last executing test programs:

2.540078493s ago: executing program 1 (id=713):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000280)={0xf6, 0x215, 0xa, 0x3, 0x8, 0x5, 0x40}, 0xc)

2.478918344s ago: executing program 1 (id=715):
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000300)=@generic={&(0x7f0000000200)='./file0\x00', 0x0, 0x1c}, 0x18)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c)
sendto$inet6(r1, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, 0x0, 0x8000)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0)
epoll_create1(0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socket(0x10, 0x80002, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
socket(0x2, 0x6, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
close(0x4)

1.00932921s ago: executing program 1 (id=727):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1414bb00000000000000000000000000000003040000000a0000005e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000000000070000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000046c00000000000000ac141408000000000000000000000000000000000000560000000000fdffffff01000000fc020000000000000000000000000000000000003200000000000000fe8000f10000000000000000000000bb0335000000000000000000000000000000000000ff010000000000000000000000000001000000003c00000002000000ac1414440000000000000000000000000000000001030000000000000000000000000000fe880000000000000000000000000001000004d33c00000002000000ffffffff000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000003300000002000000e0000001000000000000000000000000ffffffff00020000000000000900000003000000ac1414bb00000000000000000000000000007f18fec491bf7bc10000ff0200000000000000000000000000010000000004"], 0x23c}}, 0x0)

939.607369ms ago: executing program 1 (id=730):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="60000000020601080000000000000000000000000900020073797a3200000000050004000000000011000300686173683a69702c6d61726b00000000140007800500150096600000080011400000000c050005000a0000000500010006"], 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x0)

879.464262ms ago: executing program 1 (id=733):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8)
listen(r0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

818.988808ms ago: executing program 1 (id=736):
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
pselect6(0x42, &(0x7f0000000400)={0x0, 0x3, 0x2, 0xffffffff, 0x10001, 0xa, 0x3, 0x100000000}, 0x0, 0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002840)={[0x81]}, 0x8})

300.186761ms ago: executing program 0 (id=758):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000007800)={0x84, @empty, 0x4e24, 0x0, 'lc\x00', 0x20, 0x7f, 0x31}, 0x2c)

300.073624ms ago: executing program 2 (id=759):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x13, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3213000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)

241.617636ms ago: executing program 0 (id=760):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x60, 0x1, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x5}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}, @CTA_TUPLE_REPLY={0x38, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x60}}, 0x0)

241.2756ms ago: executing program 2 (id=761):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, 0x0, 0x0)

241.087709ms ago: executing program 0 (id=762):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61123400000000006113500000000000bf200000000000001500000008ffffffbd030100000000006f000000000000006916320000000000bf670000000000001706000007ff07006706000002000000070600000ee60000bf050000000000002e650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'ipvlan0\x00'})
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2}}}}}, 0x0)

185.262712ms ago: executing program 0 (id=763):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)

185.124784ms ago: executing program 2 (id=764):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, 0x41, 0x107, 0x0, 0x25dfdbfb, {0x3, 0x7c}, [@nested={0x4, 0xfc}, @nested={0x4, 0x1}]}, 0x1c}}, 0x4010)

184.753322ms ago: executing program 0 (id=765):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$inet6(r0, &(0x7f0000000040)={&(0x7f0000000000)={0xa, 0x0, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0x82}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=[@rthdr_2292={{0x28, 0x29, 0x39, {0x29, 0x2, 0x2, 0x1, 0x0, [@mcast2]}}}, @rthdrdstopts={{0x18, 0x29, 0x37, {0x3a}}}], 0x40}, 0x24004800)

184.608151ms ago: executing program 2 (id=766):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003200)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0xb}, {0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {}, {0x0, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

125.465298ms ago: executing program 0 (id=767):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r2=>0x0]}, &(0x7f0000000240)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000040)={r2, 0xf}, 0x8)

100.714µs ago: executing program 2 (id=768):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB="84010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000fffe00080009000000000008000a000000000008000a00000002"], 0x184}}, 0x0)

