last executing test programs:

810.049678ms ago: executing program 0 (id=2034):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="dbaa00005100000071101a000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x5}, 0x94)

809.408325ms ago: executing program 0 (id=2036):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44}, 0x94)
unshare(0x2c020400)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c0000000400000004000000"], 0x48)

750.555762ms ago: executing program 0 (id=2038):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001d00070f000000000000000007000000", @ANYRES32=r1, @ANYBLOB="50005200060010"], 0x24}, 0x1, 0x0, 0x0, 0x4004810}, 0x44080)

749.922803ms ago: executing program 0 (id=2040):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002300)=ANY=[@ANYBLOB="b702000000001700bfa300000000000007030000f0ffffff720af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee2922bd165a5a68488e010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7f22b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d74bf0a305790c9d644735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f535447cc0facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf00000048d2570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f09f4db033e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e7f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754d98b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8cf632c2604eab3a62a28611da1cae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412e1bdebae06edb51a134301b4627d4927287daf9dcae6720334862f3a18094f1edd9e3503379815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2f09e99f4ab5546ba1e5ad6a329f24e73a9c38eec34bd4dcc1609f6150e2de72f6599a2310c3841f4bb7f39cabc82c9fdfff5587ed4fa84090635fa3445c4cc54478b2f98320944ac7cb1c4e414556f7b0b763a00a84327cec7e11b3470f0384b27bbfdd8b2472497e7fe8c5df7e0a00641872472efa21c9ad3979e642dcc85c17ca8e084aa9689b83426e2fdaa01f500000000000000000000f9fd84fa991466ff749afe900d02281b2bb60d458340c4f68ec34835760ceca945bf181a000000c000000000b4a76515564ae189de7c1765f0ff68a0388ca8dd2aa831d0e01f0d7ce74401a58cef60e63e97a50c18de54121ce66380224ab7b9c0d4710f2347bad2c9b3e41cc738c1092728687f33e5cdb077223dc82c2137b4e3ba6791a2cd764e654f904c9505b7c5e3b2897072e747534952dcda50cde3e4deb6ebf85a04c3e415112b01eed6515c845a8a20519cd21787d560e9d8283fa8ff0c17b63ba06577c26678ff45420a1f85df47dbfc44e534f71aae5693fb5df61c5096219091ce0cd8e1e2e79bf9d37779e52007c66a00e6ded1499ed3892ed1544d1577906b52e16c734d4aec07dd15faa768c97298be87dd34ce704ffe3da8b46708cf972de4f31c0705ac933db80bdcfcb35c0d4620d4ec270ff7c9ce1b78994dd2b28b9d1c5c469d4c1a61781dce2f1b54d6138bd3f7df9e9ca613bec407c1b8d1bd0c7cb9d76eebf2f17c"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040), 0x10}, 0x94)
socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x1}, {{@in=@private=0xa010101, 0x0, 0x33}, 0x0, @in=@dev, 0x200, 0x0, 0x0, 0x7}}, 0xe8)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d3, 0x33}, 0x0, @in=@dev, 0xfffffffe}}, 0xe8)
socket$pptp(0x18, 0x1, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x40, r7, 0x1, 0x70bd2c, 0x44, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x8}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0xfffffffffffffffc}]}, 0x40}}, 0x4)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = accept$inet6(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000200)=0x1c)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r10, 0x89f3, &(0x7f0000000380)={'ip6_vti0\x00', 0x0})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)=r11}, 0x20)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r9, r2, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f00000005c0)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @echo_reply={0x0, 0x0, 0x0, 0x65, 0x4}}}}}, 0x0)

631.686082ms ago: executing program 0 (id=2044):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a00000000000073013200000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7}, 0x48)

579.799418ms ago: executing program 0 (id=2047):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r1=>0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={r1, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x2, 0x80000003, 0x4, 0xe2d8f2eb1d010935, 0x5, 0x9}, 0x9c)

398.580448ms ago: executing program 1 (id=2054):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="ec01000011000100000000000000000000004100", @ANYRES32=0x0, @ANYBLOB="2008010000260200140003006d6163766c616e300000000000000000080013"], 0x1ec}}, 0x20000800)

398.442538ms ago: executing program 1 (id=2055):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0x13, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000000000006111840000000000850000171a00000095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x94)

338.875138ms ago: executing program 1 (id=2057):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)=""/140, 0x8c}], 0x1, &(0x7f0000002f40)=""/229, 0xe5}, 0x0)
sendmsg$tipc(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000440)="b8d3d8e48974aae5039847936746be1d81a34f9b68100dbf05177b2436f9d642df271fd6b9aa6701365ffc723899ad120c5a54b1f6fcf2fbb053e277a04d3f44e3f9bafec64080f64f103ee1de769e5e9dd8cbb68869a662eaad499c52a16f40cb3a1f6f3d5f8df14c53b2e6b5397f7806b6ff846de37a34c8342b9ac5a51eacf8a09cede8676044eafd3d7935f906", 0x8f}, {&(0x7f0000000040)="8d03cab9cb86bcdcffec", 0xa}], 0x2, 0x0, 0x0, 0x400c800}, 0x4000000)
close(r1)

290.48642ms ago: executing program 2 (id=2059):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0xb, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x3}, @TCA_SKBEDIT_PTYPE={0x6, 0x4}, @TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x70}}, 0x0)

290.255622ms ago: executing program 2 (id=2060):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0x806000)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000180)=0x20)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x1, 0xba, 0x757})

289.902401ms ago: executing program 1 (id=2061):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000002c0), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000002380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002300)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4080)

199.177742ms ago: executing program 1 (id=2062):
connect$802154_dgram(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000009c0)=ANY=[@ANYBLOB="c00100001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000480000004800128009000100766c616e00000000380002800c0003000000000005000000280004800c000100ff0f0000000000000c00010006000000050000000c000100060000000900000014000300766c616e30000000000000000000000008002c00ff03000005002100"], 0x1c0}, 0x1, 0xba01}, 0x20048050)
sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, 0x0, 0x8000)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xcc, 0x21, 0x1, 0x0, 0x4, {{@in6=@mcast1, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@private=0xa010100, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in=@loopback, @in=@multicast1, 0x0, 0xa}}]}, 0xcc}}, 0x0)

140.477199ms ago: executing program 1 (id=2063):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000180)=0x6, 0x4)
recvmmsg(r0, &(0x7f0000003fc0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{0x0}, {0x0}, {&(0x7f0000000480)=""/233, 0xe9}], 0x3}, 0xe6}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0x100, 0x0)
setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000140)=0x400030, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000000)={@multicast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x0, @val=0x80}}}}}}}, 0x0)

81.202204ms ago: executing program 2 (id=2064):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000340)="3f000000010003", 0x7)

63.165812ms ago: executing program 2 (id=2065):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x38, 0x0, &(0x7f0000001700))

385.326µs ago: executing program 2 (id=2066):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x5c, r1, 0x5eae78d9c54e9d3f, 0x0, 0x25dfdc01, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0x40, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "dfeedc2634e7d49420f73e16e79faba0"}, @NL802154_KEY_ATTR_ID={0x20, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x9}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8010}, 0x48804)

