last executing test programs:

1.062223009s ago: executing program 0 (id=1219):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, 0x0, &(0x7f00000003c0)}, 0x20)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[], 0x50)

1.012235691s ago: executing program 0 (id=1222):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r0, 0x0, r1, 0x0, 0x7, 0x5)
close(0x4)

902.389645ms ago: executing program 0 (id=1223):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000140)="00b8c5e976ffbdf24702", 0xa, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000080)={<r1=>0x0, 0x2}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={r1, @in6={{0xa, 0x4e23, 0x0, @loopback, 0x10000}}, 0x5, 0x1, 0xfffffffa, 0x5, 0x2, 0x1396, 0x4}, &(0x7f00000003c0)=0x9c)

210.088599ms ago: executing program 2 (id=1235):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r0, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r0, &(0x7f0000000cc0)={0x0, 0x0, 0x0}, 0x0)
close(r0)
sendmsg$inet(r1, &(0x7f0000000b40)={0x0, 0x0, 0x0}, 0x0)

151.430647ms ago: executing program 1 (id=1236):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg(r0, &(0x7f0000000380)=[{{&(0x7f0000000580)=@nl=@proc, 0x80, &(0x7f0000001900)=[{&(0x7f0000000600)='B', 0x1}], 0x1}}, {{&(0x7f0000000200)=@nl=@proc, 0x80, &(0x7f0000000340)=[{&(0x7f0000000280)='6', 0x1}], 0x1, &(0x7f0000000400)=ANY=[], 0x1}}], 0x2, 0x0)

151.340744ms ago: executing program 1 (id=1237):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x2, {0x43, 0x3, 0x3}}, 0x10)
bind$tipc(r0, &(0x7f0000000140)=@name={0x1e, 0x2, 0xfffffffffffffffe, {{0x42, 0x2}}}, 0x10)

151.26068ms ago: executing program 2 (id=1238):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000c00)={@dev={0xfe, 0x80, '\x00', 0x21}, @remote, @mcast2, 0x8, 0x4, 0x5, 0x100, 0x5, 0x80000a})

151.139585ms ago: executing program 2 (id=1239):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000007800)=0xffffffff00000041, 0x8)
bind$vsock_stream(r0, &(0x7f0000000940), 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r1, 0x28, 0x6, &(0x7f0000000180), 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})

151.083341ms ago: executing program 1 (id=1240):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x24}}, 0x0)

59.817549ms ago: executing program 1 (id=1241):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="b700000000000000070000000000000095000000000000007bc23c22c47a74cfb5af100fc4e94d123d9f22a7561b8850821bc1f8b5b0a3e3b79b0d96ab7cc60e0e144f0f04bfffe66a22d132a161eea53a46a5316f6800"/100], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4)

59.614244ms ago: executing program 0 (id=1242):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newqdisc={0x2c, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xb}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x7d}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004845}, 0x0)

59.423806ms ago: executing program 1 (id=1243):
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='G', 0x1}], 0x1}, 0x480c0)

59.250613ms ago: executing program 2 (id=1244):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_CMP_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\b\b'}]}, @NFTA_CMP_OP={0x8}]}}}]}]}], {0x14}}, 0x84}}, 0x0)

753.719µs ago: executing program 0 (id=1245):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000200)="1700000072006bcd9e3fe3dc6e08000007230000040200", 0x17}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

285.055µs ago: executing program 2 (id=1246):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f00000012c0)=ANY=[@ANYBLOB="020000000000000002000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004"], 0x290)

195.046µs ago: executing program 0 (id=1247):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fccbdf250900000005000700030000000800010001000000050008"], 0x2c}, 0x1, 0x0, 0x0, 0x24084001}, 0x0)

67.264µs ago: executing program 1 (id=1248):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c00000010004b0429bd7000faffffff7a000000", @ANYRES32=0x0, @ANYBLOB="08b0010006820000400012800b0001006272696467650000300002800c002200000000040000000005002400010000000600080088a80000080005000100000005002b00050000000a000100aa"], 0x6c}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000)

