last executing test programs:

1.908740658s ago: executing program 1 (id=1857):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x44, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x1a}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}]}, 0x44}}, 0x0)

1.810908617s ago: executing program 1 (id=1858):
r0 = socket$unix(0x1, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000000)=0x80000000, 0x4)
sendto$unix(r0, 0x0, 0x803e, 0x0, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e)

1.760629886s ago: executing program 1 (id=1861):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0)
sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}}, 0x0)

1.757702385s ago: executing program 1 (id=1862):
writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)="8724866f", 0x4}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1804"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9, 0x0, 0x8a, 0x0, 0x0, 0x2000000, 0x0, 0x1}})
r2 = socket(0x1d, 0x2, 0x6)
bind$inet(r2, &(0x7f00000000c0)={0x1d, 0x4e20, @loopback}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r5, 0xfffffffc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f0000000600))
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
close(r10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x20, r7, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x20}}, 0x0)
recvmmsg$unix(r4, &(0x7f0000001d40)=[{{0x0, 0x5a, 0x0}}], 0x40001ec, 0x102, 0x0)
writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000300)='X\x00\x00\x00', 0x4}], 0x1)

820.463595ms ago: executing program 2 (id=1871):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r1=>0x0}, &(0x7f0000000000)=0x8)
sendmsg$inet(r0, &(0x7f0000000440)={&(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000300)=[{&(0x7f00000000c0)='>yTp', 0x4}], 0x1}, 0x0)
setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000001c0)={r1, 0xdccc}, 0x8)

820.180026ms ago: executing program 2 (id=1872):
socket$kcm(0x21, 0x2, 0xa)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x20)
close(0x4)

729.243797ms ago: executing program 2 (id=1874):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x22}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11}})
ioctl(r0, 0x8b1a, &(0x7f0000000040))

630.237946ms ago: executing program 2 (id=1876):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a90010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5a4f159d6e5fe8e31627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f4052766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461469a72f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b87901a2e8f50900010073797a30000000000900020073797a3200"], 0x1b8}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)

580.080411ms ago: executing program 2 (id=1878):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x78, &(0x7f0000000100)}, 0x9)

510.782105ms ago: executing program 2 (id=1880):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x401}, 0x11)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

384.757804ms ago: executing program 0 (id=1883):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000240), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x9000000, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100040000002c00048005000300010000000500030080ffffff050003ff800000000500030080ffffff0500030080ffffff0800020003"], 0x50}}, 0x0)

251.258543ms ago: executing program 0 (id=1884):
r0 = socket(0x28, 0x5, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0)

190.268938ms ago: executing program 1 (id=1885):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)=0xfffffffa, 0x4)

189.997328ms ago: executing program 0 (id=1886):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, 0x1, 0x4, 0x101, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000040)

140.804264ms ago: executing program 1 (id=1887):
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
read(r1, &(0x7f0000000480)=""/4096, 0x1000)
readv(r0, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/150, 0x96}], 0x1)

80.719778ms ago: executing program 0 (id=1888):
select(0x4, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x6, 0x8000000000000001})

80.557355ms ago: executing program 0 (id=1889):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@delneigh={0x4c, 0x1a, 0x1, 0x0, 0xfffffffd, {0xa}, [@NDA_CACHEINFO={0x14, 0x3, {0x7}}, @NDA_DST_IPV6={0x14, 0x1, @remote}, @NDA_PROBES={0x8, 0x4, 0xffffffff}]}, 0x4c}}, 0x0)

