last executing test programs:

2.013102115s ago: executing program 1 (id=1725):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xf)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000380)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c)
epoll_create1(0x0)
epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket(0x40000000015, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x7dc48146, 0x7fffffff, 0x5539e0cf}, 0x0, 0x0)
setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8)

1.373428685s ago: executing program 0 (id=1744):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000001900000095"], &(0x7f0000000140)='syzkaller\x00'}, 0x94)

1.373017056s ago: executing program 0 (id=1746):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000000000000000000000000008500000061000000850000005000000095"], &(0x7f00000006c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e02742e8680d85cc970c2d2ffd35", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

1.372897015s ago: executing program 2 (id=1747):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @private2}, 0x1c)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x1}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8)

1.310165788s ago: executing program 2 (id=1748):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xd, 0x12, 0xffffffffffffffff, 0x1f4d2000)
r1 = syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x1840}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x3}, @IFLA_BR_AGEING_TIME={0x8}]}}}]}, 0x44}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x4, 0x70bd2a, 0x25dfdbff, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x48805}, 0x8800)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000580)={0xda6a, 0x850, 0x4, 0x10, 0x4, 0x0, [{0x8, 0xffffffffffffffff, 0xf4c}, {0x4, 0xf0, 0x6d4f8409, '\x00', 0x700}, {0x7, 0x9, 0x4, '\x00', 0x88}, {0x600000000, 0xfffffffffffffff8, 0x1, '\x00', 0x2000}]})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000551000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f00009c5000/0x4000)=nil, 0x4000, 0x3, 0x28012, r5, 0x0)
mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r5, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a14000000020aff0100000000000000000200000114000000110001"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x4c, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x800}, @nested={0x35, 0x11, 0x0, 0x1, [@generic="9e15c00619065e963eba3ef94d765eb501e2e4bea6b8d14b16632741a5bb965fe09b7844e4b103706a1038bc955454ed2f"]}]}, 0x4c}], 0x1}, 0x300)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x810}, 0x20004000)

1.13669464s ago: executing program 1 (id=1749):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x44, 0x1e, 0xa, 0x205, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x10, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xc8}}, 0x0)

485.553779ms ago: executing program 0 (id=1750):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x44, 0x1, 0x1, 0x301, 0x0, 0x0, {0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x4ad}]}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x17}}, {0x8, 0x2, @private=0xa010102}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

485.261646ms ago: executing program 1 (id=1751):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
setsockopt$ax25_int(r0, 0x101, 0x9, &(0x7f0000000000)=0x8000ac0f, 0x4)

485.010008ms ago: executing program 0 (id=1752):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)

481.401834ms ago: executing program 1 (id=1753):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50)
close(0x3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbf6, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xffff}}}, 0x24}}, 0x40804)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0xf, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x9}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x4}, 0x94)

434.139032ms ago: executing program 2 (id=1754):
r0 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r0, 0x0, 0x0)
r1 = socket$pptp(0x18, 0x1, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x74}}, 0x0)
bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)
connect$pptp(r0, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x2300, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x0, 0x0}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={r6, @in6={{0xa, 0x3, 0x4, @mcast1}}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10)
unshare(0x400)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000340)=0x1)

430.049276ms ago: executing program 0 (id=1755):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r4}, 0x10)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r8, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20)
sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3)
r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32=r10, @ANYRES32=r9, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r10}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r11 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r11, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r11, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10)
sendmmsg$inet(r11, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x238}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001080)=ANY=[@ANYBLOB="3800000018000100000000000000000002009000fc00000900000000060015000200000014001680100008800c00018006"], 0x38}}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

353.451438ms ago: executing program 2 (id=1756):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="18000000700001000000000000000000070000002843"], 0x18}}, 0x0)

352.984087ms ago: executing program 1 (id=1757):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb6", 0x408}], 0x1}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0x806000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x60, &(0x7f0000000240)={0x0, 0x989680})

306.180975ms ago: executing program 2 (id=1758):
syz_emit_ethernet(0x5a, &(0x7f0000000100)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x4c, 0x0, 0x0, 0x3, 0x6, 0x0, @private=0xa010100, @dev}, {{0x4e22, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x3, {[@md5sig={0x13, 0x12, "041db72e5bcf981d4aa90f67d68c0c0c"}, @md5sig={0x13, 0x12, "0cd80e00"}]}}}}}}}, 0x0)

156.291979ms ago: executing program 2 (id=1759):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x700, 0x0, [@sadb_key={0x5, 0x9, 0xe0, 0x0, "01d78771b90bd8a3b4914783c58777003d5b9538a9d03e6e9bfdac55"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x3, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x78}, 0x1, 0x7}, 0x10)

74.513697ms ago: executing program 1 (id=1760):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x7, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50)
r1 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r1, 0x1, 0x53, &(0x7f0000000240)={0x8, 0x7, 0x0, 'syz2\x00'}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r3=>0x0})
r4 = socket(0x10, 0x80002, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket(0x1e, 0x4, 0x0)
connect$tipc(r6, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r6, &(0x7f0000004400), 0x400000000000203, 0x0)
getsockopt$TIPC_IMPORTANCE(r6, 0x10f, 0x89, &(0x7f0000000680), 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000918000440000000000900010073797a30000000000800034000000001140000001100010000000000000000000000000a00"/100], 0x64}}, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x0, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r8], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
setsockopt$sock_int(r7, 0x1, 0x3e, &(0x7f00000000c0)=0x7976, 0x4)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004)
recvmmsg(r9, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x10003}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)=""/180, 0xb4}, {&(0x7f0000002900)=""/4114, 0x1012}, {&(0x7f00000017c0)=""/220, 0xdc}, {&(0x7f0000000f40)=""/218, 0xda}, {&(0x7f00000005c0)=""/146, 0x92}, {&(0x7f00000008c0)=""/234, 0xea}], 0x6}, 0x80000002}], 0x4, 0x0, 0x0)
bind$llc(r7, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x4, 0x1, 0x0, @local}, 0x10)
r10 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FD_FRAMES(r10, 0x65, 0x8, &(0x7f00000000c0), &(0x7f0000002140)=0x4)
ppoll(&(0x7f0000000280)=[{r4}, {r5, 0xc009}, {r1, 0x208}, {r4, 0x20}, {r7, 0x2}, {r10, 0xc0}, {r1, 0x112}, {r4, 0x20}, {r2}], 0x9, &(0x7f0000000040)={0x77359400}, &(0x7f00000000c0)={[0xd7]}, 0x8)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)