0s ago: executing program 2 (id=769):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:51187' (ED25519) to the list of known hosts.
syzkaller login: [   56.455511][ T5823] cgroup: Unknown subsys name 'net'
[   56.571177][ T5823] cgroup: Unknown subsys name 'cpuset'
[   56.579376][ T5823] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.923751][ T5823] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   64.752447][ T5236] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   64.757090][ T5236] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   64.760465][ T5236] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   64.764438][ T5236] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   64.768416][ T5236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   64.819110][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   64.822405][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   64.827289][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   64.831124][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   64.834422][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   64.839430][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   64.843105][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   64.864955][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   64.869788][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   64.873445][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.239230][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   65.296224][ T5853] chnl_net:caif_netlink_parms(): no params data found
[   65.322704][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   65.379376][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.382337][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.385228][ T5848] bridge_slave_0: entered allmulticast mode
[   65.388594][ T5848] bridge_slave_0: entered promiscuous mode
[   65.412179][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.414862][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.418066][ T5848] bridge_slave_1: entered allmulticast mode
[   65.420875][ T5848] bridge_slave_1: entered promiscuous mode
[   65.489993][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.492786][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.495964][ T5853] bridge_slave_0: entered allmulticast mode
[   65.501154][ T5853] bridge_slave_0: entered promiscuous mode
[   65.522165][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.526078][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.529576][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.532446][ T5853] bridge_slave_1: entered allmulticast mode
[   65.536258][ T5853] bridge_slave_1: entered promiscuous mode
[   65.557267][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.574729][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.577888][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.580857][ T5854] bridge_slave_0: entered allmulticast mode
[   65.584693][ T5854] bridge_slave_0: entered promiscuous mode
[   65.590818][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.593786][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.597710][ T5854] bridge_slave_1: entered allmulticast mode
[   65.601785][ T5854] bridge_slave_1: entered promiscuous mode
[   65.649699][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.682489][ T5848] team0: Port device team_slave_0 added
[   65.688001][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.693311][ T5848] team0: Port device team_slave_1 added
[   65.711867][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.759832][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.764161][ T5853] team0: Port device team_slave_0 added
[   65.767361][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.770022][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.779469][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.808242][ T5853] team0: Port device team_slave_1 added
[   65.811161][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.813900][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.823954][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.831388][ T5854] team0: Port device team_slave_0 added
[   65.855675][ T5854] team0: Port device team_slave_1 added
[   65.880666][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.883229][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.893350][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.899475][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.901799][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.910298][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.942761][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.945293][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.954076][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.984032][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.986243][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   65.995097][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.017981][ T5848] hsr_slave_0: entered promiscuous mode
[   66.020924][ T5848] hsr_slave_1: entered promiscuous mode
[   66.047720][ T5853] hsr_slave_0: entered promiscuous mode
[   66.050049][ T5853] hsr_slave_1: entered promiscuous mode
[   66.052341][ T5853] debugfs: 'hsr0' already exists in 'hsr'
[   66.054435][ T5853] Cannot create hsr debugfs directory
[   66.061269][ T5854] hsr_slave_0: entered promiscuous mode
[   66.063695][ T5854] hsr_slave_1: entered promiscuous mode
[   66.066331][ T5854] debugfs: 'hsr0' already exists in 'hsr'
[   66.068565][ T5854] Cannot create hsr debugfs directory
[   66.379705][ T5853] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.391508][ T5853] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.401016][ T5853] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   66.410069][ T5853] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   66.481083][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   66.495140][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   66.505833][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   66.514289][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   66.625814][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   66.637554][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   66.656332][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   66.665353][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   66.708096][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.761935][ T5853] 8021q: adding VLAN 0 to HW filter on device team0
[   66.785384][ T2188] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.788598][ T2188] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.801219][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.813003][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.815371][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.847584][ T5858] Bluetooth: hci0: command tx timeout
[   66.878592][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   66.887523][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.900158][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.903033][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.920187][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.922840][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.926954][ T5858] Bluetooth: hci2: command tx timeout