0s ago: executing program 2 (id=2067):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="6c0100001000130700000000fcdbdf25200100000000000000000000000000012001000000002000000000000000000100006c00"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe3200000000000000000000000000ffffac1414bb000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000050000000000000043050000000000000700000000000000ffffffffffffff7f000000000000000000000000000000000000000000000000000000002cbd70000635000002000400500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a1c00040002"], 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:27916' (ED25519) to the list of known hosts.
syzkaller login: [   48.583411][ T5780] cgroup: Unknown subsys name 'net'
[   48.645240][ T5780] cgroup: Unknown subsys name 'cpuset'
[   48.662382][ T5780] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.928193][ T5780] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.878240][ T5863] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   57.907055][ T5868] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.190214][ T5876] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   60.325734][ T5237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   60.331185][ T5237] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   60.351277][ T5896] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   60.354622][ T5900] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   60.360327][ T5903] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   60.363722][ T5903] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   60.371843][ T5904] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   60.398163][ T5905] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   60.403206][ T5905] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   60.403301][ T5896] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   60.413477][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   60.416954][ T5896] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   60.420637][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   60.428726][ T5237] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   60.432293][ T5237] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   60.792858][ T5898] chnl_net:caif_netlink_parms(): no params data found
[   60.802972][ T5895] chnl_net:caif_netlink_parms(): no params data found
[   60.810012][ T5901] chnl_net:caif_netlink_parms(): no params data found
[   60.980430][ T5895] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.984572][ T5895] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.987091][ T5895] bridge_slave_0: entered allmulticast mode
[   60.989758][ T5895] bridge_slave_0: entered promiscuous mode
[   61.005418][ T5898] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.007902][ T5898] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.010644][ T5898] bridge_slave_0: entered allmulticast mode
[   61.013698][ T5898] bridge_slave_0: entered promiscuous mode
[   61.017262][ T5898] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.019555][ T5898] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.022546][ T5898] bridge_slave_1: entered allmulticast mode
[   61.025491][ T5898] bridge_slave_1: entered promiscuous mode
[   61.028666][ T5895] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.031275][ T5895] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.034250][ T5895] bridge_slave_1: entered allmulticast mode
[   61.036891][ T5895] bridge_slave_1: entered promiscuous mode
[   61.039355][ T5901] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.044159][ T5901] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.047093][ T5901] bridge_slave_0: entered allmulticast mode
[   61.051404][ T5901] bridge_slave_0: entered promiscuous mode
[   61.091284][ T5901] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.093640][ T5901] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.096043][ T5901] bridge_slave_1: entered allmulticast mode
[   61.098770][ T5901] bridge_slave_1: entered promiscuous mode
[   61.112053][ T5898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.136103][ T5901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.140706][ T5901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.146054][ T5898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.151651][ T5895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.184239][ T5895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.213032][ T5898] team0: Port device team_slave_0 added
[   61.216549][ T5901] team0: Port device team_slave_0 added
[   61.220017][ T5898] team0: Port device team_slave_1 added
[   61.225177][ T5901] team0: Port device team_slave_1 added
[   61.236410][ T5895] team0: Port device team_slave_0 added
[   61.255622][ T5895] team0: Port device team_slave_1 added
[   61.267854][ T5898] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.270387][ T5898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.280074][ T5898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.292609][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.295265][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.305424][ T5901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.310182][ T5898] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.312944][ T5898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.322576][ T5898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.333882][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.336608][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.346561][ T5901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.357844][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.360691][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.371121][ T5895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.388434][ T5895] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.391211][ T5895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.400500][ T5895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.422516][ T5901] hsr_slave_0: entered promiscuous mode
[   61.425341][ T5901] hsr_slave_1: entered promiscuous mode
[   61.482752][ T5898] hsr_slave_0: entered promiscuous mode
[   61.486022][ T5898] hsr_slave_1: entered promiscuous mode
[   61.488906][ T5898] debugfs: 'hsr0' already exists in 'hsr'
[   61.491808][ T5898] Cannot create hsr debugfs directory
[   61.544046][ T5895] hsr_slave_0: entered promiscuous mode
[   61.547181][ T5895] hsr_slave_1: entered promiscuous mode
[   61.550263][ T5895] debugfs: 'hsr0' already exists in 'hsr'
[   61.552985][ T5895] Cannot create hsr debugfs directory
[   61.832917][ T5901] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   61.842594][ T5901] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   61.848398][ T5901] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   61.863417][ T5901] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   61.907243][ T5898] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.915305][ T5898] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.922030][ T5898] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.926812][ T5898] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   62.006491][ T5895] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   62.016549][ T5895] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   62.033541][ T5895] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   62.047255][ T5895] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.114029][ T5901] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.125943][ T5898] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.155536][ T5901] 8021q: adding VLAN 0 to HW filter on device team0
[   62.160411][ T5898] 8021q: adding VLAN 0 to HW filter on device team0
[   62.173253][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.176151][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.193547][ T3823] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.196548][ T3823] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.200601][ T3823] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.203516][ T3823] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.216484][ T3823] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.219024][ T3823] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.258701][ T5895] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.294681][ T5895] 8021q: adding VLAN 0 to HW filter on device team0
[   62.317806][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.320433][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.346892][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.349603][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.420529][ T5901] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.462137][ T5900] Bluetooth: hci1: command tx timeout
[   62.464151][ T5900] Bluetooth: hci2: command tx timeout
[   62.466037][ T5900] Bluetooth: hci0: command tx timeout
[   62.485699][ T5898] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.489995][ T5895] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.503217][ T5901] veth0_vlan: entered promiscuous mode
[   62.517956][ T5901] veth1_vlan: entered promiscuous mode
[   62.544387][ T5898] veth0_vlan: entered promiscuous mode
[   62.562065][ T5895] veth0_vlan: entered promiscuous mode
[   62.567670][ T5898] veth1_vlan: entered promiscuous mode
[   62.574386][ T5901] veth0_macvtap: entered promiscuous mode
[   62.584356][ T5895] veth1_vlan: entered promiscuous mode
[   62.589860][ T5901] veth1_macvtap: entered promiscuous mode
[   62.617467][ T5898] veth0_macvtap: entered promiscuous mode
[   62.627620][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.637009][ T5898] veth1_macvtap: entered promiscuous mode
[   62.645568][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.649350][ T5895] veth0_macvtap: entered promiscuous mode
[   62.658920][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.668699][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.673980][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.677092][ T5895] veth1_macvtap: entered promiscuous mode
[   62.683153][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.693744][ T5898] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.720011][ T5898] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.728726][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.742098][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.754239][ T5895] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.757485][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.769850][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.775466][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.785755][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.788795][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.793552][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.799951][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.813841][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.833502][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.857252][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.866579][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.899573][ T4693] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.906880][ T4693] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.966699][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.969251][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.003461][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.006974][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.024221][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.026990][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.196348][ T5978] netlink: 'syz.1.31': attribute type 1 has an invalid length.
[   63.199598][ T5978] netlink: 36 bytes leftover after parsing attributes in process `syz.1.31'.
[   63.837436][ T6027] netlink: 20 bytes leftover after parsing attributes in process `syz.2.55'.
[   64.114467][ T6048] netlink: 'syz.2.63': attribute type 6 has an invalid length.
[   64.117572][ T6048] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.63'.
[   64.155874][ T6051] netlink: 'syz.1.65': attribute type 7 has an invalid length.
[   64.167090][ T6051] netlink: 8 bytes leftover after parsing attributes in process `syz.1.65'.
[   64.196218][ T6051] bond1 (unregistering): Released all slaves
[   64.210287][ T6057] pimreg: entered allmulticast mode
[   64.357998][ T6067] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   64.433365][ T6072] netlink: 9 bytes leftover after parsing attributes in process `syz.1.74'.
[   64.552395][ T5237] Bluetooth: hci0: command tx timeout
[   64.554852][ T5237] Bluetooth: hci2: command tx timeout
[   64.557089][ T5237] Bluetooth: hci1: command tx timeout
[   65.080207][   T33] audit: type=1800 audit(1756894364.080:2): pid=6098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.85" name="memory.events" dev="tmpfs" ino=108 res=0 errno=0
[   65.575935][ T6139] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   65.585607][ T6139] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   65.655490][ T6143] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   65.666019][ T6145] netlink: 'syz.2.108': attribute type 1 has an invalid length.
