149.361901][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  149.367062][T11311] netlink: 'syz.0.2326': attribute type 7 has an invalid length.
[  149.391075][T11311] : entered promiscuous mode
[  149.502804][T10680] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  149.625966][T10680] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  149.742073][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  149.798931][T11341] ieee802154 phy0 wpan0: encryption failed: -22
[  149.865182][   T12] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  149.896192][T11347] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  149.903968][T11347] __nla_validate_parse: 16 callbacks suppressed
[  149.903981][T11347] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2345'.
[  149.927851][T11347] bridge3: entered promiscuous mode
[  149.930130][T11347] bridge3: entered allmulticast mode
[  149.941378][T11347] team0: Port device bridge3 added
[  149.992879][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  150.096743][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2355'.
[  150.099955][T11365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2355'.
[  150.103361][ T5885] bond4: (slave ip6gretap3): failed to get link speed/duplex
[  150.141372][T11369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2356'.
[  150.264313][T11375] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2358'.
[  150.315791][T11381] ==================================================================
[  150.318541][T11381] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  150.321655][T11381] Read of size 4 at addr ffff888115ac2dc4 by task syz.2.2360/11381
[  150.325972][T11381] 
[  150.326999][T11381] CPU: 0 UID: 0 PID: 11381 Comm: syz.2.2360 Not tainted 6.16.0-rc7-syzkaller-01630-g8b5a19b4ff6a-dirty #0 PREEMPT(full) 
[  150.327020][T11381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  150.327028][T11381] Call Trace:
[  150.327036][T11381]  <TASK>
[  150.327042][T11381]  dump_stack_lvl+0x189/0x250
[  150.327063][T11381]  ? __kasan_check_byte+0x12/0x40
[  150.327085][T11381]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.327099][T11381]  ? lock_release+0x4b/0x3e0
[  150.327116][T11381]  ? __virt_addr_valid+0x4a5/0x5c0
[  150.327136][T11381]  print_report+0xca/0x230
[  150.327148][T11381]  ? xfrm_alloc_spi+0x570/0xf30
[  150.327161][T11381]  kasan_report+0x118/0x150
[  150.327178][T11381]  ? xfrm_alloc_spi+0x570/0xf30
[  150.327193][T11381]  xfrm_alloc_spi+0x570/0xf30
[  150.327206][T11381]  ? xfrm_alloc_spi+0x2a0/0xf30
[  150.327223][T11381]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  150.327235][T11381]  ? xfrm_find_acq+0x87/0xa0
[  150.327249][T11381]  xfrm_alloc_userspi+0x70b/0xc90
[  150.327262][T11381]  ? __pfx_aa_get_newest_label+0x10/0x10
[  150.327279][T11381]  ? apparmor_capable+0x137/0x1b0
[  150.327295][T11381]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  150.327309][T11381]  ? __nla_parse+0x40/0x60
[  150.327326][T11381]  xfrm_user_rcv_msg+0x7a3/0xab0
[  150.327341][T11381]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  150.327365][T11381]  ? __mutex_trylock_common+0x153/0x260
[  150.327390][T11381]  ? __pfx___mutex_trylock_common+0x10/0x10
[  150.327405][T11381]  ? rcu_is_watching+0x15/0xb0
[  150.327422][T11381]  ? trace_contention_end+0x39/0x120
[  150.327439][T11381]  netlink_rcv_skb+0x208/0x470
[  150.327486][T11381]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  150.327502][T11381]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  150.327520][T11381]  ? netlink_deliver_tap+0x2e/0x1b0