0s ago: executing program 2 (id=1249):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:49506' (ED25519) to the list of known hosts.
syzkaller login: [   40.740731][ T5746] cgroup: Unknown subsys name 'net'
[   40.848229][ T5746] cgroup: Unknown subsys name 'cpuset'
[   40.852947][ T5746] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.164913][ T5746] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   45.535710][ T5819] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   45.539011][ T5819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   45.541805][ T5819] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   45.545351][ T5819] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   45.547580][ T5821] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   45.548095][ T5821] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   45.553241][ T5819] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   45.553637][ T5821] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   45.559303][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   45.563498][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   45.568672][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   45.576157][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   45.579051][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   45.584403][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   45.587535][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   45.767412][ T5814] chnl_net:caif_netlink_parms(): no params data found
[   45.885009][ T5823] chnl_net:caif_netlink_parms(): no params data found
[   45.912711][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.915981][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.918518][ T5814] bridge_slave_0: entered allmulticast mode
[   45.921287][ T5814] bridge_slave_0: entered promiscuous mode
[   45.925050][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.928591][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.930993][ T5814] bridge_slave_1: entered allmulticast mode
[   45.933727][ T5814] bridge_slave_1: entered promiscuous mode
[   45.969114][ T5815] chnl_net:caif_netlink_parms(): no params data found
[   45.975660][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   45.984504][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.032708][ T5814] team0: Port device team_slave_0 added
[   46.047152][ T5814] team0: Port device team_slave_1 added
[   46.049390][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.051858][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.054255][ T5823] bridge_slave_0: entered allmulticast mode
[   46.057675][ T5823] bridge_slave_0: entered promiscuous mode
[   46.087110][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.089710][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.092218][ T5823] bridge_slave_1: entered allmulticast mode
[   46.095014][ T5823] bridge_slave_1: entered promiscuous mode
[   46.106644][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.109033][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.117891][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.130350][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.132823][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.135215][ T5815] bridge_slave_0: entered allmulticast mode
[   46.138481][ T5815] bridge_slave_0: entered promiscuous mode
[   46.150658][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.154118][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.158117][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.170512][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.183498][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.186792][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.189234][ T5815] bridge_slave_1: entered allmulticast mode
[   46.192011][ T5815] bridge_slave_1: entered promiscuous mode
[   46.203017][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.223390][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.258061][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.262241][ T5823] team0: Port device team_slave_0 added
[   46.287859][ T5823] team0: Port device team_slave_1 added
[   46.292928][ T5814] hsr_slave_0: entered promiscuous mode
[   46.296422][ T5814] hsr_slave_1: entered promiscuous mode
[   46.314213][ T5815] team0: Port device team_slave_0 added
[   46.318546][ T5815] team0: Port device team_slave_1 added
[   46.321351][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.323625][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.332610][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.338079][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.340319][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.348686][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.381133][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.383468][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.391987][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.397085][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.399350][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.408101][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.468012][ T5815] hsr_slave_0: entered promiscuous mode
[   46.470262][ T5815] hsr_slave_1: entered promiscuous mode
[   46.472330][ T5815] debugfs: 'hsr0' already exists in 'hsr'
[   46.474226][ T5815] Cannot create hsr debugfs directory
[   46.478913][ T5823] hsr_slave_0: entered promiscuous mode
[   46.481816][ T5823] hsr_slave_1: entered promiscuous mode
[   46.484605][ T5823] debugfs: 'hsr0' already exists in 'hsr'
[   46.487744][ T5823] Cannot create hsr debugfs directory
[   46.661149][ T5814] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   46.667547][ T5814] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   46.672409][ T5814] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   46.684147][ T5814] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   46.713508][ T5815] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   46.719249][ T5815] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   46.723667][ T5815] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   46.728828][ T5815] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   46.773450][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.776185][ T5815] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.779134][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.781526][ T5815] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.787278][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.789693][ T5814] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.792662][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.795070][ T5814] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.800192][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   46.805036][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   46.811337][ T4598] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.814512][ T4598] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.821901][ T4598] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.824736][ T4598] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.832204][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   46.838110][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   46.900559][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.920715][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.931160][ T5815] 8021q: adding VLAN 0 to HW filter on device team0
[   46.939777][ T4598] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.942093][ T4598] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.957880][ T4598] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.960207][ T4598] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.966127][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[   46.973029][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.975471][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.989870][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.992216][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.021152][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.067412][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   47.072712][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.074968][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.093128][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.095538][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.153673][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.190860][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.240456][ T5814] veth0_vlan: entered promiscuous mode
[   47.249341][ T5815] veth0_vlan: entered promiscuous mode
[   47.251664][ T5814] veth1_vlan: entered promiscuous mode
[   47.265291][ T5815] veth1_vlan: entered promiscuous mode
[   47.277553][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.291493][ T5814] veth0_macvtap: entered promiscuous mode
[   47.303584][ T5814] veth1_macvtap: entered promiscuous mode