0s ago: executing program 0 (id=1890):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="3800000068000100030010f0fdffff7f00000000000000000c00020001000000150000000c000c8005000100d23f0000060003000100000028e1ecf4659027a44dd3128eebb50eb9798a1defa17d8dc03ff9be3c6027f58877842b1e3c9a02cb2c3bc9cee6cd3b11a5b6d687a5bed34238c74f77"], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)
socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket(0x1, 0x803, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
getsockname$packet(r2, 0x0, &(0x7f0000000200))
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="340000001400b5950000", @ANYRES32, @ANYBLOB="14000200ff02000000000000000000000000000108000800028d"], 0x34}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000020c0)={'syztnl2\x00', &(0x7f0000002040)={'ip6_vti0\x00', 0x0, 0x4, 0x6, 0x7f, 0x0, 0x48, @empty, @mcast2, 0x20, 0x10, 0x26, 0x6e8e}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'veth0_vlan\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="ef00000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r5, @ANYBLOB="080004000001"], 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x0, 0xa}, {0x0, 0xa}, {0x0, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x15)
r8 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r8)
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@gettfilter={0x34, 0x2e, 0x100, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {0xc, 0xe}, {0x1, 0xa}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x20000004)
sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@gettclass={0x24, 0x2a, 0x129, 0x870bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {}, {0x0, 0xe}}}, 0x24}}, 0x40004)
getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000004dc0))
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@bridge_newneigh={0x1c, 0x1c, 0x1, 0x70bd29, 0x25dfdbff, {0x7, 0x0, 0x0, r10, 0x80, 0x7f, 0xa}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4040004)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000006300)={'syztnl1\x00', &(0x7f0000006280)={'syztnl0\x00', 0x0, 0x20, 0x10, 0x547ea6a0, 0x8, {{0x5, 0x4, 0x3, 0x2c, 0x14, 0x66, 0x0, 0x2, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x36}, @broadcast}}}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000063c0)={'syztnl1\x00', &(0x7f0000006340)={'ip6_vti0\x00', 0x0, 0x2f, 0x5, 0x1, 0x2, 0x4d, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4={'\x00', '\xff\xff', @empty}, 0x81, 0x1, 0xfad, 0xa161}})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:13263' (ED25519) to the list of known hosts.
syzkaller login: [   56.531734][ T5803] cgroup: Unknown subsys name 'net'
[   56.633491][ T5803] cgroup: Unknown subsys name 'cpuset'
[   56.637820][ T5803] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.323419][ T5803] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.624060][ T5861] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   70.468436][ T5237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.472401][ T5237] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.475187][ T5237] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.478023][ T5237] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.481008][ T5237] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.574846][ T5237] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   70.577865][ T5237] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   70.581617][ T5237] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   70.585141][ T5237] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   70.589179][ T5237] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   70.611585][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.614424][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.617883][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.621345][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.625648][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   70.883661][ T5870] chnl_net:caif_netlink_parms(): no params data found
[   70.951468][ T5873] chnl_net:caif_netlink_parms(): no params data found
[   70.985400][ T5875] chnl_net:caif_netlink_parms(): no params data found
[   71.094154][ T5870] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.097070][ T5870] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.100258][ T5870] bridge_slave_0: entered allmulticast mode
[   71.103990][ T5870] bridge_slave_0: entered promiscuous mode
[   71.126346][ T5870] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.128841][ T5870] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.131407][ T5870] bridge_slave_1: entered allmulticast mode
[   71.137097][ T5870] bridge_slave_1: entered promiscuous mode
[   71.154803][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.157178][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.159736][ T5873] bridge_slave_0: entered allmulticast mode
[   71.163347][ T5873] bridge_slave_0: entered promiscuous mode
[   71.185153][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.187613][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.189994][ T5873] bridge_slave_1: entered allmulticast mode
[   71.193502][ T5873] bridge_slave_1: entered promiscuous mode
[   71.225661][ T5870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.228985][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.232245][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.235224][ T5875] bridge_slave_0: entered allmulticast mode
[   71.238200][ T5875] bridge_slave_0: entered promiscuous mode
[   71.269957][ T5870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.273586][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.276274][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.278941][ T5875] bridge_slave_1: entered allmulticast mode
[   71.285260][ T5875] bridge_slave_1: entered promiscuous mode
[   71.297362][ T1360] ieee802154 phy0 wpan0: encryption failed: -22
[   71.299694][ T1360] ieee802154 phy1 wpan1: encryption failed: -22
[   71.306569][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.343412][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.348701][ T5870] team0: Port device team_slave_0 added
[   71.353421][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.358251][ T5870] team0: Port device team_slave_1 added
[   71.381320][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.425252][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.427828][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.437486][ T5870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.442719][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.445282][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.455896][ T5870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.461899][ T5873] team0: Port device team_slave_0 added
[   71.483729][ T5873] team0: Port device team_slave_1 added
[   71.487923][ T5875] team0: Port device team_slave_0 added
[   71.503109][ T5875] team0: Port device team_slave_1 added
[   71.542452][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.544801][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.553523][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.577733][ T5870] hsr_slave_0: entered promiscuous mode
[   71.580528][ T5870] hsr_slave_1: entered promiscuous mode
[   71.598249][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.601591][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.610006][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.619786][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.622585][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.631351][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.648995][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.651730][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.660152][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.713215][ T5873] hsr_slave_0: entered promiscuous mode
[   71.715470][ T5873] hsr_slave_1: entered promiscuous mode
[   71.717901][ T5873] debugfs: 'hsr0' already exists in 'hsr'
[   71.719894][ T5873] Cannot create hsr debugfs directory
[   71.744937][ T5875] hsr_slave_0: entered promiscuous mode
[   71.747722][ T5875] hsr_slave_1: entered promiscuous mode
[   71.750109][ T5875] debugfs: 'hsr0' already exists in 'hsr'
[   71.752536][ T5875] Cannot create hsr debugfs directory
[   72.069368][ T5870] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   72.080006][ T5870] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   72.094434][ T5870] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   72.107947][ T5870] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   72.142029][ T5873] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   72.152159][ T5873] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   72.157438][ T5873] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   72.184456][ T5873] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   72.209787][ T5875] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   72.222240][ T5875] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   72.231247][ T5875] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.238298][ T5875] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.352229][ T5870] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.389125][ T5870] 8021q: adding VLAN 0 to HW filter on device team0
[   72.397168][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.412895][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.415708][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.421809][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.424583][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.482369][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[   72.492396][ T5237] Bluetooth: hci0: command tx timeout
[   72.492452][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.512315][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.515098][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.529813][   T69] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.532111][   T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.552692][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   72.580439][ T1088] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.583173][ T1088] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.599596][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.602229][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.652776][ T5237] Bluetooth: hci2: command tx timeout
[   72.655480][   T54] Bluetooth: hci1: command tx timeout
[   72.774596][ T5870] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.818020][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.855890][ T5870] veth0_vlan: entered promiscuous mode
[   72.876863][ T5870] veth1_vlan: entered promiscuous mode
[   72.898735][ T5873] veth0_vlan: entered promiscuous mode
[   72.914582][ T5873] veth1_vlan: entered promiscuous mode
[   72.938310][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   72.953150][ T5870] veth0_macvtap: entered promiscuous mode
[   72.970633][ T5870] veth1_macvtap: entered promiscuous mode
[   72.977662][ T5873] veth0_macvtap: entered promiscuous mode
[   72.993913][ T5873] veth1_macvtap: entered promiscuous mode
[   73.016233][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.030364][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.038965][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.047888][ T5875] veth0_vlan: entered promiscuous mode
[   73.054765][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.068054][ T5882] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.079745][ T5882] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.084310][ T5882] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.089472][ T5875] veth1_vlan: entered promiscuous mode
[   73.105910][ T5882] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.108880][ T5882] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.125550][ T5882] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.139838][ T5882] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.145288][ T5882] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.225446][ T5875] veth0_macvtap: entered promiscuous mode
