last executing test programs:

1.189586239s ago: executing program 2 (id=2495):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, 0x36)

1.189354121s ago: executing program 2 (id=2497):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000540)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000001580)=""/179, 0xb3}, {0x0}, {0x0}, {0x0, 0x18}, {&(0x7f0000001880)=""/193, 0xc1}], 0x5}, 0x7}], 0x1, 0x100, &(0x7f0000002040)={0x0, 0x989680})
sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)

291.984822ms ago: executing program 1 (id=2524):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b040000000000000000020000004c000480240001800b000100736f636b657400001400028008000240000000030800014000000002240001800a000100717565756500000014000280080004400000001006000340000300000900010073797a30000000000900020073797a32"], 0xa0}}, 0x0)

291.382254ms ago: executing program 2 (id=2525):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="00000000000000faffffffffffffff0000a461ad1ea82eb5bcdb825b000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000001000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007000000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000c500000095"], &(0x7f0000000640)='GPL\x00', 0x2, 0x7f, &(0x7f0000000680)=""/127}, 0x94)
setsockopt$inet_group_source_req(r1, 0x0, 0x2b, &(0x7f0000001fc0)={0x5, {{0x2, 0x4e23, @local}}, {{0x2, 0x4e24, @local}}}, 0x108)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x6, 0x4, 0x4, 0x9, 0x4, r2}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000140000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$kcm(0xf, 0x3, 0x2)
openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000840)='cpu.pressure\x00', 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="0213020902000000", 0x8}, {&(0x7f0000000780)="a112fde440109737", 0x8}], 0x2}, 0x400c010)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x10, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffc0}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4)
sendmsg$unix(r7, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x8bf}, @NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_HASH_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x20014}, 0x0)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000004000000000000000000850000007500000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
r10 = openat$cgroup_devices(r9, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r10, &(0x7f00000001c0)=ANY=[@ANYBLOB='c 75:'], 0xd)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000800150000000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x4000040)
r11 = socket$phonet(0x23, 0x2, 0x1)
recvmmsg(r11, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x61, 0x0)
r12 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r12, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r12, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10)

241.31556ms ago: executing program 0 (id=2526):
r0 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0xd, "f42a97706b23b6a31f9f75fdcb"}})

241.064615ms ago: executing program 1 (id=2527):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000600000061115f0000000000850000001e00000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)

240.674945ms ago: executing program 1 (id=2528):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r5, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r8], 0x54}}, 0x0)
getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0xa)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="500000001000110f00"/20, @ANYRES32=0x0, @ANYBLOB="040100000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB=' \x00\x00\x00 \x00\x00\x00\b\x00\n\x00', @ANYRES32=r9], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000680)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r10, @ANYBLOB], 0x3c}}, 0x0)

171.337683ms ago: executing program 0 (id=2529):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x20}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}}, 0x0)

171.129279ms ago: executing program 0 (id=2530):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000040)={[{0x6, 'hugetlb'}]}, 0x9)

109.381673ms ago: executing program 0 (id=2531):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)="711f66", 0x3}, 0x1, 0x0, 0x0, 0x20040040}, 0x4044014)

108.905008ms ago: executing program 2 (id=2532):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x24, r1, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0xc00c0}, 0x0)

108.680665ms ago: executing program 1 (id=2533):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0x40, &(0x7f00000008c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, [@exit, @alu={0x4, 0x0, 0xd, 0x8, 0xb, 0x18, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xf2bd}}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x3}, @map_idx={0x18, 0x6, 0x5, 0x0, 0xb}, @ringbuf_query, @ringbuf_query, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @btf_id={0x18, 0xb, 0x3, 0x0, 0x2}, @map_idx_val={0x18, 0xa, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1}]}, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = socket$kcm(0x11, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000001780)={&(0x7f00000003c0)=@caif, 0x80, 0x0}, 0x0)

51.893951ms ago: executing program 0 (id=2534):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@IEEE802154_ATTR_COORD_PAN_ID={0x6, 0xa, 0xffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x18000}, 0x0)

51.570468ms ago: executing program 2 (id=2535):
r0 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r0, 0x114, 0x2714, 0x0, &(0x7f00000000c0))

51.335759ms ago: executing program 1 (id=2536):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="240000003e000701fefffffffcffffff017c0000040042800800018004001e800400028008e2fc6180afcea8ce39a5bb9a445fda366a3d5a"], 0x24}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)

363.933µs ago: executing program 2 (id=2537):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], 0x0}, 0x94)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

143.833µs ago: executing program 0 (id=2538):
pipe(&(0x7f0000000600)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
write(r1, &(0x7f0000000000)="fc000000", 0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
pipe(0x0)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0)
close(r2)
close(0xffffffffffffffff)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r5, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$inet(r4, 0x0, 0x0)
recvmsg$unix(r5, 0x0, 0x2022)
splice(r0, 0x0, r3, 0x0, 0x1100000000f336, 0x0)