[   47.309761][ T5815] veth0_macvtap: entered promiscuous mode
[   47.322953][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.327759][ T5815] veth1_macvtap: entered promiscuous mode
[   47.336467][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.356650][ T5823] veth0_vlan: entered promiscuous mode
[   47.360871][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.363615][ T5690] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.368113][ T5690] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.371031][ T5690] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.373897][ T5690] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.383967][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.390754][ T5823] veth1_vlan: entered promiscuous mode
[   47.397615][ T5690] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.407186][ T5690] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.410022][ T5690] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.422715][ T5690] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.460663][ T5823] veth0_macvtap: entered promiscuous mode
[   47.470940][ T5823] veth1_macvtap: entered promiscuous mode
[   47.498552][ T4598] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.501309][ T4598] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.521771][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.528697][ T1018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.531305][ T1018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.538305][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.563248][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.566638][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.569160][ T5690] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.572065][ T5690] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.575154][ T5690] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.594911][ T5690] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.608930][   T54] Bluetooth: hci2: command tx timeout
[   47.609383][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.610904][   T54] Bluetooth: hci1: command tx timeout
[   47.615232][   T54] Bluetooth: hci0: command tx timeout
[   47.617618][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.651849][ T5814] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   47.657705][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.660219][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.714657][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.722388][ T5888] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   47.722609][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   48.048800][ T5905] netlink: 'syz.1.9': attribute type 3 has an invalid length.
[   48.058796][ T5905] netlink: 'syz.1.9': attribute type 3 has an invalid length.
[   48.228069][ T5907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   49.012847][ T5925] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[   49.015224][ T5925] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[   49.043378][ T5927] netlink: 12 bytes leftover after parsing attributes in process `syz.1.19'.
[   49.145109][ T5933] netlink: 4 bytes leftover after parsing attributes in process `syz.1.22'.
[   49.149488][ T5933] Zero length message leads to an empty skb
[   49.258667][ T5937] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   49.348138][   T33] audit: type=1107 audit(1754016036.356:2): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   49.632795][ T5950] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.30'.
[   49.702531][ T5209] Bluetooth: hci1: command tx timeout
[   49.704432][ T5209] Bluetooth: hci2: command tx timeout
[   49.707132][ T5209] Bluetooth: hci0: command tx timeout
[   50.001062][ T5966] netlink: 12 bytes leftover after parsing attributes in process `syz.1.38'.
[   50.187946][ T5903] Set syz1 is full, maxelem 65536 reached
[   50.246787][ T5983] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.250027][ T5983] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.307335][ T5983] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   50.313454][ T5983] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   50.379411][ T5690] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.383914][ T5690] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.393229][ T5690] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.399712][ T5690] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.463018][ T6000] pim6reg1: entered promiscuous mode
[   50.471544][ T6000] pim6reg1: entered allmulticast mode
[   50.670793][ T6014] netlink: 'syz.1.59': attribute type 4 has an invalid length.
[   50.823758][ T6026] netlink: 104 bytes leftover after parsing attributes in process `syz.1.65'.
[   51.582839][ T6081] netlink: 4 bytes leftover after parsing attributes in process `syz.2.87'.
[   51.775957][   T54] Bluetooth: hci0: command tx timeout
[   51.776134][ T5209] Bluetooth: hci2: command tx timeout
[   51.777935][ T5821] Bluetooth: hci1: command tx timeout
[   52.223320][ T6066] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[   52.514636][ T6095] geneve2: entered promiscuous mode
[   52.637107][ T6103] syz.1.98 uses obsolete (PF_INET,SOCK_PACKET)
[   52.694861][ T6109] netlink: 'syz.2.101': attribute type 1 has an invalid length.
[   52.740810][ T6113] netlink: 'syz.0.104': attribute type 10 has an invalid length.
[   52.743673][ T6113] syz_tun: entered promiscuous mode
[   52.748577][ T6113] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[   52.892550][ T6128] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   52.934026][ T6132] netlink: 'syz.2.112': attribute type 4 has an invalid length.
[   53.198110][ T6146] netlink: 'syz.1.117': attribute type 13 has an invalid length.
[   53.201511][ T6146] netlink: 'syz.1.117': attribute type 17 has an invalid length.
[   53.261025][ T6146] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   53.371328][ T6169] syzkaller0: entered promiscuous mode
[   53.373309][ T6169] syzkaller0: entered allmulticast mode
[   53.473950][ T6157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   53.534522][ T6157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   53.592945][ T6157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   53.847509][   T54] Bluetooth: hci2: command tx timeout
[   53.850066][ T5821] Bluetooth: hci0: command 0x0419 tx timeout
[   53.850201][ T5209] Bluetooth: hci1: command tx timeout
[   55.020665][ T6248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.157'.
[   55.367171][ T6288] netlink: 'syz.1.177': attribute type 13 has an invalid length.
[   55.369739][ T6288] netlink: 16 bytes leftover after parsing attributes in process `syz.1.177'.
[   55.372942][ T6290] Illegal XDP return value 32768 on prog  (id 30) dev N/A, expect packet loss!
[   55.929196][   T54] Bluetooth: hci0: command 0x0419 tx timeout
[   56.308994][ T6353] netlink: 'syz.1.195': attribute type 4 has an invalid length.
[   56.314820][ T6353] netlink: 25 bytes leftover after parsing attributes in process `syz.1.195'.
[   56.431004][ T6367] warning: `syz.2.205' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   56.866414][ T6397] Set syz1 is full, maxelem 65536 reached
[   57.997469][ T6456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.245'.
[   58.420193][ T6509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.270'.
[   58.974914][ T6563] tipc: Started in network mode
[   58.977334][ T6563] tipc: Node identity ac14140f, cluster identity 4711
[   58.979860][ T6563] tipc: New replicast peer: 255.255.255.255
[   58.982119][ T6563] tipc: Enabled bearer <udp:syz2>, priority 10
[   60.096556][   T24] tipc: Node number set to 2886997007
[   60.477936][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.331'.
[   60.522584][ T6641] netlink: 24 bytes leftover after parsing attributes in process `syz.2.333'.
[   61.033079][ T6680] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   61.098391][ T6690] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[   61.104544][ T6690] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[   61.334608][ T6723] bridge_slave_1: left allmulticast mode
[   61.338276][ T6723] bridge_slave_1: left promiscuous mode
[   61.340947][ T6723] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.348105][ T6723] bridge_slave_0: left allmulticast mode
[   61.349922][ T6723] bridge_slave_0: left promiscuous mode
[   61.351861][ T6723] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.576872][ T6747] netlink: 20 bytes leftover after parsing attributes in process `syz.0.375'.
[   61.787341][ T6767] netlink: 16 bytes leftover after parsing attributes in process `syz.0.384'.
[   61.869083][ T6773] netlink: 4 bytes leftover after parsing attributes in process `syz.0.387'.
[   62.718101][ T6828] netlink: 'syz.2.410': attribute type 21 has an invalid length.
[   62.720797][ T6828] netlink: 128 bytes leftover after parsing attributes in process `syz.2.410'.
