last executing test programs:

1.092987084s ago: executing program 1 (id=1730):
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000001c0)=ANY=[@ANYBLOB="000a000000000fd60730000000000a0000000000000000000000000000000000000000000000080000000d00000000000000000000ef60fc4bd8ecc4e3200000000006004dee00000000000032acaace3269"], 0xd0060)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000047c0)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="180000007a00010600000000fbdbdf2507"], 0x18}], 0x1, 0x0, 0x0, 0x4000050}, 0x80)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

1.092421552s ago: executing program 1 (id=1732):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x800448d4, 0x0)
ioctl$sock_bt_hci(r0, 0x400448e2, &(0x7f0000000000))

1.000247433s ago: executing program 1 (id=1735):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x54, r1, 0x111, 0x70bd27, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x18, 0x3, 0x2}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x2}, {0x5, 0x12, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000)

999.99798ms ago: executing program 1 (id=1736):
syz_emit_ethernet(0x4e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60f91e2e00183c00fe880000000000000000000000000001ff020000000000000000000000000001880000000000010000000000000090"], 0x0)

904.470521ms ago: executing program 1 (id=1738):
r0 = socket$inet(0x2, 0x5, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r2=>0x0]}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000240)={r2, 0x4}, 0x8)

479.576364ms ago: executing program 0 (id=1748):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x3000004, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000001580)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000540)=0x9c)

332.540802ms ago: executing program 0 (id=1753):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140100001e0001012bbd7000fbdbdf2564010102000000000000000000000000000004d50a002b00fc02000000000000000000000000000113b40000ff34000010000a002cbd70002abd7000050000000c001500", @ANYRESOCT=r0], 0x114}, 0x1, 0x0, 0x0, 0x20}, 0x20008000)

283.042946ms ago: executing program 0 (id=1754):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r2, 0x84, 0x1, 0x0, &(0x7f0000001000))
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010f00010900030073797a32000000000c00024000000000000000010900010073797a30"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
accept(r4, &(0x7f0000000d40)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000440)=0x80)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000000)={0x0, 0x31, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {}, {0x9, 0x13, @l2={'ib', 0x3a, 'team0\x00'}}}}, 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x200c48a4)

282.67052ms ago: executing program 0 (id=1757):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000cc0)={0x44, r1, 0x1, 0x70bd2a, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0xffffffffffffff1e}}]}, 0x44}}, 0x0)

222.692031ms ago: executing program 0 (id=1759):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)

222.516732ms ago: executing program 0 (id=1761):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
unshare(0x6a040000)
socket(0x8, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0637bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)

72.72558ms ago: executing program 2 (id=1766):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x6c, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x30, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @CTA_EXPECT_MASTER={0x4}]}, 0x6c}}, 0x0)

72.598866ms ago: executing program 1 (id=1767):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000980), r0)
sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000009c0)={0x20, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_MGMT_A_DOMAIN={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x18}, 0x2000c084)

72.523886ms ago: executing program 2 (id=1768):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0xa, 0x4, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x5b}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94)

17.891995ms ago: executing program 2 (id=1769):
r0 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000005c0)={@private0, @mcast2, @private1, 0x5, 0x2, 0x6, 0x400, 0x8, 0x2520062})

17.710505ms ago: executing program 2 (id=1770):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@ipv4_delrule={0x24, 0x21, 0x5, 0x0, 0x25dfdbfe, {}, [@FRA_FLOW={0x8, 0xb, 0x8000}]}, 0x24}}, 0x44044)

17.462101ms ago: executing program 2 (id=1771):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x6f, &(0x7f0000002240)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e20, 0x4d, 0x0, @wg=@data={0x4, 0x8, 0x4, "f7b9aa3f9606d32f2d244712593e655e189e64f114be88c85290b6e10e1ca6068680f332d169f5da49814c1b6f8911e2a3d47626bb"}}}}}}, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000000))