0s ago: executing program 1 (id=2539):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x5, 0x3, "fc"}, @NFTA_MATCH_NAME={0xb, 0x1, 'socket\x00'}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x24044800}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:8688' (ED25519) to the list of known hosts.
syzkaller login: [   40.845132][ T5752] cgroup: Unknown subsys name 'net'
[   40.996393][ T5752] cgroup: Unknown subsys name 'cpuset'
[   41.000963][ T5752] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.683518][ T5752] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   47.163237][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   47.166508][ T5828] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   47.169378][ T5828] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   47.173087][ T5828] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   47.184121][ T5828] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   47.217960][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   47.220641][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   47.224082][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   47.227891][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   47.231540][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   47.256506][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   47.259879][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   47.262912][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   47.266450][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   47.269705][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   47.472612][ T5825] chnl_net:caif_netlink_parms(): no params data found
[   47.543457][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   47.621411][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.625217][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.628251][ T5825] bridge_slave_0: entered allmulticast mode
[   47.631523][ T5825] bridge_slave_0: entered promiscuous mode
[   47.637025][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.639376][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.641580][ T5825] bridge_slave_1: entered allmulticast mode
[   47.644609][ T5825] bridge_slave_1: entered promiscuous mode
[   47.665215][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   47.724129][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.727356][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.730544][ T5830] bridge_slave_0: entered allmulticast mode
[   47.736875][ T5830] bridge_slave_0: entered promiscuous mode
[   47.743781][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.761803][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.765446][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.768501][ T5830] bridge_slave_1: entered allmulticast mode
[   47.772434][ T5830] bridge_slave_1: entered promiscuous mode
[   47.778582][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.836643][ T5825] team0: Port device team_slave_0 added
[   47.840327][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.853974][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.857024][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.859538][ T5832] bridge_slave_0: entered allmulticast mode
[   47.862216][ T5832] bridge_slave_0: entered promiscuous mode
[   47.866773][ T5825] team0: Port device team_slave_1 added
[   47.870208][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.881612][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.883983][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.886164][ T5832] bridge_slave_1: entered allmulticast mode
[   47.888869][ T5832] bridge_slave_1: entered promiscuous mode
[   47.927536][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   47.929736][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.937830][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   47.952103][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   47.956784][ T5830] team0: Port device team_slave_0 added
[   47.959266][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   47.961386][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   47.969394][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   47.974636][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   47.978450][ T5830] team0: Port device team_slave_1 added
[   48.025603][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.027715][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.036167][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.040794][ T5832] team0: Port device team_slave_0 added
[   48.052601][ T5832] team0: Port device team_slave_1 added
[   48.055536][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.057606][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.066322][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.104502][ T5825] hsr_slave_0: entered promiscuous mode
[   48.106927][ T5825] hsr_slave_1: entered promiscuous mode
[   48.110057][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   48.112311][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.121795][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   48.126548][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   48.128694][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   48.137586][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   48.190056][ T5830] hsr_slave_0: entered promiscuous mode
[   48.192386][ T5830] hsr_slave_1: entered promiscuous mode
[   48.195401][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   48.197800][ T5830] Cannot create hsr debugfs directory
[   48.246793][ T5832] hsr_slave_0: entered promiscuous mode
[   48.249101][ T5832] hsr_slave_1: entered promiscuous mode
[   48.251235][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   48.254798][ T5832] Cannot create hsr debugfs directory
[   48.437601][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   48.445859][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   48.456909][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   48.475198][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   48.522398][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   48.529249][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   48.536405][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   48.555789][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   48.600367][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   48.606966][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   48.618551][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   48.624358][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   48.689668][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.720239][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   48.729581][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.735823][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.738210][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.751695][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.754089][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.761944][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   48.778234][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.780397][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.795125][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.797390][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.804332][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.856672][ T5830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   48.879274][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   48.890732][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.893043][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.921745][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.924054][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.025408][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.029643][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.088254][ T5830] veth0_vlan: entered promiscuous mode
[   49.097568][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   49.104323][ T5825] veth0_vlan: entered promiscuous mode
[   49.112126][ T5825] veth1_vlan: entered promiscuous mode
[   49.116886][ T5830] veth1_vlan: entered promiscuous mode
[   49.160389][ T5830] veth0_macvtap: entered promiscuous mode
[   49.169374][ T5832] veth0_vlan: entered promiscuous mode
[   49.171525][ T5825] veth0_macvtap: entered promiscuous mode
[   49.176869][ T5830] veth1_macvtap: entered promiscuous mode
[   49.185430][ T5825] veth1_macvtap: entered promiscuous mode
[   49.189682][ T5832] veth1_vlan: entered promiscuous mode
[   49.205180][   T54] Bluetooth: hci0: command tx timeout
[   49.205411][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.215316][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.224775][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.236636][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.251876][ T5657] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.255103][ T5657] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.258205][ T5657] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.265887][ T5832] veth0_macvtap: entered promiscuous mode
[   49.272136][ T5657] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.279619][ T5832] veth1_macvtap: entered promiscuous mode
[   49.284385][   T54] Bluetooth: hci2: command tx timeout
[   49.286540][   T54] Bluetooth: hci1: command tx timeout