[   73.254253][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.254964][ T5875] veth1_macvtap: entered promiscuous mode
[   73.257276][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.300749][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.303648][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.322429][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.352437][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.356367][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.367660][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.388969][ T5882] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.389708][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.395892][ T5882] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.399343][ T5882] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.402783][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.406176][ T5882] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.429120][ T5870] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   73.581637][ T3564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.584585][ T3564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.627761][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.630571][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.870343][ T5952] netlink: 'syz.2.19': attribute type 1 has an invalid length.
[   73.874200][ T5952] netlink: 'syz.2.19': attribute type 1 has an invalid length.
[   73.968464][ T5959] netlink: 12 bytes leftover after parsing attributes in process `syz.0.22'.
[   74.294493][ T5981] netlink: 'syz.0.28': attribute type 4 has an invalid length.
[   74.580910][ T5237] Bluetooth: hci0: command tx timeout
[   74.736984][ T6007] netlink: 60 bytes leftover after parsing attributes in process `syz.1.41'.
[   74.741222][ T5237] Bluetooth: hci2: command tx timeout
[   74.743387][ T5237] Bluetooth: hci1: command tx timeout
[   74.760811][ T6010] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x6
[   74.806226][ T6011] tipc: Started in network mode
[   74.808409][ T6011] tipc: Node identity ac14140f, cluster identity 4711
[   74.827928][ T6011] tipc: New replicast peer: 255.255.255.255
[   74.846146][ T6011] tipc: Enabled bearer <udp:syz2>, priority 10
[   75.142494][   T33] audit: type=1800 audit(1758867543.775:2): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.52" name="memory.events" dev="tmpfs" ino=63 res=0 errno=0
[   75.157947][ T6031] Zero length message leads to an empty skb
[   75.161157][   T33] audit: type=1804 audit(1758867543.785:3): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.52" name="memory.events" dev="tmpfs" ino=63 res=1 errno=0
[   75.163477][ T6019] syz.0.47 uses obsolete (PF_INET,SOCK_PACKET)
[   75.173853][ T6031] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.182594][ T6031] netlink: 'syz.1.52': attribute type 1 has an invalid length.
[   75.494932][ T6049] netlink: 8 bytes leftover after parsing attributes in process `syz.2.58'.
[   75.756332][ T6063] netlink: 'syz.2.65': attribute type 2 has an invalid length.
[   75.941552][   T51] tipc: Node number set to 2886997007
[   76.333774][ T6092] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   76.651123][   T54] Bluetooth: hci0: command tx timeout
[   76.789925][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.83'.
[   76.811440][ T5237] Bluetooth: hci2: command tx timeout
[   76.813657][   T54] Bluetooth: hci1: command tx timeout
[   76.876341][ T6111] netlink: 'syz.1.85': attribute type 16 has an invalid length.
[   76.886939][ T6111] netlink: 8 bytes leftover after parsing attributes in process `syz.1.85'.
[   77.092970][ T6127] warning: `syz.2.93' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   77.555805][ T6155] netlink: 68 bytes leftover after parsing attributes in process `syz.0.105'.
[   77.584782][ T6159] IPVS: set_ctl: invalid protocol: 113 224.0.0.1:20000
[   78.013284][ T6183] netlink: 12 bytes leftover after parsing attributes in process `syz.1.116'.
[   78.211555][ T6197] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[   78.697451][ T6211] netlink: 'syz.0.124': attribute type 3 has an invalid length.
[   78.794673][   T54] Bluetooth: hci0: command tx timeout
[   78.891483][   T54] Bluetooth: hci1: command tx timeout
[   78.893343][   T54] Bluetooth: hci2: command tx timeout
[   79.033957][ T6226] netlink: 20 bytes leftover after parsing attributes in process `syz.2.128'.
[   79.106861][ T6231] macsec1: entered promiscuous mode
[   79.108583][ T6231] macvlan0: entered promiscuous mode
[   79.136747][ T6231] macvlan0: left promiscuous mode
[   79.148176][ T6238] netlink: 'syz.1.132': attribute type 1 has an invalid length.
[   79.151751][ T6238] netlink: 244 bytes leftover after parsing attributes in process `syz.1.132'.
[   79.392952][ T6249] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[   79.651921][ T6262] netlink: 'syz.0.142': attribute type 1 has an invalid length.
[   81.346646][ T6352] 8021q: adding VLAN 0 to HW filter on device bond1
[   81.389046][ T6352] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[   81.649508][ T6372] delete_channel: no stack
[   81.802052][ T6384] netlink: 12 bytes leftover after parsing attributes in process `syz.1.190'.
[   82.017933][ T6399] netlink: 184 bytes leftover after parsing attributes in process `syz.2.197'.
[   82.318602][ T6415] netlink: 28 bytes leftover after parsing attributes in process `syz.2.205'.
[   82.843962][    C0] vcan0: j1939_tp_rxtimer: 0xffff888026fa2c00: rx timeout, send abort
[   82.848403][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888026fa2c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   83.238668][ T6467] netlink: 'syz.1.231': attribute type 1 has an invalid length.
[   83.334642][ T6467] bond1: (slave bridge2): making interface the new active one
[   83.338668][ T6467] bond1: (slave bridge2): Enslaving as an active interface with an up link
[   83.463712][ T6482] netlink: 20 bytes leftover after parsing attributes in process `syz.0.236'.
[   83.555101][ T6489] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.848716][ T6516] netlink: 16 bytes leftover after parsing attributes in process `syz.1.247'.
[   84.113525][ T6542] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check.
[   84.286189][ T6552] netlink: 'syz.2.261': attribute type 13 has an invalid length.
[   84.406211][ T6552] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.410056][ T6552] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.499694][ T6552] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.508699][ T6552] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.593078][ T6561] Bluetooth: MGMT ver 1.23
[   84.693485][   T12] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.697480][   T12] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.701310][   T12] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.704799][   T12] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.805067][ T6569] delete_channel: no stack
[   84.919269][ T6578] syzkaller1: entered promiscuous mode
[   84.926655][ T6578] syzkaller1: entered allmulticast mode
[   85.008932][ T6584] netlink: 4 bytes leftover after parsing attributes in process `syz.2.276'.
[   85.216527][ T6587] netlink: 16 bytes leftover after parsing attributes in process `syz.1.274'.
[   85.497079][ T6612] netlink: 'syz.2.287': attribute type 3 has an invalid length.
[   85.530539][   T10] IPVS: starting estimator thread 0...
[   85.565147][ T6619] netlink: 248 bytes leftover after parsing attributes in process `syz.2.289'.
[   85.597417][ T6621] netlink: 244 bytes leftover after parsing attributes in process `syz.0.288'.
[   85.640976][ T6615] IPVS: using max 48 ests per chain, 115200 per kthread
[   85.744945][ T6629] netlink: 16 bytes leftover after parsing attributes in process `syz.0.292'.
[   86.208176][ T6663] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   86.278776][ T6667] netlink: 16 bytes leftover after parsing attributes in process `syz.0.303'.
[   86.407506][ T6673] sctp: [Deprecated]: syz.1.305 (pid 6673) Use of int in max_burst socket option deprecated.
[   86.407506][ T6673] Use struct sctp_assoc_value instead
[   86.432889][ T6672] tipc: Started in network mode
[   86.436914][ T6672] tipc: Node identity ea64ce6ecae7, cluster identity 4711
[   86.441519][ T6672] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   86.448563][ T6672] syzkaller0: entered promiscuous mode
[   86.454115][ T6672] syzkaller0: entered allmulticast mode
[   86.467495][ T6673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.305'.
[   86.516488][ T6672] tipc: Resetting bearer <eth:syzkaller0>
[   86.533824][ T6670] tipc: Resetting bearer <eth:syzkaller0>
[   86.545474][ T6670] tipc: Disabling bearer <eth:syzkaller0>
[   86.675131][    T9] cfg80211: failed to load regulatory.db
[   86.796568][ T6687] tipc: Started in network mode
[   86.798595][ T6687] tipc: Node identity aaaaaaaaaa1c, cluster identity 4711
[   86.802489][ T6687] tipc: Enabled bearer <eth:veth1_to_bridge>, priority 10
[   86.817365][ T6689] IPVS: set_ctl: invalid protocol: 43 0.0.0.0:20002
[   87.514332][ T6723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.327'.
[   87.932046][ T5916] tipc: Node number set to 11971242
[   88.742892][ T6759] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.746168][ T6759] syzkaller0: entered promiscuous mode
[   88.748437][ T6759] syzkaller0: entered allmulticast mode
[   88.786420][ T6762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.346'.
[   88.812291][ T6759] tipc: Resetting bearer <eth:syzkaller0>
[   88.817650][ T6757] tipc: Resetting bearer <eth:syzkaller0>
[   88.828112][ T6757] tipc: Disabling bearer <eth:syzkaller0>
[   89.009374][ T6776] pim6reg99999999: entered allmulticast mode
[   89.078184][ T6784] netlink: 'syz.2.353': attribute type 4 has an invalid length.
[   89.648031][ T6807] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.651719][ T6807] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.723681][ T6807] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.736718][ T6807] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.827282][ T5716] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.831973][ T5716] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.905858][ T5716] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   89.909502][ T5716] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.260394][ T6841] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   90.423260][ T6854] netlink: 8 bytes leftover after parsing attributes in process `syz.1.381'.
[   90.439398][ T6811] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[   90.525592][ T6859] netlink: 'syz.1.383': attribute type 58 has an invalid length.
[   90.531579][ T6859] netlink: 20 bytes leftover after parsing attributes in process `syz.1.383'.
[   90.603210][ T6863] batadv_slave_1: entered promiscuous mode
[   90.638171][ T6863] netlink: 4 bytes leftover after parsing attributes in process `syz.0.385'.
[   90.649048][ T6863] bridge_slave_1: left allmulticast mode
[   90.654767][ T6863] bridge_slave_1: left promiscuous mode
[   90.660281][ T6871] IPv6: addrconf: prefix option has invalid lifetime
[   90.663520][ T6863] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.669091][ T6863] bridge_slave_0: left allmulticast mode
[   90.681044][ T6863] bridge_slave_0: left promiscuous mode
[   90.682958][ T6863] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.697593][ T6873] netlink: 20 bytes leftover after parsing attributes in process `syz.2.390'.
[   90.702686][ T6873] netlink: 12 bytes leftover after parsing attributes in process `syz.2.390'.
[   90.709388][ T6873] netlink: 31 bytes leftover after parsing attributes in process `syz.2.390'.
[   90.720077][ T6873] netlink: 'syz.2.390': attribute type 3 has an invalid length.
[   90.738612][ T6873] netlink: 'syz.2.390': attribute type 2 has an invalid length.