0s ago: executing program 2 (id=1772):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xb, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:51182' (ED25519) to the list of known hosts.
syzkaller login: [   41.222536][ T5781] cgroup: Unknown subsys name 'net'
[   41.347084][ T5781] cgroup: Unknown subsys name 'cpuset'
[   41.350935][ T5781] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.597457][ T5781] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   45.823875][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   45.826750][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   45.829288][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   45.831907][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   45.837090][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   45.839809][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   45.843011][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   45.846149][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   45.849016][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   45.851513][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   45.926897][ T5226] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   45.929890][ T5226] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   45.932489][ T5226] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   45.935981][ T5226] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   45.938800][ T5226] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   46.046133][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   46.124687][ T5828] chnl_net:caif_netlink_parms(): no params data found
[   46.155038][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.157691][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.160132][ T5833] bridge_slave_0: entered allmulticast mode
[   46.162861][ T5833] bridge_slave_0: entered promiscuous mode
[   46.168241][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.170577][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.172780][ T5833] bridge_slave_1: entered allmulticast mode
[   46.175851][ T5833] bridge_slave_1: entered promiscuous mode
[   46.235636][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.238713][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   46.251305][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.283541][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.286198][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.288645][ T5828] bridge_slave_0: entered allmulticast mode
[   46.291354][ T5828] bridge_slave_0: entered promiscuous mode
[   46.295780][ T5833] team0: Port device team_slave_0 added
[   46.297871][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.300484][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.303185][ T5828] bridge_slave_1: entered allmulticast mode
[   46.306943][ T5828] bridge_slave_1: entered promiscuous mode
[   46.320351][ T5833] team0: Port device team_slave_1 added
[   46.347913][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.363399][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.367808][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.369990][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.378292][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.397289][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.399538][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.408241][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.430505][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.432819][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.436257][ T5840] bridge_slave_0: entered allmulticast mode
[   46.438994][ T5840] bridge_slave_0: entered promiscuous mode
[   46.442793][ T5828] team0: Port device team_slave_0 added
[   46.446865][ T5828] team0: Port device team_slave_1 added
[   46.463309][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.466104][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.468489][ T5840] bridge_slave_1: entered allmulticast mode
[   46.471132][ T5840] bridge_slave_1: entered promiscuous mode
[   46.488061][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.490402][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.499009][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.513215][ T5833] hsr_slave_0: entered promiscuous mode
[   46.516497][ T5833] hsr_slave_1: entered promiscuous mode
[   46.519287][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.521582][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.530128][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.546948][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.565905][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.596457][ T5828] hsr_slave_0: entered promiscuous mode
[   46.599118][ T5828] hsr_slave_1: entered promiscuous mode
[   46.601277][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   46.603865][ T5828] Cannot create hsr debugfs directory
[   46.618652][ T5840] team0: Port device team_slave_0 added
[   46.631843][ T5840] team0: Port device team_slave_1 added
[   46.678855][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.681143][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.690155][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.705794][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.708036][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.716599][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.799233][ T5840] hsr_slave_0: entered promiscuous mode
[   46.801507][ T5840] hsr_slave_1: entered promiscuous mode
[   46.803655][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   46.807502][ T5840] Cannot create hsr debugfs directory
[   46.858527][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   46.866797][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   46.878749][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   46.893934][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   46.937415][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   46.948891][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   46.959307][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   46.967229][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   47.006380][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.008772][ T5833] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.011459][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.013701][ T5833] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.023602][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   47.027859][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   47.032398][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   47.039343][ T1089] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.042232][ T1089] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.054695][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   47.116897][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.143421][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   47.149383][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.158333][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.160666][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.170087][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.172406][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.186371][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   47.189980][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[   47.201752][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.203987][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.217196][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   47.222227][ T3867] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.224540][ T3867] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.232831][ T5833] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   47.241134][ T5833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   47.269293][ T1089] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.271601][ T1089] bridge0: port 1(bridge_slave_0) entered forwarding state
[   47.278424][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.280746][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   47.368435][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.410072][ T5833] veth0_vlan: entered promiscuous mode
[   47.427954][ T5833] veth1_vlan: entered promiscuous mode
[   47.450066][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.467122][ T5833] veth0_macvtap: entered promiscuous mode
[   47.476050][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[   47.480485][ T5833] veth1_macvtap: entered promiscuous mode
[   47.490042][ T5840] veth0_vlan: entered promiscuous mode
[   47.496045][ T5840] veth1_vlan: entered promiscuous mode
[   47.523023][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.528894][ T5840] veth0_macvtap: entered promiscuous mode
[   47.536867][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.542171][ T5840] veth1_macvtap: entered promiscuous mode
[   47.551239][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.554420][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.563413][ T5828] veth0_vlan: entered promiscuous mode
[   47.567529][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.570092][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.580154][ T5691] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.583668][ T5828] veth1_vlan: entered promiscuous mode
[   47.589276][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.607957][ T5861] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.612413][ T5861] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.620225][ T5861] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.629227][ T5861] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.654096][ T1087] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.662431][ T1087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.668208][ T5828] veth0_macvtap: entered promiscuous mode