[   49.291160][ T5657] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.295232][ T5657] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.310153][ T5657] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.322467][ T5657] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.355322][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   49.359838][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   49.368427][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   49.373113][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   49.378551][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   49.387632][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   49.439547][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.442217][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.476566][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.479193][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.489274][ T1023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.492117][ T1023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.520901][  T174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.530935][  T174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.552462][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.559734][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.576331][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   49.580720][  T174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   49.584627][  T174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   49.878871][ T5903] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.881811][ T5903] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.972396][ T5903] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   49.979818][ T5903] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   50.095608][ T5657] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.114663][   T13] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.117467][   T13] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.120184][   T13] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   50.234945][ T5920] Bluetooth: MGMT ver 1.23
[   50.318855][ T5922] netlink: 12 bytes leftover after parsing attributes in process `syz.0.14'.
[   50.412914][ T5927] netlink: 32 bytes leftover after parsing attributes in process `syz.2.17'.
[   50.841549][ T5949] netlink: 'syz.2.24': attribute type 9 has an invalid length.
[   50.845832][ T5949] netlink: 184 bytes leftover after parsing attributes in process `syz.2.24'.
[   50.908389][ T5952] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   51.021364][ T5959] netlink: 84 bytes leftover after parsing attributes in process `syz.0.29'.
[   51.284446][ T5828] Bluetooth: hci0: command tx timeout
[   51.288942][ T5977] syz.0.38 uses obsolete (PF_INET,SOCK_PACKET)
[   51.364721][ T5828] Bluetooth: hci1: command tx timeout
[   51.365253][   T54] Bluetooth: hci2: command tx timeout
[   51.519010][ T5990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.44'.
[   51.522532][ T5990] netlink: 15 bytes leftover after parsing attributes in process `syz.1.44'.
[   51.656548][ T5992] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.659480][ T5992] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.779124][ T5992] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   51.791417][ T5992] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   51.959177][ T5657] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   51.962786][ T5657] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   51.967923][ T5657] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   51.975684][ T5657] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   52.264463][ T6025] netlink: 212364 bytes leftover after parsing attributes in process `syz.1.59'.
[   52.267614][ T6025] openvswitch: netlink: Message has 5 unknown bytes.
[   52.655566][ T6063] netlink: 12 bytes leftover after parsing attributes in process `syz.2.73'.
[   52.670994][ T6063] netlink: 'syz.2.73': attribute type 1 has an invalid length.
[   52.674990][ T6063] netlink: 'syz.2.73': attribute type 1 has an invalid length.
[   52.677726][ T6063] Zero length message leads to an empty skb
[   52.720213][ T6066] tun0: tun_chr_ioctl cmd 1074025675
[   52.721843][ T6066] tun0: persist enabled
[   52.723896][ T6066] tun0: tun_chr_ioctl cmd 1074025675
[   52.725494][ T6066] tun0: persist disabled
[   52.880289][ T6071] lo speed is unknown, defaulting to 1000
[   52.885405][ T6071] lo speed is unknown, defaulting to 1000
[   52.888696][ T6071] lo speed is unknown, defaulting to 1000
[   52.941890][ T6072] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   52.985897][ T6071] infiniband syz0: set active
[   52.988906][ T5294] lo speed is unknown, defaulting to 1000
[   52.991149][ T6071] infiniband syz0: added lo
[   53.037143][ T6071] RDS/IB: syz0: added
[   53.039545][ T6071] smc: adding ib device syz0 with port count 1
[   53.042258][ T6071] smc:    ib device syz0 port 1 has pnetid 
[   53.047151][    T9] lo speed is unknown, defaulting to 1000
[   53.051639][ T6071] lo speed is unknown, defaulting to 1000
[   53.160883][ T6071] lo speed is unknown, defaulting to 1000
[   53.261628][ T6071] lo speed is unknown, defaulting to 1000
[   53.364430][   T54] Bluetooth: hci0: command tx timeout
[   53.445119][   T54] Bluetooth: hci1: command tx timeout
[   53.453544][   T54] Bluetooth: hci2: command tx timeout
[   53.482782][ T6071] syz.2.76 (6071) used greatest stack depth: 20160 bytes left
[   53.620952][ T6097] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   53.762269][ T6109] ip6erspan0: entered allmulticast mode
[   53.839139][ T6116] warning: `syz.0.98' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   53.903112][ T6124] netlink: 8 bytes leftover after parsing attributes in process `syz.2.101'.
[   53.911415][ T6122] netlink: 12 bytes leftover after parsing attributes in process `syz.0.100'.
[   53.960762][ T6126] netlink: 'syz.2.102': attribute type 5 has an invalid length.
[   54.130890][ T6137] netlink: 'syz.0.107': attribute type 1 has an invalid length.
[   54.319310][ T5854] nci: nci_ntf_packet: unknown ntf opcode 0x127
[   55.426895][ T6184] netlink: 'syz.1.125': attribute type 10 has an invalid length.
[   55.437348][ T6184] bond0: (slave bridge0): Enslaving as an active interface with an up link
[   55.453369][   T54] Bluetooth: hci0: command tx timeout
[   55.523354][   T54] Bluetooth: hci2: command tx timeout
[   55.525161][ T5828] Bluetooth: hci1: command tx timeout
[   55.586279][ T6197] syzkaller0: entered promiscuous mode
[   55.587979][ T6197] syzkaller0: entered allmulticast mode
[   55.598573][ T6197] tipc: Started in network mode
[   55.600229][ T6197] tipc: Node identity d2741c5cacb4, cluster identity 4711
[   55.605230][ T6197] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   55.609051][ T6194] tipc: Resetting bearer <eth:syzkaller0>
[   55.621963][ T6194] tipc: Disabling bearer <eth:syzkaller0>
[   55.967771][ T6229] netlink: 24 bytes leftover after parsing attributes in process `syz.2.144'.
[   55.998605][ T6233] netlink: 'syz.2.146': attribute type 1 has an invalid length.
[   56.028603][ T6233] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[   56.037955][ T5854] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[   56.038632][ T6233] 8021q: adding VLAN 0 to HW filter on device bond1
[   56.066472][ T6233] veth3: entered promiscuous mode
[   56.075602][ T6233] bond1: (slave veth3): Enslaving as a backup interface with a down link
[   56.107304][ T6233] bridge_slave_0: left allmulticast mode
[   56.113320][ T6233] bridge_slave_0: left promiscuous mode
[   56.115279][ T6233] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.126837][ T6233] bridge_slave_1: left allmulticast mode
[   56.133299][ T6233] bridge_slave_1: left promiscuous mode
[   56.135202][ T6233] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.154850][ T5854] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[   56.159146][ T6233] bond0: (slave bond_slave_0): Releasing backup interface
[   56.170660][ T6233] bond0: (slave bond_slave_1): Releasing backup interface
[   56.213935][ T6233] team0: Port device team_slave_0 removed
[   56.227502][ T6233] team0: Port device team_slave_1 removed
[   56.230146][ T6233] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   56.232522][ T6233] batman_adv: batadv0: Removing interface: batadv_slave_0
[   56.237821][ T6240] netlink: 36 bytes leftover after parsing attributes in process `syz.0.148'.
[   56.238508][ T6233] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   56.242932][ T6233] batman_adv: batadv0: Removing interface: batadv_slave_1
[   56.328793][ T6233] bond1: (slave ip6gretap1): Removing an active aggregator
[   56.331865][ T6233] bond1: (slave ip6gretap1): Releasing active interface
[   56.343768][ T6233] bond1: (slave ip6gretap1): the permanent HWaddr of slave - 42:53:26:79:a8:08 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[   56.382222][ T6233] bond1: (slave veth3): Releasing backup interface
[   56.395808][ T5294] lo speed is unknown, defaulting to 1000
[   56.631717][ T6255] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.155'.
[   56.948378][ T6282] netlink: 'syz.0.168': attribute type 1 has an invalid length.
[   56.951075][ T6282] netlink: 'syz.0.168': attribute type 2 has an invalid length.
[   57.110034][ T6298] bridge1: entered promiscuous mode
[   57.111641][ T6298] bridge1: entered allmulticast mode
[   57.299729][ T6316] wireguard0: entered promiscuous mode
[   57.301501][ T6316] wireguard0: entered allmulticast mode
[   57.722762][ T6343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.195'.
[   57.728923][ T6343] IPVS: Error joining to the multicast group
[   58.144448][ T6369] bond0: (slave bridge0): Releasing backup interface
[   58.148466][ T6369] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[   58.248218][ T6381] tap0: tun_chr_ioctl cmd 1074812118
[   58.684851][ T6427] netlink: 'syz.0.236': attribute type 2 has an invalid length.
[   58.812111][ T6441] netlink: 20 bytes leftover after parsing attributes in process `syz.0.243'.
[   59.047419][ T6469] netlink: 24 bytes leftover after parsing attributes in process `syz.0.257'.
[   59.162642][ T6483] netlink: 4 bytes leftover after parsing attributes in process `syz.2.265'.