[   90.743072][ T6873] netlink: 31 bytes leftover after parsing attributes in process `syz.2.390'.
[   90.747215][ T6873] netlink: 'syz.2.390': attribute type 2 has an invalid length.
[   90.841860][ T6862] batadv_slave_1: left promiscuous mode
[   90.944861][ T6890] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.438227][ T6925] netlink: 24 bytes leftover after parsing attributes in process `syz.2.415'.
[   91.690283][ T6943] syzkaller1: entered promiscuous mode
[   91.692870][ T6943] syzkaller1: entered allmulticast mode
[   92.274860][ T6972] netlink: 3 bytes leftover after parsing attributes in process `syz.0.437'.
[   92.487958][ T6982] netlink: 4 bytes leftover after parsing attributes in process `syz.1.442'.
[   93.553620][ T7035] netlink: 'syz.1.458': attribute type 3 has an invalid length.
[   94.038768][ T7067] netlink: 'syz.1.467': attribute type 12 has an invalid length.
[   94.047466][ T7069] netlink: 'syz.2.464': attribute type 2 has an invalid length.
[   94.050442][ T7069] netlink: 'syz.2.464': attribute type 1 has an invalid length.
[   94.100038][ T7073] netlink: 'syz.2.469': attribute type 1 has an invalid length.
[   94.253714][ T7084] netlink: 'syz.1.474': attribute type 20 has an invalid length.
[   95.183029][ T7158] tipc: New replicast peer: 0.0.0.0
[   95.185679][ T7158] tipc: Enabled bearer <udp:syz2>, priority 10
[   95.188973][ T7158] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa
[   95.505917][ T7180] tipc: Enabled bearer <eth:gre0>, priority 10
[   96.216416][ T7249] __nla_validate_parse: 12 callbacks suppressed
[   96.216428][ T7249] netlink: 20 bytes leftover after parsing attributes in process `syz.1.553'.
[   96.221703][ T7249] netlink: 152 bytes leftover after parsing attributes in process `syz.1.553'.
[   96.226876][ T7249] A link change request failed with some changes committed already. Interface macvlan1 may have been left with an inconsistent configuration, please check.
[   96.233789][ T7246] netlink: 32 bytes leftover after parsing attributes in process `syz.0.552'.
[   96.389171][ T7262] validate_nla: 1 callbacks suppressed
[   96.389236][ T7262] netlink: 'syz.1.559': attribute type 30 has an invalid length.
[   96.432577][ T7266] netlink: 8 bytes leftover after parsing attributes in process `syz.2.560'.
[   96.620914][    T9] tipc: Node number set to 545508974
[   96.877505][ T7292] syzkaller1: entered promiscuous mode
[   96.879700][ T7292] syzkaller1: entered allmulticast mode
[   97.994069][ T7358] netlink: 24 bytes leftover after parsing attributes in process `syz.2.601'.
[   98.060177][ T7361] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   98.063661][ T7361] syzkaller0: entered promiscuous mode
[   98.064096][ T7362] netlink: 'syz.0.602': attribute type 1 has an invalid length.
[   98.065840][ T7361] syzkaller0: entered allmulticast mode
[   98.085892][ T7361] tipc: Resetting bearer <eth:syzkaller0>
[   98.116965][ T7359] tipc: Resetting bearer <eth:syzkaller0>
[   98.126222][ T7359] tipc: Disabling bearer <eth:syzkaller0>
[   98.292713][ T7379] Bluetooth: MGMT ver 1.23
[   98.346899][ T7382] netlink: 4 bytes leftover after parsing attributes in process `syz.0.613'.
[   98.353915][ T7380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   98.404579][ T7389] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  100.474052][ T7456] Illegal XDP return value 4294967262 on prog  (id 106) dev syz_tun, expect packet loss!
[  100.938989][ T7480] lo speed is unknown, defaulting to 1000
[  100.943432][ T7480] lo speed is unknown, defaulting to 1000
[  100.947321][ T7480] lo speed is unknown, defaulting to 1000
[  100.954449][ T7480] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  100.965398][ T7480] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  100.998091][ T7480] lo speed is unknown, defaulting to 1000
[  101.001836][ T7480] lo speed is unknown, defaulting to 1000
[  101.004964][ T7480] lo speed is unknown, defaulting to 1000
[  101.186453][ T7491] netlink: 24 bytes leftover after parsing attributes in process `syz.0.657'.
[  101.273506][ T7495] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  101.276503][ T7495] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  101.458987][ T7516] mac80211_hwsim hwsim4 wlan1: entered allmulticast mode
[  101.475989][ T7516] bridge_slave_0: left allmulticast mode
[  101.478623][ T7516] bridge_slave_0: left promiscuous mode
[  101.480767][ T7516] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.489889][ T7516] bridge_slave_1: left allmulticast mode
[  101.495273][ T7516] bridge_slave_1: left promiscuous mode
[  101.499402][ T7516] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.506778][ T7516] bond0: (slave bond_slave_0): Releasing backup interface
[  101.513609][ T7516] bond0: (slave bond_slave_1): Releasing backup interface
[  101.529459][ T7516] team0: Port device team_slave_0 removed
[  101.537511][ T7516] team0: Port device team_slave_1 removed
[  101.540520][ T7516] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.544422][ T7516] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.552018][ T7516] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.555138][ T7516] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.558713][ T7516] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  101.578564][ T7511] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  101.582253][ T7511] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  101.660549][ T7516] netlink: 'syz.1.669': attribute type 10 has an invalid length.
[  101.666743][ T7516] mac80211_hwsim hwsim4 wlan1: left allmulticast mode
[  101.675219][ T7516] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.683564][ T7516] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  102.749204][ T7559] netlink: 'syz.2.684': attribute type 13 has an invalid length.
[  102.755710][ T7559] netlink: 'syz.2.684': attribute type 17 has an invalid length.
[  103.014121][ T7559] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.019589][ T7559] 8021q: adding VLAN 0 to HW filter on device team0
[  103.029870][ T7559] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  103.251110][ T7573] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  103.254057][ T7573] syzkaller0: entered promiscuous mode
[  103.255775][ T7573] syzkaller0: entered allmulticast mode
[  103.269558][ T7573] tipc: Resetting bearer <eth:syzkaller0>
[  103.274175][ T7572] tipc: Resetting bearer <eth:syzkaller0>
[  103.283958][ T7572] tipc: Disabling bearer <eth:syzkaller0>
[  103.474190][ T7591] netlink: 60 bytes leftover after parsing attributes in process `syz.1.696'.
[  103.509988][ T7592] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  103.651621][ T7609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'.
[  103.825533][ T7628] netlink: 32 bytes leftover after parsing attributes in process `syz.0.713'.
[  103.996561][ T7628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.713'.
[  104.166605][ T7652] netlink: 60 bytes leftover after parsing attributes in process `syz.1.721'.
[  104.981267][ T7720] netlink: 64 bytes leftover after parsing attributes in process `syz.1.749'.
[  105.048602][ T7724] netlink: 32 bytes leftover after parsing attributes in process `syz.1.751'.
[  105.138677][ T7728] netlink: 24 bytes leftover after parsing attributes in process `syz.1.753'.
[  105.550133][ T7750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.763'.
[  105.556085][ T7750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.763'.
[  105.589891][ T7751] raw_sendmsg: syz.0.761 forgot to set AF_INET. Fix it!
[  105.937793][ T7779] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma?
[  106.004814][ T7784] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  106.457722][ T7810] netlink: 'syz.0.791': attribute type 1 has an invalid length.
[  106.504627][ T7810] bond2: (slave geneve2): making interface the new active one
[  106.510224][ T7810] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  106.515747][ T5882] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  106.518516][ T5882] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  106.522352][ T5882] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  106.529121][ T7810] 8021q: adding VLAN 0 to HW filter on device bond2
[  106.534749][ T5882] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  106.579749][ T7819] netlink: 'syz.1.794': attribute type 3 has an invalid length.
[  106.591387][ T7819] netlink: 'syz.1.794': attribute type 3 has an invalid length.
[  106.626336][ T5882] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 6081 - 0
[  106.631730][ T5882] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 6081 - 0
[  106.635272][ T5882] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 6081 - 0
[  106.643432][ T5882] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 6081 - 0
[  107.078428][ T7868] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  107.127965][ T7868] syzkaller0: entered promiscuous mode
[  107.130234][ T7868] syzkaller0: entered allmulticast mode
[  107.132951][ T7868] tipc: Resetting bearer <eth:syzkaller0>
[  107.156491][ T7867] tipc: Resetting bearer <eth:syzkaller0>
[  108.083123][ T7867] tipc: Disabling bearer <eth:syzkaller0>
[  108.092517][ T7880] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) !
[  108.266179][ T7901] netlink: 'syz.0.834': attribute type 23 has an invalid length.
[  108.348469][ T7906] netlink: 'syz.1.837': attribute type 4 has an invalid length.
[  108.353191][ T7909] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  108.374379][ T7906] netlink: 'syz.1.837': attribute type 4 has an invalid length.
[  108.474195][ T7920] netlink: 'syz.2.843': attribute type 1 has an invalid length.
[  108.543332][ T7920] bond1: (slave geneve2): making interface the new active one
[  108.546438][ T7920] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  108.559419][ T5716] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0
[  108.564446][ T5716] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0
[  108.572639][ T5716] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0
[  108.580028][ T5716] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0
[  108.589395][ T7920] __nla_validate_parse: 6 callbacks suppressed
[  108.589408][ T7920] netlink: 28 bytes leftover after parsing attributes in process `syz.2.843'.
[  108.602412][ T7920] 8021q: adding VLAN 0 to HW filter on device bond1
[  108.816506][ T7956] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  108.821048][ T7956] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode
[  108.829568][ T7956] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode
[  108.834023][ T7956] tipc: Resetting bearer <eth:syzkaller0>
[  109.021336][ T7972] netlink: 'syz.1.866': attribute type 11 has an invalid length.
[  109.024603][ T7972] netlink: 'syz.1.866': attribute type 4 has an invalid length.
[  109.028754][ T7972] netlink: 224 bytes leftover after parsing attributes in process `syz.1.866'.
[  109.733739][ T8019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.886'.
[  109.746813][ T5716] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  109.749933][ T5716] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  109.753300][ T5716] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  109.756305][ T5716] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  109.759447][ T8019] netlink: 4 bytes leftover after parsing attributes in process `syz.1.886'.
[  109.860109][ T8026] netlink: 8 bytes leftover after parsing attributes in process `syz.0.888'.
[  109.996703][ T8032] IPVS: Error joining to the multicast group
[  110.322555][ T8044] wireguard0: entered promiscuous mode
[  110.324768][ T8044] wireguard0: entered allmulticast mode
[  110.507515][ T8055] pim6reg1: entered promiscuous mode
[  110.509296][ T8055] pim6reg1: entered allmulticast mode
[  110.623604][ T8059] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode broadcast(3)
[  110.691467][ T8063] netlink: 'syz.1.907': attribute type 10 has an invalid length.