[   47.671961][ T5828] veth1_macvtap: entered promiscuous mode
[   47.693931][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.703079][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.707980][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.715770][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.746347][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.749998][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.752813][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.761870][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.766049][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.787097][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.788744][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   47.794191][ T3867] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.799239][ T3867] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.835730][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.838321][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.864234][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.867813][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.905724][ T5900] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   47.912003][ T5898] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'.
[   47.917479][ T5835] Bluetooth: hci1: command tx timeout
[   47.917484][ T5226] Bluetooth: hci0: command tx timeout
[   47.927191][ T5898] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3'.
[   48.005523][ T5226] Bluetooth: hci2: command tx timeout
[   48.021509][ T5909] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8'.
[   48.036865][ T5912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9'.
[   48.112038][ T5920] netlink: 'syz.1.13': attribute type 2 has an invalid length.
[   48.120653][ T5920] netlink: 'syz.1.13': attribute type 1 has an invalid length.
[   48.123395][ T5920] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13'.
[   48.411623][ T5953] syz.2.29 uses obsolete (PF_INET,SOCK_PACKET)
[   48.525461][ T5964] Zero length message leads to an empty skb
[   48.631775][ T5974] netlink: 12 bytes leftover after parsing attributes in process `syz.0.38'.
[   48.659187][ T5973] tipc: Started in network mode
[   48.660900][ T5973] tipc: Node identity 4e60711c8022, cluster identity 4711
[   48.663516][ T5973] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   48.683024][ T5973] syzkaller0: entered promiscuous mode
[   48.687110][ T5973] syzkaller0: entered allmulticast mode
[   48.697487][ T5973] tipc: Resetting bearer <eth:syzkaller0>
[   48.712346][ T5973] tipc: Disabling bearer <eth:syzkaller0>
[   49.180169][ T6018] netlink: 8 bytes leftover after parsing attributes in process `syz.2.59'.
[   49.233237][ T6029] veth0_macvtap: left promiscuous mode
[   49.242271][ T6029] macvtap0: entered allmulticast mode
[   49.251046][ T6029] A link change request failed with some changes committed already. Interface macvtap0 may have been left with an inconsistent configuration, please check.
[   49.740993][ T6085] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   49.799625][   T10] IPVS: starting estimator thread 0...
[   49.860356][ T6097] netlink: 224 bytes leftover after parsing attributes in process `syz.1.84'.
[   49.879240][ T6097] netlink: 'syz.1.84': attribute type 1 has an invalid length.
[   49.897017][ T6100] netlink: 'syz.2.85': attribute type 2 has an invalid length.
[   49.899600][ T6100] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   49.924933][ T6092] IPVS: using max 77 ests per chain, 184800 per kthread
[   49.995171][ T5226] Bluetooth: hci1: command tx timeout
[   49.997349][ T5226] Bluetooth: hci0: command tx timeout
[   50.077172][ T5835] Bluetooth: hci2: command tx timeout
[   50.090662][ T6119] netlink: 'syz.2.92': attribute type 4 has an invalid length.
[   50.293863][ T6131] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[   50.296242][ T5830] IPVS: starting estimator thread 0...
[   50.326632][ T6141] netlink: 'syz.1.102': attribute type 5 has an invalid length.
[   50.329056][ T6141] netlink: 'syz.1.102': attribute type 5 has an invalid length.
[   50.398927][ T6138] IPVS: using max 78 ests per chain, 187200 per kthread
[   50.417697][ T6147] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[   50.617899][ T6169] warning: `syz.0.113' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   50.652684][ T6171] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   50.657434][ T6171] syzkaller0: entered promiscuous mode
[   50.659170][ T6171] syzkaller0: entered allmulticast mode
[   50.670030][ T6171] tipc: Resetting bearer <eth:syzkaller0>
[   50.673300][ T6170] tipc: Resetting bearer <eth:syzkaller0>
[   50.680166][ T6170] tipc: Disabling bearer <eth:syzkaller0>
[   50.783977][ T6175] dummy0: entered promiscuous mode
[   50.786319][ T6175] dummy0: entered allmulticast mode
[   51.223878][   T33] audit: type=1107 audit(1753630714.830:2): pid=6197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   51.249057][ T6200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.128'.
[   51.437002][ T6216] netlink: 36 bytes leftover after parsing attributes in process `syz.2.136'.
[   51.453885][ T6216] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.605135][ T6229] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   51.642553][ T6229] 8021q: adding VLAN 0 to HW filter on device bond1
[   51.696395][ T6238] vxcan1: tx address claim with dest, not broadcast
[   51.717394][ T6240] netlink: 'syz.1.147': attribute type 7 has an invalid length.
[   52.074864][ T5835] Bluetooth: hci0: command tx timeout
[   52.075985][ T5226] Bluetooth: hci1: command tx timeout
[   52.103091][ T6279] netlink: 'syz.1.165': attribute type 1 has an invalid length.
[   52.106894][ T6279] netlink: 'syz.1.165': attribute type 1 has an invalid length.
[   52.155176][ T5226] Bluetooth: hci2: command tx timeout
[   53.030516][ T6360] IPVS: length: 209 != 24
[   53.143299][ T6374] validate_nla: 1 callbacks suppressed
[   53.143309][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.157617][ T6374] __nla_validate_parse: 3 callbacks suppressed
[   53.157626][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.162565][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.170148][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.174090][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.180349][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.183376][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.186061][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.189157][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.191710][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.194687][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.198173][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.201141][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.203654][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.207348][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.209814][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.221991][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.224509][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.228539][ T6374] netlink: 'syz.0.211': attribute type 1 has an invalid length.
[   53.231080][ T6374] netlink: 20 bytes leftover after parsing attributes in process `syz.0.211'.
[   53.250756][ T6376] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[   53.259741][ T6380] bridge_slave_0: left allmulticast mode
[   53.261566][ T6380] bridge_slave_0: left promiscuous mode
[   53.263503][ T6380] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.269436][ T6380] bridge_slave_1: left allmulticast mode
[   53.271206][ T6380] bridge_slave_1: left promiscuous mode
[   53.273033][ T6380] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.281320][ T6380] bond0: (slave bond_slave_0): Releasing backup interface
[   53.297149][ T6380] bond0: (slave bond_slave_1): Releasing backup interface
[   53.310357][ T6380] team0: Port device team_slave_0 removed
[   53.318917][ T6380] team0: Port device team_slave_1 removed
[   53.321270][ T6380] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   53.323614][ T6380] batman_adv: batadv0: Removing interface: batadv_slave_0
[   53.328110][ T6380] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   53.330543][ T6380] batman_adv: batadv0: Removing interface: batadv_slave_1
[   53.349458][ T6384] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[   53.360778][ T6384] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   53.698102][ T6406] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   53.996600][   T47] cfg80211: failed to load regulatory.db
[   54.010657][ T6376] syz.1.212 (6376) used greatest stack depth: 20632 bytes left
[   54.155336][ T5226] Bluetooth: hci1: command tx timeout
[   54.155497][ T5835] Bluetooth: hci0: command tx timeout
[   54.235059][ T5835] Bluetooth: hci2: command tx timeout
[   54.628984][ T6502] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   54.693187][ T6504] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.706347][ T6504] team0: Port device bond0 added
[   55.067695][ T6557] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[   55.107235][ T6557] bridge_slave_0: left allmulticast mode
[   55.129778][ T6557] bridge_slave_0: left promiscuous mode
[   55.131694][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.143878][ T6557] bridge_slave_1: left allmulticast mode
[   55.150446][ T6557] bridge_slave_1: left promiscuous mode
[   55.152357][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.166929][ T6557] bond0: (slave bond_slave_0): Releasing backup interface
[   55.170917][ T6557] bond0: (slave bond_slave_1): Releasing backup interface