[   59.172858][ T6485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.264'.
[   59.232521][ T6493] netlink: 12 bytes leftover after parsing attributes in process `syz.0.269'.
[   59.353797][ T6507] netlink: 28 bytes leftover after parsing attributes in process `syz.1.276'.
[   59.356640][ T6507] netlink: 'syz.1.276': attribute type 7 has an invalid length.
[   59.360151][ T6507] netlink: 'syz.1.276': attribute type 8 has an invalid length.
[   59.372366][ T6507] ip6gretap0: entered promiscuous mode
[   59.376271][ T6507] syz_tun: entered promiscuous mode
[   59.380308][ T6507] ip6gretap0: left promiscuous mode
[   59.382928][ T6507] syz_tun: left promiscuous mode
[   59.392934][ T6515] tipc: Started in network mode
[   59.395360][ T6515] tipc: Node identity 7f000001, cluster identity 4711
[   59.398358][ T6515] tipc: Enabled bearer <udp:syz2>, priority 10
[   59.464972][ T6515] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   60.523601][ T5888] tipc: Node number set to 2130706433
[   60.617915][ T5861] hid-generic 0005:04F3:100C.0001: item fetching failed at offset 0/1
[   60.620783][ T5861] hid-generic 0005:04F3:100C.0001: probe with driver hid-generic failed with error -22
[   60.644648][ T6613] syz_tun: entered allmulticast mode
[   60.650411][ T6613] syz_tun: left allmulticast mode
[   61.512691][ T6628] __nla_validate_parse: 6 callbacks suppressed
[   61.512702][ T6628] netlink: 16 bytes leftover after parsing attributes in process `syz.0.328'.
[   61.519542][ T6630] netlink: 104 bytes leftover after parsing attributes in process `syz.2.330'.
[   61.546719][ T6632] netlink: 8 bytes leftover after parsing attributes in process `syz.0.331'.
[   61.659958][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.337'.
[   61.797892][ T6660] netlink: 'syz.0.344': attribute type 1 has an invalid length.
[   61.800459][ T6660] netlink: 'syz.0.344': attribute type 1 has an invalid length.
[   61.802842][ T6660] netlink: 12 bytes leftover after parsing attributes in process `syz.0.344'.
[   61.807900][ T6660] block nbd0: shutting down sockets
[   61.896679][ T6674] RDS: rds_bind could not find a transport for ::ffff:172.30.1.1, load rds_tcp or rds_rdma?
[   62.051932][ T6693] netlink: 'syz.1.360': attribute type 13 has an invalid length.
[   62.169674][ T6701] netlink: 'syz.0.363': attribute type 1 has an invalid length.
[   62.380199][ T6720] netlink: 240 bytes leftover after parsing attributes in process `syz.1.373'.
[   62.648780][ T6754] netlink: 16 bytes leftover after parsing attributes in process `syz.1.389'.
[   62.716228][ T6760] tun0: tun_chr_ioctl cmd 2147767520
[   63.107599][ T6792] netlink: 'syz.2.405': attribute type 15 has an invalid length.
[   63.552340][ T6821] netlink: 248 bytes leftover after parsing attributes in process `syz.2.416'.
[   63.689088][ T6828] syzkaller0: entered promiscuous mode
[   63.690912][ T6828] syzkaller0: entered allmulticast mode
[   64.945537][ T6878] netlink: 8 bytes leftover after parsing attributes in process `syz.0.437'.
[   64.949701][ T6873] netlink: 'syz.1.435': attribute type 1 has an invalid length.
[   64.953098][ T6878] netlink: 'syz.0.437': attribute type 29 has an invalid length.
[   64.961906][ T6873] netlink: 24 bytes leftover after parsing attributes in process `syz.1.435'.
[   65.090952][ T6892] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   65.094506][ T6892] syzkaller0: entered promiscuous mode
[   65.096396][ T6892] syzkaller0: entered allmulticast mode
[   65.110601][ T6892] tipc: Resetting bearer <eth:syzkaller0>
[   65.124603][ T6891] tipc: Resetting bearer <eth:syzkaller0>
[   65.139019][ T6891] tipc: Disabling bearer <eth:syzkaller0>
[   65.387674][ T6926] batadv_slave_1: entered promiscuous mode
[   66.114049][ T5888] IPVS: starting estimator thread 0...
[   66.214587][ T6977] IPVS: using max 62 ests per chain, 148800 per kthread
[   66.296633][ T6987] ieee802154 phy0 wpan0: encryption failed: -22
[   66.511439][ T7018] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0
[   66.521143][ T7021] __nla_validate_parse: 4 callbacks suppressed
[   66.521154][ T7021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.499'.
[   66.681101][ T7041] netlink: 4 bytes leftover after parsing attributes in process `syz.2.507'.
[   66.721657][ T7047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.510'.
[   66.848854][ T7061] netlink: 4 bytes leftover after parsing attributes in process `syz.0.514'.
[   66.860444][ T7061] bridge_slave_1: left allmulticast mode
[   66.863604][ T7061] bridge_slave_1: left promiscuous mode
[   66.865567][ T7061] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.869689][ T7061] bridge_slave_0: left allmulticast mode
[   66.871418][ T7061] bridge_slave_0: left promiscuous mode
[   66.873611][ T7061] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.108023][ T7073] netlink: 16 bytes leftover after parsing attributes in process `syz.2.520'.
[   67.471062][ T7103] netlink: 'syz.2.534': attribute type 28 has an invalid length.
[   67.548451][ T7107] Bluetooth: hci1: Opcode 0x080f failed: -4
[   67.577857][ T7109] netlink: 'syz.2.537': attribute type 1 has an invalid length.
[   67.580444][ T7109] netlink: 'syz.2.537': attribute type 10 has an invalid length.
[   67.582949][ T7109] netlink: 236 bytes leftover after parsing attributes in process `syz.2.537'.
[   67.696116][ T7117] netlink: 32 bytes leftover after parsing attributes in process `syz.2.541'.
[   67.860904][ T7134] pim6reg0: tun_chr_ioctl cmd 2148553947
[   67.860945][ T7135] netlink: 16 bytes leftover after parsing attributes in process `syz.2.550'.
[   68.018244][ T7148] netlink: 'syz.0.557': attribute type 1 has an invalid length.
[   68.989717][ T7194] netlink: 36 bytes leftover after parsing attributes in process `syz.2.577'.
[   69.100121][ T7199] atomic_op ffff88803b17e198 conn xmit_atomic 0000000000000000
[   69.227263][ T7207] sctp: [Deprecated]: syz.1.583 (pid 7207) Use of int in maxseg socket option.
[   69.227263][ T7207] Use struct sctp_assoc_value instead
[   69.292257][ T7208] IPVS: wrr: FWM 3 0x00000003 - no destination available
[   69.325706][ T7212] netlink: 'syz.1.585': attribute type 1 has an invalid length.
[   69.328171][ T7212] netlink: 244 bytes leftover after parsing attributes in process `syz.1.585'.
[   69.338487][ T7208] lo speed is unknown, defaulting to 1000
[   69.604922][   T54] Bluetooth: hci1: command 0x080f tx timeout
[   69.622640][ T7229] Bluetooth: MGMT ver 1.23
[   69.964095][ T7258] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   70.413458][   T54] Bluetooth: hci2: command tx timeout
[   70.897439][ T1359] ieee802154 phy0 wpan0: encryption failed: -22
[   70.899435][ T1359] ieee802154 phy1 wpan1: encryption failed: -22
[   71.010715][ T7312] netlink: 'syz.2.629': attribute type 4 has an invalid length.
[   71.026800][ T5847] lo speed is unknown, defaulting to 1000
[   71.029137][ T5847] syz1: Port: 1 Link DOWN
[   71.031180][ T5847] lo speed is unknown, defaulting to 1000
[   71.301480][ T7321] netlink: 'syz.2.633': attribute type 4 has an invalid length.
[   72.054392][ T7382] veth1_to_team: entered allmulticast mode
[   72.076341][ T7384] __nla_validate_parse: 3 callbacks suppressed
[   72.076352][ T7384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.657'.
[   72.081381][ T7384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.657'.
[   72.239548][ T7398] lo speed is unknown, defaulting to 1000
[   72.900291][ T7455] syzkaller0: entered promiscuous mode
[   72.902123][ T7455] syzkaller0: entered allmulticast mode
[   74.882807][ T7482] netlink: 'syz.1.699': attribute type 1 has an invalid length.
[   74.887963][ T7482] netlink: 232 bytes leftover after parsing attributes in process `syz.1.699'.
[   75.017313][ T7494] macvtap0: entered allmulticast mode
[   75.469282][ T7531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.721'.
[   75.757769][ T7554] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   76.166116][ T7597] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.175464][ T7597] syzkaller0: entered promiscuous mode
[   76.177300][ T7597] syzkaller0: entered allmulticast mode
[   76.221809][ T7597] tipc: Resetting bearer <eth:syzkaller0>
[   76.225293][ T7595] tipc: Resetting bearer <eth:syzkaller0>
[   76.236965][ T7595] tipc: Disabling bearer <eth:syzkaller0>
[   76.349943][ T7618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'.
[   76.365303][ T7618] macvtap1: entered promiscuous mode
[   76.367006][ T7618] team0: entered promiscuous mode
[   76.368723][ T7618] macvtap1: entered allmulticast mode
[   76.370424][ T7618] team0: entered allmulticast mode
[   76.372399][ T7618] 8021q: adding VLAN 0 to HW filter on device macvtap1
[   76.396061][ T7618] team0: left allmulticast mode
[   76.397706][ T7618] team0: left promiscuous mode
[   76.474071][ T7628] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   76.477063][ T7628] syzkaller0: entered promiscuous mode
[   76.478917][ T7628] syzkaller0: entered allmulticast mode
[   76.492181][ T7628] tipc: Resetting bearer <eth:syzkaller0>
[   76.497653][ T7627] tipc: Resetting bearer <eth:syzkaller0>
[   76.510652][ T7627] tipc: Disabling bearer <eth:syzkaller0>
[   76.604217][ T7636] netlink: 'syz.0.768': attribute type 11 has an invalid length.
[   76.812749][ T7650] batadv_slave_0: entered promiscuous mode
[   76.816995][ T7650] batadv_slave_0: left promiscuous mode
[   76.875969][ T7654] netlink: 36 bytes leftover after parsing attributes in process `syz.0.776'.
[   77.127428][ T7670] lo speed is unknown, defaulting to 1000
[   77.215141][ T7679] netlink: 'syz.1.788': attribute type 1 has an invalid length.
[   77.657623][ T7715] netlink: 'syz.1.801': attribute type 1 has an invalid length.
[   77.660180][ T7715] netlink: 'syz.1.801': attribute type 4 has an invalid length.