0s ago: executing program 0 (id=1761):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:50057' (ED25519) to the list of known hosts.
syzkaller login: [   48.763650][ T5775] cgroup: Unknown subsys name 'net'
[   48.893487][ T5775] cgroup: Unknown subsys name 'cpuset'
[   48.897993][ T5775] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.455862][ T5775] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   60.312925][ T5865] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   60.335286][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.337835][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.354539][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.358128][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.740912][ T5235] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   61.743857][ T5235] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   61.746729][ T5235] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   61.749644][ T5235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   61.755337][ T5235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   61.757825][ T5235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   61.761006][ T5235] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   61.764161][ T5235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   61.785839][ T5884] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   61.789209][ T5884] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   61.825894][ T5884] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   61.830210][ T5884] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   61.836510][ T5884] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   61.840186][ T5884] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   61.845423][ T5884] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   61.973977][ T5883] chnl_net:caif_netlink_parms(): no params data found
[   62.091584][ T5888] chnl_net:caif_netlink_parms(): no params data found
[   62.114020][ T5883] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.116968][ T5883] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.119703][ T5883] bridge_slave_0: entered allmulticast mode
[   62.132376][ T5883] bridge_slave_0: entered promiscuous mode
[   62.138606][ T5883] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.141949][ T5883] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.144539][ T5883] bridge_slave_1: entered allmulticast mode
[   62.147078][ T5883] bridge_slave_1: entered promiscuous mode
[   62.189117][ T5880] chnl_net:caif_netlink_parms(): no params data found
[   62.209105][ T5883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.215128][ T5883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.224787][ T5888] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.227733][ T5888] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.233591][ T5888] bridge_slave_0: entered allmulticast mode
[   62.236394][ T5888] bridge_slave_0: entered promiscuous mode
[   62.256095][ T5883] team0: Port device team_slave_0 added
[   62.260134][ T5883] team0: Port device team_slave_1 added
[   62.263765][ T5888] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.266812][ T5888] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.269716][ T5888] bridge_slave_1: entered allmulticast mode
[   62.274443][ T5888] bridge_slave_1: entered promiscuous mode
[   62.328284][ T5888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.337415][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.341358][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.351948][ T5883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.358026][ T5888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.373444][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.375987][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.386763][ T5883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.411034][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.413502][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.416129][ T5880] bridge_slave_0: entered allmulticast mode
[   62.419172][ T5880] bridge_slave_0: entered promiscuous mode
[   62.423545][ T5888] team0: Port device team_slave_0 added
[   62.426051][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.428682][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.431584][ T5880] bridge_slave_1: entered allmulticast mode
[   62.434778][ T5880] bridge_slave_1: entered promiscuous mode
[   62.439529][ T5888] team0: Port device team_slave_1 added
[   62.477798][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   62.498848][ T5883] hsr_slave_0: entered promiscuous mode
[   62.502367][ T5883] hsr_slave_1: entered promiscuous mode
[   62.507298][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   62.519858][ T5888] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.523290][ T5888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.534910][ T5888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.547714][ T5888] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.551296][ T5888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.561689][ T5888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.568776][ T5880] team0: Port device team_slave_0 added
[   62.590916][ T5880] team0: Port device team_slave_1 added
[   62.640984][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0
[   62.643866][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.654995][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   62.666493][ T5888] hsr_slave_0: entered promiscuous mode
[   62.669531][ T5888] hsr_slave_1: entered promiscuous mode
[   62.672515][ T5888] debugfs: 'hsr0' already exists in 'hsr'
[   62.674516][ T5888] Cannot create hsr debugfs directory
[   62.677309][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1
[   62.680003][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   62.690810][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   62.761678][ T5880] hsr_slave_0: entered promiscuous mode
[   62.764814][ T5880] hsr_slave_1: entered promiscuous mode
[   62.767722][ T5880] debugfs: 'hsr0' already exists in 'hsr'
[   62.770100][ T5880] Cannot create hsr debugfs directory
[   62.873249][ T5883] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   62.884246][ T5883] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   62.901887][ T5883] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   62.916797][ T5883] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   62.947545][ T5888] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   62.972087][ T5888] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   62.981351][ T5888] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   62.991252][ T5888] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   63.007866][ T5880] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   63.017974][ T5880] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   63.025586][ T5880] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   63.032233][ T5880] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   63.114308][ T5883] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.142343][ T5888] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.146648][ T5883] 8021q: adding VLAN 0 to HW filter on device team0
[   63.161576][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.164097][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.173625][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0
[   63.183130][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.186185][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.197230][ T5888] 8021q: adding VLAN 0 to HW filter on device team0
[   63.208991][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.212386][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.223980][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.226881][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.238268][ T5880] 8021q: adding VLAN 0 to HW filter on device team0
[   63.251413][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.253955][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.274086][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.277173][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.438485][ T5883] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.496097][ T5888] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.507686][ T5883] veth0_vlan: entered promiscuous mode
[   63.546973][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.553202][ T5883] veth1_vlan: entered promiscuous mode
[   63.589681][ T5888] veth0_vlan: entered promiscuous mode
[   63.605322][ T5883] veth0_macvtap: entered promiscuous mode
[   63.614992][ T5883] veth1_macvtap: entered promiscuous mode
[   63.626918][ T5888] veth1_vlan: entered promiscuous mode
[   63.645005][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.649838][ T5880] veth0_vlan: entered promiscuous mode
[   63.657983][ T5880] veth1_vlan: entered promiscuous mode