[   55.184118][ T6557] team0: Port device team_slave_0 removed
[   55.191631][ T6557] team0: Port device team_slave_1 removed
[   55.201363][ T6557] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   55.215400][ T6557] batman_adv: batadv0: Removing interface: batadv_slave_0
[   55.219815][ T6557] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   55.222860][ T6557] batman_adv: batadv0: Removing interface: batadv_slave_1
[   55.245009][ T6564] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[   55.248615][ T6564] vlan2: entered promiscuous mode
[   55.252571][ T6564] team0: entered promiscuous mode
[   55.258108][ T6564] bond0: entered promiscuous mode
[   55.293228][ T6568] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[   55.302233][ T6568] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   55.314340][ T6557] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   55.319191][ T6557] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   56.820812][ T6679] vxcan1 speed is unknown, defaulting to 1000
[   56.826575][ T6679] vxcan1 speed is unknown, defaulting to 1000
[   56.833790][ T6679] vxcan1 speed is unknown, defaulting to 1000
[   57.002041][ T6679] infiniband syz2: set active
[   57.004243][    T9] vxcan1 speed is unknown, defaulting to 1000
[   57.006616][ T6679] infiniband syz2: added vxcan1
[   57.046470][ T6679] RDS/IB: syz2: added
[   57.049311][ T6679] smc: adding ib device syz2 with port count 1
[   57.051381][ T6679] smc:    ib device syz2 port 1 has pnetid 
[   57.053846][    T9] vxcan1 speed is unknown, defaulting to 1000
[   57.059359][ T6679] vxcan1 speed is unknown, defaulting to 1000
[   57.152271][ T6679] vxcan1 speed is unknown, defaulting to 1000
[   57.245758][ T6679] vxcan1 speed is unknown, defaulting to 1000
[   57.363043][ T6679] syz.2.331 (6679) used greatest stack depth: 20264 bytes left
[   57.638337][ T6677] syz.1.332 (6677) used greatest stack depth: 19952 bytes left
[   57.641744][ T6724] trusted_key: syz.0.353 sent an empty control message without MSG_MORE.
[   57.813652][ T6742] bond1: (slave gretap1): making interface the new active one
[   57.816511][ T6742] bond1: (slave gretap1): Enslaving as an active interface with an up link
[   58.012872][ T6772] pim6reg1: entered promiscuous mode
[   58.014589][ T6772] pim6reg1: entered allmulticast mode
[   58.175785][ T6772] 8021q: adding VLAN 0 to HW filter on device bond1
[   58.178393][ T6772] bond1: entered promiscuous mode
[   58.180424][ T6772] team0: Port device bond1 added
[   59.227061][ T6811] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   59.267444][ T6818] veth0_macvtap: left promiscuous mode
[   59.271289][ T6818] macvtap0: entered allmulticast mode
[   59.513401][ T5861] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x4
[   59.557777][ T6856] vxcan1 speed is unknown, defaulting to 1000
[   59.585110][ T6859] Bluetooth: MGMT ver 1.23
[   60.572805][ T6880] __nla_validate_parse: 82 callbacks suppressed
[   60.572814][ T6880] netlink: 1 bytes leftover after parsing attributes in process `syz.0.422'.
[   60.659062][ T6892] validate_nla: 72 callbacks suppressed
[   60.659072][ T6892] netlink: 'syz.1.429': attribute type 15 has an invalid length.
[   60.740238][ T6900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.433'.
[   60.748075][ T6900] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   60.750624][ T6900] team0: Device ipvlan2 is already an upper device of the team interface
[   60.847539][ T6905] netlink: 12 bytes leftover after parsing attributes in process `syz.0.435'.
[   60.850743][ T6905] netlink: 'syz.0.435': attribute type 18 has an invalid length.
[   60.859690][ T5691] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   60.862617][ T5691] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   60.867042][ T6905] netlink: 12 bytes leftover after parsing attributes in process `syz.0.435'.
[   60.869994][ T6905] netlink: 'syz.0.435': attribute type 18 has an invalid length.
[   60.872818][ T5691] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   60.877442][ T5691] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   61.192326][ T6929] netlink: 60 bytes leftover after parsing attributes in process `syz.0.447'.
[   61.195794][ T6929] netlink: 56 bytes leftover after parsing attributes in process `syz.0.447'.
[   61.201142][ T6929] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   61.206759][ T6929] gretap1: entered promiscuous mode
[   61.208547][ T6929] gretap1: entered allmulticast mode
[   61.327241][ T6939] D: renamed from syzkaller0
[   61.667298][ T6975] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[   61.727492][ T6983] netlink: 100 bytes leftover after parsing attributes in process `syz.1.470'.
[   61.775591][ T6989] netlink: 24 bytes leftover after parsing attributes in process `syz.1.473'.
[   61.855144][ T6999] netlink: 100 bytes leftover after parsing attributes in process `syz.1.478'.
[   61.926302][ T7007] netlink: 12 bytes leftover after parsing attributes in process `syz.0.481'.
[   61.944290][ T7009] syz_tun: entered allmulticast mode
[   61.958010][ T7009] dvmrp8: entered allmulticast mode
[   61.966860][ T7009] dvmrp1: entered allmulticast mode
[   61.977548][ T7008] syz_tun: left allmulticast mode
[   61.979543][ T7008] dvmrp1: left allmulticast mode
[   62.191278][ T7032] netlink: 'syz.1.493': attribute type 13 has an invalid length.
[   62.710002][ T7047] openvswitch: netlink: push_nsh: missing base or metadata attributes
[   62.712667][ T7047] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   62.965165][ T7026] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   63.213815][ T7082] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[   63.225962][ T7082] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[   63.467666][ T7116] netlink: 'syz.1.532': attribute type 1 has an invalid length.
[   63.519756][ T7124] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.596572][ T7124] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.646301][ T7124] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.727848][ T7124] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.798718][ T5691] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.822148][ T5691] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.837539][ T5691] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.856219][ T5691] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.076014][ T7184] netlink: 'syz.2.564': attribute type 10 has an invalid length.
[   64.083674][ T7184] team0: Cannot enslave team device to itself
[   64.155282][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout
[   64.223154][ T7201] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   64.225669][ T7201] IPv6: NLM_F_CREATE should be set when creating new route
[   64.227886][ T7201] IPv6: NLM_F_CREATE should be set when creating new route
[   64.438594][ T7227] netlink: 'syz.1.582': attribute type 29 has an invalid length.
[   64.451887][ T7224] vxcan1 speed is unknown, defaulting to 1000
[   64.505379][ T7232] tipc: Started in network mode
[   64.506916][ T7232] tipc: Node identity , cluster identity 4711
[   64.766157][ T7249] netlink: 'syz.2.591': attribute type 1 has an invalid length.
[   64.807569][ T7249] bond2 (unregistering): Released all slaves
[   65.273018][ T7289] unsupported nla_type 52263
[   65.621278][ T7319] tipc: Enabled bearer <eth:wg0>, priority 14
[   65.673801][ T7328] __nla_validate_parse: 10 callbacks suppressed
[   65.673817][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.619'.
[   65.960912][ T7367] 8021q: adding VLAN 0 to HW filter on device bond3
[   65.963514][ T7367] bridge0: port 1(bond3) entered blocking state
[   65.966399][ T7367] bridge0: port 1(bond3) entered disabled state
[   65.968579][ T7367] bond3: entered allmulticast mode
[   65.971489][ T7367] bond3: entered promiscuous mode
[   65.974818][ T7367] bridge0: port 1(bond3) entered blocking state
[   65.977572][ T7367] bridge0: port 1(bond3) entered forwarding state
[   65.981688][ T7369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.633'.
[   65.985980][ T1089] bridge0: port 1(bond3) entered disabled state
[   66.055517][ T7384] netlink: 20 bytes leftover after parsing attributes in process `syz.1.636'.
[   66.065407][ T7384] netlink: 'syz.1.636': attribute type 4 has an invalid length.
[   66.355103][ T7426] netlink: 'syz.1.642': attribute type 8 has an invalid length.
[   66.736410][   T24] tipc: Node number set to 3460460828
[   66.740801][ T7470] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[   67.053117][ T7498] netlink: 'syz.1.668': attribute type 4 has an invalid length.
[   67.237583][ T7513] netlink: 'syz.1.675': attribute type 1 has an invalid length.
[   67.258139][ T7516] Illegal XDP return value 4294967274 on prog  (id 95) dev N/A, expect packet loss!
[   67.260182][ T7513] 8021q: adding VLAN 0 to HW filter on device bond4
[   67.281990][ T7513] 8021q: adding VLAN 0 to HW filter on device bond4
[   67.284251][ T7513] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[   67.290378][ T7513] bond4: (slave vxcan3): Error -95 calling set_mac_address
[   67.321566][ T7519] batadv_slave_1: entered promiscuous mode
[   67.329745][ T7519] bond4: (slave batadv_slave_1): making interface the new active one
[   67.333077][ T7519] bond4: (slave batadv_slave_1): Enslaving as an active interface with an up link
[   67.350626][ T7513] netlink: 28 bytes leftover after parsing attributes in process `syz.1.675'.
[   67.356129][ T7513] 8021q: adding VLAN 0 to HW filter on device bond4
[   67.407792][ T7524] tipc: Started in network mode
[   67.409433][ T7524] tipc: Node identity 8247501e069c, cluster identity 4711
[   67.411870][ T7524] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   67.433883][ T7524] syzkaller0: entered promiscuous mode