[   66.927625][   T55] Bluetooth: hci1: command tx timeout
[   66.966161][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   66.974408][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.976759][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.989354][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.992155][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.061148][ T5848] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.152666][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.171428][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.216149][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.261617][ T5854] veth0_vlan: entered promiscuous mode
[   67.271526][ T5853] veth0_vlan: entered promiscuous mode
[   67.280091][ T5854] veth1_vlan: entered promiscuous mode
[   67.299736][ T5853] veth1_vlan: entered promiscuous mode
[   67.328442][ T5848] veth0_vlan: entered promiscuous mode
[   67.335293][ T5854] veth0_macvtap: entered promiscuous mode
[   67.346248][ T5848] veth1_vlan: entered promiscuous mode
[   67.353585][ T5854] veth1_macvtap: entered promiscuous mode
[   67.382452][ T5853] veth0_macvtap: entered promiscuous mode
[   67.388270][ T5853] veth1_macvtap: entered promiscuous mode
[   67.414823][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.424165][ T5848] veth0_macvtap: entered promiscuous mode
[   67.438418][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.443102][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.461399][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.469707][ T5848] veth1_macvtap: entered promiscuous mode
[   67.478239][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.492543][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.501616][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.527680][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.546601][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.551417][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.555062][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.571687][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.583415][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.611396][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.644912][ T2188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.658520][ T2188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.663602][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.669130][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.682753][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.686297][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.738843][ T2188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.742358][ T2188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.759301][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.765802][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.821741][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.837371][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.848001][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.854210][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.861162][ T5853] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.884292][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.908018][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.139771][ T5930] netlink: 'syz.2.8': attribute type 3 has an invalid length.
[   68.378776][ T5952] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   68.473439][ T5958] netlink: 'syz.1.19': attribute type 12 has an invalid length.
[   68.618993][ T5969] netlink: 'syz.2.24': attribute type 1 has an invalid length.
[   68.648217][ T5970] netlink: 20 bytes leftover after parsing attributes in process `syz.0.25'.
[   68.706611][ T5974] Zero length message leads to an empty skb
[   68.743794][ T5974] syz.0.25 uses obsolete (PF_INET,SOCK_PACKET)
[   68.779695][ T5977] netlink: 588 bytes leftover after parsing attributes in process `syz.1.26'.
[   68.805101][ T5969] veth3: entered promiscuous mode
[   68.899979][ T5974] smc: net device bond0 applied user defined pnetid SYZ2
[   68.916051][ T5982] smc: net device bond0 erased user defined pnetid SYZ2
[   68.927109][   T55] Bluetooth: hci0: command tx timeout
[   69.014607][   T55] Bluetooth: hci1: command tx timeout
[   69.018446][   T55] Bluetooth: hci2: command tx timeout
[   69.832863][ T6024] netlink: 32 bytes leftover after parsing attributes in process `syz.2.45'.
[   69.836566][ T6024] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   69.881649][ T6027] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.894078][ T6025] af_packet: tpacket_rcv: packet too big, clamped from 3956 to 3952. macoff=96
[   69.968909][ T6031] netlink: 8 bytes leftover after parsing attributes in process `syz.2.48'.
[   70.354689][ T6049] netlink: 136 bytes leftover after parsing attributes in process `syz.2.56'.
[   70.361521][ T6049] netlink: 180 bytes leftover after parsing attributes in process `syz.2.56'.
[   71.010243][ T6071] netlink: 16 bytes leftover after parsing attributes in process `syz.1.62'.
[   71.017953][ T5858] Bluetooth: hci0: command tx timeout
[   71.088177][   T55] Bluetooth: hci1: command tx timeout
[   71.090609][ T5858] Bluetooth: hci2: command tx timeout
[   71.178561][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[   71.181289][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[   71.463365][ T6104] netlink: 8 bytes leftover after parsing attributes in process `syz.0.71'.
[   71.774866][ T6120] netlink: 'syz.0.76': attribute type 1 has an invalid length.
[   71.864410][ T6125] netlink: 'syz.2.78': attribute type 25 has an invalid length.
[   71.881296][ T6125] netlink: 'syz.2.78': attribute type 25 has an invalid length.
[   71.924567][ T6130] Illegal XDP return value 155942912 on prog  (id 13) dev N/A, expect packet loss!
[   72.303810][ T6159] netlink: 20 bytes leftover after parsing attributes in process `syz.2.90'.
[   72.342233][ T6159] netlink: 20 bytes leftover after parsing attributes in process `syz.2.90'.
[   72.344069][ T6163] tipc: Started in network mode
[   72.348199][ T6163] tipc: Node identity 4e7affc0d094, cluster identity 4711
[   72.351299][ T6163] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   72.359053][ T6163] syzkaller0: entered promiscuous mode
[   72.361238][ T6163] syzkaller0: entered allmulticast mode
[   72.398444][ T6163] tipc: Resetting bearer <eth:syzkaller0>
[   72.441662][ T6162] tipc: Resetting bearer <eth:syzkaller0>
[   72.472730][ T6162] tipc: Disabling bearer <eth:syzkaller0>
[   72.547744][ T6176] netlink: 'syz.2.98': attribute type 1 has an invalid length.
[   72.818721][   T33] audit: type=1800 audit(1758635031.584:2): pid=6191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.101" name="memory.events" dev="tmpfs" ino=240 res=0 errno=0
[   73.089672][ T5858] Bluetooth: hci0: command tx timeout
[   73.168531][ T5858] Bluetooth: hci2: command tx timeout
[   73.170847][ T5858] Bluetooth: hci1: command tx timeout
[   73.217923][ T6225] netdevsim netdevsim0: Direct firmware load for  failed with error -2
[   73.222112][ T6225] netdevsim netdevsim0: Falling back to sysfs fallback for: 