[  150.327534][T11381]  ? netlink_deliver_tap+0x2e/0x1b0
[  150.327548][T11381]  xfrm_netlink_rcv+0x79/0x90
[  150.327562][T11381]  netlink_unicast+0x82f/0x9e0
[  150.327585][T11381]  ? __pfx_netlink_unicast+0x10/0x10
[  150.327605][T11381]  ? netlink_sendmsg+0x642/0xb30
[  150.327617][T11381]  ? skb_put+0x11b/0x210
[  150.327632][T11381]  netlink_sendmsg+0x805/0xb30
[  150.327648][T11381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.327662][T11381]  ? aa_sock_msg_perm+0x94/0x160
[  150.327675][T11381]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  150.327689][T11381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.327701][T11381]  __sock_sendmsg+0x21c/0x270
[  150.327721][T11381]  ____sys_sendmsg+0x505/0x830
[  150.327738][T11381]  ? __pfx_____sys_sendmsg+0x10/0x10
[  150.327756][T11381]  ? import_iovec+0x74/0xa0
[  150.327774][T11381]  ___sys_sendmsg+0x21f/0x2a0
[  150.327789][T11381]  ? __pfx____sys_sendmsg+0x10/0x10
[  150.327814][T11381]  ? __fget_files+0x2a/0x420
[  150.327826][T11381]  ? __fget_files+0x3a0/0x420
[  150.327839][T11381]  __x64_sys_sendmsg+0x19b/0x260
[  150.327855][T11381]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  150.327873][T11381]  ? rcu_is_watching+0x15/0xb0
[  150.327889][T11381]  ? do_syscall_64+0xbe/0x3b0
[  150.327906][T11381]  do_syscall_64+0xfa/0x3b0
[  150.327919][T11381]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.327931][T11381]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.327944][T11381]  ? exc_page_fault+0x9f/0xf0
[  150.327956][T11381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.327968][T11381] RIP: 0033:0x7f27fe18e9a9
[  150.327982][T11381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.327994][T11381] RSP: 002b:00007f27fefb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  150.328008][T11381] RAX: ffffffffffffffda RBX: 00007f27fe3b5fa0 RCX: 00007f27fe18e9a9
[  150.328018][T11381] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  150.328027][T11381] RBP: 00007f27fe210d69 R08: 0000000000000000 R09: 0000000000000000
[  150.328036][T11381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  150.328045][T11381] R13: 0000000000000000 R14: 00007f27fe3b5fa0 R15: 00007ffc096a8d48
[  150.328060][T11381]  </TASK>
[  150.328064][T11381] 
[  150.480000][T11381] Allocated by task 9172:
[  150.481593][T11381]  kasan_save_track+0x3e/0x80
[  150.483280][T11381]  __kasan_slab_alloc+0x6c/0x80
[  150.485032][T11381]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  150.487046][T11381]  xfrm_state_alloc+0x24/0x2f0
[  150.488608][T11381]  __find_acq_core+0x8a7/0x1c00
[  150.490325][T11381]  xfrm_find_acq+0x78/0xa0
[  150.491888][T11381]  xfrm_alloc_userspi+0x6b3/0xc90
[  150.493703][T11381]  xfrm_user_rcv_msg+0x7a3/0xab0
[  150.495479][T11381]  netlink_rcv_skb+0x208/0x470
[  150.497065][T11381]  xfrm_netlink_rcv+0x79/0x90
[  150.498877][T11381]  netlink_unicast+0x82f/0x9e0
[  150.500681][T11381]  netlink_sendmsg+0x805/0xb30
[  150.502421][T11381]  __sock_sendmsg+0x21c/0x270
[  150.503982][T11381]  ____sys_sendmsg+0x505/0x830
[  150.505650][T11381]  ___sys_sendmsg+0x21f/0x2a0
[  150.507395][T11381]  __x64_sys_sendmsg+0x19b/0x260
[  150.509311][T11381]  do_syscall_64+0xfa/0x3b0
[  150.510979][T11381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.513023][T11381] 
[  150.513956][T11381] Freed by task 5872:
[  150.515355][T11381]  kasan_save_track+0x3e/0x80
[  150.517297][T11381]  kasan_save_free_info+0x46/0x50
[  150.519301][T11381]  __kasan_slab_free+0x62/0x70
[  150.520885][T11381]  kmem_cache_free+0x18f/0x400