[   67.436876][ T7524] syzkaller0: entered allmulticast mode
[   67.439917][ T7524] tipc: Resetting bearer <eth:syzkaller0>
[   67.444413][ T7524] netlink: 28 bytes leftover after parsing attributes in process `syz.0.678'.
[   67.450167][ T7523] tipc: Resetting bearer <eth:syzkaller0>
[   68.053101][ T7523] tipc: Disabling bearer <eth:syzkaller0>
[   68.148902][ T7547] netlink: 20 bytes leftover after parsing attributes in process `syz.0.686'.
[   68.293786][ T7567] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   68.298790][ T7567] syzkaller0: entered promiscuous mode
[   68.302628][ T7567] syzkaller0: entered allmulticast mode
[   68.326519][ T7567] tipc: Resetting bearer <eth:syzkaller0>
[   68.337484][ T7566] tipc: Resetting bearer <eth:syzkaller0>
[   68.355154][ T7566] tipc: Disabling bearer <eth:syzkaller0>
[   68.446722][ T7579] netlink: 64 bytes leftover after parsing attributes in process `syz.1.700'.
[   68.454124][ T7579] netlink: 64 bytes leftover after parsing attributes in process `syz.1.700'.
[   68.520949][ T7591] netlink: 'syz.1.707': attribute type 1 has an invalid length.
[   68.523386][ T7591] netlink: 'syz.1.707': attribute type 2 has an invalid length.
[   68.532722][ T7591] netlink: 1172 bytes leftover after parsing attributes in process `syz.1.707'.
[   68.617609][ T7606] netlink: 4 bytes leftover after parsing attributes in process `syz.2.711'.
[   68.675215][ T7617] netlink: 'syz.1.715': attribute type 1 has an invalid length.
[   68.816870][ T7634] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   69.653143][ T7699] netlink: 'syz.0.751': attribute type 83 has an invalid length.
[   70.168932][ T7748] netlink: 'syz.1.773': attribute type 13 has an invalid length.
[   70.175527][ T7748] net veth1_virt_wifi virt_wifi0: refused to change device tx_queue_len
[   70.777117][ T7823] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on
[   70.862089][ T7834] __nla_validate_parse: 38 callbacks suppressed
[   70.862100][ T7834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.813'.
[   70.882658][ T7834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.813'.
[   70.889899][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.144941][ T7866] netlink: 148 bytes leftover after parsing attributes in process `syz.0.830'.
[   71.381305][ T7888] vxcan1 speed is unknown, defaulting to 1000
[   71.719099][ T7883] netlink: 156 bytes leftover after parsing attributes in process `syz.2.837'.
[   71.755289][ T7907] netlink: 8 bytes leftover after parsing attributes in process `syz.0.848'.
[   71.763085][ T7907] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   72.136153][ T7922] netlink: 16 bytes leftover after parsing attributes in process `syz.1.855'.
[   73.049372][ T7948] netlink: 'syz.0.866': attribute type 10 has an invalid length.
[   73.051909][ T7948] netlink: 40 bytes leftover after parsing attributes in process `syz.0.866'.
[   73.059180][ T7948] veth0_vlan: entered allmulticast mode
[   73.061479][ T7948] bridge0: port 1(veth0_vlan) entered blocking state
[   73.063780][ T7948] bridge0: port 1(veth0_vlan) entered disabled state
[   73.069940][ T7948] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   73.162170][ T7960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.872'.
[   73.169309][ T7960] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.307109][ T7978] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   73.363774][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.1.884'.
[   73.383549][ T7982] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   73.402446][ T7982] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   73.481686][ T7995] netlink: 12 bytes leftover after parsing attributes in process `syz.1.887'.
[   73.646172][ T8018] netlink: 'syz.0.898': attribute type 10 has an invalid length.
[   73.653454][ T8018] batman_adv: batadv0: Adding interface: virt_wifi0
[   73.657869][ T8018] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.667556][ T8018] batman_adv: batadv0: Interface activated: virt_wifi0
[   73.678645][ T8014] atomic_op ffff888114ec3198 conn xmit_atomic 0000000000000000
[   73.683340][ T8014] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x5
[   74.086171][ T8069] netlink: 'syz.0.922': attribute type 1 has an invalid length.
[   74.109042][ T8069] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link
[   74.113335][ T5861] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond
[   74.122018][ T8069] 8021q: adding VLAN 0 to HW filter on device bond3
[   74.182667][ T8069] bond3 (unregistering): (slave ip6gretap1): Removing an active aggregator
[   74.186229][ T8069] bond3 (unregistering): (slave ip6gretap1): Releasing backup interface
[   74.190162][ T8069] bond3 (unregistering): Released all slaves
[   74.642145][ T8135] sctp: [Deprecated]: syz.2.952 (pid 8135) Use of struct sctp_assoc_value in delayed_ack socket option.
[   74.642145][ T8135] Use struct sctp_sack_info instead
[   74.654877][ T8127] netlink: 'syz.0.949': attribute type 12 has an invalid length.
[   74.685945][ T8140] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   75.520802][ T8153] netlink: 'syz.2.960': attribute type 1 has an invalid length.
[   75.539075][ T8153] 8021q: adding VLAN 0 to HW filter on device bond2
[   75.571970][ T8160] dvmrp8: left allmulticast mode
[   75.628070][ T8167] lo speed is unknown, defaulting to 1000
[   75.631011][ T8167] lo speed is unknown, defaulting to 1000
[   75.633210][ T8167] lo speed is unknown, defaulting to 1000
[   75.708214][ T8160] dummy0: left promiscuous mode
[   75.709804][ T8160] dummy0: left allmulticast mode
[   75.755659][ T8160] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   75.848938][ T8167] infiniband syz0: set active
[   75.853144][ T8167] infiniband syz0: added lo
[   75.857502][  T790] lo speed is unknown, defaulting to 1000
[   75.888097][ T8167] RDS/IB: syz0: added
[   75.889439][ T8167] smc: adding ib device syz0 with port count 1
[   75.891408][ T8167] smc:    ib device syz0 port 1 has pnetid 
[   75.895092][  T790] lo speed is unknown, defaulting to 1000
[   75.912240][ T8167] lo speed is unknown, defaulting to 1000
[   76.080061][ T8205] syzkaller0: entered promiscuous mode
[   76.082849][ T8205] syzkaller0: entered allmulticast mode
[   76.094167][ T8207] geneve2: entered promiscuous mode
[   76.809163][ T8167] lo speed is unknown, defaulting to 1000
[   76.953566][ T8167] lo speed is unknown, defaulting to 1000
[   77.055846][ T8230] __nla_validate_parse: 16 callbacks suppressed
[   77.055858][ T8230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.993'.
[   77.115833][ T8230] bridge_slave_1 (unregistering): left allmulticast mode
[   77.118075][ T8230] bridge_slave_1 (unregistering): left promiscuous mode
[   77.120242][ T8230] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.123487][ T8167] syz.1.962 (8167) used greatest stack depth: 19680 bytes left
[   77.178239][ T8241] netlink: 68 bytes leftover after parsing attributes in process `syz.1.998'.
[   77.181869][ T8241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.998'.
[   77.201493][ T8243] IPv6: NLM_F_CREATE should be specified when creating new route
[   77.588990][ T8273] netlink: 1041 bytes leftover after parsing attributes in process `syz.1.1013'.
[   78.367103][ T8323] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1025'.
[   78.389129][ T8325] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1026'.
[   78.402515][ T8325] sch_tbf: burst 0 is lower than device bridge1 mtu (1514) !
[   78.719842][ T8346] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1035'.
[   78.936909][ T8368] netlink: 'syz.1.1045': attribute type 1 has an invalid length.
[   78.968753][ T8368] 8021q: adding VLAN 0 to HW filter on device bond7
[   78.972582][ T8368] bond6: (slave bond7): making interface the new active one
[   78.976009][ T8368] bond6: (slave bond7): Enslaving as an active interface with an up link
[   78.990346][ T8368] bond6: (slave gretap1): Enslaving as a backup interface with an up link
[   78.996838][ T8368] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1045'.
[   79.000349][ T8368] 8021q: adding VLAN 0 to HW filter on device bond6
[   79.048239][ T8383] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1052'.
[   79.456961][ T8434] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1074'.
[   79.531724][ T8434] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[   79.708143][ T8451] netlink: 'syz.1.1082': attribute type 11 has an invalid length.
[   79.792737][   T47] lo speed is unknown, defaulting to 1000
[   79.812169][ T8458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   80.173602][ T6866] bond0: (slave wlan1): link status definitely down, disabling slave
[   80.178724][ T6866] bond0: now running without any active interface!
[   80.368871][ T8506] netlink: 'syz.2.1109': attribute type 21 has an invalid length.
[   80.447485][ T8516] openvswitch: netlink: IP tunnel dst address not specified
[   80.483146][ T8520] netlink: 'syz.0.1115': attribute type 9 has an invalid length.
[   81.261857][ T8630] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[   81.302340][ T8630] bridge1: entered promiscuous mode
[   81.304057][ T8630] bridge1: entered allmulticast mode
[   81.321135][ T8630] team0: Port device bridge1 added
[   81.332005][ T8639] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[   81.560890][ T8658] netlink: 'syz.0.1179': attribute type 1 has an invalid length.
[   81.563475][ T8658] netlink: 'syz.0.1179': attribute type 4 has an invalid length.
[   81.728072][ T8671] vlan0: entered promiscuous mode
[   81.737261][ T8671] team0: Port device vlan0 added
[   81.990564][ T8693] netlink: 'syz.1.1196': attribute type 11 has an invalid length.
[   81.993513][ T8693] netlink: 'syz.1.1196': attribute type 4 has an invalid length.
[   82.146499][ T8704] __nla_validate_parse: 13 callbacks suppressed