[  110.713582][ T8063] netlink: 4 bytes leftover after parsing attributes in process `syz.1.907'.
[  110.831997][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0
[  110.835569][   T12] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 6081 - 0
[  110.839135][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0
[  110.854110][   T12] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 6081 - 0
[  111.041606][ T8067] tipc: Resetting bearer <eth:veth1_to_bridge>
[  111.159580][ T8080] netlink: 8 bytes leftover after parsing attributes in process `syz.2.913'.
[  111.283401][   T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0
[  111.287140][   T12] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 6081 - 0
[  111.295017][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0
[  111.301315][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 6081 - 0
[  111.316516][ T8080] tipc: Resetting bearer <eth:syzkaller0>
[  111.319027][ T8080] tipc: Resetting bearer <eth:syzkaller0>
[  111.326145][   T12] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  111.329603][   T12] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  111.339456][   T12] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  111.346516][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  111.356081][   T12] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  111.367535][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  111.371138][   T12] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  111.389530][ T8085] netlink: 8 bytes leftover after parsing attributes in process `syz.1.915'.
[  111.391261][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  111.392657][ T8085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.915'.
[  111.399414][ T8085] netlink: 'syz.1.915': attribute type 18 has an invalid length.
[  111.553163][ T8097] netlink: 'syz.1.921': attribute type 2 has an invalid length.
[  111.556302][ T8097] netlink: 137592 bytes leftover after parsing attributes in process `syz.1.921'.
[  111.562554][ T8099] netlink: 'syz.0.922': attribute type 1 has an invalid length.
[  111.580480][ T8099] 8021q: adding VLAN 0 to HW filter on device bond3
[  111.619545][ T8099] bond3: (slave veth7): Enslaving as an active interface with a down link
[  111.638310][ T8099] 8021q: adding VLAN 0 to HW filter on device batadv1
[  111.642283][ T8099] bond3: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  111.818905][ T8113] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  111.890933][ T8120] netlink: 'syz.1.932': attribute type 1 has an invalid length.
[  112.209022][ T8147] bond0: (slave bond_slave_0): Releasing backup interface
[  112.220327][ T8147] bond0: (slave bond_slave_1): Releasing backup interface
[  112.232054][ T8147] team0: Port device team_slave_0 removed
[  112.243500][ T8147] team0: Port device team_slave_1 removed
[  112.246229][ T8147] batman_adv: batadv0: Removing interface: batadv_slave_0
[  112.262272][ T8147] batman_adv: batadv0: Removing interface: batadv_slave_1
[  112.266399][ T8147] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  112.327387][ T8147] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  112.348301][ T8147] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  112.361148][ T8147] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  112.498976][    T9] IPVS: starting estimator thread 0...
[  112.590873][ T8162] IPVS: using max 35 ests per chain, 84000 per kthread
[  112.877919][ T8186] 8021q: VLANs not supported on bond0
[  112.969464][ T8195] 8021q: adding VLAN 0 to HW filter on device bond2
[  112.993347][ T8195] 8021q: adding VLAN 0 to HW filter on device bond2
[  112.996513][ T8195] bond2: (slave wireguard0): The slave device specified does not support setting the MAC address
[  113.002501][ T8195] bond2: (slave wireguard0): Error -95 calling set_mac_address
[  113.286273][ T8212] syzkaller0: entered promiscuous mode
[  113.288350][ T8212] syzkaller0: entered allmulticast mode
[  113.293615][ T8212] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  114.152237][ T8244] bridge0: entered promiscuous mode
[  114.264584][ T8254] __nla_validate_parse: 8 callbacks suppressed
[  114.264600][ T8254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.988'.
[  114.313261][ T8254] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  114.335744][ T8254] wireguard0: left promiscuous mode
[  114.338975][ T8254] wireguard0: left allmulticast mode
[  114.456380][ T8265] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[  114.644572][ T8283] validate_nla: 3 callbacks suppressed
[  114.644589][ T8283] netlink: 'syz.2.1000': attribute type 30 has an invalid length.
[  114.710104][ T8287] af_packet: tpacket_rcv: packet too big, clamped from 60 to 4294967272. macoff=96
[  114.716433][ T8287] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1002'.
[  114.911481][ T8307] netlink: 'syz.0.1011': attribute type 11 has an invalid length.
[  114.914608][ T8307] netlink: 'syz.0.1011': attribute type 11 has an invalid length.
[  114.917714][ T8307] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1011'.
[  115.039705][ T8320] netlink: 'syz.1.1018': attribute type 1 has an invalid length.
[  115.077964][ T8317] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  115.085200][ T8316] tipc: Resetting bearer <eth:syzkaller0>
[  115.215439][ T8330] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1021'.
[  116.278051][ T8316] tipc: Disabling bearer <eth:syzkaller0>
[  116.547519][ T8356] netlink: 156260 bytes leftover after parsing attributes in process `syz.2.1033'.
[  116.551899][ T8356] netlink: zone id is out of range
[  116.554552][ T8356] netlink: zone id is out of range
[  116.556766][ T8356] netlink: get zone limit has 8 unknown bytes
[  116.811614][ T8375] netlink: 'syz.1.1039': attribute type 21 has an invalid length.
[  116.815294][ T8375] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1039'.
[  117.058948][ T8399] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1051'.
[  117.291191][ T8418] netlink: 'syz.0.1060': attribute type 1 has an invalid length.
[  117.294347][ T8418] netlink: 'syz.0.1060': attribute type 1 has an invalid length.
[  117.367927][ T8418] netlink: 'syz.0.1060': attribute type 1 has an invalid length.
[  117.410545][ T8418] 8021q: adding VLAN 0 to HW filter on device bond4
[  117.420433][ T8418] bond4: (slave wlan0): Enslaving as an active interface with a down link
[  117.430199][ T8418] vlan2: entered allmulticast mode
[  117.432420][ T8418] veth1: entered allmulticast mode
[  117.434830][ T8418] bond4: (slave vlan2): Opening slave failed
[  117.649750][ T8431] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1065'.
[  117.712021][ T8432] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1065'.
[  117.714913][ T8432] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  117.722758][ T8432] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1065'.
[  118.643146][ T8499] netlink: 'syz.1.1095': attribute type 1 has an invalid length.
[  119.174694][ T8547] trusted_key: syz.1.1112 sent an empty control message without MSG_MORE.
[  119.231075][ T8549] ip6tnl1: entered promiscuous mode
[  119.560044][ T8560] netlink: 'syz.1.1118': attribute type 4 has an invalid length.
[  119.685298][ T8575] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 !
[  120.054423][ T8598] __nla_validate_parse: 3 callbacks suppressed
[  120.054462][ T8598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1135'.
[  120.067814][ T8598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1135'.
[  120.077181][ T8598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1135'.
[  120.324308][ T8608] netlink: 'syz.2.1140': attribute type 1 has an invalid length.
[  120.327382][ T8608] netlink: 'syz.2.1140': attribute type 4 has an invalid length.
[  120.330272][ T8608] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1140'.
[  120.450930][ T8618] netlink: 'syz.0.1143': attribute type 7 has an invalid length.
[  120.454933][ T8618] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1143'.
[  120.534466][ T8626] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1148'.
[  120.638816][ T8634] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1152'.
[  120.692136][ T8637] mac80211_hwsim hwsim3 ;: renamed from wlan0
[  120.966118][ T8663] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1167'.
[  121.647876][ T8722] pimreg: entered allmulticast mode
[  121.684380][ T8726] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1197'.
[  121.875948][ T8745] wg1 speed is unknown, defaulting to 1000
[  121.878280][ T8745] wg1 speed is unknown, defaulting to 1000
[  121.887212][ T8745] wg1 speed is unknown, defaulting to 1000
[  121.903143][ T8745] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  121.935210][ T8745] wg1 speed is unknown, defaulting to 1000
[  121.940383][ T8745] wg1 speed is unknown, defaulting to 1000
[  121.945367][ T8745] wg1 speed is unknown, defaulting to 1000
[  121.987401][ T8739] wg1 speed is unknown, defaulting to 1000
[  122.023035][ T8754] netlink: 'syz.1.1208': attribute type 1 has an invalid length.
[  122.026401][ T8754] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1208'.
[  122.321668][ T8767] RDS: rds_bind could not find a transport for ::ffff:172.30.1.2, load rds_tcp or rds_rdma?
[  122.401316][ T8767] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  122.405390][ T8767] bond0 (unregistering): Released all slaves
[  123.406561][ T8882] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvlan1, syncid = 3, id = 0
[  123.508121][ T8893] block nbd0: not configured, cannot reconfigure
[  123.799404][ T8911] netlink: 'syz.0.1282': attribute type 1 has an invalid length.
[  124.298165][ T8967] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  124.931041][ T9038] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  125.128859][ T9058] __nla_validate_parse: 6 callbacks suppressed
[  125.128871][ T9058] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1313'.
[  125.229525][ T9070] veth0: entered promiscuous mode
[  125.232498][ T9070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1319'.
[  125.258377][ T9070] veth0 (unregistering): left promiscuous mode
[  125.586342][ T9090] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1327'.
[  126.390235][ T9108] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1335'.
[  126.512963][ T9119] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  126.515869][ T9119] syzkaller0: entered promiscuous mode
[  126.517790][ T9119] syzkaller0: entered allmulticast mode
[  126.549151][ T9119] tipc: Resetting bearer <eth:syzkaller0>
[  126.555454][ T9117] tipc: Resetting bearer <eth:syzkaller0>
[  126.578952][ T9117] tipc: Disabling bearer <eth:syzkaller0>
[  126.657410][ T9130] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1347'.
[  127.565353][ T9191] netlink: 'syz.2.1373': attribute type 1 has an invalid length.
[  127.581074][ T9191] netlink: 204 bytes leftover after parsing attributes in process `syz.2.1373'.
[  127.846565][ T9211] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1383'.
[  127.974641][ T9216] wg1 speed is unknown, defaulting to 1000
[  128.225663][ T9224] wg1 speed is unknown, defaulting to 1000
[  128.325384][ T9229] netlink: 3696 bytes leftover after parsing attributes in process `syz.2.1389'.
[  128.328876][ T9229] netlink: 3696 bytes leftover after parsing attributes in process `syz.2.1389'.
[  129.004331][ T9251] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1396'.
[  129.146293][ T9255] ip6tnl1: left promiscuous mode
[  129.300876][ T9259] netlink: 'syz.1.1400': attribute type 1 has an invalid length.
[  130.725298][ T9350] wg1 speed is unknown, defaulting to 1000
[  130.864400][ T9354] netlink: 'syz.2.1436': attribute type 3 has an invalid length.
[  131.301847][ T9364] ip6tnl1: entered promiscuous mode
[  131.399865][ T9367] delete_channel: no stack
[  131.604137][ T9380] netlink: 'syz.2.1448': attribute type 1 has an invalid length.
[  131.606986][ T9380] __nla_validate_parse: 8 callbacks suppressed
[  131.606998][ T9380] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1448'.