[   63.666030][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.685457][ T5890] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.690185][ T5890] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.694707][ T5890] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.706292][ T5890] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.724641][ T5888] veth0_macvtap: entered promiscuous mode
[   63.734601][ T5888] veth1_macvtap: entered promiscuous mode
[   63.767486][ T5880] veth0_macvtap: entered promiscuous mode
[   63.774398][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.774618][ T5880] veth1_macvtap: entered promiscuous mode
[   63.777489][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.793439][ T5888] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.809696][ T5888] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.815865][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.822544][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.827277][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.833736][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.837619][ T5675] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.840992][   T54] Bluetooth: hci1: command tx timeout
[   63.841583][ T5884] Bluetooth: hci0: command tx timeout
[   63.846620][ T5675] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.863760][ T5675] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.868389][ T5675] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.902888][ T5675] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.912372][ T5675] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.915750][ T5675] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.919421][ T5675] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.923858][ T5884] Bluetooth: hci2: command tx timeout
[   63.965829][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.971916][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.017847][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.024948][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.054668][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.057931][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.091890][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.094934][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.555911][ T5993] netlink: 'syz.2.38': attribute type 1 has an invalid length.
[   64.630806][ T5999] Driver unsupported XDP return value 0 on prog  (id 9) dev N/A, expect packet loss!
[   64.906428][ T6021] warning: `syz.0.50' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   65.171633][ T6043] syzkaller1: entered promiscuous mode
[   65.174110][ T6043] syzkaller1: entered allmulticast mode
[   65.684037][ T6080] netlink: 'syz.2.79': attribute type 3 has an invalid length.
[   65.712644][ T6082] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   65.866641][ T6099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.87'.
[   65.869871][ T6099] veth0_to_batadv: entered promiscuous mode
[   65.872498][ T6099] veth0_to_batadv: entered allmulticast mode
[   65.920883][ T5884] Bluetooth: hci1: command tx timeout
[   65.930622][ T5884] Bluetooth: hci0: command tx timeout
[   65.998906][ T6111] netlink: 24 bytes leftover after parsing attributes in process `syz.1.93'.
[   66.003882][ T5884] Bluetooth: hci2: command tx timeout
[   66.038322][ T6111] netlink: 'syz.1.93': attribute type 10 has an invalid length.
[   66.046863][ T6111] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   66.123233][ T6121] netlink: 'syz.2.97': attribute type 4 has an invalid length.
[   66.130066][ T6123] Zero length message leads to an empty skb
[   66.344465][ T6140] netlink: 8 bytes leftover after parsing attributes in process `syz.2.106'.
[   66.527009][ T6150] Bluetooth: MGMT ver 1.23
[   66.776564][ T6169] netlink: 12 bytes leftover after parsing attributes in process `syz.1.120'.
[   67.086185][ T5929] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   67.089360][ T5929] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   67.111049][ T5929] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   67.121048][ T5929] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   67.939894][ T6208] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.948204][ T6208] bond0: (slave rose0): Enslaving as an active interface with an up link
[   67.957387][   T10] cfg80211: failed to load regulatory.db
[   68.002408][ T6226] netlink: 16 bytes leftover after parsing attributes in process `syz.0.142'.
[   68.003367][ T5884] Bluetooth: hci0: command tx timeout
[   68.007890][   T54] Bluetooth: hci1: command tx timeout
[   68.081981][ T5884] Bluetooth: hci2: command tx timeout
[   68.157380][ T6243] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.160264][ T6243] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.237684][ T6243] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   68.245163][ T6243] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   68.298990][ T6254] team0: No ports can be present during mode change
[   68.314138][ T5675] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.325456][ T5675] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.333168][ T5675] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.336667][ T5675] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   68.371718][ T6257] netlink: 'syz.1.152': attribute type 3 has an invalid length.
[   68.375131][ T6257] netlink: 'syz.1.152': attribute type 3 has an invalid length.
[   68.389163][ T6243] syz.2.147 (6243) used greatest stack depth: 20080 bytes left
[   68.459319][ T6265] netlink: 'syz.2.156': attribute type 10 has an invalid length.
[   68.466160][ T6265] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   68.473284][ T6265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.156'.
[   68.477030][ T6265] bridge_slave_1: left allmulticast mode
[   68.480080][ T6265] bridge_slave_1: left promiscuous mode
[   68.484176][ T6265] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.495461][ T6265] bridge_slave_0: left allmulticast mode
[   68.500164][ T6265] bridge_slave_0: left promiscuous mode
[   68.505539][ T6265] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.515854][ T6265] bond0: (slave bridge0): Releasing backup interface
[   68.684389][ T6281] netlink: 'syz.1.163': attribute type 30 has an invalid length.
[   69.060021][ T6310] netlink: 'syz.1.177': attribute type 4 has an invalid length.
[   69.253786][ T6319] sctp: [Deprecated]: syz.1.181 (pid 6319) Use of int in maxseg socket option.
[   69.253786][ T6319] Use struct sctp_assoc_value instead
[   69.278920][ T6321] netlink: 12 bytes leftover after parsing attributes in process `syz.1.182'.
[   69.283625][ T6321] nbd: couldn't find a device at index 65546
[   69.417590][ T6325] netlink: 'syz.1.184': attribute type 1 has an invalid length.
[   69.422350][ T6325] netlink: 172 bytes leftover after parsing attributes in process `syz.1.184'.
[   69.538136][ T6336] netlink: 104 bytes leftover after parsing attributes in process `syz.1.188'.
[   69.593405][ T6340] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[   70.069781][ T6385] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   70.080577][   T54] Bluetooth: hci1: command tx timeout
[   70.082786][ T5884] Bluetooth: hci0: command tx timeout
[   70.160874][ T5884] Bluetooth: hci2: command tx timeout
[   70.731605][ T6417] netlink: 12 bytes leftover after parsing attributes in process `syz.1.225'.
[   70.808279][ T6424] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[   70.812482][ T6424] team0: Device ipvlan2 is already an upper device of the team interface
[   71.193928][ T6449] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   71.274973][ T6455] syz.1.242 uses obsolete (PF_INET,SOCK_PACKET)
[   71.618448][ T6467] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   71.748398][ T6482] netlink: 'syz.0.254': attribute type 1 has an invalid length.
[   71.788205][ T6482] bond1: (slave veth3): Enslaving as an active interface with a down link
[   71.794988][ T6482] __nla_validate_parse: 2 callbacks suppressed
[   71.795011][ T6482] netlink: 28 bytes leftover after parsing attributes in process `syz.0.254'.
[   71.804957][ T6482] 8021q: adding VLAN 0 to HW filter on device bond1
[   72.512613][ T6516] netlink: 20 bytes leftover after parsing attributes in process `syz.1.267'.
[   72.767805][ T6529] netlink: 'syz.1.272': attribute type 2 has an invalid length.
[   72.772500][ T6529] netlink: 16 bytes leftover after parsing attributes in process `syz.1.272'.
[   72.838600][ T6535] netlink: 24 bytes leftover after parsing attributes in process `syz.2.276'.
[   72.867376][ T6535] netlink: 'syz.2.276': attribute type 10 has an invalid length.
[   72.872081][ T6535] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   73.584586][ T6597] netlink: 8 bytes leftover after parsing attributes in process `syz.2.301'.
[   73.646921][ T6603] netlink: 12 bytes leftover after parsing attributes in process `syz.1.303'.
[   73.655914][ T6603] netlink: 48 bytes leftover after parsing attributes in process `syz.1.303'.
[   74.763906][ T6697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.346'.