[  150.522617][T11381]  xfrm_state_gc_task+0x518/0x6a0
[  150.524358][T11381]  process_scheduled_works+0xae1/0x17b0
[  150.526323][T11381]  worker_thread+0x8a0/0xda0
[  150.527947][T11381]  kthread+0x711/0x8a0
[  150.529419][T11381]  ret_from_fork+0x3fc/0x770
[  150.531027][T11381]  ret_from_fork_asm+0x1a/0x30
[  150.532812][T11381] 
[  150.533779][T11381] The buggy address belongs to the object at ffff888115ac2d00
[  150.533779][T11381]  which belongs to the cache xfrm_state of size 928
[  150.538642][T11381] The buggy address is located 196 bytes inside of
[  150.538642][T11381]  freed 928-byte region [ffff888115ac2d00, ffff888115ac30a0)
[  150.543527][T11381] 
[  150.544331][T11381] The buggy address belongs to the physical page:
[  150.546465][T11381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888115ac2880 pfn:0x115ac0
[  150.549885][T11381] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  150.552789][T11381] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  150.555563][T11381] page_type: f5(slab)
[  150.556958][T11381] raw: 057ff00000000040 ffff888104dbca00 dead000000000122 0000000000000000
[  150.559840][T11381] raw: ffff888115ac2880 00000000800e0009 00000000f5000000 0000000000000000
[  150.562894][T11381] head: 057ff00000000040 ffff888104dbca00 dead000000000122 0000000000000000
[  150.565924][T11381] head: ffff888115ac2880 00000000800e0009 00000000f5000000 0000000000000000
[  150.569043][T11381] head: 057ff00000000002 ffffea000456b001 00000000ffffffff 00000000ffffffff
[  150.572059][T11381] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  150.575041][T11381] page dumped because: kasan: bad access detected
[  150.577160][T11381] page_owner tracks the page as allocated
[  150.579034][T11381] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7038, tgid 7037 (syz.0.489), ts 76062457065, free_ts 75922909502
[  150.585613][T11381]  post_alloc_hook+0x240/0x2a0
[  150.587291][T11381]  get_page_from_freelist+0x21e4/0x22c0
[  150.589383][T11381]  __alloc_frozen_pages_noprof+0x181/0x370
[  150.591776][T11381]  alloc_pages_mpol+0x232/0x4a0
[  150.593795][T11381]  allocate_slab+0x8a/0x3b0
[  150.595679][T11381]  ___slab_alloc+0xbfc/0x1480
[  150.597651][T11381]  kmem_cache_alloc_noprof+0x283/0x3c0
[  150.599916][T11381]  xfrm_state_alloc+0x24/0x2f0
[  150.601847][T11381]  xfrm_add_sa+0x17d1/0x4070
[  150.603730][T11381]  xfrm_user_rcv_msg+0x7a3/0xab0
[  150.605392][T11381]  netlink_rcv_skb+0x208/0x470
[  150.607167][T11381]  xfrm_netlink_rcv+0x79/0x90
[  150.609079][T11381]  netlink_unicast+0x82f/0x9e0
[  150.610921][T11381]  netlink_sendmsg+0x805/0xb30
[  150.612858][T11381]  __sock_sendmsg+0x21c/0x270
[  150.614814][T11381]  ____sys_sendmsg+0x505/0x830
[  150.616819][T11381] page last free pid 7013 tgid 7013 stack trace:
[  150.619537][T11381]  __free_frozen_pages+0xc71/0xe70
[  150.621647][T11381]  __folio_put+0x21b/0x2c0
[  150.623588][T11381]  free_large_kmalloc+0x145/0x200
[  150.625358][T11381]  device_release+0x9c/0x1c0
[  150.626874][T11381]  kobject_put+0x22b/0x480
[  150.628353][T11381]  netdev_run_todo+0xd2e/0xea0
[  150.630393][T11381]  tun_chr_close+0x13c/0x1c0
[  150.632427][T11381]  __fput+0x44c/0xa70
[  150.634185][T11381]  task_work_run+0x1d4/0x260
[  150.636186][T11381]  exit_to_user_mode_loop+0xec/0x110
[  150.638430][T11381]  do_syscall_64+0x2bd/0x3b0
[  150.640382][T11381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.642911][T11381] 
[  150.643951][T11381] Memory state around the buggy address:
[  150.646331][T11381]  ffff888115ac2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  150.649656][T11381]  ffff888115ac2d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.653037][T11381] >ffff888115ac2d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.656313][T11381]                                            ^
[  150.658918][T11381]  ffff888115ac2e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.662273][T11381]  ffff888115ac2e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  150.665626][T11381] ==================================================================
[  150.669190][T11381] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  150.672243][T11381] CPU: 0 UID: 0 PID: 11381 Comm: syz.2.2360 Not tainted 6.16.0-rc7-syzkaller-01630-g8b5a19b4ff6a-dirty #0 PREEMPT(full) 
[  150.677477][T11381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  150.681558][T11381] Call Trace:
[  150.683012][T11381]  <TASK>
[  150.684324][T11381]  dump_stack_lvl+0x99/0x250
[  150.686283][T11381]  ? __asan_memcpy+0x40/0x70
[  150.688276][T11381]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.690480][T11381]  ? __pfx__printk+0x10/0x10
[  150.692521][T11381]  panic+0x2db/0x790
[  150.694230][T11381]  ? __pfx_panic+0x10/0x10
[  150.696099][T11381]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  150.698597][T11381]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  150.700938][T11381]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  150.702983][T11381]  ? print_memory_metadata+0x314/0x400
[  150.704827][T11381]  ? xfrm_alloc_spi+0x570/0xf30
[  150.706756][T11381]  check_panic_on_warn+0x89/0xb0
[  150.708927][T11381]  ? xfrm_alloc_spi+0x570/0xf30
[  150.710644][T11381]  end_report+0x78/0x160
[  150.712046][T11381]  kasan_report+0x129/0x150
[  150.713555][T11381]  ? xfrm_alloc_spi+0x570/0xf30
[  150.715115][T11381]  xfrm_alloc_spi+0x570/0xf30
[  150.716838][T11381]  ? xfrm_alloc_spi+0x2a0/0xf30
[  150.718962][T11381]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  150.720838][T11381]  ? xfrm_find_acq+0x87/0xa0
[  150.722352][T11381]  xfrm_alloc_userspi+0x70b/0xc90
[  150.723923][T11381]  ? __pfx_aa_get_newest_label+0x10/0x10
[  150.725805][T11381]  ? apparmor_capable+0x137/0x1b0
[  150.727921][T11381]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  150.730135][T11381]  ? __nla_parse+0x40/0x60
[  150.731976][T11381]  xfrm_user_rcv_msg+0x7a3/0xab0
[  150.734019][T11381]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  150.735869][T11381]  ? __mutex_trylock_common+0x153/0x260
[  150.738074][T11381]  ? __pfx___mutex_trylock_common+0x10/0x10
[  150.740291][T11381]  ? rcu_is_watching+0x15/0xb0
[  150.742280][T11381]  ? trace_contention_end+0x39/0x120
[  150.744498][T11381]  netlink_rcv_skb+0x208/0x470
[  150.746198][T11381]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  150.748254][T11381]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  150.750414][T11381]  ? netlink_deliver_tap+0x2e/0x1b0
[  150.752610][T11381]  ? netlink_deliver_tap+0x2e/0x1b0
[  150.754866][T11381]  xfrm_netlink_rcv+0x79/0x90
[  150.756923][T11381]  netlink_unicast+0x82f/0x9e0
[  150.759019][T11381]  ? __pfx_netlink_unicast+0x10/0x10
[  150.761252][T11381]  ? netlink_sendmsg+0x642/0xb30
[  150.763300][T11381]  ? skb_put+0x11b/0x210
[  150.765097][T11381]  netlink_sendmsg+0x805/0xb30
[  150.766983][T11381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.768862][T11381]  ? aa_sock_msg_perm+0x94/0x160
[  150.770690][T11381]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  150.772600][T11381]  ? __pfx_netlink_sendmsg+0x10/0x10
[  150.774712][T11381]  __sock_sendmsg+0x21c/0x270