[   82.146509][ T8704] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1201'.
[   82.158933][ T8704] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   82.162036][ T8704] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   82.212404][ T8712] 8021q: VLANs not supported on ipvlan1
[   82.242435][ T8716] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1207'.
[   82.246196][ T8716] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1207'.
[   82.366039][ T8728] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1213'.
[   82.559838][ T8758] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1227'.
[   82.580696][ T8760] bond0: Error: Cannot enslave bond to itself.
[   82.612792][ T8764] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1230'.
[   82.617686][ T8764] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1230'.
[   82.620461][ T8764] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1230'.
[   82.732162][ T8779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1237'.
[   82.791140][ T8787] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1240'.
[   82.822731][ T8791] netlink: 'syz.2.1242': attribute type 2 has an invalid length.
[   82.831330][ T8793] bond0: left promiscuous mode
[   82.832933][ T8793] mac80211_hwsim hwsim3 wlan1: left promiscuous mode
[   82.839077][ T8793] team0: Port device bond0 removed
[   82.844330][ T8793] bond4: (slave batadv_slave_1): Releasing active interface
[   82.853774][ T8793] bond0: (slave wlan1): Releasing backup interface
[   82.860904][ T8793] bond1: left promiscuous mode
[   82.863756][ T8793] team0: Port device bond1 removed
[   82.867328][ T8793] bond3: left allmulticast mode
[   82.869053][ T8793] bond3: left promiscuous mode
[   82.870719][ T8793] bridge0: port 1(bond3) entered disabled state
[   82.878984][ T8793] bond6: (slave bond7): Releasing backup interface
[   82.881606][ T8793] bond6: (slave bond7): the permanent HWaddr of slave - d6:a4:35:6d:76:63 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[   82.887535][ T8793] bond6: (slave gretap1): making interface the new active one
[   82.894047][ T8793] bond6: (slave gretap1): Releasing backup interface
[   82.923791][ T8796] tipc: Started in network mode
[   82.927009][ T8793] netlink: 'syz.1.1243': attribute type 10 has an invalid length.
[   82.928154][ T8796] tipc: Node identity bee14dc7ed63, cluster identity 4711
[   82.936172][ T8796] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   82.949658][ T8793] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   82.952564][ T8796] syzkaller0: entered promiscuous mode
[   82.954300][ T8796] syzkaller0: entered allmulticast mode
[   82.965736][ T8796] tipc: Resetting bearer <eth:syzkaller0>
[   82.969359][ T8793] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   82.972753][ T8793] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   82.977668][ T8795] tipc: Resetting bearer <eth:syzkaller0>
[   82.991909][ T8795] tipc: Disabling bearer <eth:syzkaller0>
[   83.038770][ T8802] netlink: 'syz.0.1247': attribute type 11 has an invalid length.
[   83.234301][ T8823] erspan0: entered promiscuous mode
[   83.243602][ T8823] erspan0: left promiscuous mode
[   83.678887][ T8867] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   83.680577][ T8793] syz.1.1243 (8793) used greatest stack depth: 17448 bytes left
[   83.701734][ T8867] syzkaller0: entered promiscuous mode
[   83.708590][ T8867] syzkaller0: entered allmulticast mode
[   83.727358][ T8867] tipc: Resetting bearer <eth:syzkaller0>
[   83.733841][ T8866] tipc: Resetting bearer <eth:syzkaller0>
[   83.752005][ T8866] tipc: Disabling bearer <eth:syzkaller0>
[   83.759300][ T8872] syz.1.1272 uses old SIOCAX25GETINFO
[   84.010002][ T8887] tipc: Enabled bearer <ib:ip6gre0>, priority 10
[   84.539374][ T8922] syzkaller0: entered promiscuous mode
[   84.541870][ T8922] syzkaller0: entered allmulticast mode
[   84.556685][ T8922] sch_tbf: burst 12 is lower than device syzkaller0 mtu (1514) !
[   84.711684][ T8941] netem: unknown loss type 13
[   84.713396][ T8941] netem: change failed
[   84.809202][ T8954] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   84.850639][ T8958] validate_nla: 2 callbacks suppressed
[   84.850648][ T8958] netlink: 'syz.1.1311': attribute type 11 has an invalid length.
[   84.920224][ T8967] syzkaller1: entered promiscuous mode
[   84.922164][ T8967] syzkaller1: entered allmulticast mode
[   84.926917][ T8967] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324
[   85.824407][ T9033] bond8: (slave bridge2): Enslaving as an active interface with an up link
[   85.832851][ T9033] macvlan0: entered promiscuous mode
[   85.834601][ T9033] macvlan0: entered allmulticast mode
[   85.836933][ T9033] bond8: entered promiscuous mode
[   85.838590][ T9033] bridge2: entered promiscuous mode
[   85.840937][ T9033] 8021q: adding VLAN 0 to HW filter on device macvlan0
[   85.850271][ T9033] bond8: left promiscuous mode
[   85.853503][ T9033] bridge2: left promiscuous mode
[   86.072519][ T9052] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   86.157489][ T9073] veth1_to_bond: entered allmulticast mode
[   86.316748][ T9097] netlink: 'syz.1.1374': attribute type 11 has an invalid length.
[   86.321099][ T9096] tipc: Invalid UDP bearer configuration
[   86.321127][ T9096] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[   86.372827][ T9099] vxcan1 speed is unknown, defaulting to 1000
[   86.480446][ T9099] lo speed is unknown, defaulting to 1000
[   86.881829][ T9132] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   87.071341][ T9162] openvswitch: netlink: IPv4 tun info is not correct
[   87.089335][ T9164] netlink: 'syz.1.1404': attribute type 6 has an invalid length.
[   87.300743][ T9197] __nla_validate_parse: 33 callbacks suppressed
[   87.300777][ T9197] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1418'.
[   87.339106][ T9199] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   87.341697][ T9199] syzkaller0: entered promiscuous mode
[   87.343460][ T9199] syzkaller0: entered allmulticast mode
[   87.362479][ T9199] tipc: Resetting bearer <eth:syzkaller0>
[   87.374424][ T9198] tipc: Resetting bearer <eth:syzkaller0>
[   87.380732][ T9198] tipc: Disabling bearer <eth:syzkaller0>
[   87.439551][ T9205] netlink: 'syz.0.1421': attribute type 4 has an invalid length.
[   87.448705][ T9205] netlink: 'syz.0.1421': attribute type 4 has an invalid length.
[   87.472933][ T9207] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1423'.
[   87.558516][ T9212] netlink: 'syz.2.1425': attribute type 9 has an invalid length.
[   87.561241][ T9212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1425'.
[   87.572490][ T5691] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   87.575595][ T9212] netlink: 'syz.2.1425': attribute type 9 has an invalid length.
[   87.578231][ T5691] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   87.580776][ T5691] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   87.583529][ T9212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1425'.
[   87.587442][ T5691] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   87.590244][ T9213] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1426'.
[   87.731412][ T9229] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1431'.
[   87.767156][ T9231] netlink: 'syz.2.1433': attribute type 1 has an invalid length.
[   87.781389][ T9231] 8021q: adding VLAN 0 to HW filter on device bond3
[   87.807548][ T9231] bond3: (slave ip6gretap1): making interface the new active one
[   87.811875][ T9231] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[   87.840087][ T9231] veth3: entered promiscuous mode
[   87.843345][ T9231] bond3: (slave veth3): Enslaving as an active interface with a down link
[   87.863925][ T9231] erspan0: entered allmulticast mode
[   87.881466][ T9231] bond3: (slave erspan0): Enslaving as an active interface with an up link
[   88.015250][ T9256] netlink: 'syz.1.1445': attribute type 1 has an invalid length.
[   88.254268][ T9290] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1461'.
[   88.304650][ T9296] syzkaller1: entered promiscuous mode
[   88.307673][ T9296] syzkaller1: entered allmulticast mode
[   88.338985][ T9303] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1468'.
[   88.342072][ T9303] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1468'.
[   88.521095][ T9330] netlink: 164 bytes leftover after parsing attributes in process `syz.2.1480'.
[   88.614588][ T9346] netlink: 'syz.2.1488': attribute type 13 has an invalid length.
[   88.818223][ T9346] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.833995][ T9346] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.016958][ T5875] vxcan1 speed is unknown, defaulting to 1000
[   89.019150][   T12] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0
[   89.023148][ T5875] syz2: Port: 1 Link DOWN
[   89.024866][   T12] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.027678][   T12] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0
[   89.030390][   T12] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.038525][   T12] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0
[   89.041107][   T12] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.043706][   T12] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0
[   89.046858][   T12] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.051304][ T5875] vxcan1 speed is unknown, defaulting to 1000
[   89.292770][ T9373] vxcan1: entered allmulticast mode
[   89.296112][ T9373] vxcan1: left allmulticast mode
[   89.376818][ T9373] raw_sendmsg: syz.2.1498 forgot to set AF_INET. Fix it!
[   89.565867][ T9394] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   89.570630][ T5894] IPVS: starting estimator thread 0...
[   89.624407][ T9402] netlink: 'syz.1.1510': attribute type 5 has an invalid length.