[   62.723860][ T6828] netlink: 'syz.2.410': attribute type 5 has an invalid length.
[   62.727132][ T6828] netlink: 3 bytes leftover after parsing attributes in process `syz.2.410'.
[   63.360649][ T6872] tipc: Started in network mode
[   63.362718][ T6872] tipc: Node identity 16143d35547f, cluster identity 4711
[   63.366900][ T6872] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   63.369585][ T6872] syzkaller0: entered promiscuous mode
[   63.371371][ T6872] syzkaller0: entered allmulticast mode
[   63.382186][ T6872] tipc: Resetting bearer <eth:syzkaller0>
[   63.387823][ T6870] tipc: Resetting bearer <eth:syzkaller0>
[   63.393537][ T6870] tipc: Disabling bearer <eth:syzkaller0>
[   63.589961][    T9] IPVS: starting estimator thread 0...
[   63.695455][ T6884] IPVS: using max 79 ests per chain, 189600 per kthread
[   63.761798][ T6898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.435'.
[   63.779301][ T6900] syzkaller0: entered promiscuous mode
[   63.783898][ T6900] syzkaller0: entered allmulticast mode
[   63.787886][ T5857] syzkaller0: tun_net_xmit 70
[   63.790634][ T6900] syzkaller0: tun_chr_ioctl cmd 1074025677
[   63.792580][ T6900] syzkaller0: Linktype set failed because interface is up
[   63.881558][ T6910] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.911036][ T6913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.443'.
[   64.012414][ T6921] netlink: 'syz.2.446': attribute type 25 has an invalid length.
[   64.017319][ T6921] netlink: 'syz.2.446': attribute type 1 has an invalid length.
[   64.020761][ T6921] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.107644][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.449'.
[   64.114361][ T6927] dummy0: entered promiscuous mode
[   64.119283][ T6927] dummy0: left promiscuous mode
[   65.032364][ T4623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.036051][ T4623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.150801][ T6952] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   65.153479][ T6952] syzkaller0: entered promiscuous mode
[   65.155662][ T6952] syzkaller0: entered allmulticast mode
[   65.163986][ T6952] tipc: Resetting bearer <eth:syzkaller0>
[   65.167438][ T6951] tipc: Resetting bearer <eth:syzkaller0>
[   65.172781][ T6951] tipc: Disabling bearer <eth:syzkaller0>
[   65.851506][ T6998] netlink: 8 bytes leftover after parsing attributes in process `syz.2.479'.
[   65.854514][ T6998] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[   65.857179][ T6998] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   65.946469][ T7009] netlink: 'syz.0.483': attribute type 39 has an invalid length.
[   65.959836][ T7009] bond0: (slave syz_tun): Releasing backup interface
[   65.987665][ T7011] tipc: Started in network mode
[   65.989402][ T7011] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[   65.992366][ T7011] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   67.448141][ T7167] tipc: Enabled bearer <udp:syz0>, priority 10
[   67.630658][ T7188] netlink: 20 bytes leftover after parsing attributes in process `syz.1.538'.
[   67.633627][ T7188] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   67.636091][ T7188] IPv6: NLM_F_CREATE should be set when creating new route
[   67.638450][ T7188] IPv6: NLM_F_CREATE should be set when creating new route
[   68.050289][ T7196] netlink: 232 bytes leftover after parsing attributes in process `syz.0.541'.
[   68.053078][ T7196] netlink: 232 bytes leftover after parsing attributes in process `syz.0.541'.
[   68.056801][ T7196] netlink: 44 bytes leftover after parsing attributes in process `syz.0.541'.
[   68.225319][ T7202] netlink: 16 bytes leftover after parsing attributes in process `syz.1.544'.
[   68.235441][ T7202] bridge_slave_0: left allmulticast mode
[   68.237357][ T7202] bridge_slave_0: left promiscuous mode
[   68.239464][ T7202] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.401363][ T7202] bridge_slave_1: left allmulticast mode
[   68.403617][ T7202] bridge_slave_1: left promiscuous mode
[   68.407638][ T7202] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.413167][ T7202] bond0: (slave bond_slave_0): Releasing backup interface
[   68.462170][ T7202] bond0: (slave bond_slave_1): Releasing backup interface
[   68.535510][ T7202] team0: Port device team_slave_0 removed
[   68.565451][ T2202] tipc: Node number set to 4278255617
[   69.065130][ T7202] team0: Port device team_slave_1 removed
[   69.070303][ T7202] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.073580][ T7202] batman_adv: batadv0: Removing interface: batadv_slave_0
[   69.372024][ T7202] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   69.374561][ T7202] batman_adv: batadv0: Removing interface: batadv_slave_1
[   69.398449][ T7202] syz.1.544 (7202) used greatest stack depth: 19832 bytes left
[   69.402215][ T7204] team0: Mode changed to "broadcast"
[   69.405882][ T7205] vlan0: entered promiscuous mode
[   69.411459][ T7205] team0: Port device vlan0 added
[   69.413527][ T7205] syz.1.544 (7205) used greatest stack depth: 19768 bytes left
[   69.429017][ T7206] tipc: Enabled bearer <eth:team0>, priority 0
[   70.448803][ T7273] netlink: 8 bytes leftover after parsing attributes in process `syz.2.571'.
[   70.451826][ T7273] netlink: 'syz.2.571': attribute type 5 has an invalid length.
[   70.454341][ T7273] netlink: 20 bytes leftover after parsing attributes in process `syz.2.571'.
[   70.461071][ T7273] geneve2: entered promiscuous mode
[   70.462946][ T7273] geneve2: entered allmulticast mode
[   70.468650][ T5690] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[   70.472531][ T5690] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[   70.477428][ T5690] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[   70.480406][ T5690] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[   70.513852][ T7277] netlink: 108 bytes leftover after parsing attributes in process `syz.2.573'.
[   70.818588][ T1359] ieee802154 phy0 wpan0: encryption failed: -22
[   70.820804][ T1359] ieee802154 phy1 wpan1: encryption failed: -22
[   71.171273][    C0] vcan0: j1939_tp_rxtimer: 0xffff888112698c00: rx timeout, send abort
[   71.632348][ T7310] netlink: 200 bytes leftover after parsing attributes in process `syz.2.589'.
[   71.641645][ T7310] netlink: 4 bytes leftover after parsing attributes in process `syz.2.589'.
[   71.671326][    C0] vcan0: j1939_tp_rxtimer: 0xffff888112698400: rx timeout, send abort
[   71.674668][    C0] vcan0: j1939_tp_rxtimer: 0xffff888112698c00: abort rx timeout. Force session deactivation
[   71.801498][ T7331] netlink: 'syz.1.597': attribute type 30 has an invalid length.
[   72.090458][ T7345] syzkaller1: entered promiscuous mode
[   72.093125][ T7345] syzkaller1: entered allmulticast mode
[   72.174158][    C0] vcan0: j1939_tp_rxtimer: 0xffff888112698400: abort rx timeout. Force session deactivation
[   72.642450][ T5690] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   72.648922][ T5690] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   72.659508][ T5690] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   72.668708][ T5690] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.149707][ T7391] netlink: 'syz.2.620': attribute type 13 has an invalid length.
[   73.152314][ T7391] netlink: 'syz.2.620': attribute type 17 has an invalid length.
[   73.198995][ T7391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   73.242506][ T7390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   73.299964][ T7391] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   73.354240][ T7390] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   73.374983][ T7409] netlink: 12 bytes leftover after parsing attributes in process `syz.0.628'.
[   73.633526][ T7432] netlink: 12 bytes leftover after parsing attributes in process `syz.0.638'.
[   74.026198][ T7480] netlink: 24 bytes leftover after parsing attributes in process `syz.1.659'.
[   74.161929][ T7502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.669'.
[   74.219248][ T7509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.674'.
[   74.545138][ T7541] netlink: 8 bytes leftover after parsing attributes in process `syz.2.689'.
[   74.728949][ T7560] netlink: 40 bytes leftover after parsing attributes in process `syz.0.697'.
[   74.732436][ T7560] netlink: 40 bytes leftover after parsing attributes in process `syz.0.697'.
[   74.899148][ T7576] bond0: (slave bond_slave_0): Releasing backup interface
[   74.902559][ T7576] bond0: (slave bond_slave_1): Releasing backup interface
[   74.907013][ T7576] team0: Failed to send options change via netlink (err -105)
[   74.909609][ T7576] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[   74.912858][ T7576] team0: Port device team_slave_0 removed
[   74.915960][ T7576] team0: Failed to send options change via netlink (err -105)
[   74.918505][ T7576] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[   74.921689][ T7576] team0: Port device team_slave_1 removed