[  150.776686][T11381]  ____sys_sendmsg+0x505/0x830
[  150.778524][T11381]  ? __pfx_____sys_sendmsg+0x10/0x10
[  150.780553][T11381]  ? import_iovec+0x74/0xa0
[  150.782363][T11381]  ___sys_sendmsg+0x21f/0x2a0
[  150.784082][T11381]  ? __pfx____sys_sendmsg+0x10/0x10
[  150.785922][T11381]  ? __fget_files+0x2a/0x420
[  150.787589][T11381]  ? __fget_files+0x3a0/0x420
[  150.789602][T11381]  __x64_sys_sendmsg+0x19b/0x260
[  150.791708][T11381]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  150.793852][T11381]  ? rcu_is_watching+0x15/0xb0
[  150.795543][T11381]  ? do_syscall_64+0xbe/0x3b0
[  150.797117][T11381]  do_syscall_64+0xfa/0x3b0
[  150.798598][T11381]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.800257][T11381]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.802245][T11381]  ? exc_page_fault+0x9f/0xf0
[  150.803727][T11381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.805853][T11381] RIP: 0033:0x7f27fe18e9a9
[  150.807746][T11381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.815902][T11381] RSP: 002b:00007f27fefb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  150.819316][T11381] RAX: ffffffffffffffda RBX: 00007f27fe3b5fa0 RCX: 00007f27fe18e9a9
[  150.822663][T11381] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  150.826042][T11381] RBP: 00007f27fe210d69 R08: 0000000000000000 R09: 0000000000000000
[  150.829014][T11381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  150.831645][T11381] R13: 0000000000000000 R14: 00007f27fe3b5fa0 R15: 00007ffc096a8d48
[  150.834319][T11381]  </TASK>
[  150.836531][T11381] Kernel Offset: disabled
[  150.838401][T11381] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:04:15  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000064 RBX=0000000000000064 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000fc6 RDI=0000000000000fc7 RBP=00000000000003f8 RSP=ffffc900046ae9f0
R8 =ffff8880211d8237 R9 =1ffff1100423b046 R10=dffffc0000000000 R11=ffffffff85464660
R12=dffffc0000000000 R13=ffffffff99aff8ab R14=ffffffff99e044c0 R15=0000000000000000
RIP=ffffffff854646dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f27fefb56c0 ffffffff 00c00000
GS =0000 ffff8880b8615000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000000004c0 CR3=0000000037fd8000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f27fe386478 00007f27fe386450 XMM03=00007f27fe386488 00007f27fe386480
XMM04=00007f27feeed100 00007f27fe386440 XMM05=00007f27fe386458 00007f27fe3864a0
XMM06=00007f27fe386498 00007f27fe386490 XMM07=00007f27fe386488 00007f27fe386480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f27fe211ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff8a284c64 RBX=ffffc900036e7640 RCX=0000000000080000 RDX=ffffc90003771000
RSI=0000000000003f86 RDI=0000000000003f87 RBP=ffffc900036e7498 RSP=ffffc900036e73b8
R8 =ffff88810f84b980 R9 =0000000000000003 R10=00000000ffffffff R11=0000000000000002
R12=ffffc900036e7630 R13=ffff88802a994800 R14=0000000000000000 R15=1ffff920006dcec6
RIP=ffffffff81c02888 RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f6a3433b6c0 ffffffff 00c00000
GS =0000 ffff8881a3c15000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c3c7712 CR3=000000012315c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f6a33786478 00007f6a33786450 XMM03=00007f6a33786488 00007f6a33786480
XMM04=00007f6a342ed100 00007f6a33786440 XMM05=00007f6a33786458 00007f6a337864a0
XMM06=00007f6a33786498 00007f6a33786490 XMM07=00007f6a33786488 00007f6a33786480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007f6a33611ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