[   77.662575][ T7715] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.801'.
[   77.812598][ T7729] netlink: 100 bytes leftover after parsing attributes in process `syz.1.808'.
[   77.999984][ T7749] syzkaller1: entered promiscuous mode
[   78.001733][ T7749] syzkaller1: entered allmulticast mode
[   78.006466][ T7749] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324
[   78.019478][ T7753] netlink: 'syz.0.820': attribute type 28 has an invalid length.
[   78.123431][ T5847] IPVS: starting estimator thread 0...
[   78.233394][ T7767] IPVS: using max 62 ests per chain, 148800 per kthread
[   78.391542][ T7787] netlink: 4 bytes leftover after parsing attributes in process `syz.2.834'.
[   78.612989][ T7803] netlink: 9286 bytes leftover after parsing attributes in process `syz.0.841'.
[   79.120029][ T7842] netlink: 32 bytes leftover after parsing attributes in process `syz.0.859'.
[   79.434907][ T7872] netlink: 40 bytes leftover after parsing attributes in process `syz.0.873'.
[   79.649305][   T33] audit: type=1800 audit(1753916394.092:2): pid=7890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.880" name="blkio.bfq.time_recursive" dev="tmpfs" ino=1632 res=0 errno=0
[   79.801110][ T7902] netlink: 44 bytes leftover after parsing attributes in process `syz.2.886'.
[   79.922835][ T7907] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.888'.
[   80.010578][ T7915] netlink: 'syz.2.891': attribute type 21 has an invalid length.
[   80.014389][ T7915] netlink: 'syz.2.891': attribute type 1 has an invalid length.
[   80.044749][ T7917] netlink: 'syz.2.893': attribute type 8 has an invalid length.
[   80.246002][ T7944] netlink: 12 bytes leftover after parsing attributes in process `syz.1.906'.
[   80.249486][ T7944] netlink: 12 bytes leftover after parsing attributes in process `syz.1.906'.
[   80.658409][ T7979] vlan2: entered promiscuous mode
[   80.660075][ T7979] bond0: entered promiscuous mode
[   80.662752][ T7979] bridge0: port 1(vlan2) entered blocking state
[   80.665840][ T7979] bridge0: port 1(vlan2) entered disabled state
[   80.668045][ T7979] vlan2: entered allmulticast mode
[   80.669753][ T7979] bond0: entered allmulticast mode
[   80.677027][ T7981] vxcan1: entered allmulticast mode
[   80.681009][ T7981] vxcan1: left allmulticast mode
[   80.779832][ T7981] raw_sendmsg: syz.1.924 forgot to set AF_INET. Fix it!
[   81.085448][ T8006] netlink: 'syz.2.936': attribute type 29 has an invalid length.
[   81.093075][ T8006] netlink: 'syz.2.936': attribute type 29 has an invalid length.
[   81.139195][   T24] cfg80211: failed to load regulatory.db
[   81.596453][ T8055] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[   81.630722][ T8061] netlink: 'syz.0.958': attribute type 11 has an invalid length.
[   81.637313][ T8061] netlink: 'syz.0.958': attribute type 4 has an invalid length.
[   82.136248][ T8114] netlink: 'syz.0.982': attribute type 1 has an invalid length.
[   82.234440][ T8128] tipc: Failed to remove unknown binding: 66,1,1/0:2488420013/2488420015
[   82.237996][ T8128] tipc: Failed to remove unknown binding: 66,1,1/0:2488420013/2488420015
[   82.240728][ T8128] tipc: Failed to remove unknown binding: 66,1,1/0:2488420013/2488420015
[   83.090906][ T8206] netlink: 'syz.1.1022': attribute type 10 has an invalid length.
[   83.381385][ T8222] __nla_validate_parse: 12 callbacks suppressed
[   83.381397][ T8222] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1030'.
[   83.738115][ T8194] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   83.802894][ T8264] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1048'.
[   83.813287][ T8264] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1048'.
[   84.092267][ T8306] netlink: 'syz.0.1070': attribute type 11 has an invalid length.
[   84.094816][ T8306] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1070'.
[   84.181128][ T8318] sctp: [Deprecated]: syz.1.1075 (pid 8318) Use of struct sctp_assoc_value in delayed_ack socket option.
[   84.181128][ T8318] Use struct sctp_sack_info instead
[   84.188493][ T8318] sctp: [Deprecated]: syz.1.1075 (pid 8318) Use of struct sctp_assoc_value in delayed_ack socket option.
[   84.188493][ T8318] Use struct sctp_sack_info instead
[   84.239240][ T8325] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   84.249457][ T8324] ip6tnl1: entered promiscuous mode
[   84.267794][ T8328] netlink: 440 bytes leftover after parsing attributes in process `syz.0.1081'.
[   84.335044][ T8339] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1085'.
[   84.338082][ T8339] netlink: 'syz.2.1085': attribute type 1 has an invalid length.
[   84.340625][ T8339] netlink: 'syz.2.1085': attribute type 2 has an invalid length.
[   84.343080][ T8339] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1085'.
[   84.963386][   T54] Bluetooth: hci0: command 0x0c1a tx timeout
[   85.201667][ T8371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1094'.
[   85.209516][ T8371] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   86.869713][ T8454] netlink: 'syz.2.1133': attribute type 62 has an invalid length.
[   87.162036][ T8477] lo speed is unknown, defaulting to 1000
[   87.294842][ T8492] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   87.297848][ T8492] syzkaller0: entered promiscuous mode
[   87.299776][ T8492] syzkaller0: entered allmulticast mode
[   87.306816][ T8492] syzkaller0: left promiscuous mode
[   87.308540][ T8492] syzkaller0: left allmulticast mode
[   87.324847][ T8492] tipc: Resetting bearer <eth:syzkaller0>
[   87.329031][ T8491] tipc: Resetting bearer <eth:syzkaller0>
[   87.343608][ T8491] tipc: Disabling bearer <eth:syzkaller0>
[   87.438661][ T8501] netlink: 'syz.2.1156': attribute type 1 has an invalid length.
[   87.441091][ T8501] netlink: 16166 bytes leftover after parsing attributes in process `syz.2.1156'.
[   87.456937][ T8499] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1155'.
[   87.460474][ T8499] netlink: 'syz.0.1155': attribute type 29 has an invalid length.
[   87.534551][ T8510] Driver unsupported XDP return value 0 on prog  (id 146) dev N/A, expect packet loss!
[   87.714162][ T8517] hsr_slave_1 (unregistering): left promiscuous mode
[   87.909138][ T8533] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[   88.061603][ T8552] netlink: 'syz.2.1179': attribute type 18 has an invalid length.
[   88.270933][ T8567] netlink: 'syz.0.1186': attribute type 7 has an invalid length.
[   88.332945][ T8573] netlink: 'syz.0.1189': attribute type 7 has an invalid length.
[   88.337264][ T8573] netlink: 'syz.0.1189': attribute type 8 has an invalid length.
[   88.339817][ T8573] netlink: 'syz.0.1189': attribute type 4 has an invalid length.
[   89.030291][ T8627] netlink: 'syz.1.1214': attribute type 1 has an invalid length.
[   89.117673][ T8637] __nla_validate_parse: 7 callbacks suppressed
[   89.117692][ T8637] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1218'.
[   89.191600][ T8643] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1222'.
[   89.635535][ T8678] openvswitch: netlink: IP tunnel dst address not specified
[   89.666835][ T8680] netlink: 'syz.2.1238': attribute type 3 has an invalid length.
[   89.738553][ T8692] bridge: RTM_NEWNEIGH with invalid state 0x1
[   89.952297][ T8710] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   89.956809][ T5847] IPVS: starting estimator thread 0...
[   90.054732][ T8718] IPVS: using max 62 ests per chain, 148800 per kthread
[   90.172583][ T8748] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   90.180044][ T8748] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1271'.
[   90.196575][ T8750] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1272'.
[   90.268911][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.271355][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.427027][ T8769] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1281'.
[   90.499667][ T8780] netlink: 276 bytes leftover after parsing attributes in process `syz.1.1286'.
[   90.563419][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   91.210280][ T8850] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   91.212990][ T8850] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   91.222676][ T8850] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[   91.258845][ T8856] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1321'.
[   91.297200][ T8860] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1323'.
[   91.303376][ T8860] netlink: 26 bytes leftover after parsing attributes in process `syz.2.1323'.
[   91.577647][ T8878] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1331'.
[   91.603444][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   92.087167][ T8899] syz.1.1340 (8899) used greatest stack depth: 20120 bytes left
[   92.643367][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   92.844150][ T8946] sctp: [Deprecated]: syz.1.1361 (pid 8946) Use of int in max_burst socket option deprecated.
[   92.844150][ T8946] Use struct sctp_assoc_value instead
[   92.846577][ T8948] unsupported nlmsg_type 40
[   93.211691][ T8988] nbd: illegal input index -1
[   93.217123][ T8986] lo speed is unknown, defaulting to 1000
[   93.396295][ T9003] validate_nla: 2 callbacks suppressed
[   93.396324][ T9003] netlink: 'syz.0.1389': attribute type 21 has an invalid length.
[   93.414435][ T9006] sock: sock_set_timeout: `syz.1.1390' (pid 9006) tries to set negative timeout
[   93.683471][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   94.162381][ T9081] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: invalid value (0)
[   94.167338][ T9081] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: allowed values 1 - 65535
[   94.252594][ T9087] __nla_validate_parse: 6 callbacks suppressed
[   94.252607][ T9087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1426'.
[   94.317934][ T9094] bridge2: entered allmulticast mode