[   74.923814][ T7576] batman_adv: batadv0: Removing interface: batadv_slave_0
[   74.927836][ T7576] batman_adv: batadv0: Removing interface: batadv_slave_1
[   76.684819][ T7637] __nla_validate_parse: 2 callbacks suppressed
[   76.684833][ T7637] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.733'.
[   76.804720][ T7647] bridge0: port 1(veth0_to_bridge) entered blocking state
[   76.807354][ T7647] bridge0: port 1(veth0_to_bridge) entered disabled state
[   76.810884][ T7647] veth0_to_bridge: entered allmulticast mode
[   76.825891][ T7647] veth0_to_bridge: entered promiscuous mode
[   77.104567][ T7671] netlink: 4 bytes leftover after parsing attributes in process `syz.2.748'.
[   77.108495][ T7671] netlink: 4 bytes leftover after parsing attributes in process `syz.2.748'.
[   77.237727][ T7686] netlink: 'syz.1.754': attribute type 10 has an invalid length.
[   77.244622][ T7686] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   77.401796][ T7703] netlink: 'syz.0.762': attribute type 1 has an invalid length.
[   77.430792][ T7703] 8021q: adding VLAN 0 to HW filter on device bond1
[   77.441681][ T7703] bond1: entered promiscuous mode
[   78.032901][ T7751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.784'.
[   78.088938][ T7755] netlink: 'syz.2.786': attribute type 4 has an invalid length.
[   78.115370][ T7757] smc: adding net device syzkaller1 with user defined pnetid SYZ2
[   78.130199][ T7756] smc: removing net device syzkaller1 with user defined pnetid SYZ2
[   78.180478][ T7759] netlink: 'syz.2.788': attribute type 1 has an invalid length.
[   78.183766][ T7759] netlink: 2 bytes leftover after parsing attributes in process `syz.2.788'.
[   78.428326][ T7785] netlink: 208 bytes leftover after parsing attributes in process `syz.2.801'.
[   78.514149][ T7799] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   78.520054][ T7799] syzkaller0: entered promiscuous mode
[   78.522417][ T7799] syzkaller0: entered allmulticast mode
[   78.539842][ T7799] tipc: Resetting bearer <eth:syzkaller0>
[   78.543058][ T7798] tipc: Resetting bearer <eth:syzkaller0>
[   78.552647][ T7798] tipc: Disabling bearer <eth:syzkaller0>
[   78.722038][ T7828] block nbd1: not configured, cannot reconfigure
[   78.738406][ T5553] IPVS: starting estimator thread 0...
[   78.758708][ T7836] RDS: rds_bind could not find a transport for 100:806:aaaa:aaaa:aaaa::, load rds_tcp or rds_rdma?
[   78.825363][ T7832] IPVS: using max 78 ests per chain, 187200 per kthread
[   78.849486][ T7849] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.115211][ T7874] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.839'.
[   79.791217][ T7905] netlink: 'syz.1.854': attribute type 10 has an invalid length.
[   79.799954][ T7905] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.854'.
[   80.632167][ T7992] netlink: 104 bytes leftover after parsing attributes in process `syz.1.893'.
[   80.852485][ T8010] pim6reg1: entered promiscuous mode
[   80.854439][ T8010] pim6reg1: entered allmulticast mode
[   80.948806][ T8016] netlink: 92 bytes leftover after parsing attributes in process `syz.0.905'.
[   81.001874][ T8020] smc: adding net device syzkaller1 with user defined pnetid SYZ2
[   81.011054][ T8019] smc: removing net device syzkaller1 with user defined pnetid SYZ2
[   81.049685][   T10] cfg80211: failed to load regulatory.db
[   81.134738][ T8031] veth0: entered promiscuous mode
[   81.139479][ T8031] veth0: left promiscuous mode
[   81.259895][   T51] IPVS: starting estimator thread 0...
[   81.346394][ T8042] IPVS: using max 78 ests per chain, 187200 per kthread
[   81.537700][ T8066] netlink: 'syz.2.928': attribute type 1 has an invalid length.
[   81.897585][ T8085] netlink: 'syz.0.936': attribute type 1 has an invalid length.
[   81.909883][ T8085] bond2: entered promiscuous mode
[   81.911876][ T8085] 8021q: adding VLAN 0 to HW filter on device bond2
[   81.922677][ T8085] bond2: (slave bridge1): making interface the new active one
[   81.926734][ T8085] bridge1: entered promiscuous mode
[   81.929089][ T8085] bond2: (slave bridge1): Enslaving as an active interface with an up link
[   82.110601][ T8101] netlink: 'syz.0.943': attribute type 13 has an invalid length.
[   82.810872][ T8141] __nla_validate_parse: 3 callbacks suppressed
[   82.810882][ T8141] netlink: 16 bytes leftover after parsing attributes in process `syz.1.959'.
[   82.909279][ T8153] netlink: 'syz.2.965': attribute type 1 has an invalid length.
[   82.921419][ T8153] 8021q: adding VLAN 0 to HW filter on device bond1
[   82.930508][ T8153] vlan2: entered allmulticast mode
[   82.932168][ T8153] veth1: entered allmulticast mode
[   82.936182][ T8153] bond1: (slave vlan2): making interface the new active one
[   82.939348][ T8153] bond1: (slave vlan2): Enslaving as an active interface with an up link
[   83.012925][ T8160] TCP: tcp_parse_options: Illegal window scaling value 128 > 14 received
[   83.141516][ T8168] netlink: 'syz.0.972': attribute type 11 has an invalid length.
[   83.144214][ T8168] netlink: 36 bytes leftover after parsing attributes in process `syz.0.972'.
[   83.326381][ T8186] netlink: 'syz.0.981': attribute type 2 has an invalid length.
[   83.333478][ T8186] netlink: 'syz.0.981': attribute type 1 has an invalid length.
[   83.347043][ T8186] netlink: 152 bytes leftover after parsing attributes in process `syz.0.981'.
[   83.476308][ T8192] netlink: 124 bytes leftover after parsing attributes in process `syz.2.984'.
[   83.867782][ T8225] netlink: zone id is out of range
[   83.869458][ T8225] netlink: zone id is out of range
[   83.889670][ T8225] netlink: set zone limit has 4 unknown bytes
[   84.170054][ T8259] veth1_to_bond: entered allmulticast mode
[   84.172676][ T8259] bond_slave_1: entered promiscuous mode
[   84.175098][ T8258] bond_slave_1: left promiscuous mode
[   84.178609][ T8258] veth1_to_bond: left allmulticast mode
[   84.200808][ T8261] netlink: 'syz.0.1013': attribute type 21 has an invalid length.
[   84.203361][ T8261] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1013'.
[   84.356358][ T8274] smc: adding net device syzkaller1 with user defined pnetid SYZ2
[   84.360465][ T8274] syzkaller1: entered promiscuous mode
[   84.362548][ T8274] syzkaller1: entered allmulticast mode
[   84.371384][ T8273] smc: removing net device syzkaller1 with user defined pnetid SYZ2
[   84.456063][ T8277] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1020'.
[   84.778687][ T8305] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   84.837194][ T8309] openvswitch: netlink: Message has 4 unknown bytes.
[   84.928982][ T8323] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1042'.
[   84.950906][ T8323] vlan3: entered allmulticast mode
[   84.953578][ T8323] bond2: entered allmulticast mode
[   85.023661][ T8332] netlink: 'syz.1.1045': attribute type 10 has an invalid length.
[   85.029731][ T8332] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1045'.
[   85.032835][ T8332] veth0_vlan: entered allmulticast mode
[   85.035157][ T8332] bridge0: port 1(veth0_vlan) entered blocking state
[   85.038096][ T8332] bridge0: port 1(veth0_vlan) entered disabled state
[   85.041675][ T8332] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   85.106645][ T8338] syzkaller1: entered promiscuous mode
[   85.108566][ T8338] syzkaller1: entered allmulticast mode
[   85.211076][ T8344] netlink: 248 bytes leftover after parsing attributes in process `syz.1.1050'.
[   85.362251][ T8353] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   85.606684][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1060'.
[   86.029398][ T8419] netlink: 'syz.1.1074': attribute type 5 has an invalid length.
[   87.001672][ T8491] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   87.024599][ T8491] syzkaller0: entered promiscuous mode
[   87.026619][ T8491] syzkaller0: entered allmulticast mode
[   87.028909][ T8491] tipc: Resetting bearer <eth:syzkaller0>
[   87.033093][ T8490] tipc: Resetting bearer <eth:syzkaller0>
[   87.678582][ T8490] tipc: Disabling bearer <eth:syzkaller0>
[   87.890742][ T8522] netlink: 'syz.2.1108': attribute type 10 has an invalid length.
[   87.893740][ T8522] __nla_validate_parse: 4 callbacks suppressed
[   87.893747][ T8522] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1108'.
[   87.899592][ T8522] dummy0: entered promiscuous mode
[   87.901618][ T8522] dummy0: entered allmulticast mode
[   87.904126][ T8522] bridge0: port 3(dummy0) entered blocking state
[   87.906648][ T8522] bridge0: port 3(dummy0) entered disabled state
[   87.910014][ T8522] bridge0: port 3(dummy0) entered blocking state
[   87.912076][ T8522] bridge0: port 3(dummy0) entered forwarding state
[   87.994772][ T8528] netlink: 'syz.2.1111': attribute type 1 has an invalid length.
[   88.012122][ T8528] bond3: entered promiscuous mode
[   88.025813][ T8528] 8021q: adding VLAN 0 to HW filter on device bond3
[   88.162298][ T8543] netlink: 'syz.1.1118': attribute type 3 has an invalid length.