[   65.671881][ T6143] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[   65.740020][ T6149] netlink: 'syz.1.109': attribute type 1 has an invalid length.
[   65.793578][ T6149] gretap1: entered promiscuous mode
[   65.844699][ T6151] macvlan2: entered promiscuous mode
[   65.848225][ T6151] macvlan2: entered allmulticast mode
[   66.109135][ T6167] syz.2.117 uses obsolete (PF_INET,SOCK_PACKET)
[   66.248573][ T6176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.122'.
[   66.251995][ T6176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.122'.
[   66.260168][ T6179] netlink: 'syz.0.123': attribute type 1 has an invalid length.
[   66.268286][ T5959] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   66.268406][ T6176] netlink: 8 bytes leftover after parsing attributes in process `syz.2.122'.
[   66.275777][ T6176] netlink: 4 bytes leftover after parsing attributes in process `syz.2.122'.
[   66.277670][ T5959] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   66.287873][ T5959] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   66.297122][ T6176] Zero length message leads to an empty skb
[   66.356889][ T5959] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   66.394427][ T6184] gretap1: entered promiscuous mode
[   66.431643][ T6179] macvlan2: entered promiscuous mode
[   66.434266][ T6179] macvlan2: entered allmulticast mode
[   66.487785][ T6193] netlink: 44 bytes leftover after parsing attributes in process `syz.1.129'.
[   66.631564][ T5900] Bluetooth: hci1: command tx timeout
[   66.633271][ T5900] Bluetooth: hci2: command tx timeout
[   66.633316][ T5237] Bluetooth: hci0: command tx timeout
[   66.766828][ T6209] 8021q: adding VLAN 0 to HW filter on device bond1
[   66.975615][ T6224] netlink: 'syz.0.143': attribute type 11 has an invalid length.
[   67.281908][ T6243] IPVS: persistence engine module ip_vs_pe_ not found
[   67.287285][ T5944] IPVS: starting estimator thread 0...
[   67.481440][ T6245] IPVS: using max 81 ests per chain, 194400 per kthread
[   67.653560][ T6266] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   67.997035][ T6285] erspan0: entered promiscuous mode
[   68.013819][ T6285] Bluetooth: MGMT ver 1.23
[   68.129270][ T6291] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.169250][ T6295] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[   68.212393][ T6291] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.268497][ T6291] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.345550][ T6291] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.452323][ T5959] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.477988][ T5959] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.507536][ T5959] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.531808][ T5959] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.707874][ T5237] Bluetooth: hci2: command tx timeout
[   68.707916][   T54] Bluetooth: hci1: command tx timeout
[   69.086413][ T6340] __nla_validate_parse: 4 callbacks suppressed
[   69.086426][ T6340] netlink: 4 bytes leftover after parsing attributes in process `syz.2.198'.
[   69.194237][ T6352] netlink: 212364 bytes leftover after parsing attributes in process `syz.2.205'.
[   69.197458][ T6352] openvswitch: netlink: Message has 5 unknown bytes.
[   69.325243][ T6362] syzkaller0: entered promiscuous mode
[   69.327307][ T6362] syzkaller0: entered allmulticast mode
[   70.193221][ T6379] netlink: 20 bytes leftover after parsing attributes in process `syz.1.216'.
[   70.199124][ T6379] netlink: 32 bytes leftover after parsing attributes in process `syz.1.216'.
[   70.408990][ T6399] netlink: 'syz.1.220': attribute type 13 has an invalid length.
[   70.414449][ T6399] netlink: 'syz.1.220': attribute type 17 has an invalid length.
[   70.632339][ T6399] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   70.717881][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.220'.
[   70.738810][ T6387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   70.766412][ T6387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   71.271041][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.912894][ T6439] netlink: 48 bytes leftover after parsing attributes in process `syz.1.238'.
[   72.036293][ T6442] netlink: 4 bytes leftover after parsing attributes in process `syz.2.240'.
[   72.047658][   T55] block nbd0: Receive control failed (result -107)
[   72.091386][ T6442] nbd0: detected capacity change from 0 to 32
[   72.096910][ T5864] block nbd0: Dead connection, failed to find a fallback
[   72.099996][ T5864] block nbd0: shutting down sockets
[   72.103866][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.108530][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.114745][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.118252][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.121439][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.122101][ T6444] netlink: zone id is out of range
[   72.124901][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.128399][ T6444] netlink: zone id is out of range
[   72.130286][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.136414][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.140298][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.141323][ T6444] netlink: zone id is out of range
[   72.146390][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.149546][ T6444] netlink: zone id is out of range
[   72.149557][ T6444] netlink: zone id is out of range
[   72.149564][ T6444] netlink: zone id is out of range
[   72.155732][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.163865][ T6444] netlink: zone id is out of range
[   72.167261][ T6444] netlink: zone id is out of range
[   72.171062][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.173922][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.177499][ T6444] netlink: zone id is out of range
[   72.179162][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.182646][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.185738][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.189112][ T5864] ldm_validate_partition_table(): Disk read failed.
[   72.198865][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.202400][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.205874][ T5864] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   72.209452][ T5864] Buffer I/O error on dev nbd0, logical block 0, async page read
[   72.215463][ T5864] Dev nbd0: unable to read RDB block 0
[   72.218821][ T5864]  nbd0: unable to read partition table
[   72.226510][ T5864] ldm_validate_partition_table(): Disk read failed.
[   72.230410][ T5864] Dev nbd0: unable to read RDB block 0
[   72.233343][ T5864]  nbd0: unable to read partition table
[   72.988327][ T6478] netlink: 248 bytes leftover after parsing attributes in process `syz.0.254'.
[   73.241412][ T6488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.258'.
[   73.608391][ T6504] netlink: 'syz.0.264': attribute type 10 has an invalid length.
[   73.648092][ T6504] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.668165][ T6504] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   73.699865][ T6504] netlink: 'syz.0.264': attribute type 10 has an invalid length.
[   73.706903][ T6504] netlink: 40 bytes leftover after parsing attributes in process `syz.0.264'.
[   73.733241][ T6504] batadv0: entered promiscuous mode
[   73.735598][ T6504] batadv0: entered allmulticast mode
[   73.738894][ T6504] bond0: (slave batadv0): Releasing backup interface
[   73.755577][ T6504] bridge0: port 3(batadv0) entered blocking state
[   73.758862][ T6504] bridge0: port 3(batadv0) entered disabled state
[   73.908447][ T6526] warning: `syz.2.272' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   74.142179][ T5959] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[   74.146319][ T5959] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[   74.643237][ T6575] team0: Device xfrm1 is of different type
[   75.073389][ T6603] ieee802154 phy0 wpan0: encryption failed: -22
[   75.257867][ T6616] syzkaller0: entered promiscuous mode
[   75.260295][ T6616] syzkaller0: entered allmulticast mode
[   76.990799][    T9] cfg80211: failed to load regulatory.db
[   77.099585][ T6677] netlink: 'syz.2.333': attribute type 1 has an invalid length.
[   77.111957][ T6677] netlink: 232 bytes leftover after parsing attributes in process `syz.2.333'.
[   77.714830][ T6697] netlink: 'syz.2.343': attribute type 11 has an invalid length.
[   77.798878][ T6704] netlink: 732 bytes leftover after parsing attributes in process `syz.2.346'.
[   77.805034][ T6704] netlink: 732 bytes leftover after parsing attributes in process `syz.2.346'.
[   77.844732][ T6707] netlink: 4 bytes leftover after parsing attributes in process `syz.0.347'.
[   77.852667][ T6707] netlink: 12 bytes leftover after parsing attributes in process `syz.0.347'.
[   78.217646][ T6733] netlink: 'syz.0.360': attribute type 23 has an invalid length.
[   78.427215][ T6743] net_ratelimit: 13 callbacks suppressed
[   78.427224][ T6743] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   78.490793][ T6750] netlink: 596 bytes leftover after parsing attributes in process `syz.0.368'.
[   78.544902][ T6757] netlink: 'syz.2.372': attribute type 29 has an invalid length.
[   78.548406][ T6757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.372'.
[   78.558220][ T6760] syz_tun: entered promiscuous mode
[   78.564581][ T6760] batadv_slave_0: entered promiscuous mode
[   78.567374][ T6760] hsr1: entered allmulticast mode
[   78.580982][ T6760] syz_tun: entered allmulticast mode
[   78.583120][ T6760] batadv_slave_0: entered allmulticast mode
[   78.626229][ T6766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.376'.
[   79.471965][ T5944] IPVS: starting estimator thread 0...
[   79.571537][ T6796] IPVS: using max 80 ests per chain, 192000 per kthread
[   80.036424][ T6843] netlink: 20 bytes leftover after parsing attributes in process `syz.2.406'.
[   80.039677][ T6843] netlink: 20 bytes leftover after parsing attributes in process `syz.2.406'.
[   80.248136][ T6855] team_slave_0: entered promiscuous mode
[   80.250390][ T6855] team_slave_1: entered promiscuous mode
[   80.252859][ T6855] macvtap1: entered promiscuous mode
[   80.254877][ T6855] team0: entered promiscuous mode
[   80.257111][ T6855] macvtap1: entered allmulticast mode
[   80.259263][ T6855] team0: entered allmulticast mode
[   80.261663][ T6855] team_slave_0: entered allmulticast mode
[   80.263948][ T6855] team_slave_1: entered allmulticast mode
[   80.266700][ T6855] 8021q: adding VLAN 0 to HW filter on device macvtap1
[   80.809178][ T6878] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[   80.815236][ T6878] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[   81.553495][ T6915] sctp: [Deprecated]: syz.0.438 (pid 6915) Use of struct sctp_assoc_value in delayed_ack socket option.
[   81.553495][ T6915] Use struct sctp_sack_info instead
[   81.574809][ T6915] sctp: [Deprecated]: syz.0.438 (pid 6915) Use of struct sctp_assoc_value in delayed_ack socket option.
[   81.574809][ T6915] Use struct sctp_sack_info instead
[   81.707464][ T6936] netlink: 'syz.0.448': attribute type 10 has an invalid length.
[   81.721645][ T6936] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   81.834115][ T6946] syzkaller1: entered promiscuous mode
[   81.836455][ T6946] syzkaller1: entered allmulticast mode
[   82.117313][ T6964] syzkaller0: entered promiscuous mode
[   82.119774][ T6964] syzkaller0: entered allmulticast mode
[   82.601519][ T6975] netlink: 'syz.0.466': attribute type 1 has an invalid length.
[   82.605432][ T6975] nbd: error processing sock list
[   82.608195][ T6975] block nbd1: shutting down sockets
[   82.734143][ T6984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   82.812449][ T6992] __nla_validate_parse: 6 callbacks suppressed
[   82.812465][ T6992] netlink: 48 bytes leftover after parsing attributes in process `syz.2.473'.
[   82.896350][ T6997] tipc: Failed to remove unknown binding: 66,1,1/0:282360879/282360881
[   82.900166][ T6997] tipc: Failed to remove unknown binding: 66,1,1/0:282360879/282360881
[   83.223527][ T7018] netlink: 24 bytes leftover after parsing attributes in process `syz.1.485'.
[   83.423929][ T7030] IPVS: Scheduler module ip_vs_ not found
[   83.663305][ T5237] Bluetooth: hci2: command 0x0405 tx timeout
[   83.971886][ T7088] netlink: 152 bytes leftover after parsing attributes in process `syz.1.511'.
[   83.975629][ T7088] netlink: 16 bytes leftover after parsing attributes in process `syz.1.511'.
[   84.426602][ T7128] sctp: [Deprecated]: syz.0.534 (pid 7128) Use of struct sctp_assoc_value in delayed_ack socket option.
[   84.426602][ T7128] Use struct sctp_sack_info instead
[   84.660091][ T7146] netlink: 'syz.0.543': attribute type 3 has an invalid length.
[   84.728563][ T7157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.548'.
[   84.841329][ T7169] Driver unsupported XDP return value 0 on prog  (id 96) dev N/A, expect packet loss!
[   84.955444][ T7179] netlink: 48 bytes leftover after parsing attributes in process `syz.2.558'.