[   74.813197][ T6702] netlink: 12 bytes leftover after parsing attributes in process `syz.2.348'.
[   74.836421][ T6706] netlink: 'syz.1.350': attribute type 12 has an invalid length.
[   74.839363][ T6706] netlink: 'syz.1.350': attribute type 29 has an invalid length.
[   74.843657][ T6706] netlink: 148 bytes leftover after parsing attributes in process `syz.1.350'.
[   74.848496][ T6706] netlink: 'syz.1.350': attribute type 12 has an invalid length.
[   74.852837][ T6706] netlink: 'syz.1.350': attribute type 29 has an invalid length.
[   74.906610][ T6712] netlink: 'syz.0.352': attribute type 10 has an invalid length.
[   74.912905][ T6712] macvlan0: entered promiscuous mode
[   74.931349][ T6712] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[   75.456378][ T6774] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   75.551340][ T6782] netlink: 'syz.0.385': attribute type 1 has an invalid length.
[   75.576948][ T6782] 8021q: adding VLAN 0 to HW filter on device bond3
[   75.582054][ T6782] bond2: (slave bond3): making interface the new active one
[   75.585823][ T6782] bond2: (slave bond3): Enslaving as an active interface with an up link
[   75.597497][ T6782] bond2: (slave gretap1): Enslaving as a backup interface with an up link
[   75.604393][ T6782] 8021q: adding VLAN 0 to HW filter on device bond2
[   76.142079][ T6822] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.145360][ T6822] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.533851][ T6838] netlink: 'syz.0.405': attribute type 2 has an invalid length.
[   76.574093][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   76.577164][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   76.874115][ T6864] netlink: 'syz.0.414': attribute type 1 has an invalid length.
[   76.877630][ T6864] __nla_validate_parse: 10 callbacks suppressed
[   76.877644][ T6864] netlink: 92 bytes leftover after parsing attributes in process `syz.0.414'.
[   76.928923][ T6866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.415'.
[   76.952125][ T6868] netlink: 'syz.0.416': attribute type 16 has an invalid length.
[   76.955400][ T6868] netlink: 'syz.0.416': attribute type 17 has an invalid length.
[   77.059905][ T6876] IPv6: NLM_F_REPLACE set, but no existing node found!
[   77.068143][ T6868] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.071505][ T6868] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.170890][ T6868] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   77.177294][ T6868] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   77.221852][ T6883] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[   77.249855][ T6874] netlink: 4 bytes leftover after parsing attributes in process `syz.0.416'.
[   77.256717][ T5929] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.263023][ T5929] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.290663][ T5929] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.295062][ T5929] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   77.856845][ T6942] tipc: Started in network mode
[   77.859043][ T6942] tipc: Node identity ac14140f, cluster identity 4711
[   77.863843][ T6942] tipc: New replicast peer: 255.255.255.255
[   77.866273][ T6942] tipc: Enabled bearer <udp:syz2>, priority 10
[   78.626771][ T6991] bond0: (slave netdevsim0): Releasing backup interface
[   78.981508][ T5946] tipc: Node number set to 2886997007
[   79.384183][ T7021] netlink: 16 bytes leftover after parsing attributes in process `syz.1.481'.
[   79.520229][ T7029] netlink: 28 bytes leftover after parsing attributes in process `syz.2.484'.
[   81.746205][ T7111] geneve2: entered promiscuous mode
[   81.748411][ T7111] geneve2: entered allmulticast mode
[   81.755213][ T5929] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 60868 - 0
[   81.768574][ T5929] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 39917 - 0
[   81.776292][ T5929] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 60868 - 0
[   81.779677][ T5929] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 39917 - 0
[   81.790250][ T5929] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 60868 - 0
[   81.797633][ T5929] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 39917 - 0
[   81.801692][ T5929] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 60868 - 0
[   81.804971][ T5929] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 39917 - 0
[   82.106157][ T7140] netlink: 'syz.0.534': attribute type 10 has an invalid length.
[   82.462157][ T7166] netlink: 'syz.0.547': attribute type 303 has an invalid length.
[   82.466440][ T7166] netlink: 8 bytes leftover after parsing attributes in process `syz.0.547'.
[   82.471740][ T7166] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   82.476237][ T7166] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   82.496480][ T7182] netlink: 'syz.1.555': attribute type 4 has an invalid length.
[   82.571761][ T7182] netlink: 24 bytes leftover after parsing attributes in process `syz.1.555'.
[   83.698080][ T7244] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   83.824136][ T7259] netlink: 'syz.1.591': attribute type 10 has an invalid length.
[   83.836208][ T7259] macvlan1: entered allmulticast mode
[   83.846356][ T7259] veth1_vlan: entered allmulticast mode
[   83.854740][ T7259] team0: Device macvlan1 is up. Set it down before adding it as a team port
[   84.093709][ T7283] netlink: 24 bytes leftover after parsing attributes in process `syz.2.603'.
[   84.096954][ T7279] syzkaller1: entered promiscuous mode
[   84.098992][ T7279] syzkaller1: entered allmulticast mode
[   84.369755][ T7308] bridge: RTM_NEWNEIGH with invalid ether address
[   84.375404][ T7307] tun0: tun_chr_ioctl cmd 1074025681
[   84.475144][ T7321] ip6gretap1: entered allmulticast mode
[   84.576203][ T7337] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.625'.
[   84.624205][ T5929] nci: nci_add_new_protocol: the target found does not have the desired protocol
[   84.653311][ T7347] C: renamed from lo
[   84.657154][ T7347] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   85.162174][ T7378] openvswitch: netlink: IP tunnel TTL not specified.
[   85.789430][ T7419] netlink: 'syz.1.660': attribute type 1 has an invalid length.
[   85.809677][ T7419] netlink: 208 bytes leftover after parsing attributes in process `syz.1.660'.
[   85.815122][ T7419] netlink: 'syz.1.660': attribute type 1 has an invalid length.
[   85.818471][ T7417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.659'.
[   85.822666][ T7419] netlink: 'syz.1.660': attribute type 2 has an invalid length.
[   86.119761][ T7448] netlink: 104 bytes leftover after parsing attributes in process `syz.0.674'.
[   86.320453][ T7465] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   86.324411][ T7465] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.375251][ T7465] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   86.379807][ T7465] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.390289][ T7474] netlink: 'syz.2.686': attribute type 10 has an invalid length.
[   86.394868][ T7474] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[   86.443894][ T7465] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   86.447617][ T7465] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.503054][ T7465] bond0: (slave netdevsim0): Releasing backup interface
[   86.509930][ T7465] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[   86.515470][ T7465] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.589565][ T5890] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[   86.593189][ T5890] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.603507][ T5929] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[   86.607297][ T5929] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.622700][ T5890] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[   86.626123][ T5890] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.643023][ T5890] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[   86.650065][ T5890] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.697733][ T7482] netlink: 260 bytes leftover after parsing attributes in process `syz.0.689'.
[   86.706051][ T7482] netlink: 260 bytes leftover after parsing attributes in process `syz.0.689'.
[   86.950515][ T7503] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[   87.265268][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.708'.
[   87.269074][ T7526] openvswitch: netlink: nsh attr 2560 is out of range max 3
[   87.272978][ T7526] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.595735][ T7549] netlink: 8 bytes leftover after parsing attributes in process `syz.0.716'.
[   87.599449][ T7549] netlink: 8 bytes leftover after parsing attributes in process `syz.0.716'.
[   87.603861][ T7549] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[   88.709537][ T7600] tipc: Started in network mode
[   88.711913][ T7600] tipc: Node identity b673e32af176, cluster identity 4711
[   88.715056][ T7600] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   88.718740][ T7600] syzkaller0: entered promiscuous mode
[   88.723850][ T7600] syzkaller0: entered allmulticast mode