[   73.622130][ T6243] netlink: 'syz.2.129': attribute type 2 has an invalid length.
[   74.975917][ T6281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.141'.
[   75.063820][ T6281] bridge_slave_1: left allmulticast mode
[   75.068110][ T6281] bridge_slave_1: left promiscuous mode
[   75.089511][ T6281] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.111457][ T6281] bridge_slave_0: left allmulticast mode
[   75.113746][ T6281] bridge_slave_0: left promiscuous mode
[   75.116129][ T6281] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.545702][ T6312] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.572721][ T6314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.151'.
[   75.584508][ T6314] dummy0: entered promiscuous mode
[   75.587029][ T6314] macvtap1: entered promiscuous mode
[   75.589030][ T6314] macvtap1: entered allmulticast mode
[   75.591099][ T6314] dummy0: entered allmulticast mode
[   75.599237][ T6314] dummy0: left allmulticast mode
[   75.601359][ T6314] dummy0: left promiscuous mode
[   76.352930][ T6357] netlink: 'syz.0.170': attribute type 4 has an invalid length.
[   76.498675][ T6367] nbd: socks must be embedded in a SOCK_ITEM attr
[   76.693442][ T6377] netlink: 'syz.2.178': attribute type 4 has an invalid length.
[   76.707597][ T6380] netlink: 'syz.0.179': attribute type 1 has an invalid length.
[   76.810830][ T6383] netlink: 9 bytes leftover after parsing attributes in process `syz.1.177'.
[   76.814750][ T6383] ..0: renamed from hsr0 (while UP)
[   76.820283][ T6383] ..0: entered allmulticast mode
[   76.822392][ T6383] hsr_slave_0: entered allmulticast mode
[   76.843350][ T6383] hsr_slave_1: entered allmulticast mode
[   76.846286][ T6383] A link change request failed with some changes committed already. Interface ..0 may have been left with an inconsistent configuration, please check.
[   77.043668][ T6397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.186'.
[   77.131985][ T6403] netlink: 'syz.0.189': attribute type 83 has an invalid length.
[   77.289660][ T6415] warning: `syz.2.195' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   77.533307][ T6378] syz.1.177 (6378) used greatest stack depth: 19192 bytes left
[   77.735962][ T6461] netlink: 20 bytes leftover after parsing attributes in process `syz.1.216'.
[   77.789394][ T6467] netlink: 64 bytes leftover after parsing attributes in process `syz.2.219'.
[   78.139999][ T6480] netlink: 4 bytes leftover after parsing attributes in process `syz.1.224'.
[   78.160723][ T6480] veth1_macvtap: left promiscuous mode
[   78.504977][    T9] IPVS: starting estimator thread 0...
[   78.551244][ T6506] netlink: 830 bytes leftover after parsing attributes in process `syz.0.235'.
[   78.596580][ T6502] IPVS: using max 63 ests per chain, 151200 per kthread
[   79.421261][ T6531] netlink: 16215 bytes leftover after parsing attributes in process `syz.1.244'.
[   79.431669][ T6533] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   79.460708][ T6535] netlink: 16 bytes leftover after parsing attributes in process `syz.2.246'.
[   79.464992][ T6533] syzkaller0: entered promiscuous mode
[   79.467399][ T6533] syzkaller0: entered allmulticast mode
[   79.472754][ T6533] tipc: Resetting bearer <eth:syzkaller0>
[   79.507589][ T6532] tipc: Resetting bearer <eth:syzkaller0>
[   80.452411][ T6532] tipc: Disabling bearer <eth:syzkaller0>
[   80.457758][ T6537] __nla_validate_parse: 1 callbacks suppressed
[   80.457772][ T6537] netlink: 152 bytes leftover after parsing attributes in process `syz.1.247'.
[   80.718847][ T6544] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.748023][ T6555] netlink: 16 bytes leftover after parsing attributes in process `syz.2.252'.
[   80.799000][ T6544] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.874811][ T6544] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.884423][ T6561] veth1_virt_wifi: entered promiscuous mode
[   80.887893][ T6561] netlink: 48 bytes leftover after parsing attributes in process `syz.2.255'.
[   80.891411][ T6561] A link change request failed with some changes committed already. Interface veth1_virt_wifi may have been left with an inconsistent configuration, please check.
[   80.943906][ T6544] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.050492][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.066804][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.081753][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.099268][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.149785][ T6575] netlink: 'syz.2.262': attribute type 8 has an invalid length.
[   81.261593][ T6580] bond0: (slave bond_slave_0): Releasing backup interface
[   81.270717][ T6580] bond0: (slave bond_slave_1): Releasing backup interface
[   81.292339][ T6580] team0: Port device team_slave_0 removed
[   81.309063][ T6580] team0: Port device team_slave_1 removed
[   81.312499][ T6580] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.315476][ T6580] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.321638][ T6580] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.324757][ T6580] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.334473][ T6580] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   81.390946][ T6580] netlink: 'syz.1.263': attribute type 10 has an invalid length.
[   81.403021][ T6580] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.437647][ T6580] bond0: (slave wlan1): Enslaving as an active interface with an up link
[   81.705067][ T6604] sctp: [Deprecated]: syz.0.274 (pid 6604) Use of struct sctp_assoc_value in delayed_ack socket option.
[   81.705067][ T6604] Use struct sctp_sack_info instead
[   81.791906][ T6612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.278'.
[   82.030175][   T10] cfg80211: failed to load regulatory.db
[   82.163662][ T6634] netlink: 'syz.1.288': attribute type 1 has an invalid length.
[   82.167825][ T6634] netlink: 5624 bytes leftover after parsing attributes in process `syz.1.288'.
[   82.259107][ T6642] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   82.480508][ T6658] netlink: 12 bytes leftover after parsing attributes in process `syz.1.299'.
[   82.584872][ T6661] vlan2: entered allmulticast mode
[   82.594781][ T6661] bond1: entered allmulticast mode
[   82.774442][ T6665] netlink: 16 bytes leftover after parsing attributes in process `syz.1.301'.
[   82.864619][ T6664] ipvlan2: entered promiscuous mode
[   82.868571][ T6664] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   82.872743][ T6664] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[   83.202501][ T6683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.309'.
[   83.290546][ T6690] netlink: 'syz.1.312': attribute type 15 has an invalid length.
[   83.587612][ T6710] syz_tun: entered promiscuous mode
[   83.591253][ T6710] syz_tun: left promiscuous mode
[   83.774598][ T6722] netlink: 'syz.1.326': attribute type 1 has an invalid length.
[   83.942904][ T6734] netlink: 24 bytes leftover after parsing attributes in process `syz.1.332'.
[   84.030313][ T6740] netlink: 'syz.2.335': attribute type 1 has an invalid length.
[   84.055555][ T6740] bond1: entered promiscuous mode
[   84.061176][ T6740] 8021q: adding VLAN 0 to HW filter on device bond1
[   84.089119][ T6740] 8021q: adding VLAN 0 to HW filter on device bond2