[   88.167106][ T8543] lo: entered allmulticast mode
[   88.175721][ T8543] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   88.182606][ T8543] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   88.221256][ T8543] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   88.238820][ T8542] lo: left allmulticast mode
[   88.271512][ T8551] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.274104][ T8551] syzkaller0: entered promiscuous mode
[   88.276819][ T8551] syzkaller0: entered allmulticast mode
[   88.292696][ T8551] tipc: Resetting bearer <eth:syzkaller0>
[   88.296742][ T8550] tipc: Resetting bearer <eth:syzkaller0>
[   88.305160][ T8550] tipc: Disabling bearer <eth:syzkaller0>
[   88.566975][ T8567] netlink: 'syz.0.1130': attribute type 1 has an invalid length.
[   88.580472][ T8567] 8021q: adding VLAN 0 to HW filter on device bond3
[   88.592906][ T8567] bond3: (slave bridge2): making interface the new active one
[   88.598442][ T8567] bond3: (slave bridge2): Enslaving as an active interface with an up link
[   88.607611][ T8567] gretap1: entered promiscuous mode
[   88.610851][ T8567] bond3: (slave gretap1): Enslaving as an active interface with an up link
[   88.618662][ T8567] macvlan2: entered promiscuous mode
[   88.620437][ T8567] macvlan2: entered allmulticast mode
[   88.622423][ T8567] bond3: entered promiscuous mode
[   88.624078][ T8567] bridge2: entered promiscuous mode
[   88.627576][ T8567] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   88.630137][ T8567] bond3: (slave macvlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[   88.637651][ T8567] bond3: left promiscuous mode
[   88.639221][ T8567] bridge2: left promiscuous mode
[   88.647720][ T8577] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[   89.794996][ T8622] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[   89.818389][ T8622] tipc: Resetting bearer <eth:syzkaller0>
[   89.822800][ T8621] tipc: Resetting bearer <eth:syzkaller0>
[   90.535788][ T8621] tipc: Disabling bearer <eth:syzkaller0>
[   90.614164][ T8636] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1157'.
[   90.619155][ T8638] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1158'.
[   90.620089][ T8634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1156'.
[   90.624994][ T8636] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[   90.637589][ T8634] vlan2: entered promiscuous mode
[   90.639252][ T8634] bond0: entered promiscuous mode
[   90.752671][ T8644] bridge0: port 3(dummy0) entered disabled state
[   90.793266][ T8644] bridge_slave_0: left allmulticast mode
[   90.799286][ T8644] bridge_slave_0: left promiscuous mode
[   90.801584][ T8644] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.812804][ T8644] bridge_slave_1: left allmulticast mode
[   90.815078][ T8644] bridge_slave_1: left promiscuous mode
[   90.826103][ T8644] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.842737][ T8644] bond0: (slave bond_slave_0): Releasing backup interface
[   90.856874][ T8644] bond0: (slave bond_slave_1): Releasing backup interface
[   90.864830][ T8644] team0: Port device team_slave_0 removed
[   90.877123][ T8644] team0: Port device team_slave_1 removed
[   90.881259][ T8644] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.884060][ T8644] batman_adv: batadv0: Removing interface: batadv_slave_0
[   90.896155][ T8644] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.898744][ T8644] batman_adv: batadv0: Removing interface: batadv_slave_1
[   90.922234][ T8644] bond1: (slave vlan2): Releasing active interface
[   91.112337][ T8673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1169'.
[   91.120222][ T8673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1169'.
[   91.142513][ T8673] batadv_slave_1: entered promiscuous mode
[   91.153411][ T8673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1169'.
[   91.158382][ T8673] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1169'.
[   91.421051][ T8693] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1175'.
[   91.424011][ T8693] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1175'.
[   92.670855][ T8735] smc: adding net device syzkaller1 with user defined pnetid SYZ2
[   92.783682][ T8733] smc: removing net device syzkaller1 with user defined pnetid SYZ2
[   93.114017][ T5690] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.117985][ T5690] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.121919][ T5690] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.124744][ T5690] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   93.284422][ T8789] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[   93.906417][ T8827] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1228'.
[   94.524558][ T8871] ==================================================================
[   94.527249][ T8871] BUG: KASAN: slab-use-after-free in __xfrm_state_insert+0x8af/0x1450
[   94.529869][ T8871] Read of size 1 at addr ffff8881163f0330 by task syz.2.1249/8871
[   94.533299][ T8871] 
[   94.534107][ T8871] CPU: 1 UID: 0 PID: 8871 Comm: syz.2.1249 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba-dirty #0 PREEMPT(full) 
[   94.534118][ T8871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   94.534123][ T8871] Call Trace:
[   94.534127][ T8871]  <TASK>
[   94.534132][ T8871]  dump_stack_lvl+0x189/0x250
[   94.534143][ T8871]  ? __kasan_check_byte+0x12/0x40
[   94.534158][ T8871]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.534165][ T8871]  ? lock_release+0x4b/0x3e0
[   94.534178][ T8871]  ? __virt_addr_valid+0x4a5/0x5c0
[   94.534188][ T8871]  print_report+0xca/0x240
[   94.534199][ T8871]  ? __xfrm_state_insert+0x8af/0x1450
[   94.534207][ T8871]  kasan_report+0x118/0x150
[   94.534219][ T8871]  ? __xfrm_state_insert+0x8af/0x1450
[   94.534227][ T8871]  __xfrm_state_insert+0x8af/0x1450
[   94.534236][ T8871]  ? xfrm_state_insert+0x44/0x60
[   94.534243][ T8871]  xfrm_state_insert+0x54/0x60
[   94.534251][ T8871]  ipcomp6_init_state+0x655/0x900
[   94.534259][ T8871]  __xfrm_init_state+0xa76/0x13f0
[   94.534268][ T8871]  ? __xfrm_init_state+0x7ef/0x13f0
[   94.534278][ T8871]  xfrm_init_state+0x18/0xa0
[   94.534285][ T8871]  pfkey_add+0x1d38/0x2e00
[   94.534297][ T8871]  ? __pfx_pfkey_add+0x10/0x10
[   94.534303][ T8871]  ? kmem_cache_free+0x18f/0x400
[   94.534318][ T8871]  pfkey_sendmsg+0xbfe/0x1090
[   94.534327][ T8871]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   94.534333][ T8871]  ? rcu_is_watching+0x15/0xb0
[   94.534348][ T8871]  ? aa_sock_msg_perm+0x94/0x160
[   94.534358][ T8871]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   94.534367][ T8871]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   94.534373][ T8871]  __sock_sendmsg+0x21c/0x270
[   94.534383][ T8871]  ____sys_sendmsg+0x52d/0x830
[   94.534392][ T8871]  ? __pfx_____sys_sendmsg+0x10/0x10
[   94.534400][ T8871]  ? import_iovec+0x74/0xa0
[   94.534413][ T8871]  ___sys_sendmsg+0x21f/0x2a0
[   94.534422][ T8871]  ? __pfx____sys_sendmsg+0x10/0x10
[   94.534437][ T8871]  ? __fget_files+0x2a/0x420
[   94.534444][ T8871]  ? __fget_files+0x3a0/0x420
[   94.534452][ T8871]  __sys_sendmmsg+0x227/0x430
[   94.534460][ T8871]  ? __pfx___sys_sendmmsg+0x10/0x10
[   94.534467][ T8871]  ? do_futex+0x333/0x420
[   94.534476][ T8871]  ? fdget+0x184/0x1e0
[   94.534485][ T8871]  ? __pfx___se_sys_futex+0x10/0x10
[   94.534493][ T8871]  ? fd_install+0x30d/0x540
[   94.534500][ T8871]  __x64_sys_sendmmsg+0xa0/0xc0
[   94.534508][ T8871]  do_syscall_64+0xfa/0x3b0
[   94.534518][ T8871]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.534528][ T8871]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.534535][ T8871]  ? exc_page_fault+0x9f/0xf0
[   94.534544][ T8871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.534551][ T8871] RIP: 0033:0x7f935098eb69
[   94.534559][ T8871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.534566][ T8871] RSP: 002b:00007f93517ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   94.534574][ T8871] RAX: ffffffffffffffda RBX: 00007f9350bb5fa0 RCX: 00007f935098eb69
[   94.534580][ T8871] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000003
[   94.534585][ T8871] RBP: 00007f9350a11df1 R08: 0000000000000000 R09: 0000000000000000
[   94.534589][ T8871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.534594][ T8871] R13: 0000000000000000 R14: 00007f9350bb5fa0 R15: 00007ffc583007a8
[   94.534601][ T8871]  </TASK>
[   94.534604][ T8871] 
[   94.639658][ T8871] Allocated by task 6652:
[   94.641083][ T8871]  kasan_save_track+0x3e/0x80
[   94.642616][ T8871]  __kasan_slab_alloc+0x6c/0x80
[   94.644259][ T8871]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   94.646053][ T8871]  xfrm_state_alloc+0x24/0x2f0
[   94.647630][ T8871]  __find_acq_core+0x8a7/0x1c00
[   94.649237][ T8871]  xfrm_find_acq+0x78/0xa0
[   94.650686][ T8871]  xfrm_alloc_userspi+0x6b3/0xc90
[   94.652376][ T8871]  xfrm_user_rcv_msg+0x7a3/0xab0
[   94.653982][ T8871]  netlink_rcv_skb+0x208/0x470