[   84.959167][ T7179] netlink: 48 bytes leftover after parsing attributes in process `syz.2.558'.
[   84.964065][ T7179] netlink: 20 bytes leftover after parsing attributes in process `syz.2.558'.
[   85.206729][ T7194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.563'.
[   85.295851][ T7211] sctp: [Deprecated]: syz.0.571 (pid 7211) Use of int in maxseg socket option.
[   85.295851][ T7211] Use struct sctp_assoc_value instead
[   85.314202][ T7213] netlink: 'syz.2.572': attribute type 1 has an invalid length.
[   85.317744][ T7213] netlink: 'syz.2.572': attribute type 1 has an invalid length.
[   85.324081][ T7213] netlink: 108 bytes leftover after parsing attributes in process `syz.2.572'.
[   85.416590][ T7221] netlink: 'syz.0.576': attribute type 7 has an invalid length.
[   85.517028][ T7231] openvswitch: netlink: Message has 1 unknown bytes.
[   85.519723][ T7231] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   86.011658][   T13] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x22
[   87.590394][ T7331] tipc: Started in network mode
[   87.600182][ T7331] tipc: Node identity ac1414aa, cluster identity 4711
[   87.611755][ T7331] tipc: Enabled bearer <udp:s>, priority 10
[   88.622323][    T9] tipc: Node number set to 2886997162
[   88.704991][ T7386] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   88.755755][ T7390] netlink: 'syz.1.647': attribute type 3 has an invalid length.
[   88.758557][ T7390] __nla_validate_parse: 3 callbacks suppressed
[   88.758564][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.647'.
[   88.805848][ T7395] batadv_slave_1: entered promiscuous mode
[   88.811129][ T7394] batadv_slave_1: left promiscuous mode
[   88.945646][ T7402] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   89.198383][ T7416] tap0: tun_chr_ioctl cmd 1074025677
[   89.200523][ T7416] tap0: linktype set to 0
[   89.257532][ T7418] netlink: 'syz.0.659': attribute type 3 has an invalid length.
[   89.366215][ T7425] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615)
[   89.370714][ T7425] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647
[   89.416181][ T7430] netlink: 12 bytes leftover after parsing attributes in process `syz.2.665'.
[   89.420318][ T7430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.665'.
[   89.836455][ T7454] netlink: 2 bytes leftover after parsing attributes in process `syz.2.676'.
[   89.883227][ T7460] RDS: rds_bind could not find a transport for 100:806:aaaa:aaaa:aaaa::, load rds_tcp or rds_rdma?
[   89.960662][ T7462] 8021q: adding VLAN 0 to HW filter on device bond1
[   90.123698][ T7478] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   90.168466][ T7485] netlink: 8 bytes leftover after parsing attributes in process `syz.2.690'.
[   90.410583][ T7509] macsec1: entered promiscuous mode
[   90.414841][ T7509] macsec0: entered promiscuous mode
[   90.417796][ T7509] macsec1: entered allmulticast mode
[   90.422828][ T7509] macsec0: entered allmulticast mode
[   90.425150][ T7509] veth1_macvtap: entered allmulticast mode
[   90.927557][ T7537] netlink: 20 bytes leftover after parsing attributes in process `syz.1.711'.
[   91.312346][ T7559] tipc: Started in network mode
[   91.314354][ T7559] tipc: Node identity 3a9f4227c6fd, cluster identity 4711
[   91.317542][ T7559] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   91.323771][ T7559] syzkaller0: entered promiscuous mode
[   91.326100][ T7559] syzkaller0: entered allmulticast mode
[   91.326584][ T7561] netlink: 28 bytes leftover after parsing attributes in process `syz.1.721'.
[   91.355238][ T7559] tipc: Resetting bearer <eth:syzkaller0>
[   91.366272][ T7558] tipc: Resetting bearer <eth:syzkaller0>
[   91.382504][ T7558] tipc: Disabling bearer <eth:syzkaller0>
[   91.520224][ T7571] syzkaller1: entered promiscuous mode
[   91.525872][ T7571] syzkaller1: entered allmulticast mode
[   91.534560][ T7569] GUP no longer grows the stack in syz.1.726 (7569): 200000003000-20000000a000 (200000001000)
[   91.538966][ T7569] CPU: 0 UID: 0 PID: 7569 Comm: syz.1.726 Not tainted syzkaller #0 PREEMPT(full) 
[   91.538984][ T7569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   91.538993][ T7569] Call Trace:
[   91.539000][ T7569]  <TASK>
[   91.539005][ T7569]  dump_stack_lvl+0x189/0x250
[   91.539029][ T7569]  ? __pfx_dump_stack_lvl+0x10/0x10
[   91.539046][ T7569]  ? __pfx__printk+0x10/0x10
[   91.539061][ T7569]  ? find_vma+0xe7/0x160
[   91.539080][ T7569]  ? __lock_acquire+0xab9/0xd20
[   91.539108][ T7569]  __get_user_pages+0x24d0/0x2ce0
[   91.539126][ T7569]  ? __bpf_trace_mmap_lock_acquire_returned+0x13b/0x190
[   91.539161][ T7569]  ? rcu_is_watching+0x15/0xb0
[   91.539178][ T7569]  __gup_longterm_locked+0xde9/0x1660
[   91.539203][ T7569]  ? sanity_check_pinned_pages+0x123a/0x1300
[   91.539224][ T7569]  gup_fast_fallback+0x1e6a/0x2010
[   91.539264][ T7569]  ? __pfx_gup_fast_fallback+0x10/0x10
[   91.539289][ T7569]  ? pin_user_pages_fast+0x4d/0xb0
[   91.539306][ T7569]  iov_iter_extract_pages+0x35a/0x5e0
[   91.539335][ T7569]  extract_iter_to_sg+0xe46/0x24e0
[   91.539360][ T7569]  ? __pfx_extract_iter_to_sg+0x10/0x10
[   91.539392][ T7569]  ? __asan_memset+0x22/0x50
[   91.539410][ T7569]  af_alg_get_rsgl+0x436/0x810
[   91.539438][ T7569]  aead_recvmsg+0x4cc/0x13f0
[   91.539461][ T7569]  ? rcu_is_watching+0x15/0xb0
[   91.539507][ T7569]  ? __pfx_aead_recvmsg+0x10/0x10
[   91.539527][ T7569]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[   91.539543][ T7569]  ? __pfx_aead_recvmsg+0x10/0x10
[   91.539562][ T7569]  sock_recvmsg_nosec+0x186/0x1c0
[   91.539587][ T7569]  ____sys_recvmsg+0x3aa/0x460
[   91.539610][ T7569]  ? __pfx_____sys_recvmsg+0x10/0x10
[   91.539638][ T7569]  ? import_iovec+0x74/0xa0
[   91.539656][ T7569]  ___sys_recvmsg+0x1b5/0x510
[   91.539694][ T7569]  ? __pfx____sys_recvmsg+0x10/0x10
[   91.539733][ T7569]  ? __might_fault+0xb0/0x130
[   91.539754][ T7569]  do_recvmmsg+0x307/0x770
[   91.539777][ T7569]  ? __pfx_do_recvmmsg+0x10/0x10
[   91.539789][ T7569]  ? __ia32_sys_rt_sigreturn+0x6a2/0x7b0
[   91.539818][ T7569]  ? __pfx_do_futex+0x10/0x10
[   91.539846][ T7569]  __x64_sys_recvmmsg+0x190/0x240
[   91.539863][ T7569]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   91.539875][ T7569]  ? rcu_is_watching+0x15/0xb0
[   91.539891][ T7569]  ? do_syscall_64+0xbe/0x3b0
[   91.539908][ T7569]  do_syscall_64+0xfa/0x3b0
[   91.539919][ T7569]  ? lockdep_hardirqs_on+0x9c/0x150
[   91.539931][ T7569]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.539942][ T7569]  ? exc_page_fault+0x9f/0xf0
[   91.539956][ T7569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.539967][ T7569] RIP: 0033:0x7fdd8dd8ebe9
[   91.539979][ T7569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.539989][ T7569] RSP: 002b:00007fdd8ec56038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   91.540002][ T7569] RAX: ffffffffffffffda RBX: 00007fdd8dfc5fa0 RCX: 00007fdd8dd8ebe9
[   91.540010][ T7569] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000008
[   91.540018][ T7569] RBP: 00007fdd8de11e19 R08: 0000000000000000 R09: 0000000000000000
[   91.540025][ T7569] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000000
[   91.540032][ T7569] R13: 00007fdd8dfc6038 R14: 00007fdd8dfc5fa0 R15: 00007ffe3778de78
[   91.540052][ T7569]  </TASK>
[   91.717452][ T7575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.728'.
[   91.908939][ T7585] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.912845][ T7585] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.982881][ T7585] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   91.993623][ T7585] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   92.065033][ T7585] veth1_macvtap: left allmulticast mode
[   92.120369][ T7585] macsec0: left allmulticast mode
[   92.123715][ T7585] macsec0: left promiscuous mode
[   92.125912][ T7585] macsec1: left promiscuous mode
[   92.127923][ T7585] macsec1: left allmulticast mode
[   92.136611][   T13] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[   92.142536][   T13] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.148248][   T13] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[   92.157671][   T13] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.161826][   T13] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[   92.167780][   T13] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.174541][   T13] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[   92.178309][   T13] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   92.736632][ T7612] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.744'.
[   92.854400][ T7614] netlink: 20 bytes leftover after parsing attributes in process `syz.1.745'.
[   94.090360][ T7648] ipvlan2: entered promiscuous mode
[   94.093024][ T7648] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   94.333072][ T7663] __nla_validate_parse: 1 callbacks suppressed
[   94.333085][ T7663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.762'.
[   94.423659][ T7670] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[   94.442339][ T7670] bond1: entered promiscuous mode
[   94.444139][ T7670] bond1: entered allmulticast mode
[   94.446037][ T7670] 8021q: adding VLAN 0 to HW filter on device bond1
[   95.159638][ T7679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.770'.
[   95.172083][ T7679] ip6gretap0: entered promiscuous mode
[   95.174935][ T7679] macvtap1: entered promiscuous mode
[   95.177500][ T7679] macvtap1: entered allmulticast mode
[   95.179981][ T7679] ip6gretap0: entered allmulticast mode
[   95.303968][ T7689] netlink: 'syz.1.775': attribute type 8 has an invalid length.
[   95.417410][ T7698] netlink: 4 bytes leftover after parsing attributes in process `syz.1.780'.
[   95.505155][ T7706] netlink: 10 bytes leftover after parsing attributes in process `syz.2.778'.
[   95.923158][ T7739] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   95.926647][ T7739] syzkaller0: entered promiscuous mode
[   95.929092][ T7739] syzkaller0: entered allmulticast mode
[   95.949180][ T7739] tipc: Resetting bearer <eth:syzkaller0>
[   95.953463][ T7738] tipc: Resetting bearer <eth:syzkaller0>
[   95.965555][ T7738] tipc: Disabling bearer <eth:syzkaller0>
[   96.060352][ T7744] netlink: 64 bytes leftover after parsing attributes in process `syz.0.798'.
[   96.598729][ T7768] syzkaller0: entered promiscuous mode
[   96.601254][ T7768] syzkaller0: entered allmulticast mode
[   96.962260][ T7778] vcan0: tx drop: invalid sa for name 0x0000000000000002
[   97.033931][ T7785] netlink: 68 bytes leftover after parsing attributes in process `syz.1.817'.
[   97.402503][ T7811] IPv6: Can't replace route, no match found
[   97.528485][ T7822] netlink: 'syz.1.835': attribute type 1 has an invalid length.
[   97.532821][ T7822] netlink: 'syz.1.835': attribute type 2 has an invalid length.
[   97.760624][ T7842] netlink: 'syz.2.845': attribute type 5 has an invalid length.
[   97.774015][  T792] IPVS: starting estimator thread 0...
[   97.780383][ T7842] ieee802154 phy0 wpan0: encryption failed: -22
[   97.871347][ T7844] IPVS: using max 80 ests per chain, 192000 per kthread
[   98.028588][   T13] IPVS: stop unused estimator thread 0...
[   98.140698][ T7873] netlink: 24 bytes leftover after parsing attributes in process `syz.1.857'.
[   98.255747][ T7878] IPVS: Scheduler module ip_vs_sip not found
[   98.259130][ T7878] IPVS: length: 141 != 8
[   98.293020][ T7881] netlink: 'syz.2.861': attribute type 4 has an invalid length.
[   98.309792][ T7883] netlink: 'syz.0.862': attribute type 2 has an invalid length.
[   98.424885][   T13] nci: nci_rx_work: unknown MT 0x1
[   98.450582][ T7899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.868'.
[   98.700440][ T7911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.874'.
[   98.706971][ T7911] netlink: 4 bytes leftover after parsing attributes in process `syz.2.874'.
[  100.515184][ T7974] netlink: 8 bytes leftover after parsing attributes in process `syz.1.899'.
[  102.202420][ T8035] netlink: 44 bytes leftover after parsing attributes in process `syz.2.922'.
[  102.557570][ T8063] netlink: 24 bytes leftover after parsing attributes in process `syz.1.935'.
[  102.613646][ T8063] netlink: 8 bytes leftover after parsing attributes in process `syz.1.935'.
[  102.779551][ T8076] netlink: 12 bytes leftover after parsing attributes in process `syz.0.941'.
[  103.638685][ T8119] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  103.643960][ T8119] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  104.013549][ T8146] syzkaller0: entered allmulticast mode
[  104.105307][ T8154] netlink: 12 bytes leftover after parsing attributes in process `syz.0.959'.
[  104.149010][ T8154] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[  104.158142][ T8154] bond2: (slave vxcan3): Error -95 calling set_mac_address
[  104.198455][ T8159] macvlan2: entered promiscuous mode
[  104.200651][ T8159] macvlan2: entered allmulticast mode
[  104.203779][ T8159] bond2: (slave macvlan2): Error -98 calling set_mac_address
[  104.625919][ T8186] netlink: 'syz.1.968': attribute type 21 has an invalid length.