[   88.735663][ T7600] tipc: Resetting bearer <eth:syzkaller0>
[   88.743926][ T7602] netlink: 24 bytes leftover after parsing attributes in process `syz.0.736'.
[   88.749989][ T7599] tipc: Resetting bearer <eth:syzkaller0>
[   88.753998][ T7599] tipc: Disabling bearer <eth:syzkaller0>
[   89.015523][   T24] IPVS: starting estimator thread 0...
[   89.017955][ T7618] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[   89.075870][   T33] audit: type=1800 audit(1756467415.773:2): pid=7618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.744" name="memory.events" dev="tmpfs" ino=1386 res=0 errno=0
[   89.088541][   T33] audit: type=1804 audit(1756467415.773:3): pid=7618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.744" name="/newroot/272/memory.events" dev="tmpfs" ino=1386 res=1 errno=0
[   89.110608][ T7627] IPVS: using max 76 ests per chain, 182400 per kthread
[   89.431019][ T7658] syzkaller0: entered promiscuous mode
[   89.433430][ T7658] syzkaller0: entered allmulticast mode
[   90.104287][ T7668] netlink: 16 bytes leftover after parsing attributes in process `syz.2.764'.
[   90.107869][ T7668] openvswitch: netlink: Flow actions attr not present in new flow.
[   90.306095][ T7687] netlink: 48 bytes leftover after parsing attributes in process `syz.2.771'.
[   90.695115][ T7708] geneve2: left promiscuous mode
[   90.697087][ T7708] geneve2: left allmulticast mode
[   90.699955][ T5890] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 60868 - 0
[   90.709842][ T5890] netdevsim netdevsim2 eth0: unset [1, 1] type 2 family 0 port 39917 - 0
[   90.715870][ T5890] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 60868 - 0
[   90.719278][ T5890] netdevsim netdevsim2 eth1: unset [1, 1] type 2 family 0 port 39917 - 0
[   90.726866][ T5890] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 60868 - 0
[   90.732495][ T5890] netdevsim netdevsim2 eth2: unset [1, 1] type 2 family 0 port 39917 - 0
[   90.735958][ T5890] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 60868 - 0
[   90.739428][ T5890] netdevsim netdevsim2 eth3: unset [1, 1] type 2 family 0 port 39917 - 0
[   90.805616][ T7716] netlink: 16 bytes leftover after parsing attributes in process `syz.2.785'.
[   91.027442][ T7738] netlink: 'syz.1.796': attribute type 1 has an invalid length.
[   91.059549][ T7738] 8021q: adding VLAN 0 to HW filter on device bond2
[   91.083411][ T7738] bond2: (slave ip6gretap2): making interface the new active one
[   91.087965][ T7738] bond2: (slave ip6gretap2): Enslaving as an active interface with an up link
[   91.236142][ T7755] netlink: 'syz.1.804': attribute type 1 has an invalid length.
[   91.238994][ T7755] netlink: 1 bytes leftover after parsing attributes in process `syz.1.804'.
[   91.407015][ T7776] netlink: 4 bytes leftover after parsing attributes in process `syz.1.814'.
[   91.437638][ T7778] netlink: 8 bytes leftover after parsing attributes in process `syz.0.815'.
[   91.447694][ T7780] netlink: 8 bytes leftover after parsing attributes in process `syz.1.816'.
[   91.452384][ T7780] netlink: 'syz.1.816': attribute type 1 has an invalid length.
[   91.490800][ T7780] nbd: socks must be embedded in a SOCK_ITEM attr
[   91.493704][ T7780] block nbd1: shutting down sockets
[   93.664418][ T7870] __nla_validate_parse: 4 callbacks suppressed
[   93.664431][ T7870] netlink: 220 bytes leftover after parsing attributes in process `syz.0.855'.
[   93.858991][ T7882] netlink: 'syz.2.862': attribute type 1 has an invalid length.
[   94.114071][ T7906] netlink: 32 bytes leftover after parsing attributes in process `syz.1.872'.
[   94.124450][ T7908] syzkaller0: Caught tx_queue_len zero misconfig
[   94.183932][ T7912] veth9: entered allmulticast mode
[   94.747521][ T7960] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (8)
[   94.853997][ T7966] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   95.026157][ T7983] netlink: 'syz.2.908': attribute type 1 has an invalid length.
[   95.070338][ T7990] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma?
[   95.190972][ T8002] tipc: Started in network mode
[   95.192769][ T8002] tipc: Node identity 6e151d6b3b0a, cluster identity 4711
[   95.199291][ T8002] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   95.208280][ T8002] syzkaller0: entered promiscuous mode
[   95.210570][ T8002] syzkaller0: entered allmulticast mode
[   95.219614][ T8002] tipc: Resetting bearer <eth:syzkaller0>
[   95.241706][ T8000] tipc: Resetting bearer <eth:syzkaller0>
[   95.245569][ T8000] tipc: Disabling bearer <eth:syzkaller0>
[   95.259818][ T8012] netlink: 'syz.2.922': attribute type 1 has an invalid length.
[   95.286627][ T8014] netlink: 'syz.0.925': attribute type 1 has an invalid length.
[   95.301564][ T8014] netlink: 'syz.0.925': attribute type 1 has an invalid length.
[   95.351926][ T8020] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[   95.441618][ T8014] netlink: 'syz.0.925': attribute type 1 has an invalid length.
[   95.454951][ T8014] 8021q: adding VLAN 0 to HW filter on device bond4
[   95.469169][ T8014] bond4: (slave wlan0): Enslaving as an active interface with a down link
[   95.482493][ T8014] vlan0: entered allmulticast mode
[   95.485099][ T8014] veth1: entered allmulticast mode
[   95.492654][ T8014] bond4: (slave vlan0): Opening slave failed
[   95.500913][ T8031] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   95.610600][ T8047] netlink: 24 bytes leftover after parsing attributes in process `syz.2.940'.
[   96.003243][ T5946] IPVS: starting estimator thread 0...
[   96.092398][ T8083] IPVS: using max 74 ests per chain, 177600 per kthread
[   96.299315][ T5890] IPVS: stop unused estimator thread 0...
[   96.339336][ T8099] netlink: 12 bytes leftover after parsing attributes in process `syz.2.957'.
[   96.750178][ T8135] netlink: 8 bytes leftover after parsing attributes in process `syz.1.972'.
[   96.996121][ T8157] netlink: 'syz.1.979': attribute type 13 has an invalid length.
[   96.999695][ T8157] netlink: 'syz.1.979': attribute type 17 has an invalid length.
[   97.078112][ T8157] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.080553][ T8157] bridge0: port 2(bridge_slave_1) entered listening state
[   97.083588][ T8157] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.086240][ T8157] bridge0: port 1(bridge_slave_0) entered listening state
[   97.095611][ T8157] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   97.141658][ T8152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.260347][ T8173] pim6reg: entered allmulticast mode
[   97.313817][ T8179] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.988'.
[   97.321200][ T8152] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.394733][ T8189] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5
[   97.502200][ T8200] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[   97.505581][ T8200] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[   97.689188][ T8218] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1000'.
[   98.302972][ T8282] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1029'.
[   98.306283][ T8282] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1029'.
[   98.426128][ T8297] netlink: 'syz.0.1036': attribute type 1 has an invalid length.
[   98.429790][ T8297] netlink: 208 bytes leftover after parsing attributes in process `syz.0.1036'.
[   98.629638][ T8320] pim6reg: left allmulticast mode
[   98.687750][ T8323] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   98.691494][ T8323] syzkaller0: entered promiscuous mode
[   98.693801][ T8323] syzkaller0: entered allmulticast mode
[   98.704104][ T8323] tipc: Resetting bearer <eth:syzkaller0>
[   98.733264][ T8326] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1049'.
[   99.682607][ T8352] openvswitch: netlink: IP tunnel dst address not specified
[   99.688038][ T8355] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1063'.
[   99.698602][ T8356] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   99.702213][ T8355] openvswitch: netlink: nsh attr 0 has unexpected len 33788 expected 0
[   99.702239][ T8355] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   99.712649][ T8356] syzkaller0: entered promiscuous mode
[   99.715136][ T8356] syzkaller0: entered allmulticast mode
[   99.729461][ T8356] tipc: Resetting bearer <eth:syzkaller0>
[   99.735397][ T8354] tipc: Resetting bearer <eth:syzkaller0>
[   99.740203][ T8354] tipc: Disabling bearer <eth:syzkaller0>
[   99.854301][ T8370] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1071'.
[   99.857982][ T8370] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1071'.
[   99.871003][ T8370] batadv0: entered promiscuous mode
[   99.878011][ T8370] team0: entered promiscuous mode
[   99.880144][ T8370] team_slave_0: entered promiscuous mode
[   99.887921][ T8370] team_slave_1: entered promiscuous mode
[   99.892074][ T8370] 8021q: adding VLAN 0 to HW filter on device hsr1
[   99.996752][ T8383] netlink: 'syz.0.1077': attribute type 4 has an invalid length.
[  100.009395][ T8385] netlink: 'syz.2.1078': attribute type 1 has an invalid length.