[   84.094331][ T6740] bond1: (slave bond2): making interface the new active one
[   84.097974][ T6740] bond2: entered promiscuous mode
[   84.101036][ T6740] bond1: (slave bond2): Enslaving as an active interface with an up link
[   84.260191][ T6747] netlink: 28 bytes leftover after parsing attributes in process `syz.2.336'.
[   84.419568][ T6751] ieee802154 phy0 wpan0: encryption failed: -22
[   84.425055][ T6751] team0: No ports can be present during mode change
[   84.507816][ T6758] Bluetooth: MGMT ver 1.23
[   84.679151][ T6771] netlink: 'syz.0.345': attribute type 13 has an invalid length.
[   84.682510][ T6771] netlink: 'syz.0.345': attribute type 17 has an invalid length.
[   84.759810][ T6771] 8021q: adding VLAN 0 to HW filter on device team0
[   84.765841][ T6771] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   84.897135][ T6787] netlink: 'syz.1.351': attribute type 16 has an invalid length.
[   84.914928][ T6771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.004090][ T6791] ip6tnl1: entered promiscuous mode
[   85.006202][ T6791] ip6tnl1: entered allmulticast mode
[   85.065109][ T6795] netlink: zone id is out of range
[   85.070779][ T6795] netlink: zone id is out of range
[   85.072901][ T6795] netlink: zone id is out of range
[   85.074975][ T6795] netlink: get zone limit has 8 unknown bytes
[   85.186159][ T6803] macvlan1: entered allmulticast mode
[   85.190843][ T6803] veth1_vlan: entered allmulticast mode
[   85.298540][ T6811] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   85.920705][ T6855] netlink: 'syz.0.380': attribute type 1 has an invalid length.
[   86.093119][ T6866] __nla_validate_parse: 5 callbacks suppressed
[   86.093136][ T6866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.385'.
[   86.151865][ T6869] netlink: 244 bytes leftover after parsing attributes in process `syz.1.386'.
[   86.268181][ T6876] netlink: 64 bytes leftover after parsing attributes in process `syz.1.389'.
[   86.898812][ T6893] pim6reg: entered allmulticast mode
[   86.901862][ T6892] pim6reg: left allmulticast mode
[   87.608320][ T6930] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'.
[   87.611116][ T6930] netlink: 'syz.2.414': attribute type 30 has an invalid length.
[   87.620791][   T13] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   87.623643][   T13] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   87.626741][ T6930] netlink: 8 bytes leftover after parsing attributes in process `syz.2.414'.
[   87.629816][ T6930] netlink: 'syz.2.414': attribute type 30 has an invalid length.
[   87.632456][   T13] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   87.635254][   T13] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   87.671753][ T5913] IPVS: starting estimator thread 0...
[   87.747052][ T6936] netlink: 'syz.0.416': attribute type 8 has an invalid length.
[   87.750255][ T6936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.416'.
[   87.757238][ T6934] IPVS: using max 63 ests per chain, 151200 per kthread
[   87.762345][ T6936] bond0: entered promiscuous mode
[   87.764577][ T6936] bond_slave_0: entered promiscuous mode
[   87.767937][ T6936] bond_slave_1: entered promiscuous mode
[   87.801657][ T6936] bond0: left promiscuous mode
[   87.803454][ T6936] bond_slave_0: left promiscuous mode
[   87.805556][ T6936] bond_slave_1: left promiscuous mode
[   87.807342][ T6939] netlink: 'syz.0.416': attribute type 8 has an invalid length.
[   87.810162][ T6939] netlink: 4 bytes leftover after parsing attributes in process `syz.0.416'.
[   88.117723][ T6939] bond0: entered promiscuous mode
[   88.119488][ T6939] bond_slave_0: entered promiscuous mode
[   88.121844][ T6939] bond_slave_1: entered promiscuous mode
[   88.126586][ T6939] bond0: left promiscuous mode
[   88.136755][ T6939] bond_slave_0: left promiscuous mode
[   88.139244][ T6939] bond_slave_1: left promiscuous mode
[   88.148829][ T6940] syzkaller1: entered promiscuous mode
[   88.151037][ T6940] syzkaller1: entered allmulticast mode
[   88.552141][ T6974] netlink: 80 bytes leftover after parsing attributes in process `syz.1.432'.
[   88.720930][ T6988] netlink: 24 bytes leftover after parsing attributes in process `syz.2.439'.
[   88.732233][ T6988] netlink: 24 bytes leftover after parsing attributes in process `syz.2.439'.
[   89.694497][ T7049] syzkaller1: entered promiscuous mode
[   89.699150][ T7049] syzkaller1: entered allmulticast mode
[   89.842020][ T7061] bond_slave_0: entered promiscuous mode
[   89.844560][ T7061] bond_slave_1: entered promiscuous mode
[   89.847740][ T7061] vlan2: entered promiscuous mode
[   89.856700][ T7061] bond0: entered promiscuous mode
[   90.359221][ T7090] tc_dump_action: action bad kind
[   90.545692][ T7096] ieee802154 phy0 wpan0: encryption failed: -22
[   90.598194][ T7099] tipc: Started in network mode
[   90.599775][ T7099] tipc: Node identity 2249e303bc8f, cluster identity 4711
[   90.602179][ T7099] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.604914][ T7099] syzkaller0: entered promiscuous mode
[   90.607345][ T7099] syzkaller0: entered allmulticast mode
[   90.753358][ T7101] tipc: Resetting bearer <eth:syzkaller0>
[   90.795617][ T7098] tipc: Resetting bearer <eth:syzkaller0>
[   90.817275][ T7098] tipc: Disabling bearer <eth:syzkaller0>
[   91.063644][ T7128] netlink: 'syz.0.502': attribute type 15 has an invalid length.
[   91.427288][ T7145] netlink: 'syz.1.509': attribute type 10 has an invalid length.
[   91.440730][ T7145] ..0: left allmulticast mode
[   91.442504][ T7145] hsr_slave_0: left allmulticast mode
[   91.444356][ T7145] hsr_slave_1: left allmulticast mode
[   91.452833][ T7145] ..0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[   92.069099][ T7167] __nla_validate_parse: 4 callbacks suppressed
[   92.069115][ T7167] netlink: 56 bytes leftover after parsing attributes in process `syz.1.519'.
[   92.329560][ T7178] netlink: 'syz.0.525': attribute type 12 has an invalid length.
[   92.333027][ T7178] netlink: 'syz.0.525': attribute type 29 has an invalid length.
[   92.341855][ T7178] netlink: 148 bytes leftover after parsing attributes in process `syz.0.525'.
[   92.345589][ T7178] netlink: 'syz.0.525': attribute type 1 has an invalid length.
[   92.725455][ T7199] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.530'.
[   93.002503][ T7213] netlink: 40 bytes leftover after parsing attributes in process `syz.0.536'.
[   93.064314][ T7210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   93.527795][   T33] audit: type=1800 audit(1758635052.304:3): pid=7219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.539" name="@" dev="tmpfs" ino=837 res=0 errno=0
[   93.737616][ T7238] bridge_slave_0: left allmulticast mode
[   93.739932][ T7238] bridge_slave_0: left promiscuous mode
[   93.742470][ T7238] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.754514][ T7238] bridge_slave_1: left allmulticast mode
[   93.757092][ T7238] bridge_slave_1: left promiscuous mode
[   93.759610][ T7238] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.768634][ T7238] bond0: (slave bond_slave_0): Releasing backup interface
[   93.772271][ T7238] bond_slave_0: left promiscuous mode
[   93.779299][ T7238] bond0: (slave bond_slave_1): Releasing backup interface