[   94.376883][ T9101] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1432'.
[   94.522712][ T9121] blkio.reset_stats is deprecated
[   94.723368][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   95.759391][ T9176] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1467'.
[   95.763349][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   95.962646][ T9187] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1472'.
[   95.967643][ T9187] netlink: 'syz.0.1472': attribute type 12 has an invalid length.
[   95.971150][ T9187] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1472'.
[   95.974092][ T9187] netlink: 'syz.0.1472': attribute type 12 has an invalid length.
[   96.248001][ T9201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1478'.
[   96.466805][ T9215] syzkaller0: entered promiscuous mode
[   96.468617][ T9215] syzkaller0: entered allmulticast mode
[   96.806060][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   97.559531][ T9243] netlink: 'syz.2.1497': attribute type 10 has an invalid length.
[   97.566711][ T9243] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.1497'.
[   97.843404][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   97.974464][ T9292] syzkaller0: entered promiscuous mode
[   97.976314][ T9292] syzkaller0: entered allmulticast mode
[   98.149369][ T9312] netlink: 'syz.1.1528': attribute type 1 has an invalid length.
[   98.151787][ T9312] netlink: 'syz.1.1528': attribute type 3 has an invalid length.
[   98.155788][ T9312] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1528'.
[   98.158869][ T9312] NCSI netlink: No device for ifindex 246
[   98.720393][ T9362] syzkaller1: entered promiscuous mode
[   98.722169][ T9362] syzkaller1: entered allmulticast mode
[   98.872322][ T9377] netlink: 'syz.2.1557': attribute type 22 has an invalid length.
[   98.874297][ T9378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1558'.
[   98.878703][ T9378] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1558'.
[   98.883384][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   98.938242][ T9382] IPVS: Scheduler module ip_vs_ not found
[   99.114792][ T9405] openvswitch: netlink: Missing key (keys=40, expected=2000)
[   99.265948][ T9422] __nla_validate_parse: 2 callbacks suppressed
[   99.265967][ T9422] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1578'.
[   99.271840][ T9422] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1578'.
[   99.281144][ T9422] syz1: rxe_newlink: already configured on lo
[   99.300105][ T9422] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   99.306974][   T24] lo speed is unknown, defaulting to 1000
[   99.309211][   T24] syz1: Port: 1 Link ACTIVE
[   99.311093][   T24] lo speed is unknown, defaulting to 1000
[   99.507947][ T9438] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1587'.
[   99.553854][ T9442] bond0: option fail_over_mac: unable to set because the bond device has slaves
[   99.934394][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[   99.976638][ T9499] openvswitch: netlink: IP tunnel dst address not specified
[  100.012197][ T9503] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1618'.
[  100.035153][ T9503] openvswitch: netlink: nsh attribute has 1 unknown bytes.
[  100.039360][ T9503] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  100.049753][ T9508] netlink: 'syz.1.1620': attribute type 5 has an invalid length.
[  100.963365][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  101.086674][ T9563] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3
[  101.548898][ T9609] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1666'.
[  101.551805][ T9609] tipc: Started in network mode
[  101.554675][ T9609] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  101.557443][ T9609] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  101.562885][ T9609] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  101.988157][ T9650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1685'.
[  102.002491][ T9650] team1: entered promiscuous mode
[  102.004595][ T9650] team1: entered allmulticast mode
[  102.245175][ T9682] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1695'.
[  102.254349][ T9682] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1695'.
[  102.441775][ T9706] netlink: 'syz.2.1707': attribute type 11 has an invalid length.
[  102.495215][ T9713] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1709'.
[  102.676236][ T9734] tc_dump_action: action bad kind
[  102.694452][ T9732] lo speed is unknown, defaulting to 1000
[  102.720239][ T9736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1720'.
[  104.042907][ T9865] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge0, syncid = 0, id = 0
[  104.083366][    C0] net_ratelimit: 3 callbacks suppressed
[  104.083396][    C0] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  104.705852][ T9905] syzkaller1: entered promiscuous mode
[  104.707778][ T9905] syzkaller1: entered allmulticast mode
[  104.773083][ T9909] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  104.932747][ T9927] __nla_validate_parse: 2 callbacks suppressed
[  104.932762][ T9927] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1807'.
[  105.072062][ T9945] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  105.085634][ T9947] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1817'.
[  105.178950][ T9961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1824'.
[  105.181713][ T9961] veth1_macvtap: default FDB implementation only supports local addresses
[  105.364437][ T9982] netem: incorrect gi model size
[  105.366212][ T9982] netem: change failed
[  105.645022][T10007] netlink: 153 bytes leftover after parsing attributes in process `syz.2.1845'.
[  105.656274][T10009] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1846'.
[  105.695088][T10009] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1846'.
[  105.745263][T10011] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1847'.
[  105.901054][T10021] netlink: 'syz.0.1852': attribute type 1 has an invalid length.
[  105.904527][T10021] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1852'.
[  105.926666][ T5828] Bluetooth: hci2: command 0x0405 tx timeout
[  105.967969][T10022] veth0: entered promiscuous mode
[  105.970624][T10022] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1850'.
[  106.495348][T10052] netlink: 'syz.1.1865': attribute type 7 has an invalid length.
[  106.498090][T10052] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1865'.
[  106.894968][T10070] lo speed is unknown, defaulting to 1000
[  106.939922][T10075] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  107.362517][T10101] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.391734][T10101] bond0: (slave rose0): Enslaving as an active interface with an up link
[  108.819937][T10215] netlink: 'syz.2.1922': attribute type 1 has an invalid length.
[  108.838421][T10217] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  109.331246][T10277] netlink: 'syz.0.1952': attribute type 15 has an invalid length.
[  109.576151][T10306] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8
[  109.760307][T10326] syzkaller1: entered promiscuous mode
[  109.762113][T10326] syzkaller1: entered allmulticast mode
[  109.801818][T10330] openvswitch: netlink: IPv4 frag type 255 is out of range max 2
[  109.841037][T10332] netlink: 'syz.0.1978': attribute type 26 has an invalid length.
[  110.434950][T10398] __nla_validate_parse: 20 callbacks suppressed
[  110.434963][T10398] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2005'.
[  110.439830][T10398] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2005'.
[  111.017247][T10464] netlink: 'syz.2.2038': attribute type 1 has an invalid length.
[  111.330958][T10501] lo speed is unknown, defaulting to 1000
[  111.380000][T10514] netlink: 'syz.1.2061': attribute type 1 has an invalid length.
[  111.431263][T10519] xfrm1: entered allmulticast mode
[  111.703084][T10543] netlink: 'syz.0.2072': attribute type 1 has an invalid length.
[  111.709435][T10543] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2072'.
[  112.447134][T10596] smc: ib device syz1 ibport 1 applied user defined pnetid SYZ1
[  112.456186][T10597] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2094'.
[  112.465506][T10597] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  112.807489][T10625] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2108'.
[  112.810296][T10625] netlink: 'syz.1.2108': attribute type 1 has an invalid length.
[  112.925832][T10636] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2114'.
[  112.965893][T10639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2116'.
[  113.081363][T10650] netlink: 'syz.1.2120': attribute type 1 has an invalid length.
[  113.121526][T10650] bond1: (slave bridge3): making interface the new active one
[  113.133230][T10650] bond1: (slave bridge3): Enslaving as an active interface with an up link
[  113.135976][T10656] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2123'.
[  113.326447][T10671] syzkaller0: entered promiscuous mode
[  113.328373][T10671] syzkaller0: entered allmulticast mode
[  114.376639][T10687] netlink: 'syz.2.2136': attribute type 11 has an invalid length.
[  114.446116][T10693] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2139'.
[  114.570900][T10705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'.
[  114.786939][T10733] netlink: 'syz.2.2159': attribute type 29 has an invalid length.
[  115.202948][T10769] netlink: 'syz.2.2172': attribute type 1 has an invalid length.
[  115.487245][T10801] __nla_validate_parse: 3 callbacks suppressed
[  115.487257][T10801] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2188'.
[  115.590358][T10811] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2193'.
[  115.969865][T10853] netlink: 71 bytes leftover after parsing attributes in process `syz.1.2211'.