[  100.451350][ T8441] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1105'.
[  101.189174][ T8488] netlink: 'syz.0.1127': attribute type 1 has an invalid length.
[  101.194854][ T8488] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1127'.
[  101.198743][ T8488] netlink: 'syz.0.1127': attribute type 1 has an invalid length.
[  101.203012][ T8488] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1127'.
[  101.208930][ T8488] netlink: 'syz.0.1127': attribute type 1 has an invalid length.
[  101.215732][ T8488] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1127'.
[  101.219885][ T8488] netlink: 'syz.0.1127': attribute type 1 has an invalid length.
[  101.225220][ T8488] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1127'.
[  101.228874][ T8488] netlink: 'syz.0.1127': attribute type 1 has an invalid length.
[  101.233142][ T8488] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1127'.
[  101.524721][    T9] IPVS: starting estimator thread 0...
[  101.591924][ T8521] syzkaller1: entered promiscuous mode
[  101.594244][ T8521] syzkaller1: entered allmulticast mode
[  101.620680][ T8515] IPVS: using max 69 ests per chain, 165600 per kthread
[  101.766111][ T8536] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6
[  102.037523][ T8575] validate_nla: 88 callbacks suppressed
[  102.037559][ T8575] netlink: 'syz.2.1164': attribute type 21 has an invalid length.
[  102.043800][ T8573] syzkaller1: tun_chr_ioctl cmd 1074025677
[  102.046528][ T8573] syzkaller1: linktype set to 823
[  102.075866][ T8577] openvswitch: netlink: nsh attribute has 1 unknown bytes.
[  102.078339][ T8577] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  102.196136][ T8590] atomic_op ffff88802a3f0998 conn xmit_atomic 0000000000000000
[  102.445136][ T8611] IPv6: NLM_F_CREATE should be specified when creating new route
[  102.463561][ T8612] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  103.582809][ T8718] tipc: Resetting bearer <eth:syzkaller0>
[  103.990162][ T8728] __nla_validate_parse: 95 callbacks suppressed
[  103.990181][ T8728] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1237'.
[  103.996763][ T8728] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1237'.
[  104.000186][ T8728] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1237'.
[  104.129474][ T8737] netlink: 'syz.1.1241': attribute type 10 has an invalid length.
[  104.146169][ T8737] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  104.283535][ T8745] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  104.583837][ T8765] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check.
[  104.638680][ T8771] IPv6: Can't replace route, no match found
[  104.662310][ T8773] netlink: 'syz.1.1259': attribute type 3 has an invalid length.
[  104.697843][ T8779] netlink: 'syz.1.1262': attribute type 1 has an invalid length.
[  104.967218][ T8806] netlink: 'syz.2.1275': attribute type 4 has an invalid length.
[  105.041793][ T8814] netlink: 'syz.2.1278': attribute type 10 has an invalid length.
[  105.048007][ T8814] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  105.107487][ T8818] netlink: 'syz.2.1283': attribute type 9 has an invalid length.
[  105.110368][ T8818] netlink: 212260 bytes leftover after parsing attributes in process `syz.2.1283'.
[  105.216377][ T8831] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1287'.
[  105.221142][ T8831] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1287'.
[  105.410264][ T8850] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  106.057769][ T8900] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1317'.
[  106.072364][ T8900] netlink: 'syz.1.1317': attribute type 1 has an invalid length.
[  106.075473][ T8900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1317'.
[  106.120249][ T8906] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1319'.
[  106.583235][ T8958] netlink: 'syz.0.1344': attribute type 2 has an invalid length.
[  106.587251][ T8958] netlink: 'syz.0.1344': attribute type 2 has an invalid length.
[  106.590178][ T8958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1344'.
[  106.810247][ T8975] nbd: couldn't find a device at index 0
[  106.826588][ T8980] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0
[  106.839283][ T8977] IPVS: stopping backup sync thread 8980 ...
[  106.999267][ T8997] syzkaller1: entered promiscuous mode
[  107.005514][ T8997] syzkaller1: entered allmulticast mode
[  107.054731][ T9005] sctp: [Deprecated]: syz.1.1365 (pid 9005) Use of int in maxseg socket option.
[  107.054731][ T9005] Use struct sctp_assoc_value instead
[  107.677431][ T9092] trusted_key: syz.1.1407 sent an empty control message without MSG_MORE.
[  107.705700][ T9098] validate_nla: 1 callbacks suppressed
[  107.705713][ T9098] netlink: 'syz.2.1408': attribute type 29 has an invalid length.
[  108.028645][ T9146] netem: change failed
[  108.135462][ T9154] tipc: New replicast peer: 255.255.255.255
[  108.144464][ T9154] tipc: Enabled bearer <udp:syz2>, priority 10
[  109.082908][ T9164] pim6reg1: entered promiscuous mode
[  109.085200][ T9164] pim6reg1: entered allmulticast mode
[  109.151697][ T2224] tipc: Node number set to 1191568170
[  109.160009][ T9174] __nla_validate_parse: 15 callbacks suppressed
[  109.160025][ T9174] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1439'.
[  109.175695][ T9174] syzkaller0: left promiscuous mode
[  109.177798][ T9174] syzkaller0: left allmulticast mode
[  109.198124][ T9174] 8021q: adding VLAN 0 to HW filter on device bond5
[  109.205592][ T9174] team0: Port device bond5 added
[  109.286722][ T9188] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1450'.
[  109.290301][ T9188] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1450'.
[  109.318772][ T9192] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1452'.
[  109.392645][ T9203] netlink: 'syz.2.1457': attribute type 28 has an invalid length.
[  109.483186][ T9212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1460'.
[  109.488908][ T9212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1460'.
[  109.711744][ T9223] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1464'.
[  109.956897][ T9231] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1467'.
[  109.966406][ T9231] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1467'.
[  109.971221][ T9231] netlink: 'syz.2.1467': attribute type 5 has an invalid length.
[  109.974455][ T9231] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1467'.
[  110.328601][ T9255] netlink: 'syz.2.1474': attribute type 2 has an invalid length.
[  110.343181][ T9255] netlink: 'syz.2.1474': attribute type 1 has an invalid length.
[  110.594156][ T9290] netlink: 'syz.1.1491': attribute type 2 has an invalid length.
[  111.069903][ T9358] netlink: 'syz.2.1522': attribute type 3 has an invalid length.
[  111.164507][ T9369] bridge0: port 1(erspan0) entered blocking state
[  111.173407][ T9369] bridge0: port 1(erspan0) entered disabled state
[  111.179710][ T9369] erspan0: entered allmulticast mode
[  111.184339][ T9369] erspan0: entered promiscuous mode
[  111.756126][ T9421] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  111.760159][ T9421] syzkaller0: entered promiscuous mode
[  111.770897][ T9421] syzkaller0: entered allmulticast mode
[  111.781409][ T9420] vlan2: entered promiscuous mode
[  111.783626][ T9420] gretap0: entered promiscuous mode
[  111.787113][ T9421] syzkaller0: Caught tx_queue_len zero misconfig
[  112.018538][ T9459] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  112.369497][ T9504] syzkaller1: entered promiscuous mode
[  112.379362][ T9504] syzkaller1: entered allmulticast mode
[  112.476431][ T9515] netlink: 'syz.0.1590': attribute type 1 has an invalid length.
[  112.646178][ T9532] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  112.661020][ T9532] mac80211_hwsim hwsim7 syzkaller0: entered promiscuous mode
[  112.664172][ T9532] mac80211_hwsim hwsim7 syzkaller0: entered allmulticast mode
[  112.683197][ T9532] tipc: Resetting bearer <eth:syzkaller0>
[  112.783094][ T9546] bond0: Error: Cannot enslave bond to itself.
[  113.237634][ T9607] bridge_slave_0: left allmulticast mode
[  113.239664][ T9607] bridge_slave_0: left promiscuous mode
[  113.242016][ T9607] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.252446][ T9607] bridge_slave_1: left allmulticast mode
[  113.254652][ T9607] bridge_slave_1: left promiscuous mode
[  113.256995][ T9607] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.272514][ T9607] bond0: (slave bond_slave_0): Releasing backup interface
[  113.277551][ T9607] bond0: (slave bond_slave_1): Releasing backup interface
[  113.283979][ T9607] team0: Port device team_slave_0 removed
[  113.296044][ T9607] team0: Port device team_slave_1 removed
[  113.302332][ T9607] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.305553][ T9607] batman_adv: batadv0: Removing interface: batadv_slave_1
[  113.309957][ T9607] bond0: (slave macvlan0): Releasing backup interface
[  113.314709][ T9607] bond4: (slave wlan0): Releasing active interface
[  113.322005][ T9607] bond1: (slave veth3): Releasing active interface
[  113.326403][ T9607] bond2: (slave bond3): Releasing backup interface