[   93.784730][ T7238] bond_slave_1: left promiscuous mode
[   93.804619][ T7238] team0: Port device team_slave_0 removed
[   93.811996][ T7238] team0: Port device team_slave_1 removed
[   93.814311][ T7238] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   93.817981][ T7238] batman_adv: batadv0: Removing interface: batadv_slave_0
[   93.822495][ T7238] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   93.825471][ T7238] batman_adv: batadv0: Removing interface: batadv_slave_1
[   93.834461][ T7238] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   94.163319][ T7262] vxcan2: entered allmulticast mode
[   94.586945][ T7296] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.571'.
[   94.609480][ T7298] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 4, id = 0
[   94.690256][ T7302] netlink: 212856 bytes leftover after parsing attributes in process `syz.0.573'.
[   94.865859][ T7322] netlink: 56 bytes leftover after parsing attributes in process `syz.2.580'.
[   94.917675][ T7316] bond0 (unregistering): (slave wlan1): Releasing backup interface
[   94.929320][ T7316] bond0 (unregistering): Released all slaves
[   95.324930][ T7351] netlink: 84 bytes leftover after parsing attributes in process `syz.1.589'.
[   96.278101][ T7392] netlink: 16 bytes leftover after parsing attributes in process `syz.2.608'.
[   96.720956][ T7431] netlink: 24 bytes leftover after parsing attributes in process `syz.2.623'.
[   96.962429][ T7447] netlink: 'syz.1.630': attribute type 13 has an invalid length.
[   97.009694][   T33] audit: type=1800 audit(1758635055.784:4): pid=7444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.629" name="memory.events" dev="tmpfs" ino=1026 res=0 errno=0
[   97.107323][ T7454] sctp: [Deprecated]: syz.1.633 (pid 7454) Use of struct sctp_assoc_value in delayed_ack socket option.
[   97.107323][ T7454] Use struct sctp_sack_info instead
[   97.293246][ T7469] __nla_validate_parse: 1 callbacks suppressed
[   97.293262][ T7469] netlink: 8 bytes leftover after parsing attributes in process `syz.1.640'.
[   98.082452][ T7504] netlink: 4 bytes leftover after parsing attributes in process `syz.0.653'.
[   98.965778][ T7512] netlink: 28 bytes leftover after parsing attributes in process `syz.2.657'.
[   99.352772][ T7540] netlink: 'syz.0.670': attribute type 15 has an invalid length.
[   99.503662][ T7553] netlink: 24 bytes leftover after parsing attributes in process `syz.0.676'.
[   99.760206][ T7575] netlink: 'syz.0.686': attribute type 1 has an invalid length.
[   99.763079][ T7575] netlink: 'syz.0.686': attribute type 1 has an invalid length.
[   99.768357][ T7575] netlink: 'syz.0.686': attribute type 1 has an invalid length.
[   99.850727][ T7582] netlink: 40 bytes leftover after parsing attributes in process `syz.2.689'.
[   99.875131][ T7584] netlink: 16 bytes leftover after parsing attributes in process `syz.0.690'.
[   99.920376][ T7588] netlink: 12 bytes leftover after parsing attributes in process `syz.0.692'.
[  100.046659][ T5858] Bluetooth: hci1: command 0x0405 tx timeout
[  100.458244][ T7623] tipc: Started in network mode
[  100.459810][ T7623] tipc: Node identity de49417e9e42, cluster identity 4711
[  100.462416][ T7623] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  100.465928][ T7623] syzkaller0: entered promiscuous mode
[  100.467858][ T7623] syzkaller0: entered allmulticast mode
[  100.545666][ T7624] netlink: 2 bytes leftover after parsing attributes in process `syz.1.708'.
[  100.552561][ T7623] tipc: Resetting bearer <eth:syzkaller0>
[  100.560735][ T7622] tipc: Resetting bearer <eth:syzkaller0>
[  100.578443][ T7622] tipc: Disabling bearer <eth:syzkaller0>
[  100.593290][ T7626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.709'.
[  100.597078][ T7626] netlink: 32 bytes leftover after parsing attributes in process `syz.0.709'.
[  100.616003][ T7626] gretap1: entered promiscuous mode
[  100.668316][ T7630] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) !
[  100.989235][ T7648] syzkaller0: entered promiscuous mode
[  100.990942][ T7648] syzkaller0: entered allmulticast mode
[  102.446104][ T7688] __nla_validate_parse: 1 callbacks suppressed
[  102.446121][ T7688] netlink: 48 bytes leftover after parsing attributes in process `syz.0.735'.
[  102.455241][ T7688] netlink: 48 bytes leftover after parsing attributes in process `syz.0.735'.
[  102.466620][ T7688] netlink: 20 bytes leftover after parsing attributes in process `syz.0.735'.
[  103.110182][ T7755] netlink: 24 bytes leftover after parsing attributes in process `syz.2.766'.
[  103.142082][ T7755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.766'.
[  103.233713][ T7760] netlink: 256 bytes leftover after parsing attributes in process `syz.2.768'.
[  103.237960][ T7760] netlink: 48 bytes leftover after parsing attributes in process `syz.2.768'.
[  103.306043][ T7764] ==================================================================
[  103.309219][ T7764] BUG: KASAN: slab-use-after-free in __xfrm_state_insert+0x8af/0x1450
[  103.312407][ T7764] Read of size 1 at addr ffff888026ee4330 by task syz.1.770/7764
[  103.316601][ T7764] 
[  103.317637][ T7764] CPU: 1 UID: 0 PID: 7764 Comm: syz.1.770 Not tainted syzkaller #0 PREEMPT(full) 
[  103.317658][ T7764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  103.317669][ T7764] Call Trace:
[  103.317677][ T7764]  <TASK>
[  103.317685][ T7764]  dump_stack_lvl+0x189/0x250
[  103.317717][ T7764]  ? __virt_addr_valid+0x1c8/0x5c0
[  103.317737][ T7764]  ? rcu_is_watching+0x15/0xb0
[  103.317753][ T7764]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.317769][ T7764]  ? rcu_is_watching+0x15/0xb0
[  103.317783][ T7764]  ? lock_release+0x4b/0x3e0
[  103.317803][ T7764]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  103.317825][ T7764]  ? __virt_addr_valid+0x1c8/0x5c0
[  103.317841][ T7764]  ? __virt_addr_valid+0x4a5/0x5c0
[  103.317859][ T7764]  print_report+0xca/0x240
[  103.317903][ T7764]  ? __xfrm_state_insert+0x8af/0x1450
[  103.317924][ T7764]  kasan_report+0x118/0x150
[  103.317946][ T7764]  ? __xfrm_state_insert+0x8af/0x1450
[  103.317966][ T7764]  __xfrm_state_insert+0x8af/0x1450
[  103.317989][ T7764]  ? xfrm_state_insert+0x44/0x60
[  103.318009][ T7764]  xfrm_state_insert+0x54/0x60
[  103.318029][ T7764]  ipcomp6_init_state+0x655/0x900
[  103.318051][ T7764]  __xfrm_init_state+0xa76/0x13f0
[  103.318065][ T7764]  ? __xfrm_init_state+0x7ef/0x13f0
[  103.318080][ T7764]  xfrm_add_sa+0x2f5b/0x4070
[  103.318096][ T7764]  ? __pfx_xfrm_add_sa+0x10/0x10
[  103.318107][ T7764]  ? apparmor_capable+0x137/0x1b0
[  103.318126][ T7764]  ? __nla_parse+0x40/0x60
[  103.318141][ T7764]  xfrm_user_rcv_msg+0x7a3/0xab0
[  103.318157][ T7764]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  103.318183][ T7764]  ? __pfx___mutex_trylock_common+0x10/0x10
[  103.318209][ T7764]  ? rcu_is_watching+0x15/0xb0
[  103.318223][ T7764]  ? trace_contention_end+0x39/0x120
[  103.318237][ T7764]  ? __mutex_lock+0x335/0x1350
[  103.318255][ T7764]  netlink_rcv_skb+0x208/0x470
[  103.318273][ T7764]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  103.318287][ T7764]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  103.318308][ T7764]  ? netlink_deliver_tap+0x2e/0x1b0
[  103.318324][ T7764]  ? netlink_deliver_tap+0x2e/0x1b0