[  116.109456][T10864] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2216'.
[  116.112520][T10864] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2216'.
[  117.129129][T10903] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2231'.
[  117.143578][T10903] netlink: 176 bytes leftover after parsing attributes in process `syz.1.2231'.
[  117.320779][T10915] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2235'.
[  117.358676][T10917] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2238'.
[  117.626509][T10939] netlink: 'syz.2.2248': attribute type 3 has an invalid length.
[  117.727708][T10955] netlink: 160 bytes leftover after parsing attributes in process `syz.0.2255'.
[  117.745151][T10952] lo speed is unknown, defaulting to 1000
[  117.841815][T10962] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  118.006317][T10973] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  118.008916][T10973] syzkaller0: entered promiscuous mode
[  118.010721][T10973] syzkaller0: entered allmulticast mode
[  118.038623][T10973] tipc: Resetting bearer <eth:syzkaller0>
[  118.054349][T10971] tipc: Resetting bearer <eth:syzkaller0>
[  118.070553][T10971] tipc: Disabling bearer <eth:syzkaller0>
[  118.342780][T11002] syzkaller0: entered promiscuous mode
[  118.344813][T11002] syzkaller0: entered allmulticast mode
[  118.554029][T11009] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[  119.620948][T11056] delete_channel: no stack
[  120.070524][T11101] netlink: 'syz.0.2315': attribute type 7 has an invalid length.
[  120.074651][T11102] trusted_key: syz.2.2316 sent an empty control message without MSG_MORE.
[  120.859531][T11172] batadv_slave_1: entered promiscuous mode
[  120.862383][T11171] batadv_slave_1: left promiscuous mode
[  121.535198][T11207] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  121.548128][T11212] netlink: 'syz.0.2361': attribute type 4 has an invalid length.
[  121.558387][T11212] netlink: 'syz.0.2361': attribute type 4 has an invalid length.
[  121.756358][T11231] __nla_validate_parse: 3 callbacks suppressed
[  121.756372][T11231] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2370'.
[  121.764602][T11231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2370'.
[  122.040801][T11256] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2382'.
[  122.169074][T11266] netlink: 'syz.0.2387': attribute type 1 has an invalid length.
[  122.171613][T11266] netlink: 600 bytes leftover after parsing attributes in process `syz.0.2387'.
[  122.220297][T11268] netlink: 'syz.0.2388': attribute type 21 has an invalid length.
[  122.223729][T11268] netlink: 'syz.0.2388': attribute type 22 has an invalid length.
[  122.227086][T11268] netlink: 'syz.0.2388': attribute type 23 has an invalid length.
[  122.230227][T11268] netlink: 136 bytes leftover after parsing attributes in process `syz.0.2388'.
[  122.317588][T11270] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2389'.
[  122.846049][T11307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2406'.
[  122.849026][T11307] netlink: 'syz.2.2406': attribute type 15 has an invalid length.
[  122.851986][T11307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2406'.
[  122.856548][T11307] netlink: 'syz.2.2406': attribute type 15 has an invalid length.
[  122.967633][T11322] netlink: 732 bytes leftover after parsing attributes in process `syz.1.2414'.
[  122.970677][T11322] netlink: 732 bytes leftover after parsing attributes in process `syz.1.2414'.
[  123.228865][T11348] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  123.239562][T11348] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  123.269766][T11353] bridge0: entered allmulticast mode
[  123.271926][T11353] bridge_slave_1: left allmulticast mode
[  123.275683][T11353] bridge_slave_1: left promiscuous mode
[  123.277756][T11353] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.281998][T11353] bridge_slave_0: left allmulticast mode
[  123.284484][T11353] bridge_slave_0: left promiscuous mode
[  123.286291][T11353] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.300031][T11353] bridge0 (unregistering): left allmulticast mode
[  123.900182][T11394] tun0: tun_chr_ioctl cmd 2147767520
[  124.247762][   T54] Bluetooth: hci2: link tx timeout
[  124.249705][   T54] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  124.252743][   T54] Bluetooth: hci2: link tx timeout
[  124.254919][   T54] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  124.336816][T11435] netlink: 'syz.1.2467': attribute type 39 has an invalid length.
[  125.188177][T11489] netlink: 'syz.2.2493': attribute type 1 has an invalid length.
[  125.326851][T11502] bond0: option mode: unable to set because the bond device has slaves
[  125.476683][T11512] syzkaller1: entered promiscuous mode
[  125.478476][T11512] syzkaller1: entered allmulticast mode
[  125.747475][T11528] netlink: 'syz.0.2512': attribute type 9 has an invalid length.
[  125.771786][T11530] netlink: 'syz.1.2513': attribute type 1 has an invalid length.
[  125.992411][T11547] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  126.051955][T11553] netlink: 'syz.0.2522': attribute type 4 has an invalid length.
[  126.069053][T11553] netlink: 'syz.0.2522': attribute type 4 has an invalid length.
[  126.207850][T11566] netlink: 'syz.1.2528': attribute type 1 has an invalid length.
[  126.250463][T11566] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  126.269034][T11566] veth3: entered promiscuous mode
[  126.280174][T11566] bond2: (slave veth3): Enslaving as a backup interface with a down link
[  126.287084][   T13] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  126.292117][T11566] 8021q: adding VLAN 0 to HW filter on device bond2
[  126.313579][T11574] ieee802154 phy0 wpan0: encryption failed: -22
[  126.323744][   T54] Bluetooth: hci2: command 0x0405 tx timeout
[  126.388073][T11584] openvswitch: netlink: Key type 30 is not supported
[  126.406819][   T13] bond2: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  126.465013][T11590] xt_socket: unknown flags 0xfc
[  126.496310][T11596] ==================================================================
[  126.498707][T11596] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  126.501038][T11596] Read of size 2 at addr ffff8880282e1c42 by task syz.2.2542/11596
[  126.504304][T11596] 
[  126.505268][T11596] CPU: 0 UID: 0 PID: 11596 Comm: syz.2.2542 Not tainted 6.16.0-rc7-syzkaller-01993-ge3f96b3556e4-dirty #0 PREEMPT(full) 
[  126.505283][T11596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  126.505290][T11596] Call Trace:
[  126.505296][T11596]  <TASK>
[  126.505303][T11596]  dump_stack_lvl+0x189/0x250
[  126.505327][T11596]  ? __kasan_check_byte+0x12/0x40
[  126.505342][T11596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.505351][T11596]  ? lock_release+0x4b/0x3e0
[  126.505361][T11596]  ? __virt_addr_valid+0x4a5/0x5c0
[  126.505374][T11596]  print_report+0xca/0x230
[  126.505389][T11596]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  126.505399][T11596]  kasan_report+0x118/0x150
[  126.505410][T11596]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  126.505420][T11596]  __xfrm_state_lookup+0x6ad/0x8d0
[  126.505431][T11596]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  126.505442][T11596]  ? xfrm_state_lookup+0x45/0x1e0
[  126.505452][T11596]  xfrm_state_lookup+0x11e/0x1e0
[  126.505463][T11596]  xfrm_user_state_lookup+0x231/0x370
[  126.505476][T11596]  ? __pfx_xfrm_user_state_lookup+0x10/0x10
[  126.505487][T11596]  ? aa_get_newest_label+0xf7/0x5d0
[  126.505495][T11596]  ? __pfx_aa_get_newest_label+0x10/0x10
[  126.505504][T11596]  xfrm_del_sa+0xf1/0x3e0
[  126.505513][T11596]  ? rcu_is_watching+0x15/0xb0
[  126.505523][T11596]  ? __pfx_xfrm_del_sa+0x10/0x10
[  126.505532][T11596]  ? apparmor_capable+0x137/0x1b0
[  126.505543][T11596]  ? __nla_parse+0x40/0x60
[  126.505554][T11596]  xfrm_user_rcv_msg+0x7a3/0xab0
[  126.505565][T11596]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  126.505581][T11596]  ? __mutex_trylock_common+0x153/0x260
[  126.505591][T11596]  ? __pfx___mutex_trylock_common+0x10/0x10
[  126.505601][T11596]  ? rcu_is_watching+0x15/0xb0
[  126.505609][T11596]  ? trace_contention_end+0x39/0x120
[  126.505644][T11596]  netlink_rcv_skb+0x208/0x470
[  126.505654][T11596]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  126.505666][T11596]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  126.505677][T11596]  ? netlink_deliver_tap+0x2e/0x1b0
[  126.505686][T11596]  ? netlink_deliver_tap+0x2e/0x1b0
[  126.505696][T11596]  xfrm_netlink_rcv+0x79/0x90
[  126.505706][T11596]  netlink_unicast+0x82f/0x9e0
[  126.505720][T11596]  ? __pfx_netlink_unicast+0x10/0x10
[  126.505731][T11596]  ? netlink_sendmsg+0x642/0xb30
[  126.505738][T11596]  ? skb_put+0x11b/0x210
[  126.505750][T11596]  netlink_sendmsg+0x805/0xb30
[  126.505759][T11596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  126.505769][T11596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  126.505776][T11596]  __sock_sendmsg+0x21c/0x270
[  126.505789][T11596]  ____sys_sendmsg+0x505/0x830
[  126.505799][T11596]  ? __pfx_____sys_sendmsg+0x10/0x10
[  126.505812][T11596]  ? import_iovec+0x74/0xa0
[  126.505824][T11596]  ___sys_sendmsg+0x21f/0x2a0
[  126.505833][T11596]  ? __pfx____sys_sendmsg+0x10/0x10
[  126.505849][T11596]  ? __fget_files+0x2a/0x420
[  126.505860][T11596]  ? __fget_files+0x3a0/0x420
[  126.505872][T11596]  __x64_sys_sendmsg+0x19b/0x260
[  126.505882][T11596]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  126.505893][T11596]  ? rcu_is_watching+0x15/0xb0
[  126.505902][T11596]  ? do_syscall_64+0xbe/0x3b0
[  126.505911][T11596]  do_syscall_64+0xfa/0x3b0
[  126.505919][T11596]  ? lockdep_hardirqs_on+0x9c/0x150
[  126.505926][T11596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.505934][T11596]  ? exc_page_fault+0x9f/0xf0