[  131.614594][ T9380] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1448'.
[  131.924085][ T9408] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1462'.
[  132.734127][ T1360] ieee802154 phy0 wpan0: encryption failed: -22
[  132.736744][ T1360] ieee802154 phy1 wpan1: encryption failed: -22
[  132.837996][ T9468] syzkaller1: entered promiscuous mode
[  132.840762][ T9468] syzkaller1: entered allmulticast mode
[  133.402880][ T9503] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1506'.
[  133.408433][ T9503] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1506'.
[  133.568549][ T9525] netlink: 'syz.0.1515': attribute type 4 has an invalid length.
[  133.664766][ T9530] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1518'.
[  133.668611][ T9530] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1518'.
[  133.725777][ T9533] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1519'.
[  134.887169][ T9612] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1536'.
[  134.897973][ T9612] bridge0: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  134.981651][ T9616] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1540'.
[  135.055985][ T5716] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  135.064972][ T5716] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  135.091455][    T9] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  135.280835][    T9] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  135.941906][ T9677] netlink: 'syz.0.1568': attribute type 1 has an invalid length.
[  136.022670][ T9680] bond5: (slave ip6gretap3): Enslaving as a backup interface with an up link
[  136.045401][ T5716] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  136.056738][ T9677] 8021q: adding VLAN 0 to HW filter on device bond5
[  136.085232][ T9677] veth9: entered promiscuous mode
[  136.093011][ T9677] bond5: (slave veth9): Enslaving as a backup interface with a down link
[  136.102346][    T9] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  136.109585][ T9677] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  136.163333][ T5716] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  136.280048][ T9689] netlink: 'syz.0.1573': attribute type 2 has an invalid length.
[  136.853626][ T9727] netlink: 'syz.2.1592': attribute type 8 has an invalid length.
[  137.327566][ T9762] netlink: 'syz.2.1608': attribute type 10 has an invalid length.
[  137.331322][ T9762] syz_tun: entered promiscuous mode
[  137.342266][ T9762] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  137.483417][ T9766] tipc: Resetting bearer <eth:syzkaller0>
[  137.539849][ T5882] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0
[  137.545854][ T5882] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0
[  137.551306][ T5882] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0
[  137.554965][ T5882] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0
[  137.886092][ T9772] __nla_validate_parse: 2 callbacks suppressed
[  137.886109][ T9772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1612'.
[  137.899968][ T9772] macvtap1: entered promiscuous mode
[  137.902902][ T9772] team0: entered promiscuous mode
[  137.905551][ T9772] macvtap1: entered allmulticast mode
[  137.907685][ T9772] team0: entered allmulticast mode
[  137.909981][ T9772] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  137.914613][ T9772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1612'.
[  137.919600][ T9772] team0: left allmulticast mode
[  137.930823][ T9772] team0: left promiscuous mode
[  138.018145][ T9774] syzkaller1: entered promiscuous mode
[  138.020309][ T9774] syzkaller1: entered allmulticast mode
[  138.527050][ T9787] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1619'.
[  139.251429][ T9808] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1628'.
[  139.336143][ T9819] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1634'.
[  139.346621][ T9821] vlan2: entered promiscuous mode
[  139.348629][ T9821] gretap0: entered promiscuous mode
[  139.450889][    C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  139.786664][ T9849] ipvlan1: entered promiscuous mode
[  139.789162][ T9844] IPVS: set_ctl: invalid protocol: 51 224.0.0.2:20001
[  139.789228][ T9849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1647'.
[  139.799571][ T9849] ipvlan1 (unregistering): left promiscuous mode
[  139.977372][ T9863] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1654'.
[  140.106579][ T9874] tipc: Failed to remove unknown binding: 66,1,1/545508974:2401232377/2401232379
[  140.112076][ T9874] tipc: Failed to remove unknown binding: 66,1,1/545508974:2401232377/2401232379
[  140.124548][ T9876] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1660'.
[  140.128272][ T9876] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1660'.
[  140.132623][ T9876] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1660'.
[  140.997033][ T9924] netdevsim netdevsim2: Direct firmware load for ./bus failed with error -2
[  141.000432][ T9924] netdevsim netdevsim2: Falling back to sysfs fallback for: ./bus
[  141.049018][ T9925] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  141.053329][ T9925] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  142.026523][ T9972] xt_socket: unknown flags 0x50
[  142.060324][ T9973] netlink: 'syz.0.1696': attribute type 13 has an invalid length.
[  142.066546][ T9973] netlink: 'syz.0.1696': attribute type 17 has an invalid length.
[  142.158284][ T9973] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.164073][ T9973] 8021q: adding VLAN 0 to HW filter on device team0
[  142.176020][ T9973] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  142.283660][ T9973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  142.355375][ T9973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  142.877530][T10001] netlink: 'syz.1.1709': attribute type 1 has an invalid length.
[  142.996380][T10007] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  142.999045][T10007] syzkaller0: entered promiscuous mode
[  143.001604][T10007] syzkaller0: entered allmulticast mode
[  143.074835][T10007] tipc: Resetting bearer <eth:syzkaller0>
[  143.080201][T10006] tipc: Resetting bearer <eth:syzkaller0>
[  143.092372][T10006] tipc: Disabling bearer <eth:syzkaller0>
[  143.174846][T10015] __nla_validate_parse: 5 callbacks suppressed
[  143.174861][T10015] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1716'.
[  144.315338][T10077] netlink: 'syz.1.1744': attribute type 1 has an invalid length.
[  144.318530][T10077] netlink: 'syz.1.1744': attribute type 4 has an invalid length.
[  144.322129][T10077] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1744'.
[  144.326644][T10077] netlink: 'syz.1.1744': attribute type 1 has an invalid length.
[  144.329655][T10077] netlink: 'syz.1.1744': attribute type 4 has an invalid length.
[  144.333342][T10077] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1744'.
[  145.146169][T10090] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1749'.
[  145.766376][T10110] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  145.769995][T10110] syzkaller0: entered promiscuous mode
[  145.773161][T10110] syzkaller0: entered allmulticast mode
[  145.813255][T10110] tipc: Resetting bearer <eth:syzkaller0>
[  145.818224][T10109] tipc: Resetting bearer <eth:syzkaller0>
[  145.918572][T10109] tipc: Disabling bearer <eth:syzkaller0>
[  146.115768][T10126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1764'.
[  146.296555][T10143] netlink: 788 bytes leftover after parsing attributes in process `syz.1.1770'.
[  146.521644][T10156] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1774'.
[  146.558054][T10156] sch_tbf: burst 88 is lower than device veth13 mtu (1514) !
[  146.814575][T10171] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1781'.
[  146.816391][T10169] syzkaller1: entered promiscuous mode
[  146.819878][T10169] syzkaller1: entered allmulticast mode
[  147.127339][T10187] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1788'.
[  148.197256][T10259] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1820'.
[  148.225009][T10259] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1820'.
[  148.740923][    C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured!
[  149.180256][T10275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1826'.
[  149.521949][T10306] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  149.527173][T10306] tipc: Resetting bearer <eth:syzkaller0>
[  149.559433][T10306] tipc: Resetting bearer <eth:syzkaller0>
[  150.466512][T10328] syzkaller1: entered promiscuous mode
[  150.468457][T10328] syzkaller1: entered allmulticast mode
[  150.530571][T10334] netlink: 'syz.0.1852': attribute type 12 has an invalid length.
[  150.607581][T10340] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1855'.
[  151.085659][T10370] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1867'.
[  151.853344][T10392] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  151.915856][T10396] xt_policy: too many policy elements
[  152.497796][T10423] netlink: 'syz.0.1889': attribute type 3 has an invalid length.
[  152.541259][T10425] netlink: 'syz.0.1890': attribute type 1 has an invalid length.
[  152.546981][T10425] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1890'.
[  152.604192][T10428] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1890'.
[  152.627960][T10425] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1890'.
[  152.995458][T10433] ==================================================================
[  152.998939][T10433] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x570/0xf30
[  153.001968][T10433] Read of size 4 at addr ffff8880212aa944 by task syz.2.1891/10433
[  153.006020][T10433] 
[  153.007018][T10433] CPU: 1 UID: 0 PID: 10433 Comm: syz.2.1891 Not tainted syzkaller #0 PREEMPT(full) 
[  153.007039][T10433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  153.007049][T10433] Call Trace:
[  153.007065][T10433]  <TASK>
[  153.007072][T10433]  dump_stack_lvl+0x189/0x250
[  153.007094][T10433]  ? __kasan_check_byte+0x12/0x40
[  153.007115][T10433]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.007130][T10433]  ? lock_release+0x4b/0x3e0
[  153.007152][T10433]  ? __virt_addr_valid+0x4a5/0x5c0
[  153.007169][T10433]  print_report+0xca/0x240
[  153.007189][T10433]  ? xfrm_alloc_spi+0x570/0xf30
[  153.007209][T10433]  kasan_report+0x118/0x150
[  153.007227][T10433]  ? xfrm_alloc_spi+0x570/0xf30
[  153.007249][T10433]  xfrm_alloc_spi+0x570/0xf30
[  153.007268][T10433]  ? xfrm_alloc_spi+0x2a0/0xf30
[  153.007292][T10433]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  153.007309][T10433]  ? xfrm_find_acq+0x87/0xa0
[  153.007327][T10433]  xfrm_alloc_userspi+0x70b/0xc90
[  153.007343][T10433]  ? apparmor_capable+0x137/0x1b0
[  153.007359][T10433]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  153.007371][T10433]  ? __nla_parse+0x40/0x60
[  153.007385][T10433]  xfrm_user_rcv_msg+0x7a3/0xab0
[  153.007405][T10433]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  153.007435][T10433]  ? __pfx___mutex_trylock_common+0x10/0x10
[  153.007450][T10433]  ? rcu_is_watching+0x15/0xb0
[  153.007462][T10433]  ? trace_contention_end+0x39/0x120
[  153.007474][T10433]  ? __mutex_lock+0x335/0x1350
[  153.007489][T10433]  netlink_rcv_skb+0x208/0x470
[  153.007504][T10433]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  153.007525][T10433]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  153.007545][T10433]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.007559][T10433]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.007611][T10433]  xfrm_netlink_rcv+0x79/0x90
[  153.007631][T10433]  netlink_unicast+0x82f/0x9e0
[  153.007648][T10433]  ? __pfx_netlink_unicast+0x10/0x10
[  153.007661][T10433]  ? netlink_sendmsg+0x642/0xb30
[  153.007675][T10433]  ? skb_put+0x11b/0x210
[  153.007692][T10433]  netlink_sendmsg+0x805/0xb30
[  153.007710][T10433]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.007724][T10433]  ? aa_sock_msg_perm+0xf1/0x1d0