[   89.672879][ T9395] IPVS: using max 77 ests per chain, 184800 per kthread
[   89.980959][ T9445] 8021q: adding VLAN 0 to HW filter on device bond9
[   90.043962][ T9448] syzkaller0: entered promiscuous mode
[   90.048444][ T9448] syzkaller0: entered allmulticast mode
[   91.009993][ T9464] validate_nla: 1 callbacks suppressed
[   91.010004][ T9464] netlink: 'syz.0.1536': attribute type 1 has an invalid length.
[   91.167307][ T9491] vxcan1 speed is unknown, defaulting to 1000
[   91.285123][ T9491] lo speed is unknown, defaulting to 1000
[   91.466259][ T9532] openvswitch: netlink: IP tunnel dst address not specified
[   91.476858][ T9527] syzkaller0: entered promiscuous mode
[   91.478808][ T9527] syzkaller0: entered allmulticast mode
[   92.691924][ T9585] __nla_validate_parse: 9 callbacks suppressed
[   92.691940][ T9585] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1584'.
[   92.743662][ T9587] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   92.749447][ T9587] syzkaller0: entered promiscuous mode
[   92.751844][ T9587] syzkaller0: entered allmulticast mode
[   92.777922][ T9587] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   92.800371][ T9587] tipc: Resetting bearer <eth:syzkaller0>
[   92.806709][ T9586] tipc: Resetting bearer <eth:syzkaller0>
[   92.809582][ T9592] netlink: 'syz.2.1587': attribute type 1 has an invalid length.
[   92.811913][ T9592] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1587'.
[   92.815318][ T9586] tipc: Disabling bearer <eth:syzkaller0>
[   92.881036][ T9598] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1590'.
[   92.963436][ T9608] netlink: 'syz.2.1596': attribute type 1 has an invalid length.
[   92.967495][ T9608] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1596'.
[   92.989060][ T9612] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   93.017530][ T9616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1599'.
[   93.323479][ T9648] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1612'.
[   93.326562][ T9648] netlink: 'syz.1.1612': attribute type 1 has an invalid length.
[   93.329099][ T9648] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1612'.
[   93.683245][ T9689] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[   93.711835][ T9693] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1635'.
[   94.516425][ T9792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1678'.
[   94.529042][ T9794] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1679'.
[   94.736588][ T9808] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[   94.770081][ T9810] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   95.538726][ T9839] netlink: 'syz.1.1700': attribute type 1 has an invalid length.
[   96.056430][ T9907] vxcan1 speed is unknown, defaulting to 1000
[   96.104534][ T9913] IPVS: Scheduler module ip_vs_sip not found
[   96.121738][ T9918] netlink: 'syz.1.1735': attribute type 3 has an invalid length.
[   96.204440][ T9907] lo speed is unknown, defaulting to 1000
[   96.743988][ T9966] netlink: 'syz.2.1751': attribute type 8 has an invalid length.
[   96.959101][ T9987] vxcan1 speed is unknown, defaulting to 1000
[   97.073563][ T9987] lo speed is unknown, defaulting to 1000
[   97.181775][T10013] ==================================================================
[   97.184440][T10013] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[   97.186938][T10013] Read of size 2 at addr ffff888122678a42 by task syz.1.1773/10013
[   97.190178][T10013] 
[   97.190973][T10013] CPU: 0 UID: 0 PID: 10013 Comm: syz.1.1773 Not tainted 6.16.0-rc7-syzkaller-01993-ge3f96b3556e4-dirty #0 PREEMPT(full) 
[   97.190985][T10013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   97.190990][T10013] Call Trace:
[   97.190994][T10013]  <TASK>
[   97.190998][T10013]  dump_stack_lvl+0x189/0x250
[   97.191012][T10013]  ? __kasan_check_byte+0x12/0x40
[   97.191025][T10013]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.191033][T10013]  ? lock_release+0x4b/0x3e0
[   97.191042][T10013]  ? __virt_addr_valid+0x4a5/0x5c0
[   97.191054][T10013]  print_report+0xca/0x230
[   97.191067][T10013]  ? __xfrm_state_lookup+0x6ad/0x8d0
[   97.191077][T10013]  kasan_report+0x118/0x150
[   97.191089][T10013]  ? __xfrm_state_lookup+0x6ad/0x8d0
[   97.191097][T10013]  __xfrm_state_lookup+0x6ad/0x8d0
[   97.191106][T10013]  ? __pfx___xfrm_state_lookup+0x10/0x10
[   97.191115][T10013]  ? xfrm_state_lookup+0x45/0x1e0
[   97.191124][T10013]  xfrm_state_lookup+0x11e/0x1e0
[   97.191134][T10013]  xfrm_new_ae+0x37d/0x980
[   97.191145][T10013]  ? __pfx_xfrm_new_ae+0x10/0x10
[   97.191155][T10013]  ? apparmor_capable+0x137/0x1b0
[   97.191165][T10013]  ? __nla_parse+0x40/0x60
[   97.191174][T10013]  xfrm_user_rcv_msg+0x7a3/0xab0
[   97.191185][T10013]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[   97.191199][T10013]  ? __mutex_trylock_common+0x153/0x260
[   97.191208][T10013]  ? __pfx___mutex_trylock_common+0x10/0x10
[   97.191218][T10013]  ? rcu_is_watching+0x15/0xb0
[   97.191226][T10013]  ? trace_contention_end+0x39/0x120
[   97.191242][T10013]  netlink_rcv_skb+0x208/0x470
[   97.191251][T10013]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[   97.191262][T10013]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   97.191272][T10013]  ? netlink_deliver_tap+0x2e/0x1b0
[   97.191279][T10013]  ? netlink_deliver_tap+0x2e/0x1b0
[   97.191287][T10013]  xfrm_netlink_rcv+0x79/0x90
[   97.191298][T10013]  netlink_unicast+0x82f/0x9e0
[   97.191312][T10013]  ? __pfx_netlink_unicast+0x10/0x10
[   97.191323][T10013]  ? netlink_sendmsg+0x642/0xb30
[   97.191331][T10013]  ? skb_put+0x11b/0x210
[   97.191340][T10013]  netlink_sendmsg+0x805/0xb30
[   97.191350][T10013]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.191358][T10013]  ? aa_sock_msg_perm+0x94/0x160
[   97.191366][T10013]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   97.191375][T10013]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.191383][T10013]  __sock_sendmsg+0x21c/0x270
[   97.191394][T10013]  ____sys_sendmsg+0x505/0x830
[   97.191404][T10013]  ? __pfx_____sys_sendmsg+0x10/0x10
[   97.191413][T10013]  ? import_iovec+0x74/0xa0
[   97.191423][T10013]  ___sys_sendmsg+0x21f/0x2a0
[   97.191431][T10013]  ? __pfx____sys_sendmsg+0x10/0x10
[   97.191445][T10013]  ? __fget_files+0x2a/0x420
[   97.191455][T10013]  ? __fget_files+0x3a0/0x420
[   97.191466][T10013]  __x64_sys_sendmsg+0x19b/0x260
[   97.191474][T10013]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   97.191484][T10013]  ? rcu_is_watching+0x15/0xb0
[   97.191492][T10013]  ? do_syscall_64+0xbe/0x3b0
[   97.191501][T10013]  do_syscall_64+0xfa/0x3b0
[   97.191507][T10013]  ? lockdep_hardirqs_on+0x9c/0x150
[   97.191514][T10013]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.191521][T10013]  ? exc_page_fault+0x9f/0xf0
[   97.191532][T10013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.191539][T10013] RIP: 0033:0x7f415c98e9a9
[   97.191547][T10013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.191554][T10013] RSP: 002b:00007f415d831038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.191563][T10013] RAX: ffffffffffffffda RBX: 00007f415cbb5fa0 RCX: 00007f415c98e9a9
[   97.191569][T10013] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   97.191573][T10013] RBP: 00007f415ca10d69 R08: 0000000000000000 R09: 0000000000000000
[   97.191578][T10013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.191582][T10013] R13: 0000000000000000 R14: 00007f415cbb5fa0 R15: 00007ffe1ea60898
[   97.191589][T10013]  </TASK>
[   97.191592][T10013] 
[   97.320774][T10013] Allocated by task 6536:
[   97.322208][T10013]  kasan_save_track+0x3e/0x80
[   97.323794][T10013]  __kasan_slab_alloc+0x6c/0x80
[   97.325495][T10013]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[   97.327435][T10013]  xfrm_state_alloc+0x24/0x2f0
[   97.329039][T10013]  __find_acq_core+0x8a7/0x1c00
[   97.330647][T10013]  xfrm_find_acq+0x78/0xa0
[   97.332137][T10013]  xfrm_alloc_userspi+0x6b3/0xc90
[   97.333816][T10013]  xfrm_user_rcv_msg+0x7a3/0xab0
[   97.335792][T10013]  netlink_rcv_skb+0x208/0x470
[   97.337760][T10013]  xfrm_netlink_rcv+0x79/0x90
[   97.339553][T10013]  netlink_unicast+0x82f/0x9e0
[   97.341051][T10013]  netlink_sendmsg+0x805/0xb30
[   97.342628][T10013]  __sock_sendmsg+0x21c/0x270
[   97.344182][T10013]  ____sys_sendmsg+0x505/0x830
[   97.345760][T10013]  ___sys_sendmsg+0x21f/0x2a0
[   97.347301][T10013]  __x64_sys_sendmsg+0x19b/0x260
[   97.348942][T10013]  do_syscall_64+0xfa/0x3b0
[   97.350429][T10013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.352331][T10013] 
[   97.353132][T10013] Freed by task 47:
[   97.354393][T10013]  kasan_save_track+0x3e/0x80
[   97.356050][T10013]  kasan_save_free_info+0x46/0x50
[   97.357895][T10013]  __kasan_slab_free+0x62/0x70
[   97.359580][T10013]  kmem_cache_free+0x18f/0x400
[   97.361364][T10013]  xfrm_state_gc_task+0x518/0x6a0
[   97.363114][T10013]  process_scheduled_works+0xae1/0x17b0
[   97.365173][T10013]  worker_thread+0x8a0/0xda0
[   97.366677][T10013]  kthread+0x711/0x8a0
[   97.367964][T10013]  ret_from_fork+0x3fc/0x770
[   97.369474][T10013]  ret_from_fork_asm+0x1a/0x30
[   97.371063][T10013] 
[   97.371853][T10013] The buggy address belongs to the object at ffff888122678900
[   97.371853][T10013]  which belongs to the cache xfrm_state of size 928
[   97.376389][T10013] The buggy address is located 322 bytes inside of
[   97.376389][T10013]  freed 928-byte region [ffff888122678900, ffff888122678ca0)
[   97.380773][T10013] 
[   97.381565][T10013] The buggy address belongs to the physical page:
[   97.383666][T10013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888122678900 pfn:0x122678
[   97.386968][T10013] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   97.389744][T10013] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   97.392177][T10013] page_type: f5(slab)