[  104.629275][ T8186] netlink: 132 bytes leftover after parsing attributes in process `syz.1.968'.
[  105.316992][ T8221] netlink: 36 bytes leftover after parsing attributes in process `syz.1.983'.
[  105.746628][ T8258] tipc: Started in network mode
[  105.748888][ T8258] tipc: Node identity aa4fa82c1a25, cluster identity 4711
[  105.752547][ T8258] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  105.761939][ T8258] syzkaller0: entered promiscuous mode
[  105.769727][ T8258] syzkaller0: entered allmulticast mode
[  105.803932][ T8258] tipc: Resetting bearer <eth:syzkaller0>
[  105.844768][ T8256] tipc: Resetting bearer <eth:syzkaller0>
[  105.859218][ T8256] tipc: Disabling bearer <eth:syzkaller0>
[  106.009548][ T8275] netlink: 'syz.0.1007': attribute type 5 has an invalid length.
[  106.068359][ T8281] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1010'.
[  106.621348][ T5237] Bluetooth: hci2: command 0x0405 tx timeout
[  106.755103][ T8342] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1036'.
[  106.759429][ T8342] netlink: zone id is out of range
[  106.761709][ T8342] netlink: get zone limit has 8 unknown bytes
[  106.915777][ T8360] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  107.173994][ T8378] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  107.179186][ T8378] syzkaller0: entered promiscuous mode
[  107.183025][ T8378] syzkaller0: entered allmulticast mode
[  107.194233][ T8378] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  107.215656][ T8378] tipc: Resetting bearer <eth:syzkaller0>
[  107.219205][ T8377] tipc: Resetting bearer <eth:syzkaller0>
[  107.229070][ T8377] tipc: Disabling bearer <eth:syzkaller0>
[  107.466270][ T8397] dvmrp8: entered allmulticast mode
[  107.528646][ T8398] netlink: 'syz.1.1062': attribute type 23 has an invalid length.
[  107.556248][ T8396] dvmrp8: left allmulticast mode
[  107.874397][ T8413] netlink: 'syz.1.1069': attribute type 1 has an invalid length.
[  107.877554][ T8413] netlink: 'syz.1.1069': attribute type 3 has an invalid length.
[  107.880219][ T8413] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1069'.
[  108.062201][ T8382] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  108.646034][ T8450] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  109.586632][ T8495] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1104'.
[  109.660037][ T8498] tipc: New replicast peer: 208.253.78.183
[  109.663485][ T8498] tipc: Enabled bearer <udp:s>, priority 10
[  110.206081][ T8515] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.209519][ T8515] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.215363][ T8524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1112'.
[  110.386029][ T8515] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.409666][ T8515] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.587520][ T8515] ip6gretap0: left allmulticast mode
[  110.589836][ T8515] macvtap1: left promiscuous mode
[  110.591846][ T8515] macvtap1: left allmulticast mode
[  110.609385][ T8524] hsr_slave_0: left promiscuous mode
[  110.625937][ T8524] hsr_slave_1: left promiscuous mode
[  110.650243][ T5678] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  110.657699][ T5678] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  110.665543][ T5678] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  110.674964][ T5678] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  110.792131][ T5958] tipc: Node number set to 4234297895
[  111.287039][ T8603] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.187172][ T8603] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.236468][ T8603] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.298108][ T8603] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.377582][ T5959] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.398197][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.436566][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.440110][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.444100][ T8622] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1130'.
[  112.977183][ T8656] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1146'.
[  112.981144][ T8656] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1146'.
[  112.992784][ T8656] bond0: entered promiscuous mode
[  112.994916][ T8656] bond_slave_0: entered promiscuous mode
[  113.009733][ T8656] bond_slave_1: entered promiscuous mode
[  113.024861][ T8656] bond0: left promiscuous mode
[  113.027033][ T8656] bond_slave_0: left promiscuous mode
[  113.031311][ T8656] bond_slave_1: left promiscuous mode
[  113.602650][ T8693] netlink: 'syz.1.1157': attribute type 4 has an invalid length.
[  113.612310][ T8693] netlink: 'syz.1.1157': attribute type 4 has an invalid length.
[  113.632090][ T8699] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1160'.
[  113.692822][ T8708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1163'.
[  113.696659][ T8708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1163'.
[  113.699685][ T8708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1163'.
[  113.758776][ T8714] netlink: 566 bytes leftover after parsing attributes in process `syz.2.1165'.
[  114.150401][ T8762] netlink: 'syz.2.1188': attribute type 1 has an invalid length.
[  114.159879][ T8764] ieee802154 phy0 wpan0: encryption failed: -90
[  114.180793][ T8762] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1188'.
[  114.196165][ T8766] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1190'.
[  114.342440][ T8780] sctp: [Deprecated]: syz.2.1197 (pid 8780) Use of struct sctp_assoc_value in delayed_ack socket option.
[  114.342440][ T8780] Use struct sctp_sack_info instead
[  114.814297][ T8815] tun0: tun_chr_ioctl cmd 1074025675
[  114.816833][ T8815] tun0: persist enabled
[  114.818923][ T8815] tun0: tun_chr_ioctl cmd 1074025675
[  114.821863][ T8815] tun0: persist enabled
[  115.348402][ T8843] tipc: New replicast peer: 255.255.255.255
[  115.353675][ T8843] tipc: Enabled bearer <udp:syz2>, priority 10
[  115.613933][ T8854] netlink: 'syz.0.1232': attribute type 1 has an invalid length.
[  115.629927][ T8856] sctp: [Deprecated]: syz.2.1233 (pid 8856) Use of struct sctp_assoc_value in delayed_ack socket option.
[  115.629927][ T8856] Use struct sctp_sack_info instead
[  115.728385][ T8864] netlink: 'syz.2.1237': attribute type 1 has an invalid length.
[  116.277541][ T8903] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40
[  117.051202][ T8938] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  117.099500][ T8943] IPVS: rr: TCP [::]:0 - no destination available
[  117.141347][ T8943] syz.1.1272 (8943) used greatest stack depth: 19480 bytes left
[  117.400773][ T8967] team0: entered allmulticast mode
[  117.405404][ T8967] team_slave_0: entered allmulticast mode
[  117.407859][ T8967] team_slave_1: entered allmulticast mode
[  117.474421][ T8974] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  117.490050][ T8974] syzkaller0: entered promiscuous mode
[  117.495133][ T8974] syzkaller0: entered allmulticast mode
[  117.518330][ T8974] tipc: Resetting bearer <eth:syzkaller0>
[  117.533022][ T8972] tipc: Resetting bearer <eth:syzkaller0>
[  117.560473][ T8972] tipc: Disabling bearer <eth:syzkaller0>
[  117.591478][ T8986] __nla_validate_parse: 10 callbacks suppressed
[  117.591492][ T8986] netlink: 236 bytes leftover after parsing attributes in process `syz.2.1289'.
[  117.614576][ T8988] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1292'.
[  117.631197][ T8988] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1292'.
[  117.708450][ T8990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1293'.
[  117.783277][ T8996] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1296'.
[  117.809755][ T8998] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1297'.
[  117.954155][ T9010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1301'.
[  118.141179][    C0] IPVS: rr: TCP [::]:0 - no destination available
[  118.354917][ T9035] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  118.515843][ T9056] raw_sendmsg: syz.2.1323 forgot to set AF_INET. Fix it!
[  118.568662][ T9063] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1326'.
[  118.573399][ T9063] netlink: 'syz.1.1326': attribute type 7 has an invalid length.
[  118.576681][ T9063] netlink: 'syz.1.1326': attribute type 8 has an invalid length.
[  118.579742][ T9063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1326'.
[  118.608758][ T9065] sctp: [Deprecated]: syz.2.1327 (pid 9065) Use of int in maxseg socket option.
[  118.608758][ T9065] Use struct sctp_assoc_value instead
[  118.697276][ T9073] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1331'.
[  119.143009][ T9122] block nbd1: server does not support multiple connections per device.
[  119.148377][ T9122] block nbd1: shutting down sockets
[  119.437026][ T9142] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.482720][ T9142] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.545280][ T9142] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.610381][ T9142] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.640027][ T9156] batadv0: left allmulticast mode
[  119.642804][ T9156] batadv0: left promiscuous mode
[  119.645066][ T9156] bridge0: port 3(batadv0) entered disabled state
[  119.649275][ T9156] bridge_slave_0: left allmulticast mode
[  119.651991][ T9156] bridge_slave_0: left promiscuous mode
[  119.654096][ T9156] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.659263][ T9156] bridge_slave_1: left allmulticast mode
[  119.662283][ T9156] bridge_slave_1: left promiscuous mode
[  119.664935][ T9156] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.673331][ T9156] bond0: (slave bond_slave_0): Releasing backup interface
[  119.678401][ T9156] bond0: (slave bond_slave_1): Releasing backup interface
[  119.684957][ T9156] team_slave_0: left allmulticast mode
[  119.688834][ T9156] team0: Port device team_slave_0 removed
[  119.693681][ T9156] team_slave_1: left allmulticast mode
[  119.697802][ T9156] team0: Port device team_slave_1 removed
[  119.708818][ T9156] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.722318][ T9156] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.795522][   T13] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  119.835352][   T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  119.881671][   T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  119.887162][   T13] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  120.033227][ T9186] unsupported nlmsg_type 40
[  120.694524][ T9243] netlink: 'syz.1.1407': attribute type 1 has an invalid length.
[  121.624398][ T9305] bridge2: entered allmulticast mode
[  121.884557][ T9334] netlink: 'syz.2.1451': attribute type 9 has an invalid length.
[  122.082908][ T9353] ieee802154 phy0 wpan0: encryption failed: -22
[  122.807118][ T9408] __nla_validate_parse: 19 callbacks suppressed
[  122.807131][ T9408] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1483'.
[  122.897940][ T9414] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1486'.
[  123.370184][ T9449] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  123.398291][ T9455] net veth1_virt_wifi : renamed from virt_wifi0
[  123.604237][ T9465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1511'.
[  123.613290][ T9465] macvtap1: entered promiscuous mode
[  123.615415][ T9465] bond0: entered promiscuous mode
[  123.617438][ T9465] bond_slave_0: entered promiscuous mode
[  123.619682][ T9465] bond_slave_1: entered promiscuous mode
[  123.623258][ T9465] macvtap1: entered allmulticast mode
[  123.625084][ T9465] bond0: entered allmulticast mode
[  123.626830][ T9465] bond_slave_0: entered allmulticast mode
[  123.628789][ T9465] bond_slave_1: entered allmulticast mode
[  123.635128][ T9465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1511'.
[  123.639582][ T9465] bond0: left allmulticast mode
[  123.641962][ T9465] bond_slave_0: left allmulticast mode
[  123.644414][ T9465] bond_slave_1: left allmulticast mode
[  123.646837][ T9465] bond0: left promiscuous mode
[  123.648972][ T9465] bond_slave_0: left promiscuous mode
[  123.651678][ T9465] bond_slave_1: left promiscuous mode
[  123.699176][ T9469] geneve2: entered promiscuous mode
[  123.703204][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.708408][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.714188][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.718348][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.960720][ T9478] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1516'.
[  123.987229][ T9480] netlink: 'syz.1.1517': attribute type 1 has an invalid length.
[  124.102300][ T9486] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1520'.
[  124.106013][ T9486] openvswitch: netlink: EtherType 0 is less than min 600
[  125.588527][ T9529] netlink: 'syz.1.1540': attribute type 12 has an invalid length.
[  125.779406][ T9548] dvmrp1: entered allmulticast mode
[  125.786688][ T9548] dvmrp1: left allmulticast mode
[  125.948051][ T9561] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  126.547433][ T9604] netlink: 'syz.2.1571': attribute type 12 has an invalid length.
[  126.604890][ T9608] !: renamed from dummy0