[  113.329149][ T9607] bond2: (slave bond3): the permanent HWaddr of slave - ce:ea:cf:71:a2:e9 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  113.336505][ T9607] bond2: (slave gretap1): making interface the new active one
[  113.342285][ T9607] bond2: (slave gretap1): Releasing backup interface
[  113.346996][ T9607] team0: Failed to send options change via netlink (err -105)
[  113.350345][ T9607] team0: Failed to send port change of device bond5 via netlink (err -105)
[  113.356378][ T9607] team0: Port device bond5 removed
[  113.367782][ T9612] team0: Failed to send options change via netlink (err -105)
[  113.371997][ T9612] team0: Mode changed to "loadbalance"
[  113.458470][ T9625] unsupported nlmsg_type 40
[  113.638949][ T9648] batman_adv: batadv0: Adding interface: macvlan1
[  113.647045][ T9648] batman_adv: batadv0: The MTU of interface macvlan1 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560.
[  113.656691][ T9648] batman_adv: batadv0: Not using interface macvlan1 (retrying later): interface not active
[  113.664702][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.668007][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.671231][    T9] tipc: Node number set to 1428102507
[  113.707481][ T9651] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  113.768687][ T9662] openvswitch: netlink: ufid size 18 bytes exceeds the range (1, 16)
[  113.773474][ T9662] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  113.806943][ T9665] netlink: 'syz.1.1660': attribute type 13 has an invalid length.
[  113.810292][ T9665] netlink: 'syz.1.1660': attribute type 17 has an invalid length.
[  113.828168][ T9665] 8021q: adding VLAN 0 to HW filter on device team0
[  113.833374][ T9665] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  113.945579][ T9665] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  115.098132][ T9736] __nla_validate_parse: 21 callbacks suppressed
[  115.098147][ T9736] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1692'.
[  115.139865][ T9740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1694'.
[  115.165332][ T9744] netlink: 212924 bytes leftover after parsing attributes in process `syz.2.1696'.
[  115.426285][ T9780] netlink: 'syz.1.1708': attribute type 1 has an invalid length.
[  115.444175][ T9780] 8021q: adding VLAN 0 to HW filter on device bond3
[  115.522569][ T9795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1714'.
[  115.569845][ T9793] netlink: 'syz.1.1713': attribute type 21 has an invalid length.
[  115.578398][ T9793] ipvlan0: entered promiscuous mode
[  115.583023][ T9793] bridge0: port 3(ipvlan0) entered blocking state
[  115.586071][ T9793] bridge0: port 3(ipvlan0) entered disabled state
[  115.588897][ T9793] ipvlan0: entered allmulticast mode
[  115.592342][ T9793] gretap0: entered allmulticast mode
[  115.595520][ T9793] ipvlan0: left allmulticast mode
[  115.597789][ T9793] gretap0: left allmulticast mode
[  115.915254][ T9825] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1728'.
[  116.335967][ T9855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1742'.
[  116.339030][ T9855] netlink: 'syz.0.1742': attribute type 15 has an invalid length.
[  116.349121][ T5890] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  116.354197][ T9855] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1742'.
[  116.354338][ T5890] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  116.357345][ T9855] netlink: 'syz.0.1742': attribute type 15 has an invalid length.
[  116.368505][ T5890] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  116.380555][ T5890] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  117.261781][ T9868] workqueue: name exceeds WQ_NAME_LEN. Truncating to: ^>>Mv^侦Kc'A
[  117.356148][ T9882] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1754'.
[  117.779236][ T9907] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1760'.
[  117.793839][ T9907] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1760'.
[  117.841086][ T9900] ==================================================================
[  117.843870][ T9900] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  117.846429][ T9900] Read of size 2 at addr ffff88802ac6c5c2 by task syz.2.1759/9900
[  117.849421][ T9900] 
[  117.850814][ T9900] CPU: 1 UID: 0 PID: 9900 Comm: syz.2.1759 Not tainted syzkaller #0 PREEMPT(full) 
[  117.850826][ T9900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  117.850833][ T9900] Call Trace:
[  117.850851][ T9900]  <TASK>
[  117.850861][ T9900]  dump_stack_lvl+0x189/0x250
[  117.850877][ T9900]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.850888][ T9900]  ? lock_release+0x4b/0x3e0
[  117.850903][ T9900]  ? __virt_addr_valid+0x4a5/0x5c0
[  117.850914][ T9900]  print_report+0xca/0x240
[  117.850922][ T9900]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  117.850930][ T9900]  kasan_report+0x118/0x150
[  117.850944][ T9900]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  117.850954][ T9900]  __xfrm_state_lookup+0x6ad/0x8d0
[  117.850964][ T9900]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  117.850975][ T9900]  xfrm_state_add+0x27d/0xc40
[  117.850987][ T9900]  pfkey_add+0x1edd/0x2e00
[  117.850998][ T9900]  ? __pfx_pfkey_add+0x10/0x10
[  117.851004][ T9900]  ? kmem_cache_free+0x18f/0x400
[  117.851229][ T9900]  pfkey_sendmsg+0xbfe/0x1090
[  117.851240][ T9900]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  117.851286][ T9900]  ? aa_sock_msg_perm+0xf1/0x1d0
[  117.851294][ T9900]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  117.851311][ T9900]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  117.851318][ T9900]  __sock_sendmsg+0x21c/0x270
[  117.851331][ T9900]  ____sys_sendmsg+0x505/0x830
[  117.851340][ T9900]  ? __pfx_____sys_sendmsg+0x10/0x10
[  117.851350][ T9900]  ? import_iovec+0x74/0xa0
[  117.851361][ T9900]  ___sys_sendmsg+0x21f/0x2a0
[  117.851370][ T9900]  ? __pfx____sys_sendmsg+0x10/0x10
[  117.851379][ T9900]  ? futex_wake+0x4b2/0x560
[  117.851394][ T9900]  ? __fget_files+0x2a/0x420
[  117.851406][ T9900]  ? __fget_files+0x3a0/0x420
[  117.851419][ T9900]  __x64_sys_sendmsg+0x19b/0x260
[  117.851427][ T9900]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  117.851436][ T9900]  ? rcu_is_watching+0x15/0xb0
[  117.851445][ T9900]  ? rcu_is_watching+0x15/0xb0
[  117.851452][ T9900]  do_syscall_64+0xfa/0x3b0
[  117.851465][ T9900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.851473][ T9900]  ? exc_page_fault+0x9f/0xf0
[  117.851483][ T9900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.851491][ T9900] RIP: 0033:0x7f56d778ebe9
[  117.851501][ T9900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.851509][ T9900] RSP: 002b:00007f56d866d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.851519][ T9900] RAX: ffffffffffffffda RBX: 00007f56d79b5fa0 RCX: 00007f56d778ebe9
[  117.851526][ T9900] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003
[  117.851532][ T9900] RBP: 00007f56d7811e19 R08: 0000000000000000 R09: 0000000000000000
[  117.851538][ T9900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  117.851543][ T9900] R13: 00007f56d79b6038 R14: 00007f56d79b5fa0 R15: 00007ffe27532f28
[  117.851554][ T9900]  </TASK>
[  117.851558][ T9900] 
[  117.960043][ T9900] Allocated by task 6629:
[  117.961814][ T9900]  kasan_save_track+0x3e/0x80
[  117.963749][ T9900]  __kasan_slab_alloc+0x6c/0x80
[  117.965762][ T9900]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  117.967995][ T9900]  xfrm_state_alloc+0x24/0x2f0
[  117.969972][ T9900]  __find_acq_core+0x8a7/0x1c00
[  117.971995][ T9900]  xfrm_find_acq+0x78/0xa0
[  117.973769][ T9900]  xfrm_alloc_userspi+0x6b3/0xc90
[  117.975810][ T9900]  xfrm_user_rcv_msg+0x7a3/0xab0
[  117.977775][ T9900]  netlink_rcv_skb+0x208/0x470
[  117.979702][ T9900]  xfrm_netlink_rcv+0x79/0x90
[  117.981536][ T9900]  netlink_unicast+0x82f/0x9e0
[  117.983463][ T9900]  netlink_sendmsg+0x805/0xb30
[  117.985410][ T9900]  __sock_sendmsg+0x21c/0x270
[  117.987317][ T9900]  ____sys_sendmsg+0x505/0x830
[  117.989224][ T9900]  ___sys_sendmsg+0x21f/0x2a0
[  117.991156][ T9900]  __x64_sys_sendmsg+0x19b/0x260
[  117.993206][ T9900]  do_syscall_64+0xfa/0x3b0
[  117.995044][ T9900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.997487][ T9900] 
[  117.998431][ T9900] Freed by task 9:
[  117.999925][ T9900]  kasan_save_track+0x3e/0x80
[  118.001778][ T9900]  kasan_save_free_info+0x46/0x50
[  118.003843][ T9900]  __kasan_slab_free+0x5b/0x80
[  118.005801][ T9900]  kmem_cache_free+0x18f/0x400
[  118.007717][ T9900]  xfrm_state_gc_task+0x52d/0x6b0
[  118.009924][ T9900]  process_scheduled_works+0xae1/0x17b0
[  118.012189][ T9900]  worker_thread+0x8a0/0xda0
[  118.014130][ T9900]  kthread+0x711/0x8a0
[  118.015866][ T9900]  ret_from_fork+0x3fc/0x770
[  118.017774][ T9900]  ret_from_fork_asm+0x1a/0x30
[  118.019770][ T9900] 
[  118.020762][ T9900] The buggy address belongs to the object at ffff88802ac6c480
[  118.020762][ T9900]  which belongs to the cache xfrm_state of size 928
[  118.026474][ T9900] The buggy address is located 322 bytes inside of