[   94.655516][ T8871]  xfrm_netlink_rcv+0x79/0x90
[   94.657096][ T8871]  netlink_unicast+0x82f/0x9e0
[   94.658639][ T8871]  netlink_sendmsg+0x805/0xb30
[   94.660264][ T8871]  __sock_sendmsg+0x21c/0x270
[   94.661801][ T8871]  ____sys_sendmsg+0x505/0x830
[   94.663379][ T8871]  ___sys_sendmsg+0x21f/0x2a0
[   94.664956][ T8871]  __x64_sys_sendmsg+0x19b/0x260
[   94.666577][ T8871]  do_syscall_64+0xfa/0x3b0
[   94.668096][ T8871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.670060][ T8871] 
[   94.670840][ T8871] Freed by task 51:
[   94.672113][ T8871]  kasan_save_track+0x3e/0x80
[   94.673645][ T8871]  kasan_save_free_info+0x46/0x50
[   94.675325][ T8871]  __kasan_slab_free+0x62/0x70
[   94.676925][ T8871]  kmem_cache_free+0x18f/0x400
[   94.678516][ T8871]  xfrm_state_gc_task+0x518/0x6a0
[   94.680199][ T8871]  process_scheduled_works+0xae1/0x17b0
[   94.682051][ T8871]  worker_thread+0x8a0/0xda0
[   94.683573][ T8871]  kthread+0x711/0x8a0
[   94.684930][ T8871]  ret_from_fork+0x3fc/0x770
[   94.686483][ T8871]  ret_from_fork_asm+0x1a/0x30
[   94.688078][ T8871] 
[   94.688858][ T8871] The buggy address belongs to the object at ffff8881163f0000
[   94.688858][ T8871]  which belongs to the cache xfrm_state of size 928
[   94.693306][ T8871] The buggy address is located 816 bytes inside of
[   94.693306][ T8871]  freed 928-byte region [ffff8881163f0000, ffff8881163f03a0)
[   94.697688][ T8871] 
[   94.698498][ T8871] The buggy address belongs to the physical page:
[   94.700607][ T8871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881163f0480 pfn:0x1163f0
[   94.703952][ T8871] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   94.706635][ T8871] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   94.709109][ T8871] page_type: f5(slab)
[   94.710429][ T8871] raw: 057ff00000000040 ffff88810545ab40 dead000000000122 0000000000000000
[   94.713169][ T8871] raw: ffff8881163f0480 00000000800e000c 00000000f5000000 0000000000000000
[   94.715863][ T8871] head: 057ff00000000040 ffff88810545ab40 dead000000000122 0000000000000000
[   94.718603][ T8871] head: ffff8881163f0480 00000000800e000c 00000000f5000000 0000000000000000
[   94.721369][ T8871] head: 057ff00000000002 ffffea000458fc01 00000000ffffffff 00000000ffffffff
[   94.724101][ T8871] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   94.726832][ T8871] page dumped because: kasan: bad access detected
[   94.728898][ T8871] page_owner tracks the page as allocated
[   94.730707][ T8871] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6652, tgid 6651 (syz.2.338), ts 60717735057, free_ts 60502583698
[   94.736717][ T8871]  post_alloc_hook+0x240/0x2a0
[   94.738263][ T8871]  get_page_from_freelist+0x21e4/0x22c0
[   94.740045][ T8871]  __alloc_frozen_pages_noprof+0x181/0x370
[   94.741869][ T8871]  alloc_pages_mpol+0x232/0x4a0
[   94.743475][ T8871]  allocate_slab+0x8a/0x3b0
[   94.744972][ T8871]  ___slab_alloc+0xbfc/0x1480
[   94.746492][ T8871]  kmem_cache_alloc_noprof+0x283/0x3c0
[   94.748251][ T8871]  xfrm_state_alloc+0x24/0x2f0
[   94.749788][ T8871]  __find_acq_core+0x8a7/0x1c00
[   94.751371][ T8871]  xfrm_find_acq+0x78/0xa0
[   94.752816][ T8871]  xfrm_alloc_userspi+0x6b3/0xc90
[   94.754474][ T8871]  xfrm_user_rcv_msg+0x7a3/0xab0
[   94.756107][ T8871]  netlink_rcv_skb+0x208/0x470
[   94.757670][ T8871]  xfrm_netlink_rcv+0x79/0x90
[   94.759239][ T8871]  netlink_unicast+0x82f/0x9e0
[   94.760783][ T8871]  netlink_sendmsg+0x805/0xb30
[   94.762378][ T8871] page last free pid 6639 tgid 6638 stack trace:
[   94.764386][ T8871]  __free_frozen_pages+0xc71/0xe70
[   94.766058][ T8871]  stack_depot_save_flags+0x445/0x900
[   94.767787][ T8871]  kasan_save_track+0x4f/0x80
[   94.769346][ T8871]  __kasan_kmalloc+0x93/0xb0
[   94.770896][ T8871]  __kmalloc_node_track_caller_noprof+0x271/0x4e0
[   94.772981][ T8871]  memdup_sockptr_noprof+0x2a/0x100
[   94.774642][ T8871]  ipv6_set_opt_hdr+0x1e7/0x6b0
[   94.776252][ T8871]  do_ipv6_setsockopt+0x135a/0x2eb0
[   94.778014][ T8871]  ipv6_setsockopt+0x59/0x170
[   94.779532][ T8871]  do_sock_setsockopt+0x17c/0x1b0
[   94.781157][ T8871]  __x64_sys_setsockopt+0x13f/0x1b0
[   94.782860][ T8871]  do_syscall_64+0xfa/0x3b0
[   94.784403][ T8871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.786364][ T8871] 
[   94.787167][ T8871] Memory state around the buggy address:
[   94.789038][ T8871]  ffff8881163f0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.791577][ T8871]  ffff8881163f0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.794175][ T8871] >ffff8881163f0300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.796730][ T8871]                                      ^
[   94.798567][ T8871]  ffff8881163f0380: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   94.801148][ T8871]  ffff8881163f0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   94.803679][ T8871] ==================================================================
[   94.806518][ T8871] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   94.808902][ T8871] CPU: 1 UID: 0 PID: 8871 Comm: syz.2.1249 Not tainted 6.16.0-syzkaller-06588-g759dfc7d04ba-dirty #0 PREEMPT(full) 
[   94.812795][ T8871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   94.816019][ T8871] Call Trace:
[   94.817118][ T8871]  <TASK>
[   94.818113][ T8871]  dump_stack_lvl+0x99/0x250
[   94.819608][ T8871]  ? __asan_memcpy+0x40/0x70
[   94.821148][ T8871]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.822827][ T8871]  ? __pfx__printk+0x10/0x10
[   94.824371][ T8871]  panic+0x2db/0x790
[   94.825664][ T8871]  ? __pfx_panic+0x10/0x10
[   94.827147][ T8871]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[   94.829119][ T8871]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   94.831035][ T8871]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.833124][ T8871]  ? print_memory_metadata+0x314/0x400
[   94.834897][ T8871]  ? __xfrm_state_insert+0x8af/0x1450
[   94.836630][ T8871]  check_panic_on_warn+0x89/0xb0
[   94.838284][ T8871]  ? __xfrm_state_insert+0x8af/0x1450
[   94.840049][ T8871]  end_report+0x78/0x160
[   94.841445][ T8871]  kasan_report+0x129/0x150
[   94.842957][ T8871]  ? __xfrm_state_insert+0x8af/0x1450
[   94.844697][ T8871]  __xfrm_state_insert+0x8af/0x1450
[   94.846446][ T8871]  ? xfrm_state_insert+0x44/0x60
[   94.848075][ T8871]  xfrm_state_insert+0x54/0x60
[   94.849667][ T8871]  ipcomp6_init_state+0x655/0x900
[   94.851320][ T8871]  __xfrm_init_state+0xa76/0x13f0
[   94.853003][ T8871]  ? __xfrm_init_state+0x7ef/0x13f0
[   94.854731][ T8871]  xfrm_init_state+0x18/0xa0
[   94.856255][ T8871]  pfkey_add+0x1d38/0x2e00
[   94.857709][ T8871]  ? __pfx_pfkey_add+0x10/0x10
[   94.859289][ T8871]  ? kmem_cache_free+0x18f/0x400
[   94.860906][ T8871]  pfkey_sendmsg+0xbfe/0x1090
[   94.862514][ T8871]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   94.864199][ T8871]  ? rcu_is_watching+0x15/0xb0
[   94.865758][ T8871]  ? aa_sock_msg_perm+0x94/0x160
[   94.867366][ T8871]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   94.869072][ T8871]  ? __pfx_pfkey_sendmsg+0x10/0x10
[   94.870748][ T8871]  __sock_sendmsg+0x21c/0x270
[   94.872315][ T8871]  ____sys_sendmsg+0x52d/0x830
[   94.873847][ T8871]  ? __pfx_____sys_sendmsg+0x10/0x10
[   94.875563][ T8871]  ? import_iovec+0x74/0xa0
[   94.877049][ T8871]  ___sys_sendmsg+0x21f/0x2a0
[   94.878559][ T8871]  ? __pfx____sys_sendmsg+0x10/0x10
[   94.880232][ T8871]  ? __fget_files+0x2a/0x420
[   94.881731][ T8871]  ? __fget_files+0x3a0/0x420
[   94.883268][ T8871]  __sys_sendmmsg+0x227/0x430
[   94.884801][ T8871]  ? __pfx___sys_sendmmsg+0x10/0x10
[   94.886492][ T8871]  ? do_futex+0x333/0x420
[   94.887905][ T8871]  ? fdget+0x184/0x1e0
[   94.889255][ T8871]  ? __pfx___se_sys_futex+0x10/0x10
[   94.890960][ T8871]  ? fd_install+0x30d/0x540
[   94.892478][ T8871]  __x64_sys_sendmmsg+0xa0/0xc0
[   94.894092][ T8871]  do_syscall_64+0xfa/0x3b0
[   94.895557][ T8871]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.897247][ T8871]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.899198][ T8871]  ? exc_page_fault+0x9f/0xf0
[   94.900719][ T8871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.902634][ T8871] RIP: 0033:0x7f935098eb69
[   94.904120][ T8871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.910237][ T8871] RSP: 002b:00007f93517ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   94.912897][ T8871] RAX: ffffffffffffffda RBX: 00007f9350bb5fa0 RCX: 00007f935098eb69
[   94.915401][ T8871] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000003
[   94.917951][ T8871] RBP: 00007f9350a11df1 R08: 0000000000000000 R09: 0000000000000000
[   94.920505][ T8871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   94.923078][ T8871] R13: 0000000000000000 R14: 00007f9350bb5fa0 R15: 00007ffc583007a8
[   94.925591][ T8871]  </TASK>
[   94.927275][ T8871] Kernel Offset: disabled
[   94.928695][ T8871] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:41:21  Registers:
info registers vcpu 0