[  103.318340][ T7764]  xfrm_netlink_rcv+0x79/0x90
[  103.318353][ T7764]  netlink_unicast+0x82f/0x9e0
[  103.318369][ T7764]  ? __pfx_netlink_unicast+0x10/0x10
[  103.318383][ T7764]  ? netlink_sendmsg+0x642/0xb30
[  103.318398][ T7764]  ? skb_put+0x11b/0x210
[  103.318416][ T7764]  netlink_sendmsg+0x805/0xb30
[  103.318436][ T7764]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.318451][ T7764]  ? aa_sock_msg_perm+0xf1/0x1d0
[  103.318465][ T7764]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  103.318480][ T7764]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.318496][ T7764]  __sock_sendmsg+0x21c/0x270
[  103.318510][ T7764]  ____sys_sendmsg+0x505/0x830
[  103.318530][ T7764]  ? __pfx_____sys_sendmsg+0x10/0x10
[  103.318551][ T7764]  ? import_iovec+0x74/0xa0
[  103.318568][ T7764]  ___sys_sendmsg+0x21f/0x2a0
[  103.318586][ T7764]  ? __pfx____sys_sendmsg+0x10/0x10
[  103.318617][ T7764]  ? __fget_files+0x2a/0x420
[  103.318628][ T7764]  ? __fget_files+0x3a0/0x420
[  103.318643][ T7764]  __x64_sys_sendmsg+0x19b/0x260
[  103.318663][ T7764]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  103.318687][ T7764]  ? do_syscall_64+0xbe/0x3b0
[  103.318704][ T7764]  do_syscall_64+0xfa/0x3b0
[  103.318716][ T7764]  ? lockdep_hardirqs_on+0x9c/0x150
[  103.318731][ T7764]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.318746][ T7764]  ? exc_page_fault+0x9f/0xf0
[  103.318761][ T7764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.318773][ T7764] RIP: 0033:0x7f2a2cb8ec29
[  103.318787][ T7764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.318800][ T7764] RSP: 002b:00007f2a2d981038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.318815][ T7764] RAX: ffffffffffffffda RBX: 00007f2a2cdd5fa0 RCX: 00007f2a2cb8ec29
[  103.318825][ T7764] RDX: 0000000020000000 RSI: 00002000000035c0 RDI: 0000000000000004
[  103.318832][ T7764] RBP: 00007f2a2cc11e41 R08: 0000000000000000 R09: 0000000000000000
[  103.318841][ T7764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.318849][ T7764] R13: 00007f2a2cdd6038 R14: 00007f2a2cdd5fa0 R15: 00007fff3ad099c8
[  103.318866][ T7764]  </TASK>
[  103.318905][ T7764] 
[  103.412136][ T7765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.770'.
[  103.413576][ T7764] Allocated by task 5977:
[  103.413591][ T7764]  kasan_save_track+0x3e/0x80
[  103.413614][ T7764]  __kasan_slab_alloc+0x6c/0x80
[  103.413633][ T7764]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  103.420661][ T7765] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  103.421610][ T7764]  xfrm_state_alloc+0x24/0x2f0
[  103.421639][ T7764]  __find_acq_core+0x8a7/0x1c00
[  103.421656][ T7764]  xfrm_find_acq+0x78/0xa0
[  103.429442][ T7765] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  103.431170][ T7764]  xfrm_alloc_userspi+0x6b3/0xc90
[  103.431201][ T7764]  xfrm_user_rcv_msg+0x7a3/0xab0
[  103.431214][ T7764]  netlink_rcv_skb+0x208/0x470
[  103.506386][ T7764]  xfrm_netlink_rcv+0x79/0x90
[  103.508298][ T7764]  netlink_unicast+0x82f/0x9e0
[  103.510197][ T7764]  netlink_sendmsg+0x805/0xb30
[  103.512101][ T7764]  __sock_sendmsg+0x21c/0x270
[  103.513990][ T7764]  ____sys_sendmsg+0x505/0x830
[  103.516016][ T7764]  ___sys_sendmsg+0x21f/0x2a0
[  103.517985][ T7764]  __x64_sys_sendmsg+0x19b/0x260
[  103.519997][ T7764]  do_syscall_64+0xfa/0x3b0
[  103.521816][ T7764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.524124][ T7764] 
[  103.525075][ T7764] Freed by task 10:
[  103.526571][ T7764]  kasan_save_track+0x3e/0x80
[  103.528456][ T7764]  kasan_save_free_info+0x46/0x50
[  103.530419][ T7764]  __kasan_slab_free+0x5b/0x80
[  103.532339][ T7764]  kmem_cache_free+0x18f/0x400
[  103.534307][ T7764]  xfrm_state_gc_task+0x52d/0x6b0
[  103.536378][ T7764]  process_scheduled_works+0xae1/0x17b0
[  103.538684][ T7764]  worker_thread+0x8a0/0xda0
[  103.540540][ T7764]  kthread+0x711/0x8a0
[  103.542163][ T7764]  ret_from_fork+0x439/0x7d0
[  103.543996][ T7764]  ret_from_fork_asm+0x1a/0x30
[  103.545980][ T7764] 
[  103.546925][ T7764] The buggy address belongs to the object at ffff888026ee4000
[  103.546925][ T7764]  which belongs to the cache xfrm_state of size 928
[  103.552340][ T7764] The buggy address is located 816 bytes inside of
[  103.552340][ T7764]  freed 928-byte region [ffff888026ee4000, ffff888026ee43a0)
[  103.557706][ T7764] 
[  103.558695][ T7764] The buggy address belongs to the physical page:
[  103.561254][ T7764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26ee4
[  103.564724][ T7764] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  103.567995][ T7764] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  103.571135][ T7764] page_type: f5(slab)
[  103.572793][ T7764] raw: 00fff00000000040 ffff88801b329280 dead000000000122 0000000000000000
[  103.576235][ T7764] raw: 0000000000000000 00000000800e000e 00000000f5000000 0000000000000000
[  103.579604][ T7764] head: 00fff00000000040 ffff88801b329280 dead000000000122 0000000000000000
[  103.582896][ T7764] head: 0000000000000000 00000000800e000e 00000000f5000000 0000000000000000
[  103.586312][ T7764] head: 00fff00000000002 ffffea00009bb901 00000000ffffffff 00000000ffffffff
[  103.589616][ T7764] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  103.592924][ T7764] page dumped because: kasan: bad access detected
[  103.595339][ T7764] page_owner tracks the page as allocated
[  103.597514][ T7764] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5977, tgid 5976 (syz.1.26), ts 68783459285, free_ts 68720172205
[  103.604427][ T7764]  post_alloc_hook+0x240/0x2a0
[  103.606325][ T7764]  get_page_from_freelist+0x21e4/0x22c0
[  103.608471][ T7764]  __alloc_frozen_pages_noprof+0x181/0x370
[  103.610702][ T7764]  alloc_pages_mpol+0x232/0x4a0
[  103.612582][ T7764]  allocate_slab+0x8a/0x370
[  103.614387][ T7764]  ___slab_alloc+0xbeb/0x1420
[  103.616296][ T7764]  kmem_cache_alloc_noprof+0x283/0x3c0
[  103.618442][ T7764]  xfrm_state_alloc+0x24/0x2f0
[  103.620352][ T7764]  __find_acq_core+0x8a7/0x1c00
[  103.622236][ T7764]  xfrm_find_acq+0x78/0xa0
[  103.623952][ T7764]  xfrm_alloc_userspi+0x6b3/0xc90
[  103.625912][ T7764]  xfrm_user_rcv_msg+0x7a3/0xab0
[  103.627807][ T7764]  netlink_rcv_skb+0x208/0x470
[  103.629808][ T7764]  xfrm_netlink_rcv+0x79/0x90
[  103.631716][ T7764]  netlink_unicast+0x82f/0x9e0
[  103.633532][ T7764]  netlink_sendmsg+0x805/0xb30
[  103.635405][ T7764] page last free pid 5970 tgid 5967 stack trace:
[  103.637796][ T7764]  __free_frozen_pages+0xbc4/0xd30
[  103.639788][ T7764]  stack_depot_save_flags+0x436/0x860
[  103.641868][ T7764]  kasan_save_track+0x4f/0x80
[  103.643685][ T7764]  __kasan_slab_alloc+0x6c/0x80
[  103.645661][ T7764]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  103.647983][ T7764]  __d_alloc+0x36/0x7a0
[  103.649670][ T7764]  d_alloc_parallel+0xe5/0x15e0
[  103.651616][ T7764]  __lookup_slow+0x116/0x3d0
[  103.653539][ T7764]  simple_start_creating+0xfd/0x1e0
[  103.655538][ T7764]  start_creating+0x10f/0x180
[  103.657416][ T7764]  debugfs_create_dir+0x28/0x420
[  103.659397][ T7764]  blk_mq_debugfs_register_rqos+0x27e/0x3f0
[  103.661803][ T7764]  rq_qos_add+0x30d/0x410
[  103.663615][ T7764]  wbt_init+0x3ac/0x500
[  103.665287][ T7764]  blk_register_queue+0x36a/0x3f0
[  103.667328][ T7764]  __add_disk+0x677/0xd50