[  118.026474][ T9900]  freed 928-byte region [ffff88802ac6c480, ffff88802ac6c820)
[  118.031898][ T9900] 
[  118.032929][ T9900] The buggy address belongs to the physical page:
[  118.035506][ T9900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802ac6c900 pfn:0x2ac6c
[  118.039791][ T9900] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  118.043329][ T9900] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  118.046260][ T9900] page_type: f5(slab)
[  118.047892][ T9900] raw: 00fff00000000040 ffff888104cebb40 dead000000000122 0000000000000000
[  118.051306][ T9900] raw: ffff88802ac6c900 00000000800e0009 00000000f5000000 0000000000000000
[  118.054746][ T9900] head: 00fff00000000040 ffff888104cebb40 dead000000000122 0000000000000000
[  118.058143][ T9900] head: ffff88802ac6c900 00000000800e0009 00000000f5000000 0000000000000000
[  118.061538][ T9900] head: 00fff00000000002 ffffea0000ab1b01 00000000ffffffff 00000000ffffffff
[  118.064962][ T9900] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  118.068346][ T9900] page dumped because: kasan: bad access detected
[  118.070865][ T9900] page_owner tracks the page as allocated
[  118.073162][ T9900] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6373, tgid 6372 (syz.0.205), ts 69977569244, free_ts 69924809061
[  118.080648][ T9900]  post_alloc_hook+0x240/0x2a0
[  118.082635][ T9900]  get_page_from_freelist+0x21e4/0x22c0
[  118.084851][ T9900]  __alloc_frozen_pages_noprof+0x181/0x370
[  118.087103][ T9900]  alloc_pages_mpol+0x232/0x4a0
[  118.089055][ T9900]  allocate_slab+0x8a/0x370
[  118.090825][ T9900]  ___slab_alloc+0xbeb/0x1410
[  118.092732][ T9900]  kmem_cache_alloc_noprof+0x283/0x3c0
[  118.094840][ T9900]  xfrm_state_alloc+0x24/0x2f0
[  118.096746][ T9900]  xfrm_state_find+0x37d4/0x5400
[  118.098660][ T9900]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  118.101136][ T9900]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  118.103334][ T9900]  xfrm_lookup_route+0x3c/0x1c0
[  118.105261][ T9900]  __ip4_datagram_connect+0x9a5/0x1270
[  118.107427][ T9900]  __ip6_datagram_connect+0x9f0/0x1150
[  118.109579][ T9900]  ip6_datagram_connect_v6_only+0x63/0xa0
[  118.111853][ T9900]  __sys_connect+0x316/0x440
[  118.113741][ T9900] page last free pid 6368 tgid 6368 stack trace:
[  118.116190][ T9900]  __free_frozen_pages+0xbc4/0xd30
[  118.118224][ T9900]  __put_partials+0x156/0x1a0
[  118.120099][ T9900]  put_cpu_partial+0x17c/0x250
[  118.122024][ T9900]  __slab_free+0x2d5/0x3c0
[  118.123833][ T9900]  qlist_free_all+0x97/0x140
[  118.125714][ T9900]  kasan_quarantine_reduce+0x148/0x160
[  118.127882][ T9900]  __kasan_slab_alloc+0x22/0x80
[  118.129811][ T9900]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  118.131991][ T9900]  vm_area_dup+0x2b/0x680
[  118.133732][ T9900]  __split_vma+0x1a9/0xa00
[  118.135507][ T9900]  vms_gather_munmap_vmas+0x2ea/0x12f0
[  118.137654][ T9900]  do_vmi_align_munmap+0x25d/0x420
[  118.139669][ T9900]  do_vmi_munmap+0x253/0x2e0
[  118.141522][ T9900]  __vm_munmap+0x23b/0x3d0
[  118.143364][ T9900]  elf_load+0x2c3/0x6c0
[  118.145018][ T9900]  load_elf_interp+0x4ce/0xb60
[  118.146887][ T9900] 
[  118.147821][ T9900] Memory state around the buggy address:
[  118.150019][ T9900]  ffff88802ac6c480: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  118.153170][ T9900]  ffff88802ac6c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  118.156370][ T9900] >ffff88802ac6c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  118.159554][ T9900]                                            ^
[  118.162006][ T9900]  ffff88802ac6c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  118.165108][ T9900]  ffff88802ac6c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  118.168338][ T9900] ==================================================================
[  118.171794][ T9900] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  118.174607][ T9900] CPU: 1 UID: 0 PID: 9900 Comm: syz.2.1759 Not tainted syzkaller #0 PREEMPT(full) 
[  118.177466][ T9900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  118.180805][ T9900] Call Trace:
[  118.181924][ T9900]  <TASK>
[  118.182901][ T9900]  dump_stack_lvl+0x99/0x250
[  118.184513][ T9900]  ? __asan_memcpy+0x40/0x70
[  118.186091][ T9900]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.188085][ T9900]  ? __pfx__printk+0x10/0x10
[  118.189906][ T9900]  vpanic+0x281/0x750
[  118.191569][ T9900]  ? __pfx_vpanic+0x10/0x10
[  118.193405][ T9900]  ? rcu_is_watching+0x15/0xb0
[  118.195254][ T9900]  panic+0xb9/0xc0
[  118.196737][ T9900]  ? __pfx_panic+0x10/0x10
[  118.198527][ T9900]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  118.200890][ T9900]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  118.203292][ T9900]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  118.205423][ T9900]  check_panic_on_warn+0x89/0xb0
[  118.207466][ T9900]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  118.209593][ T9900]  end_report+0x78/0x160
[  118.211031][ T9900]  kasan_report+0x129/0x150
[  118.212772][ T9900]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  118.214891][ T9900]  __xfrm_state_lookup+0x6ad/0x8d0
[  118.216981][ T9900]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  118.219185][ T9900]  xfrm_state_add+0x27d/0xc40
[  118.221116][ T9900]  pfkey_add+0x1edd/0x2e00
[  118.223039][ T9900]  ? __pfx_pfkey_add+0x10/0x10
[  118.225049][ T9900]  ? kmem_cache_free+0x18f/0x400
[  118.227079][ T9900]  pfkey_sendmsg+0xbfe/0x1090
[  118.228975][ T9900]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  118.231035][ T9900]  ? aa_sock_msg_perm+0xf1/0x1d0
[  118.233022][ T9900]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  118.235090][ T9900]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  118.237102][ T9900]  __sock_sendmsg+0x21c/0x270
[  118.239007][ T9900]  ____sys_sendmsg+0x505/0x830
[  118.240943][ T9900]  ? __pfx_____sys_sendmsg+0x10/0x10
[  118.243093][ T9900]  ? import_iovec+0x74/0xa0
[  118.244883][ T9900]  ___sys_sendmsg+0x21f/0x2a0
[  118.246752][ T9900]  ? __pfx____sys_sendmsg+0x10/0x10
[  118.248825][ T9900]  ? futex_wake+0x4b2/0x560
[  118.250699][ T9900]  ? __fget_files+0x2a/0x420
[  118.252545][ T9900]  ? __fget_files+0x3a0/0x420
[  118.254517][ T9900]  __x64_sys_sendmsg+0x19b/0x260
[  118.256602][ T9900]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  118.258855][ T9900]  ? rcu_is_watching+0x15/0xb0
[  118.260837][ T9900]  ? rcu_is_watching+0x15/0xb0
[  118.262926][ T9900]  do_syscall_64+0xfa/0x3b0
[  118.264661][ T9900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.267056][ T9900]  ? exc_page_fault+0x9f/0xf0
[  118.269015][ T9900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.271351][ T9900] RIP: 0033:0x7f56d778ebe9
[  118.273152][ T9900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.280767][ T9900] RSP: 002b:00007f56d866d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.284157][ T9900] RAX: ffffffffffffffda RBX: 00007f56d79b5fa0 RCX: 00007f56d778ebe9
[  118.287405][ T9900] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003
[  118.290540][ T9900] RBP: 00007f56d7811e19 R08: 0000000000000000 R09: 0000000000000000
[  118.293408][ T9900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  118.296357][ T9900] R13: 00007f56d79b6038 R14: 00007f56d79b5fa0 R15: 00007ffe27532f28
[  118.299465][ T9900]  </TASK>
[  118.301183][ T9900] Kernel Offset: disabled
[  118.302916][ T9900] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:37:24  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=00000000676ced08 RCX=0000000000000046 RDX=0000000000000000
RSI=000000000000007c RDI=ffff888111abba03 RBP=0000000000000005 RSP=ffffc900061df680
R8 =ffff88802b7a345f R9 =1ffff110056f468b R10=dffffc0000000000 R11=ffffed10056f468c
R12=ffffffff8be2d9d8 R13=dffffc0000000000 R14=ffff888111abba00 R15=ffff888111abba04
RIP=ffffffff84c8eb7e RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555705bd500 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b34721ff8 CR3=0000000025b08000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffff8133c57e ffffffff81688a1f XMM01=ffffffff81688a1f ffffffff8133c57e
XMM02=00007fdffcd87498 ffffffff8133c57e XMM03=00007fdffcd874a8 00007fdffcd874a0
XMM04=00007fdffd8ed100 00007fdffcd87460 XMM05=00007fdffcd87478 00007fdffcd874c0
XMM06=00007fdffcd874b8 00007fdffcd874b0 XMM07=00007fdffcd874a8 00007fdffcd874a0
XMM08=0000000000000000 00007fdffcc12ee7 XMM09=0000000000000000 00007fdffcc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=000000000000000d RCX=0000000000080000 RDX=ffffc90020d5b000
RSI=000000000000000d RDI=00000000000000ff RBP=0000000000000073 RSP=ffffc9000623e660
R8 =ffffc9000623e740 R9 =ffffc9000623e860 R10=0000000000000073 R11=0000000000000002
R12=ffffc9000623e780 R13=dffffc0000000000 R14=00000000000000b7 R15=ffffffff8cc4d7c6
RIP=ffffffff81bfae30 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f56d866d6c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000056446dee0f18 CR3=000000010f8d2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffff000000000000 0000000000ff0000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