[  126.909783][ T9620] netlink: 'syz.2.1579': attribute type 32 has an invalid length.
[  126.914385][ T9620] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1579'.
[  126.917767][ T9620] (unnamed net_device) (uninitialized): option coupled_control: invalid value (192)
[  127.065368][ T9631] netlink: 'syz.2.1584': attribute type 1 has an invalid length.
[  127.165256][ T9637] netlink: 'syz.1.1587': attribute type 1 has an invalid length.
[  127.202664][ T9641] pim6reg1: entered promiscuous mode
[  127.204918][ T9641] pim6reg1: entered allmulticast mode
[  127.300353][ T9647] vxlan0: entered promiscuous mode
[  127.303022][ T9647] vxlan0: entered allmulticast mode
[  127.305946][ T9647] team0: Port device vxlan0 added
[  127.308739][   T13] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  127.318719][   T13] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  127.325648][   T13] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  127.332198][   T13] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  127.377870][ T9649] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1593'.
[  127.514342][ T9657] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1597'.
[  127.689089][ T9665] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1601'.
[  128.090453][ T9683] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1610'.
[  128.479256][ T9717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1627'.
[  128.486228][ T9717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1627'.
[  128.490032][ T9717] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  128.515223][ T9721] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  128.736724][   T12] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x7
[  128.852566][ T9753] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1641'.
[  128.963028][ T9756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1641'.
[  129.467567][ T9766] tipc: Cannot configure node identity twice
[  129.469564][ T9766] tipc: Cannot configure node identity twice
[  129.693121][ T9794] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1657'.
[  129.873069][ T9817] netlink: 'syz.2.1664': attribute type 13 has an invalid length.
[  129.875865][ T9817] netlink: 'syz.2.1664': attribute type 17 has an invalid length.
[  129.966755][ T9817] 8021q: adding VLAN 0 to HW filter on device team0
[  129.973370][ T9817] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  130.033230][ T9817] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1664'.
[  130.056397][ T9817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  130.126562][ T9808] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  130.867176][ T9878] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1695'.
[  131.070030][ T9887] tc_dump_action: action bad kind
[  131.536220][ T9907] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1706'.
[  131.622769][ T9904] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.625593][ T9904] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.778434][ T9904] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  131.794088][ T9904] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  131.871781][ T9904] mac80211_hwsim hwsim2 wlan0: left promiscuous mode
[  131.879331][ T9904] hsr1: left allmulticast mode
[  131.885850][ T9904] batadv_slave_0: left allmulticast mode
[  131.890408][ T9904] team0: left allmulticast mode
[  131.892663][ T9904] team_slave_0: left allmulticast mode
[  131.894804][ T9904] team_slave_1: left allmulticast mode
[  131.897016][ T9904] vxlan0: left allmulticast mode
[  131.898837][ T9904] team0: left promiscuous mode
[  131.900679][ T9904] team_slave_0: left promiscuous mode
[  131.903626][ T9904] team_slave_1: left promiscuous mode
[  131.905722][ T9904] vxlan0: left promiscuous mode
[  131.907993][ T9904] macvtap1: left promiscuous mode
[  131.909586][ T9904] macvtap1: left allmulticast mode
[  131.916357][ T9904] ipvlan2: left promiscuous mode
[  131.948044][ T5678] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[  131.954892][ T5678] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  131.957705][ T5678] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[  131.960482][ T5678] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  131.963706][ T5678] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[  131.967944][ T5678] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  131.972012][ T5678] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[  131.975337][ T5678] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  132.270101][ T9940] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1721'.
[  132.659970][ T9964] 8021q: adding VLAN 0 to HW filter on device bond3
[  132.674306][ T9964] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  132.678291][ T9964] bond3: (slave macvlan2): Enslaving as a backup interface with a down link
[  132.691588][ T9964] bond3: (slave macvlan2): Releasing backup interface
[  132.705150][ T9964] netlink: 'syz.0.1731': attribute type 1 has an invalid length.
[  132.716843][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  133.379006][T10011] netlink: 'syz.0.1753': attribute type 2 has an invalid length.
[  133.421107][T10011] : entered promiscuous mode
[  133.884808][T10048] netpci0: tun_chr_ioctl cmd 2147767507
[  134.022719][T10058] __nla_validate_parse: 1 callbacks suppressed
[  134.022728][T10058] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1770'.
[  134.333396][T10076] tipc: Bearer <udp:syz0>: already 2 bearers with priority 10
[  134.336491][T10076] tipc: Bearer <udp:syz0>: trying with adjusted priority
[  134.338899][T10076] tipc: Invalid UDP bearer configuration
[  134.338924][T10076] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  134.478347][T10086] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  134.480649][T10088] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1785'.
[  134.688889][T10109] netlink: 'syz.2.1795': attribute type 5 has an invalid length.
[  134.751151][T10118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1796'.
[  134.785366][T10116] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  134.895245][T10131] bridge5: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  135.326620][T10167] netlink: 508 bytes leftover after parsing attributes in process `syz.0.1820'.
[  135.629264][T10195] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1834'.
[  136.027928][T10218] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1845'.
[  136.050953][T10218] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1845'.
[  136.190555][T10222] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1847'.
[  136.439312][T10245] netlink: 'syz.2.1859': attribute type 21 has an invalid length.
[  136.443317][T10245] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1859'.
[  136.448335][T10245] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1859'.
[  136.456009][T10246] netlink: 'syz.1.1858': attribute type 11 has an invalid length.
[  136.730075][T10264] xt_socket: unknown flags 0xd0
[  137.122605][   T33] audit: type=1800 audit(1756894436.130:3): pid=10301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1882" name="memory.events" dev="tmpfs" ino=3110 res=0 errno=0
[  137.138510][   T33] audit: type=1804 audit(1756894436.140:4): pid=10301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1882" name="/newroot/614/memory.events" dev="tmpfs" ino=3110 res=1 errno=0
[  137.795444][T10360] vlan0: entered promiscuous mode
[  137.934500][T10365] netlink: 'syz.0.1899': attribute type 6 has an invalid length.
[  138.509428][T10389] batadv1: entered promiscuous mode
[  138.512080][T10389] batadv1: entered allmulticast mode
[  138.570431][T10398] netlink: 'syz.2.1915': attribute type 12 has an invalid length.
[  138.707762][T10405] C: renamed from team_slave_0
[  138.710865][T10405] netlink: 'syz.2.1918': attribute type 4 has an invalid length.
[  138.715881][T10405] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  138.790664][T10413] netlink: 'syz.2.1922': attribute type 11 has an invalid length.
[  138.877822][T10419] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  138.881779][T10419] syzkaller0: entered promiscuous mode
[  138.884192][T10419] syzkaller0: entered allmulticast mode
[  138.889303][T10419] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  138.908759][T10419] tipc: Resetting bearer <eth:syzkaller0>
[  138.912814][T10418] tipc: Resetting bearer <eth:syzkaller0>
[  138.930269][T10418] tipc: Disabling bearer <eth:syzkaller0>
[  139.149595][T10443] netlink: 'syz.2.1937': attribute type 1 has an invalid length.
[  139.159286][T10443] __nla_validate_parse: 8 callbacks suppressed
[  139.159296][T10443] netlink: 244 bytes leftover after parsing attributes in process `syz.2.1937'.
[  139.280770][T10454] netlink: 'syz.2.1941': attribute type 1 has an invalid length.
[  139.334093][T10454] gretap1: entered allmulticast mode
[  139.342291][T10454] bond2: (slave gretap1): making interface the new active one
[  139.350191][T10454] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  139.383788][T10454] syz.2.1941 (10454) used greatest stack depth: 19368 bytes left
[  139.491441][    T9] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  139.796812][T10481] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1954'.
[  139.831379][   T12] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  139.848754][T10484] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1955'.
[  139.911060][    T9] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  140.274800][T10496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1957'.
[  140.404031][T10504] openvswitch: netlink: Missing key (keys=40, expected=80)
[  140.763037][T10544] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  140.768914][T10544] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode
[  140.779721][T10544] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode
[  140.798740][T10544] tipc: Resetting bearer <eth:syzkaller0>
[  140.863311][   T13] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  140.866773][   T13] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  140.870577][T10550] netlink: 212264 bytes leftover after parsing attributes in process `syz.2.1982'.
[  141.414314][T10596] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  141.417769][T10596] syzkaller0: entered promiscuous mode
[  141.419896][T10596] syzkaller0: entered allmulticast mode
[  141.437064][T10596] tipc: Resetting bearer <eth:syzkaller0>
[  141.446150][T10595] tipc: Resetting bearer <eth:syzkaller0>
[  141.456943][T10595] tipc: Disabling bearer <eth:syzkaller0>
[  141.581445][  T793] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  141.664316][T10602] macvtap2: entered allmulticast mode
[  141.666558][T10602] bridge0: entered allmulticast mode
[  141.669108][T10602] bridge0: port 1(macvtap2) entered blocking state
[  141.672036][T10602] bridge0: port 1(macvtap2) entered disabled state
[  141.677378][T10602] bridge0: left allmulticast mode
[  141.899165][T10619] syzkaller1: entered promiscuous mode
[  141.904325][T10619] syzkaller1: entered allmulticast mode
[  142.894504][T10638] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2023'.
[  143.114758][T10656] tipc: Enabling of bearer <et:g> rejected, media not registered
[  143.294358][T10679] netlink: 'syz.2.2041': attribute type 1 has an invalid length.
[  143.346197][T10683] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  143.564405][T10706] netlink: 432 bytes leftover after parsing attributes in process `syz.1.2054'.
[  143.603692][T10709] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2056'.
[  143.771272][T10724] netlink: 308 bytes leftover after parsing attributes in process `syz.1.2062'.
[  143.775036][T10724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2062'.
[  143.778575][T10724] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  144.001568][T10737] ==================================================================
[  144.004834][T10737] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  144.008136][T10737] Read of size 2 at addr ffff888026fb8a42 by task syz.2.2067/10737
[  144.012245][T10737] 
[  144.013289][T10737] CPU: 0 UID: 0 PID: 10737 Comm: syz.2.2067 Not tainted syzkaller #0 PREEMPT(full) 
[  144.013305][T10737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  144.013312][T10737] Call Trace:
[  144.013319][T10737]  <TASK>
[  144.013323][T10737]  dump_stack_lvl+0x189/0x250
[  144.013340][T10737]  ? __kasan_check_byte+0x12/0x40
[  144.013358][T10737]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.013371][T10737]  ? lock_release+0x4b/0x3e0
[  144.013388][T10737]  ? __virt_addr_valid+0x4a5/0x5c0
[  144.013403][T10737]  print_report+0xca/0x240
[  144.013414][T10737]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  144.013426][T10737]  kasan_report+0x118/0x150
[  144.013442][T10737]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  144.013456][T10737]  __xfrm_state_lookup+0x6ad/0x8d0
[  144.013471][T10737]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  144.013488][T10737]  xfrm_state_add+0x27d/0xc40
[  144.013506][T10737]  xfrm_add_sa+0x35a1/0x4070
[  144.013523][T10737]  ? __pfx_xfrm_add_sa+0x10/0x10