[  153.007746][T10433]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  153.007759][T10433]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.007772][T10433]  __sock_sendmsg+0x21c/0x270
[  153.007791][T10433]  ____sys_sendmsg+0x505/0x830
[  153.007809][T10433]  ? __pfx_____sys_sendmsg+0x10/0x10
[  153.007828][T10433]  ? import_iovec+0x74/0xa0
[  153.007845][T10433]  ___sys_sendmsg+0x21f/0x2a0
[  153.007862][T10433]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.007888][T10433]  ? __fget_files+0x2a/0x420
[  153.007903][T10433]  ? __fget_files+0x3a0/0x420
[  153.007924][T10433]  __x64_sys_sendmsg+0x19b/0x260
[  153.007938][T10433]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  153.007955][T10433]  ? rcu_is_watching+0x15/0xb0
[  153.007968][T10433]  ? do_syscall_64+0xbe/0x3b0
[  153.007984][T10433]  do_syscall_64+0xfa/0x3b0
[  153.007997][T10433]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.008016][T10433]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.008028][T10433]  ? exc_page_fault+0x9f/0xf0
[  153.008044][T10433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.008055][T10433] RIP: 0033:0x7f9a54d8ec29
[  153.008066][T10433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.008078][T10433] RSP: 002b:00007f9a55c9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  153.008093][T10433] RAX: ffffffffffffffda RBX: 00007f9a54fd5fa0 RCX: 00007f9a54d8ec29
[  153.008103][T10433] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  153.008110][T10433] RBP: 00007f9a54e11e41 R08: 0000000000000000 R09: 0000000000000000
[  153.008117][T10433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  153.008125][T10433] R13: 00007f9a54fd6038 R14: 00007f9a54fd5fa0 R15: 00007ffdc1a07318
[  153.008138][T10433]  </TASK>
[  153.008143][T10433] 
[  153.154867][T10433] Allocated by task 8444:
[  153.156606][T10433]  kasan_save_track+0x3e/0x80
[  153.158478][T10433]  __kasan_slab_alloc+0x6c/0x80
[  153.160359][T10433]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  153.162504][T10433]  xfrm_state_alloc+0x24/0x2f0
[  153.164365][T10433]  __find_acq_core+0x8a7/0x1c00
[  153.166245][T10433]  xfrm_find_acq+0x78/0xa0
[  153.167984][T10433]  xfrm_alloc_userspi+0x6b3/0xc90
[  153.169949][T10433]  xfrm_user_rcv_msg+0x7a3/0xab0
[  153.171934][T10433]  netlink_rcv_skb+0x208/0x470
[  153.173873][T10433]  xfrm_netlink_rcv+0x79/0x90
[  153.175804][T10433]  netlink_unicast+0x82f/0x9e0
[  153.177747][T10433]  netlink_sendmsg+0x805/0xb30
[  153.179645][T10433]  __sock_sendmsg+0x21c/0x270
[  153.181442][T10433]  ____sys_sendmsg+0x505/0x830
[  153.183329][T10433]  ___sys_sendmsg+0x21f/0x2a0
[  153.185198][T10433]  __x64_sys_sendmsg+0x19b/0x260
[  153.187205][T10433]  do_syscall_64+0xfa/0x3b0
[  153.189021][T10433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.191272][T10433] 
[  153.192219][T10433] Freed by task 9:
[  153.193732][T10433]  kasan_save_track+0x3e/0x80
[  153.195601][T10433]  kasan_save_free_info+0x46/0x50
[  153.197571][T10433]  __kasan_slab_free+0x5b/0x80
[  153.199478][T10433]  kmem_cache_free+0x18f/0x400
[  153.201388][T10433]  xfrm_state_gc_task+0x52d/0x6b0
[  153.203457][T10433]  process_scheduled_works+0xae1/0x17b0
[  153.205716][T10433]  worker_thread+0x8a0/0xda0
[  153.207575][T10433]  kthread+0x711/0x8a0
[  153.209230][T10433]  ret_from_fork+0x439/0x7d0
[  153.211084][T10433]  ret_from_fork_asm+0x1a/0x30
[  153.213056][T10433] 
[  153.214044][T10433] The buggy address belongs to the object at ffff8880212aa880
[  153.214044][T10433]  which belongs to the cache xfrm_state of size 928
[  153.219462][T10433] The buggy address is located 196 bytes inside of
[  153.219462][T10433]  freed 928-byte region [ffff8880212aa880, ffff8880212aac20)
[  153.225166][T10433] 
[  153.226148][T10433] The buggy address belongs to the physical page:
[  153.228688][T10433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880212a8900 pfn:0x212a8
[  153.232692][T10433] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  153.235995][T10433] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  153.238956][T10433] page_type: f5(slab)
[  153.240580][T10433] raw: 00fff00000000040 ffff8881051ffb40 dead000000000122 0000000000000000
[  153.243966][T10433] raw: ffff8880212a8900 00000000800e000c 00000000f5000000 0000000000000000
[  153.247258][T10433] head: 00fff00000000040 ffff8881051ffb40 dead000000000122 0000000000000000
[  153.250767][T10433] head: ffff8880212a8900 00000000800e000c 00000000f5000000 0000000000000000
[  153.254167][T10433] head: 00fff00000000002 ffffea000084aa01 00000000ffffffff 00000000ffffffff
[  153.257572][T10433] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  153.260938][T10433] page dumped because: kasan: bad access detected
[  153.263534][T10433] page_owner tracks the page as allocated
[  153.265785][T10433] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6896, tgid 6895 (syz.2.401), ts 91062350888, free_ts 90846927948
[  153.273071][T10433]  post_alloc_hook+0x240/0x2a0
[  153.274973][T10433]  get_page_from_freelist+0x21e4/0x22c0
[  153.277146][T10433]  __alloc_frozen_pages_noprof+0x181/0x370
[  153.279440][T10433]  alloc_pages_mpol+0x232/0x4a0
[  153.281334][T10433]  allocate_slab+0x8a/0x370
[  153.283148][T10433]  ___slab_alloc+0xbeb/0x1420
[  153.285048][T10433]  kmem_cache_alloc_noprof+0x283/0x3c0
[  153.287172][T10433]  xfrm_state_alloc+0x24/0x2f0
[  153.289046][T10433]  xfrm_add_sa+0x17d1/0x41d0
[  153.290913][T10433]  xfrm_user_rcv_msg+0x7a3/0xab0
[  153.292885][T10433]  netlink_rcv_skb+0x208/0x470
[  153.294793][T10433]  xfrm_netlink_rcv+0x79/0x90
[  153.296637][T10433]  netlink_unicast+0x82f/0x9e0
[  153.298588][T10433]  netlink_sendmsg+0x805/0xb30
[  153.300442][T10433]  __sock_sendmsg+0x21c/0x270
[  153.302299][T10433]  ____sys_sendmsg+0x505/0x830
[  153.304140][T10433] page last free pid 6882 tgid 6882 stack trace:
[  153.306622][T10433]  __free_frozen_pages+0xbc4/0xd30
[  153.308742][T10433]  __put_partials+0x156/0x1a0
[  153.310701][T10433]  put_cpu_partial+0x17c/0x250
[  153.312669][T10433]  __slab_free+0x2d5/0x3c0
[  153.314449][T10433]  qlist_free_all+0x97/0x140
[  153.316235][T10433]  kasan_quarantine_reduce+0x148/0x160
[  153.317960][T10433]  __kasan_slab_alloc+0x22/0x80
[  153.319475][T10433]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  153.321585][T10433]  security_inode_alloc+0x39/0x330
[  153.323270][T10433]  inode_init_always_gfp+0x9ed/0xdc0
[  153.324868][T10433]  alloc_inode+0x82/0x1b0
[  153.326525][T10433]  new_inode+0x22/0x170
[  153.328220][T10433]  shmem_get_inode+0x346/0xe90
[  153.330166][T10433]  shmem_symlink+0xa3/0x510
[  153.332022][T10433]  vfs_symlink+0x143/0x2f0
[  153.333832][T10433]  do_symlinkat+0x1b1/0x3f0
[  153.335592][T10433] 
[  153.336522][T10433] Memory state around the buggy address:
[  153.338762][T10433]  ffff8880212aa800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  153.341833][T10433]  ffff8880212aa880: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.344984][T10433] >ffff8880212aa900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.348141][T10433]                                            ^
[  153.350695][T10433]  ffff8880212aa980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.354085][T10433]  ffff8880212aaa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.357215][T10433] ==================================================================
[  153.360819][T10433] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  153.363688][T10433] CPU: 1 UID: 0 PID: 10433 Comm: syz.2.1891 Not tainted syzkaller #0 PREEMPT(full) 
[  153.367337][T10433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  153.371200][T10433] Call Trace:
[  153.372558][T10433]  <TASK>
[  153.373763][T10433]  dump_stack_lvl+0x99/0x250
[  153.375616][T10433]  ? __asan_memcpy+0x40/0x70
[  153.377461][T10433]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.379563][T10433]  ? __pfx__printk+0x10/0x10
[  153.381203][T10433]  vpanic+0x281/0x750
[  153.382631][T10433]  ? __pfx_vpanic+0x10/0x10
[  153.384490][T10433]  ? irqentry_exit+0x74/0x90
[  153.386411][T10433]  panic+0xb9/0xc0
[  153.387995][T10433]  ? __pfx_panic+0x10/0x10
[  153.389747][T10433]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  153.392093][T10433]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  153.394494][T10433]  ? xfrm_alloc_spi+0x570/0xf30
[  153.396459][T10433]  check_panic_on_warn+0x89/0xb0
[  153.398447][T10433]  ? xfrm_alloc_spi+0x570/0xf30
[  153.400395][T10433]  end_report+0x78/0x160
[  153.402111][T10433]  kasan_report+0x129/0x150
[  153.403912][T10433]  ? xfrm_alloc_spi+0x570/0xf30
[  153.405866][T10433]  xfrm_alloc_spi+0x570/0xf30
[  153.407754][T10433]  ? xfrm_alloc_spi+0x2a0/0xf30
[  153.409694][T10433]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[  153.411892][T10433]  ? xfrm_find_acq+0x87/0xa0
[  153.413834][T10433]  xfrm_alloc_userspi+0x70b/0xc90
[  153.415949][T10433]  ? apparmor_capable+0x137/0x1b0
[  153.417951][T10433]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[  153.420143][T10433]  ? __nla_parse+0x40/0x60
[  153.421846][T10433]  xfrm_user_rcv_msg+0x7a3/0xab0
[  153.423866][T10433]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  153.426054][T10433]  ? __pfx___mutex_trylock_common+0x10/0x10
[  153.428423][T10433]  ? rcu_is_watching+0x15/0xb0
[  153.430321][T10433]  ? trace_contention_end+0x39/0x120
[  153.432418][T10433]  ? __mutex_lock+0x335/0x1350
[  153.434319][T10433]  netlink_rcv_skb+0x208/0x470
[  153.436178][T10433]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  153.438351][T10433]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  153.440509][T10433]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.442673][T10433]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.444788][T10433]  xfrm_netlink_rcv+0x79/0x90
[  153.446683][T10433]  netlink_unicast+0x82f/0x9e0
[  153.448586][T10433]  ? __pfx_netlink_unicast+0x10/0x10
[  153.450683][T10433]  ? netlink_sendmsg+0x642/0xb30
[  153.452665][T10433]  ? skb_put+0x11b/0x210
[  153.454515][T10433]  netlink_sendmsg+0x805/0xb30
[  153.456399][T10433]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.458497][T10433]  ? aa_sock_msg_perm+0xf1/0x1d0
[  153.460479][T10433]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  153.462574][T10433]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.464654][T10433]  __sock_sendmsg+0x21c/0x270
[  153.466550][T10433]  ____sys_sendmsg+0x505/0x830
[  153.468467][T10433]  ? __pfx_____sys_sendmsg+0x10/0x10
[  153.470546][T10433]  ? import_iovec+0x74/0xa0
[  153.472428][T10433]  ___sys_sendmsg+0x21f/0x2a0
[  153.474377][T10433]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.476512][T10433]  ? __fget_files+0x2a/0x420
[  153.478263][T10433]  ? __fget_files+0x3a0/0x420
[  153.480363][T10433]  __x64_sys_sendmsg+0x19b/0x260
[  153.482359][T10433]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  153.484566][T10433]  ? rcu_is_watching+0x15/0xb0
[  153.486467][T10433]  ? do_syscall_64+0xbe/0x3b0
[  153.488367][T10433]  do_syscall_64+0xfa/0x3b0
[  153.490199][T10433]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.492306][T10433]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.494822][T10433]  ? exc_page_fault+0x9f/0xf0
[  153.496783][T10433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.499149][T10433] RIP: 0033:0x7f9a54d8ec29
[  153.500830][T10433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.508171][T10433] RSP: 002b:00007f9a55c9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  153.511620][T10433] RAX: ffffffffffffffda RBX: 00007f9a54fd5fa0 RCX: 00007f9a54d8ec29
[  153.514688][T10433] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  153.517892][T10433] RBP: 00007f9a54e11e41 R08: 0000000000000000 R09: 0000000000000000
[  153.521087][T10433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  153.524241][T10433] R13: 00007f9a54fd6038 R14: 00007f9a54fd5fa0 R15: 00007ffdc1a07318
[  153.527403][T10433]  </TASK>
[  153.529361][T10433] Kernel Offset: disabled
[  153.531051][T10433] Rebooting in 86400 seconds..