[   97.393480][T10013] raw: 057ff00000000040 ffff888104fba780 dead000000000122 0000000000000000
[   97.396259][T10013] raw: ffff888122678900 00000000800e000d 00000000f5000000 0000000000000000
[   97.398947][T10013] head: 057ff00000000040 ffff888104fba780 dead000000000122 0000000000000000
[   97.401652][T10013] head: ffff888122678900 00000000800e000d 00000000f5000000 0000000000000000
[   97.404437][T10013] head: 057ff00000000002 ffffea0004899e01 00000000ffffffff 00000000ffffffff
[   97.407225][T10013] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   97.410052][T10013] page dumped because: kasan: bad access detected
[   97.412148][T10013] page_owner tracks the page as allocated
[   97.414009][T10013] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6443, tgid 6442 (syz.0.238), ts 54141457131, free_ts 54107694291
[   97.420071][T10013]  post_alloc_hook+0x240/0x2a0
[   97.421664][T10013]  get_page_from_freelist+0x21e4/0x22c0
[   97.423468][T10013]  __alloc_frozen_pages_noprof+0x181/0x370
[   97.425341][T10013]  alloc_pages_mpol+0x232/0x4a0
[   97.426940][T10013]  allocate_slab+0x8a/0x3b0
[   97.428446][T10013]  ___slab_alloc+0xbfc/0x1480
[   97.429963][T10013]  kmem_cache_alloc_noprof+0x283/0x3c0
[   97.431685][T10013]  xfrm_state_alloc+0x24/0x2f0
[   97.433223][T10013]  xfrm_add_sa+0x17d1/0x4070
[   97.434763][T10013]  xfrm_user_rcv_msg+0x7a3/0xab0
[   97.436369][T10013]  netlink_rcv_skb+0x208/0x470
[   97.437942][T10013]  xfrm_netlink_rcv+0x79/0x90
[   97.439660][T10013]  netlink_unicast+0x82f/0x9e0
[   97.441254][T10013]  netlink_sendmsg+0x805/0xb30
[   97.442837][T10013]  __sock_sendmsg+0x21c/0x270
[   97.444366][T10013]  ____sys_sendmsg+0x505/0x830
[   97.445914][T10013] page last free pid 6439 tgid 6438 stack trace:
[   97.447963][T10013]  __free_frozen_pages+0xc71/0xe70
[   97.449666][T10013]  __slab_free+0x326/0x400
[   97.451132][T10013]  qlist_free_all+0x97/0x140
[   97.452694][T10013]  kasan_quarantine_reduce+0x148/0x160
[   97.454850][T10013]  __kasan_slab_alloc+0x22/0x80
[   97.456653][T10013]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[   97.459055][T10013]  __alloc_skb+0x112/0x2d0
[   97.460863][T10013]  netlink_ack+0x146/0xa50
[   97.462703][T10013]  nfnetlink_rcv+0x2290/0x2520
[   97.464664][T10013]  netlink_unicast+0x82f/0x9e0
[   97.466634][T10013]  netlink_sendmsg+0x805/0xb30
[   97.468285][T10013]  __sock_sendmsg+0x21c/0x270
[   97.469922][T10013]  ____sys_sendmsg+0x505/0x830
[   97.471504][T10013]  ___sys_sendmsg+0x21f/0x2a0
[   97.473063][T10013]  __x64_sys_sendmsg+0x19b/0x260
[   97.474761][T10013]  do_syscall_64+0xfa/0x3b0
[   97.476350][T10013] 
[   97.477151][T10013] Memory state around the buggy address:
[   97.479029][T10013]  ffff888122678900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   97.481853][T10013]  ffff888122678980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   97.484905][T10013] >ffff888122678a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   97.487676][T10013]                                            ^
[   97.489715][T10013]  ffff888122678a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   97.492463][T10013]  ffff888122678b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   97.495325][T10013] ==================================================================
[   97.505790][T10013] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   97.508284][T10013] CPU: 0 UID: 0 PID: 10013 Comm: syz.1.1773 Not tainted 6.16.0-rc7-syzkaller-01993-ge3f96b3556e4-dirty #0 PREEMPT(full) 
[   97.512496][T10013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   97.516239][T10013] Call Trace:
[   97.517364][T10013]  <TASK>
[   97.518364][T10013]  dump_stack_lvl+0x99/0x250
[   97.519908][T10013]  ? __asan_memcpy+0x40/0x70
[   97.521719][T10013]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.523499][T10013]  ? __pfx__printk+0x10/0x10
[   97.525265][T10013]  panic+0x2db/0x790
[   97.526885][T10013]  ? __pfx_panic+0x10/0x10
[   97.528740][T10013]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   97.531155][T10013]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   97.533483][T10013]  ? print_memory_metadata+0x314/0x400
[   97.535281][T10013]  ? __xfrm_state_lookup+0x6ad/0x8d0
[   97.537012][T10013]  check_panic_on_warn+0x89/0xb0
[   97.538645][T10013]  ? __xfrm_state_lookup+0x6ad/0x8d0
[   97.540380][T10013]  end_report+0x78/0x160
[   97.541787][T10013]  kasan_report+0x129/0x150
[   97.543294][T10013]  ? __xfrm_state_lookup+0x6ad/0x8d0
[   97.545381][T10013]  __xfrm_state_lookup+0x6ad/0x8d0
[   97.547481][T10013]  ? __pfx___xfrm_state_lookup+0x10/0x10
[   97.549622][T10013]  ? xfrm_state_lookup+0x45/0x1e0
[   97.551414][T10013]  xfrm_state_lookup+0x11e/0x1e0
[   97.553317][T10013]  xfrm_new_ae+0x37d/0x980
[   97.554826][T10013]  ? __pfx_xfrm_new_ae+0x10/0x10
[   97.556493][T10013]  ? apparmor_capable+0x137/0x1b0
[   97.558153][T10013]  ? __nla_parse+0x40/0x60
[   97.559635][T10013]  xfrm_user_rcv_msg+0x7a3/0xab0
[   97.561279][T10013]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[   97.563081][T10013]  ? __mutex_trylock_common+0x153/0x260
[   97.564874][T10013]  ? __pfx___mutex_trylock_common+0x10/0x10
[   97.566786][T10013]  ? rcu_is_watching+0x15/0xb0
[   97.568384][T10013]  ? trace_contention_end+0x39/0x120
[   97.570126][T10013]  netlink_rcv_skb+0x208/0x470
[   97.571715][T10013]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[   97.573513][T10013]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   97.575277][T10013]  ? netlink_deliver_tap+0x2e/0x1b0
[   97.577198][T10013]  ? netlink_deliver_tap+0x2e/0x1b0
[   97.578976][T10013]  xfrm_netlink_rcv+0x79/0x90
[   97.580789][T10013]  netlink_unicast+0x82f/0x9e0
[   97.582587][T10013]  ? __pfx_netlink_unicast+0x10/0x10
[   97.584368][T10013]  ? netlink_sendmsg+0x642/0xb30
[   97.586011][T10013]  ? skb_put+0x11b/0x210
[   97.587535][T10013]  netlink_sendmsg+0x805/0xb30
[   97.589204][T10013]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.590914][T10013]  ? aa_sock_msg_perm+0x94/0x160
[   97.592597][T10013]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   97.594458][T10013]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.596147][T10013]  __sock_sendmsg+0x21c/0x270
[   97.597651][T10013]  ____sys_sendmsg+0x505/0x830
[   97.599179][T10013]  ? __pfx_____sys_sendmsg+0x10/0x10
[   97.600900][T10013]  ? import_iovec+0x74/0xa0
[   97.602339][T10013]  ___sys_sendmsg+0x21f/0x2a0
[   97.603935][T10013]  ? __pfx____sys_sendmsg+0x10/0x10
[   97.605672][T10013]  ? __fget_files+0x2a/0x420
[   97.607204][T10013]  ? __fget_files+0x3a0/0x420
[   97.608845][T10013]  __x64_sys_sendmsg+0x19b/0x260
[   97.610527][T10013]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   97.612328][T10013]  ? rcu_is_watching+0x15/0xb0
[   97.613907][T10013]  ? do_syscall_64+0xbe/0x3b0
[   97.615377][T10013]  do_syscall_64+0xfa/0x3b0
[   97.616892][T10013]  ? lockdep_hardirqs_on+0x9c/0x150
[   97.618523][T10013]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.620450][T10013]  ? exc_page_fault+0x9f/0xf0
[   97.621922][T10013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.623837][T10013] RIP: 0033:0x7f415c98e9a9
[   97.625323][T10013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.631375][T10013] RSP: 002b:00007f415d831038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.634080][T10013] RAX: ffffffffffffffda RBX: 00007f415cbb5fa0 RCX: 00007f415c98e9a9
[   97.636528][T10013] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   97.639183][T10013] RBP: 00007f415ca10d69 R08: 0000000000000000 R09: 0000000000000000
[   97.641755][T10013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   97.644323][T10013] R13: 0000000000000000 R14: 00007f415cbb5fa0 R15: 00007ffe1ea60898
[   97.646919][T10013]  </TASK>
[   97.648589][T10013] Kernel Offset: disabled
[   97.650029][T10013] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:39:20  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000066 RBX=0000000000000066 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000109a RDI=000000000000109b RBP=00000000000003f8 RSP=ffffc90002dde9f0
R8 =ffff888107678237 R9 =1ffff11020ecf046 R10=dffffc0000000000 R11=ffffffff85464660
R12=dffffc0000000000 R13=ffffffff99af18af R14=ffffffff99df64c0 R15=0000000000000000
RIP=ffffffff854646dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f415d8316c0 ffffffff 00c00000
GS =0000 ffff8880b8623000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000000000c0 CR3=000000001eab2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f415cb86478 00007f415cb86450 XMM03=00007f415cb86488 00007f415cb86480
XMM04=00007f415d6ed100 00007f415cb86440 XMM05=00007f415cb86458 00007f415cb864a0
XMM06=00007f415cb86498 00007f415cb86490 XMM07=00007f415cb86488 00007f415cb86480
XMM08=0000000000000000 00007f415ca11de3 XMM09=0000000000000000 00007f415ca11ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff93495d18 RBX=00000000000003ff RCX=0000000000000360 RDX=0000000000000008
RSI=00000000000003ff RDI=ffff8881006a8000 RBP=ffffffff93495d18 RSP=ffffc900001c72a8
R8 =ffffc900001c7270 R9 =0000000000000020 R10=dffffc0000000000 R11=ffffffff819eabe0
R12=ffffffff96316828 R13=ffffffff962bdd58 R14=ffff8881006a8b68 R15=000000000000035f
RIP=ffffffff819e90e7 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c23000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000980 CR3=000000010f642000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0058000000000000 0581ff45bc37060a
XMM02=015a922800050094 00645f940004480b XMM03=0009e8fffefff000 8000000000000000
XMM04=fffc040000008e41 0010080200010010 XMM05=000000ddf5ff0000 0009e8fffefff000
XMM06=8000000000000000 015a922800050094 XMM07=00645f940004480b 0058000000000000
XMM08=0000000000000000 00007fcbfd411de3 XMM09=0000000000000000 00007fcbfd411ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