CPU#0
RAX=0ca03d4aab27c100 RBX=ffffffff81969b18 RCX=0ca03d4aab27c100 RDX=0000000000000001
RSI=ffffffff8d9790dd RDI=ffffffff8be30a00 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f5b R9 =1ffff110096065eb R10=dffffc0000000000 R11=ffffed10096065ec
R12=ffffffff8fa07af0 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a18
RIP=ffffffff8b6fc4f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8680000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000180 CR3=00000000282e6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fc4e0e12e17
XMM06=0000000000000000 00007fc4e0e12e11 XMM07=0000000000000000 00007fc4e0e12e25
XMM08=0000000000000000 00007fc4e0e12eab XMM09=0000000000000000 00007fc4e0e12f89
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000066 RBX=0000000000000066 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000136a RDI=000000000000136b RBP=00000000000003f8 RSP=ffffc90007b7ecb0
R8 =ffff888021b08237 R9 =1ffff11004361046 R10=dffffc0000000000 R11=ffffffff854c1d90
R12=dffffc0000000000 R13=ffffffff99a95912 R14=ffffffff99d9a4e0 R15=0000000000000000
RIP=ffffffff854c1e0c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f93517ac6c0 ffffffff 00c00000
GS =0000 ffff8881a3c80000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f93517abfc8 CR3=000000010e9b8000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f9350b87498 00007f9350b87470 XMM03=00007f9350b874a8 00007f9350b874a0
XMM04=00007f93516ed100 00007f9350b87460 XMM05=00007f9350b87478 00007f9350b874c0
XMM06=00007f9350b874b8 00007f9350b874b0 XMM07=00007f9350b874a8 00007f9350b874a0
XMM08=0000000000000000 00007f9350a12eab XMM09=0000000000000000 00007f9350a12f89
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