[  144.013536][T10737]  ? apparmor_capable+0x137/0x1b0
[  144.013552][T10737]  ? __nla_parse+0x40/0x60
[  144.013570][T10737]  xfrm_user_rcv_msg+0x7a3/0xab0
[  144.013587][T10737]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  144.013614][T10737]  ? __pfx___mutex_trylock_common+0x10/0x10
[  144.013629][T10737]  ? rcu_is_watching+0x15/0xb0
[  144.013641][T10737]  ? trace_contention_end+0x39/0x120
[  144.013652][T10737]  ? __mutex_lock+0x335/0x1350
[  144.013664][T10737]  netlink_rcv_skb+0x208/0x470
[  144.013676][T10737]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  144.013692][T10737]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  144.013708][T10737]  ? netlink_deliver_tap+0x2e/0x1b0
[  144.013719][T10737]  ? netlink_deliver_tap+0x2e/0x1b0
[  144.013730][T10737]  xfrm_netlink_rcv+0x79/0x90
[  144.013745][T10737]  netlink_unicast+0x82f/0x9e0
[  144.013764][T10737]  ? __pfx_netlink_unicast+0x10/0x10
[  144.013781][T10737]  ? netlink_sendmsg+0x642/0xb30
[  144.013792][T10737]  ? skb_put+0x11b/0x210
[  144.013805][T10737]  netlink_sendmsg+0x805/0xb30
[  144.013818][T10737]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.013831][T10737]  ? aa_sock_msg_perm+0xf1/0x1d0
[  144.013842][T10737]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  144.013854][T10737]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.013866][T10737]  __sock_sendmsg+0x21c/0x270
[  144.013891][T10737]  ____sys_sendmsg+0x505/0x830
[  144.013906][T10737]  ? __pfx_____sys_sendmsg+0x10/0x10
[  144.013923][T10737]  ? import_iovec+0x74/0xa0
[  144.013968][T10737]  ___sys_sendmsg+0x21f/0x2a0
[  144.013984][T10737]  ? __pfx____sys_sendmsg+0x10/0x10
[  144.014009][T10737]  ? __fget_files+0x2a/0x420
[  144.014020][T10737]  ? __fget_files+0x3a0/0x420
[  144.014034][T10737]  __x64_sys_sendmsg+0x19b/0x260
[  144.014049][T10737]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  144.014068][T10737]  ? rcu_is_watching+0x15/0xb0
[  144.014081][T10737]  ? do_syscall_64+0xbe/0x3b0
[  144.014095][T10737]  do_syscall_64+0xfa/0x3b0
[  144.014106][T10737]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.014117][T10737]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.014128][T10737]  ? exc_page_fault+0x9f/0xf0
[  144.014138][T10737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.014150][T10737] RIP: 0033:0x7f15d658ebe9
[  144.014162][T10737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.014173][T10737] RSP: 002b:00007f15d74c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  144.014187][T10737] RAX: ffffffffffffffda RBX: 00007f15d67c5fa0 RCX: 00007f15d658ebe9
[  144.014197][T10737] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  144.014205][T10737] RBP: 00007f15d6611e19 R08: 0000000000000000 R09: 0000000000000000
[  144.014212][T10737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  144.014219][T10737] R13: 00007f15d67c6038 R14: 00007f15d67c5fa0 R15: 00007ffdb2fa0098
[  144.014231][T10737]  </TASK>
[  144.014236][T10737] 
[  144.168463][T10737] Allocated by task 7049:
[  144.170326][T10737]  kasan_save_track+0x3e/0x80
[  144.172373][T10737]  __kasan_slab_alloc+0x6c/0x80
[  144.174464][T10737]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  144.176526][T10737]  xfrm_state_alloc+0x24/0x2f0
[  144.178297][T10737]  __find_acq_core+0x8a7/0x1c00
[  144.180089][T10737]  xfrm_find_acq+0x78/0xa0
[  144.181655][T10737]  xfrm_alloc_userspi+0x6b3/0xc90
[  144.183464][T10737]  xfrm_user_rcv_msg+0x7a3/0xab0
[  144.185210][T10737]  netlink_rcv_skb+0x208/0x470
[  144.186789][T10737]  xfrm_netlink_rcv+0x79/0x90
[  144.188366][T10737]  netlink_unicast+0x82f/0x9e0
[  144.189967][T10737]  netlink_sendmsg+0x805/0xb30
[  144.191565][T10737]  __sock_sendmsg+0x21c/0x270
[  144.193151][T10737]  ____sys_sendmsg+0x505/0x830
[  144.194734][T10737]  ___sys_sendmsg+0x21f/0x2a0
[  144.196459][T10737]  __x64_sys_sendmsg+0x19b/0x260
[  144.198490][T10737]  do_syscall_64+0xfa/0x3b0
[  144.200359][T10737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.202405][T10737] 
[  144.203220][T10737] Freed by task 9:
[  144.204500][T10737]  kasan_save_track+0x3e/0x80
[  144.206334][T10737]  kasan_save_free_info+0x46/0x50
[  144.208011][T10737]  __kasan_slab_free+0x5b/0x80
[  144.209599][T10737]  kmem_cache_free+0x18f/0x400
[  144.211390][T10737]  xfrm_state_gc_task+0x52d/0x6b0
[  144.213224][T10737]  process_scheduled_works+0xae1/0x17b0
[  144.215024][T10737]  worker_thread+0x8a0/0xda0
[  144.216497][T10737]  kthread+0x711/0x8a0
[  144.217839][T10737]  ret_from_fork+0x3fc/0x770
[  144.219397][T10737]  ret_from_fork_asm+0x1a/0x30
[  144.221035][T10737] 
[  144.221855][T10737] The buggy address belongs to the object at ffff888026fb8900
[  144.221855][T10737]  which belongs to the cache xfrm_state of size 928
[  144.226341][T10737] The buggy address is located 322 bytes inside of
[  144.226341][T10737]  freed 928-byte region [ffff888026fb8900, ffff888026fb8ca0)
[  144.230967][T10737] 
[  144.231845][T10737] The buggy address belongs to the physical page:
[  144.234394][T10737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026fb8000 pfn:0x26fb8
[  144.237881][T10737] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  144.240652][T10737] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  144.243062][T10737] page_type: f5(slab)
[  144.244392][T10737] raw: 00fff00000000040 ffff888104943140 dead000000000122 0000000000000000
[  144.247221][T10737] raw: ffff888026fb8000 00000000800e000d 00000000f5000000 0000000000000000
[  144.250618][T10737] head: 00fff00000000040 ffff888104943140 dead000000000122 0000000000000000
[  144.253979][T10737] head: ffff888026fb8000 00000000800e000d 00000000f5000000 0000000000000000
[  144.257000][T10737] head: 00fff00000000002 ffffea00009bee01 00000000ffffffff 00000000ffffffff
[  144.260108][T10737] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  144.263426][T10737] page dumped because: kasan: bad access detected
[  144.265927][T10737] page_owner tracks the page as allocated
[  144.268169][T10737] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6163, tgid 6160 (syz.1.114), ts 66044080270, free_ts 66035851209
[  144.274591][T10737]  post_alloc_hook+0x240/0x2a0
[  144.276278][T10737]  get_page_from_freelist+0x21e4/0x22c0
[  144.278198][T10737]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.280409][T10737]  alloc_pages_mpol+0x232/0x4a0
[  144.282103][T10737]  allocate_slab+0x8a/0x370
[  144.283660][T10737]  ___slab_alloc+0xbeb/0x1410
[  144.285307][T10737]  kmem_cache_alloc_noprof+0x283/0x3c0
[  144.287186][T10737]  xfrm_state_alloc+0x24/0x2f0
[  144.288898][T10737]  xfrm_add_sa+0x17d1/0x4070
[  144.290710][T10737]  xfrm_user_rcv_msg+0x7a3/0xab0
[  144.292420][T10737]  netlink_rcv_skb+0x208/0x470
[  144.294144][T10737]  xfrm_netlink_rcv+0x79/0x90
[  144.295762][T10737]  netlink_unicast+0x82f/0x9e0
[  144.297434][T10737]  netlink_sendmsg+0x805/0xb30
[  144.299242][T10737]  __sock_sendmsg+0x21c/0x270
[  144.300967][T10737]  ____sys_sendmsg+0x505/0x830
[  144.302601][T10737] page last free pid 6162 tgid 6158 stack trace:
[  144.304715][T10737]  __free_frozen_pages+0xbc4/0xd30
[  144.306534][T10737]  stack_depot_save_flags+0x436/0x860
[  144.308472][T10737]  kasan_save_track+0x4f/0x80
[  144.310174][T10737]  __kasan_kmalloc+0x93/0xb0
[  144.311722][T10737]  __kmalloc_node_noprof+0x276/0x4e0
[  144.313547][T10737]  alloc_slab_obj_exts+0x39/0xa0
[  144.315263][T10737]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[  144.317328][T10737]  kmem_cache_alloc_noprof+0x2bf/0x3c0
[  144.319526][T10737]  copy_utsname+0x11c/0x420
[  144.321307][T10737]  create_new_namespaces+0x180/0x720
[  144.323311][T10737]  unshare_nsproxy_namespaces+0x11c/0x170
[  144.325487][T10737]  ksys_unshare+0x4c8/0x8c0
[  144.327032][T10737]  __x64_sys_unshare+0x38/0x50
[  144.328633][T10737]  do_syscall_64+0xfa/0x3b0
[  144.330179][T10737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.332390][T10737] 
[  144.333280][T10737] Memory state around the buggy address:
[  144.335098][T10737]  ffff888026fb8900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  144.337785][T10737]  ffff888026fb8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  144.340718][T10737] >ffff888026fb8a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  144.343995][T10737]                                            ^
[  144.346121][T10737]  ffff888026fb8a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  144.349580][T10737]  ffff888026fb8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  144.353023][T10737] ==================================================================
[  144.356605][T10737] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  144.359680][T10737] CPU: 0 UID: 0 PID: 10737 Comm: syz.2.2067 Not tainted syzkaller #0 PREEMPT(full) 
[  144.363589][T10737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  144.367809][T10737] Call Trace:
[  144.369093][T10737]  <TASK>
[  144.370130][T10737]  dump_stack_lvl+0x99/0x250
[  144.371855][T10737]  ? __asan_memcpy+0x40/0x70
[  144.373542][T10737]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.375650][T10737]  ? __pfx__printk+0x10/0x10
[  144.377265][T10737]  vpanic+0x281/0x750
[  144.378605][T10737]  ? __pfx_vpanic+0x10/0x10
[  144.380285][T10737]  ? irqentry_exit+0x74/0x90
[  144.381847][T10737]  panic+0xb9/0xc0
[  144.383226][T10737]  ? __pfx_panic+0x10/0x10
[  144.384738][T10737]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  144.386755][T10737]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.388827][T10737]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  144.390755][T10737]  check_panic_on_warn+0x89/0xb0
[  144.392873][T10737]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  144.395174][T10737]  end_report+0x78/0x160
[  144.396925][T10737]  kasan_report+0x129/0x150
[  144.398978][T10737]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  144.401220][T10737]  __xfrm_state_lookup+0x6ad/0x8d0
[  144.403248][T10737]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  144.405158][T10737]  xfrm_state_add+0x27d/0xc40
[  144.406745][T10737]  xfrm_add_sa+0x35a1/0x4070
[  144.408283][T10737]  ? __pfx_xfrm_add_sa+0x10/0x10
[  144.410264][T10737]  ? apparmor_capable+0x137/0x1b0
[  144.412376][T10737]  ? __nla_parse+0x40/0x60
[  144.414235][T10737]  xfrm_user_rcv_msg+0x7a3/0xab0
[  144.416024][T10737]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  144.417964][T10737]  ? __pfx___mutex_trylock_common+0x10/0x10
[  144.420082][T10737]  ? rcu_is_watching+0x15/0xb0
[  144.421766][T10737]  ? trace_contention_end+0x39/0x120
[  144.423596][T10737]  ? __mutex_lock+0x335/0x1350
[  144.425312][T10737]  netlink_rcv_skb+0x208/0x470
[  144.426989][T10737]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  144.428991][T10737]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  144.430912][T10737]  ? netlink_deliver_tap+0x2e/0x1b0
[  144.432630][T10737]  ? netlink_deliver_tap+0x2e/0x1b0
[  144.434588][T10737]  xfrm_netlink_rcv+0x79/0x90
[  144.436478][T10737]  netlink_unicast+0x82f/0x9e0
[  144.438363][T10737]  ? __pfx_netlink_unicast+0x10/0x10
[  144.440337][T10737]  ? netlink_sendmsg+0x642/0xb30
[  144.442266][T10737]  ? skb_put+0x11b/0x210
[  144.443832][T10737]  netlink_sendmsg+0x805/0xb30
[  144.445633][T10737]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.447753][T10737]  ? aa_sock_msg_perm+0xf1/0x1d0
[  144.449794][T10737]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  144.451833][T10737]  ? __pfx_netlink_sendmsg+0x10/0x10
[  144.453622][T10737]  __sock_sendmsg+0x21c/0x270
[  144.455229][T10737]  ____sys_sendmsg+0x505/0x830
[  144.457049][T10737]  ? __pfx_____sys_sendmsg+0x10/0x10
[  144.458838][T10737]  ? import_iovec+0x74/0xa0
[  144.460405][T10737]  ___sys_sendmsg+0x21f/0x2a0
[  144.462012][T10737]  ? __pfx____sys_sendmsg+0x10/0x10
[  144.463816][T10737]  ? __fget_files+0x2a/0x420
[  144.465460][T10737]  ? __fget_files+0x3a0/0x420
[  144.467437][T10737]  __x64_sys_sendmsg+0x19b/0x260
[  144.469459][T10737]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  144.471579][T10737]  ? rcu_is_watching+0x15/0xb0
[  144.473509][T10737]  ? do_syscall_64+0xbe/0x3b0
[  144.475535][T10737]  do_syscall_64+0xfa/0x3b0
[  144.477494][T10737]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.479560][T10737]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.481771][T10737]  ? exc_page_fault+0x9f/0xf0
[  144.483786][T10737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.486266][T10737] RIP: 0033:0x7f15d658ebe9
[  144.487817][T10737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.495395][T10737] RSP: 002b:00007f15d74c4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  144.498655][T10737] RAX: ffffffffffffffda RBX: 00007f15d67c5fa0 RCX: 00007f15d658ebe9
[  144.501709][T10737] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  144.505044][T10737] RBP: 00007f15d6611e19 R08: 0000000000000000 R09: 0000000000000000
[  144.508353][T10737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  144.511658][T10737] R13: 00007f15d67c6038 R14: 00007f15d67c5fa0 R15: 00007ffdb2fa0098
[  144.514786][T10737]  </TASK>
[  144.516634][T10737] Kernel Offset: disabled
[  144.518131][T10737] Rebooting in 86400 seconds..