[  103.669075][ T7764] 
[  103.670031][ T7764] Memory state around the buggy address:
[  103.672180][ T7764]  ffff888026ee4200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.674814][ T7764]  ffff888026ee4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.677633][ T7764] >ffff888026ee4300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  103.680528][ T7764]                                      ^
[  103.682588][ T7764]  ffff888026ee4380: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  103.685765][ T7764]  ffff888026ee4400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  103.688829][ T7764] ==================================================================
[  103.692067][ T7764] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  103.694282][ T7764] CPU: 1 UID: 0 PID: 7764 Comm: syz.1.770 Not tainted syzkaller #0 PREEMPT(full) 
[  103.697761][ T7764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  103.701742][ T7764] Call Trace:
[  103.703215][ T7764]  <TASK>
[  103.704480][ T7764]  dump_stack_lvl+0x99/0x250
[  103.706354][ T7764]  ? __asan_memcpy+0x40/0x70
[  103.708257][ T7764]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.710252][ T7764]  ? __pfx__printk+0x10/0x10
[  103.712093][ T7764]  vpanic+0x281/0x750
[  103.713670][ T7764]  ? __pfx_vpanic+0x10/0x10
[  103.715453][ T7764]  ? irqentry_exit+0x74/0x90
[  103.717255][ T7764]  panic+0xb9/0xc0
[  103.718739][ T7764]  ? __pfx_panic+0x10/0x10
[  103.720440][ T7764]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  103.722718][ T7764]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  103.725092][ T7764]  ? is_module_address+0x17/0xf0
[  103.727151][ T7764]  ? __xfrm_state_insert+0x8af/0x1450
[  103.729408][ T7764]  check_panic_on_warn+0x89/0xb0
[  103.731459][ T7764]  ? __xfrm_state_insert+0x8af/0x1450
[  103.733599][ T7764]  end_report+0x78/0x160
[  103.735364][ T7764]  kasan_report+0x129/0x150
[  103.737224][ T7764]  ? __xfrm_state_insert+0x8af/0x1450
[  103.739328][ T7764]  __xfrm_state_insert+0x8af/0x1450
[  103.741451][ T7764]  ? xfrm_state_insert+0x44/0x60
[  103.743523][ T7764]  xfrm_state_insert+0x54/0x60
[  103.745484][ T7764]  ipcomp6_init_state+0x655/0x900
[  103.747494][ T7764]  __xfrm_init_state+0xa76/0x13f0
[  103.749469][ T7764]  ? __xfrm_init_state+0x7ef/0x13f0
[  103.751517][ T7764]  xfrm_add_sa+0x2f5b/0x4070
[  103.753357][ T7764]  ? __pfx_xfrm_add_sa+0x10/0x10
[  103.755276][ T7764]  ? apparmor_capable+0x137/0x1b0
[  103.757300][ T7764]  ? __nla_parse+0x40/0x60
[  103.759103][ T7764]  xfrm_user_rcv_msg+0x7a3/0xab0
[  103.761060][ T7764]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  103.763238][ T7764]  ? __pfx___mutex_trylock_common+0x10/0x10
[  103.765641][ T7764]  ? rcu_is_watching+0x15/0xb0
[  103.767573][ T7764]  ? trace_contention_end+0x39/0x120
[  103.769715][ T7764]  ? __mutex_lock+0x335/0x1350
[  103.771603][ T7764]  netlink_rcv_skb+0x208/0x470
[  103.773490][ T7764]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  103.775561][ T7764]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  103.777602][ T7764]  ? netlink_deliver_tap+0x2e/0x1b0
[  103.779597][ T7764]  ? netlink_deliver_tap+0x2e/0x1b0
[  103.781648][ T7764]  xfrm_netlink_rcv+0x79/0x90
[  103.783532][ T7764]  netlink_unicast+0x82f/0x9e0
[  103.785392][ T7764]  ? __pfx_netlink_unicast+0x10/0x10
[  103.787450][ T7764]  ? netlink_sendmsg+0x642/0xb30
[  103.789429][ T7764]  ? skb_put+0x11b/0x210
[  103.791094][ T7764]  netlink_sendmsg+0x805/0xb30
[  103.792970][ T7764]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.795060][ T7764]  ? aa_sock_msg_perm+0xf1/0x1d0
[  103.797144][ T7764]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  103.799336][ T7764]  ? __pfx_netlink_sendmsg+0x10/0x10
[  103.801537][ T7764]  __sock_sendmsg+0x21c/0x270
[  103.803488][ T7764]  ____sys_sendmsg+0x505/0x830
[  103.805438][ T7764]  ? __pfx_____sys_sendmsg+0x10/0x10
[  103.807507][ T7764]  ? import_iovec+0x74/0xa0
[  103.809277][ T7764]  ___sys_sendmsg+0x21f/0x2a0
[  103.811149][ T7764]  ? __pfx____sys_sendmsg+0x10/0x10
[  103.813282][ T7764]  ? __fget_files+0x2a/0x420
[  103.815164][ T7764]  ? __fget_files+0x3a0/0x420
[  103.817132][ T7764]  __x64_sys_sendmsg+0x19b/0x260
[  103.819145][ T7764]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  103.821335][ T7764]  ? do_syscall_64+0xbe/0x3b0
[  103.823291][ T7764]  do_syscall_64+0xfa/0x3b0
[  103.825129][ T7764]  ? lockdep_hardirqs_on+0x9c/0x150
[  103.827166][ T7764]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.829584][ T7764]  ? exc_page_fault+0x9f/0xf0
[  103.831477][ T7764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.833936][ T7764] RIP: 0033:0x7f2a2cb8ec29
[  103.835739][ T7764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.843474][ T7764] RSP: 002b:00007f2a2d981038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  103.846852][ T7764] RAX: ffffffffffffffda RBX: 00007f2a2cdd5fa0 RCX: 00007f2a2cb8ec29
[  103.850173][ T7764] RDX: 0000000020000000 RSI: 00002000000035c0 RDI: 0000000000000004
[  103.853196][ T7764] RBP: 00007f2a2cc11e41 R08: 0000000000000000 R09: 0000000000000000
[  103.856303][ T7764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  103.859411][ T7764] R13: 00007f2a2cdd6038 R14: 00007f2a2cdd5fa0 R15: 00007fff3ad099c8
[  103.862514][ T7764]  </TASK>
[  103.864506][ T7764] Kernel Offset: disabled
[  103.866260][ T7764] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:44:22  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000020007 RBX=0000000000000003 RCX=ffffffff93499888 RDX=0000000000000000
RSI=0000000000000000 RDI=ffff888109880000 RBP=0000000000000007 RSP=ffffc90006b272d0
R8 =0000000000000000 R9 =ffffffff89edb94d R10=0000000000000003 R11=0000000000000002
R12=0000000000020000 R13=0000000000000000 R14=ffff888109880b18 R15=ffff888109880af0
RIP=ffffffff819d6538 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f67f5de86c0 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000020000000b038 CR3=00000000308b0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f2f491a7498 00007f2f491a7470 XMM03=00007f2f491a74a8 00007f2f491a74a0
XMM04=00007f2f49d0d100 00007f2f491a7460 XMM05=00007f2f491a7478 00007f2f491a74c0
XMM06=00007f2f491a74b8 00007f2f491a74b0 XMM07=00007f2f491a74a8 00007f2f491a74a0
XMM08=0000000000000000 00007f2f49012f0f XMM09=0000000000000000 00007f2f49012fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002e RBX=000000000000002e RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000015f2 RDI=00000000000015f3 RBP=00000000000003f8 RSP=ffffc90006c169f0
R8 =ffff88801fde0237 R9 =1ffff11003fbc046 R10=dffffc0000000000 R11=ffffffff854fac30
R12=dffffc0000000000 R13=ffffffff99b0290d R14=ffffffff99df7480 R15=0000000000000000
RIP=ffffffff854facac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f2a2d9816c0 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f2a2d980fc8 CR3=00000000271f4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f2a2cda7498 00007f2a2cda7470 XMM03=00007f2a2cda74a8 00007f2a2cda74a0
XMM04=00007f2a2d90d100 00007f2a2cda7460 XMM05=00007f2a2cda7478 00007f2a2cda74c0
XMM06=00007f2a2cda74b8 00007f2a2cda74b0 XMM07=00007f2a2cda74a8 00007f2a2cda74a0
XMM08=0000000000000000 00007f2a2cc12f0f XMM09=0000000000000000 00007f2a2cc12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