VM DIAGNOSIS:
06:20:21  Registers:
info registers vcpu 0

CPU#0
RAX=00007f15fb22f8f8 RBX=00007f15fb22f5b0 RCX=ffffffff8189f704 RDX=ffffffff8189f4f7
RSI=ffffffff8189f6cb RDI=00007f15fb22f938 RBP=00007f15fb22f590 RSP=00007ffd664c06f0
R8 =00007f15fb22f760 R9 =00007f15fb9c2000 R10=00007f15fb1ff008 R11=0000000000000010
R12=00007f15fb22f588 R13=0000000000000017 R14=00007ffd664c0878 R15=00007f15fb1ff008
RIP=00007f15fb668044 RFL=00000287 [--S--PC] CPL=3 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0033 0000000000000000 ffffffff 00a0fb00 DPL=3 CS64 [-RA]
SS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000555595212500 ffffffff 00c00000
GS =0000 0000000000000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b33cf8ff8 CR3=0000000040ee9000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffff8189f4f7 ffffffff818a0197 XMM01=ffffffff818a0197 ffffffff8189f4f7
XMM02=ffffffff823c8fd4 ffffffff8189f4f7 XMM03=ffffffff823c99bd ffffffff823c905c
XMM04=ffffffff823c9b24 ffffffff823c99bd XMM05=ffffffff823c905c ffffffff823c8fd4
XMM06=ffffffff823c8d12 ffffffff823c8cbe XMM07=ffffffff82393595 ffffffff82393548
XMM08=0000000000000000 00007f15fb812f0f XMM09=0000000000000000 00007f15fb812fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000031 RBX=0000000000000031 RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000130c RDI=000000000000130d RBP=00000000000003f8 RSP=ffffc9000726e9f0
R8 =ffff888020048237 R9 =1ffff11004009046 R10=dffffc0000000000 R11=ffffffff854fac30
R12=dffffc0000000000 R13=ffffffff99ad7911 R14=ffffffff99dcc480 R15=0000000000000000
RIP=ffffffff854facac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9a55c9b6c0 ffffffff 00c00000
GS =0000 ffff8881a3c3d000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f9a55c9afc8 CR3=000000003f150000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f9a54fa7498 00007f9a54fa7470 XMM03=00007f9a54fa74a8 00007f9a54fa74a0
XMM04=00007f9a55b0d100 00007f9a54fa7460 XMM05=00007f9a54fa7478 00007f9a54fa74c0
XMM06=00007f9a54fa74b8 00007f9a54fa74b0 XMM07=00007f9a54fa74a8 00007f9a54fa74a0
XMM08=0000000000000000 00007f9a54e12f0f XMM09=0000000000000000 00007f9a54e12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