VM DIAGNOSIS:
10:14:03  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bec60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=0000000000001875 RDI=0000000000001876 RBP=ffffffff99df66b0 RSP=ffffc900033ce970
R8 =ffff888107690237 R9 =1ffff11020ed2046 R10=dffffc0000000000 R11=ffffffff854f3cb0
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99df6420 R15=0000000000000000
RIP=ffffffff854f3d27 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f15d74c46c0 ffffffff 00c00000
GS =0000 ffff8880b8614000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f15d74c3fc8 CR3=000000012b3d6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f15d6797498 00007f15d6797470 XMM03=00007f15d67974a8 00007f15d67974a0
XMM04=00007f15d72fd100 00007f15d6797460 XMM05=00007f15d6797478 00007f15d67974c0
XMM06=00007f15d67974b8 00007f15d67974b0 XMM07=00007f15d67974a8 00007f15d67974a0
XMM08=0000000000000000 00007f15d6612ee7 XMM09=0000000000000000 00007f15d6612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=3e12383ca12a4c00 RBX=ffffffff819683c8 RCX=3e12383ca12a4c00 RDX=0000000000000001
RSI=ffffffff8d9b95c1 RDI=ffffffff8be33800 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa39330 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200d5000
RIP=ffffffff8b7a33f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c14000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000000 CR3=000000012b3d6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=d366042100000060 000000a000000000
XMM04=7acbc738c5000000 00a2b90d14aa4785 XMM05=020004001c7acbc7 38c500000000a2b9
XMM06=0d14aa4785d36604 2100000060000000 XMM07=a000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007f15d6612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