[  126.505949][T11596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.505958][T11596] RIP: 0033:0x7f8d6458e9a9
[  126.505975][T11596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.505984][T11596] RSP: 002b:00007f8d65383038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  126.505996][T11596] RAX: ffffffffffffffda RBX: 00007f8d647b5fa0 RCX: 00007f8d6458e9a9
[  126.506003][T11596] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  126.506009][T11596] RBP: 00007f8d64610d69 R08: 0000000000000000 R09: 0000000000000000
[  126.506014][T11596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  126.506020][T11596] R13: 0000000000000000 R14: 00007f8d647b5fa0 R15: 00007ffe1e13a638
[  126.506030][T11596]  </TASK>
[  126.506033][T11596] 
[  126.624754][T11596] Allocated by task 11375:
[  126.626130][T11596]  kasan_save_track+0x3e/0x80
[  126.627515][T11596]  __kasan_slab_alloc+0x6c/0x80
[  126.628980][T11596]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  126.630562][T11596]  xfrm_state_alloc+0x24/0x2f0
[  126.632001][T11596]  pfkey_add+0x6e4/0x2e00
[  126.633276][T11596]  pfkey_sendmsg+0xbfe/0x1090
[  126.634665][T11596]  __sock_sendmsg+0x21c/0x270
[  126.636062][T11596]  ____sys_sendmsg+0x505/0x830
[  126.637458][T11596]  ___sys_sendmsg+0x21f/0x2a0
[  126.638892][T11596]  __x64_sys_sendmsg+0x19b/0x260
[  126.640427][T11596]  do_syscall_64+0xfa/0x3b0
[  126.641815][T11596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.643535][T11596] 
[  126.644242][T11596] Freed by task 9:
[  126.645355][T11596]  kasan_save_track+0x3e/0x80
[  126.646751][T11596]  kasan_save_free_info+0x46/0x50
[  126.648235][T11596]  __kasan_slab_free+0x62/0x70
[  126.649658][T11596]  kmem_cache_free+0x18f/0x400
[  126.651054][T11596]  xfrm_state_gc_task+0x518/0x6a0
[  126.652560][T11596]  process_scheduled_works+0xae1/0x17b0
[  126.654164][T11596]  worker_thread+0x8a0/0xda0
[  126.655510][T11596]  kthread+0x711/0x8a0
[  126.656727][T11596]  ret_from_fork+0x3fc/0x770
[  126.658088][T11596]  ret_from_fork_asm+0x1a/0x30
[  126.659495][T11596] 
[  126.660215][T11596] The buggy address belongs to the object at ffff8880282e1b00
[  126.660215][T11596]  which belongs to the cache xfrm_state of size 928
[  126.664156][T11596] The buggy address is located 322 bytes inside of
[  126.664156][T11596]  freed 928-byte region [ffff8880282e1b00, ffff8880282e1ea0)
[  126.668088][T11596] 
[  126.668795][T11596] The buggy address belongs to the physical page:
[  126.670676][T11596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880282e2880 pfn:0x282e0
[  126.673592][T11596] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  126.676077][T11596] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  126.678279][T11596] page_type: f5(slab)
[  126.679452][T11596] raw: 00fff00000000040 ffff888104a54780 dead000000000122 0000000000000000
[  126.681959][T11596] raw: ffff8880282e2880 00000000800e000a 00000000f5000000 0000000000000000
[  126.684447][T11596] head: 00fff00000000040 ffff888104a54780 dead000000000122 0000000000000000
[  126.686999][T11596] head: ffff8880282e2880 00000000800e000a 00000000f5000000 0000000000000000
[  126.689485][T11596] head: 00fff00000000002 ffffea0000a0b801 00000000ffffffff 00000000ffffffff
[  126.691998][T11596] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  126.694452][T11596] page dumped because: kasan: bad access detected
[  126.696336][T11596] page_owner tracks the page as allocated
[  126.698000][T11596] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6054, tgid 6052 (syz.2.69), ts 52543036251, free_ts 52268446592
[  126.703377][T11596]  post_alloc_hook+0x240/0x2a0
[  126.704787][T11596]  get_page_from_freelist+0x21e4/0x22c0
[  126.706439][T11596]  __alloc_frozen_pages_noprof+0x181/0x370
[  126.708225][T11596]  alloc_pages_mpol+0x232/0x4a0
[  126.709700][T11596]  allocate_slab+0x8a/0x3b0
[  126.711046][T11596]  ___slab_alloc+0xbfc/0x1480
[  126.712447][T11596]  kmem_cache_alloc_noprof+0x283/0x3c0
[  126.714021][T11596]  xfrm_state_alloc+0x24/0x2f0
[  126.715441][T11596]  xfrm_state_find+0x37d4/0x5400
[  126.716919][T11596]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  126.718711][T11596]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  126.720301][T11596]  xfrm_lookup_route+0x3c/0x1c0
[  126.721777][T11596]  __ip4_datagram_connect+0x9a5/0x1270
[  126.723387][T11596]  __ip6_datagram_connect+0x9f0/0x1150
[  126.724984][T11596]  ip6_datagram_connect_v6_only+0x63/0xa0
[  126.726623][T11596]  __sys_connect+0x316/0x440
[  126.727962][T11596] page last free pid 5275 tgid 5275 stack trace:
[  126.729852][T11596]  __free_frozen_pages+0xc71/0xe70
[  126.731372][T11596]  __put_partials+0x161/0x1c0
[  126.732804][T11596]  put_cpu_partial+0x17c/0x250
[  126.734362][T11596]  __slab_free+0x2f7/0x400
[  126.735697][T11596]  qlist_free_all+0x97/0x140
[  126.737058][T11596]  kasan_quarantine_reduce+0x148/0x160
[  126.738659][T11596]  __kasan_slab_alloc+0x22/0x80
[  126.740187][T11596]  __kvmalloc_node_noprof+0x2b0/0x5f0
[  126.741798][T11596]  seq_read_iter+0x1fd/0xe10
[  126.743183][T11596]  vfs_read+0x4d0/0x980
[  126.744422][T11596]  ksys_read+0x145/0x250
[  126.745698][T11596]  do_syscall_64+0xfa/0x3b0
[  126.747070][T11596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.748834][T11596] 
[  126.749562][T11596] Memory state around the buggy address:
[  126.751228][T11596]  ffff8880282e1b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  126.753541][T11596]  ffff8880282e1b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  126.755905][T11596] >ffff8880282e1c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  126.758328][T11596]                                            ^
[  126.760165][T11596]  ffff8880282e1c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  126.762480][T11596]  ffff8880282e1d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  126.764831][T11596] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  126.840842][T11596] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  126.843045][T11596] CPU: 0 UID: 0 PID: 11596 Comm: syz.2.2542 Not tainted 6.16.0-rc7-syzkaller-01993-ge3f96b3556e4-dirty #0 PREEMPT(full) 
[  126.846745][T11596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  126.849737][T11596] Call Trace:
[  126.850745][T11596]  <TASK>
[  126.851646][T11596]  dump_stack_lvl+0x99/0x250
[  126.853042][T11596]  ? __asan_memcpy+0x40/0x70
[  126.854478][T11596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.856081][T11596]  ? __pfx__printk+0x10/0x10
[  126.857473][T11596]  panic+0x2db/0x790
[  126.858855][T11596]  ? __pfx_panic+0x10/0x10
[  126.860305][T11596]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  126.862080][T11596]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  126.864039][T11596]  ? print_memory_metadata+0x314/0x400
[  126.865669][T11596]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  126.867234][T11596]  check_panic_on_warn+0x89/0xb0
[  126.868760][T11596]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  126.870336][T11596]  end_report+0x78/0x160
[  126.871630][T11596]  kasan_report+0x129/0x150
[  126.873009][T11596]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  126.874690][T11596]  __xfrm_state_lookup+0x6ad/0x8d0
[  126.876252][T11596]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  126.877915][T11596]  ? xfrm_state_lookup+0x45/0x1e0
[  126.879431][T11596]  xfrm_state_lookup+0x11e/0x1e0
[  126.880964][T11596]  xfrm_user_state_lookup+0x231/0x370
[  126.882562][T11596]  ? __pfx_xfrm_user_state_lookup+0x10/0x10
[  126.884292][T11596]  ? aa_get_newest_label+0xf7/0x5d0
[  126.885825][T11596]  ? __pfx_aa_get_newest_label+0x10/0x10
[  126.887449][T11596]  xfrm_del_sa+0xf1/0x3e0
[  126.888771][T11596]  ? rcu_is_watching+0x15/0xb0
[  126.890228][T11596]  ? __pfx_xfrm_del_sa+0x10/0x10
[  126.891726][T11596]  ? apparmor_capable+0x137/0x1b0
[  126.893261][T11596]  ? __nla_parse+0x40/0x60
[  126.894578][T11596]  xfrm_user_rcv_msg+0x7a3/0xab0
[  126.896083][T11596]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  126.897715][T11596]  ? __mutex_trylock_common+0x153/0x260
[  126.899352][T11596]  ? __pfx___mutex_trylock_common+0x10/0x10
[  126.901106][T11596]  ? rcu_is_watching+0x15/0xb0
[  126.902569][T11596]  ? trace_contention_end+0x39/0x120
[  126.904144][T11596]  netlink_rcv_skb+0x208/0x470
[  126.905555][T11596]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  126.907158][T11596]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  126.908717][T11596]  ? netlink_deliver_tap+0x2e/0x1b0
[  126.910289][T11596]  ? netlink_deliver_tap+0x2e/0x1b0
[  126.911919][T11596]  xfrm_netlink_rcv+0x79/0x90
[  126.913379][T11596]  netlink_unicast+0x82f/0x9e0
[  126.914842][T11596]  ? __pfx_netlink_unicast+0x10/0x10
[  126.916404][T11596]  ? netlink_sendmsg+0x642/0xb30
[  126.917878][T11596]  ? skb_put+0x11b/0x210
[  126.919181][T11596]  netlink_sendmsg+0x805/0xb30
[  126.920604][T11596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  126.922342][T11596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  126.924016][T11596]  __sock_sendmsg+0x21c/0x270
[  126.925688][T11596]  ____sys_sendmsg+0x505/0x830
[  126.927217][T11596]  ? __pfx_____sys_sendmsg+0x10/0x10
[  126.928784][T11596]  ? import_iovec+0x74/0xa0
[  126.930129][T11596]  ___sys_sendmsg+0x21f/0x2a0
[  126.931576][T11596]  ? __pfx____sys_sendmsg+0x10/0x10
[  126.933301][T11596]  ? __fget_files+0x2a/0x420
[  126.934959][T11596]  ? __fget_files+0x3a0/0x420
[  126.936493][T11596]  __x64_sys_sendmsg+0x19b/0x260
[  126.938159][T11596]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  126.939849][T11596]  ? rcu_is_watching+0x15/0xb0
[  126.941483][T11596]  ? do_syscall_64+0xbe/0x3b0
[  126.943085][T11596]  do_syscall_64+0xfa/0x3b0
[  126.944728][T11596]  ? lockdep_hardirqs_on+0x9c/0x150
[  126.946661][T11596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.948863][T11596]  ? exc_page_fault+0x9f/0xf0
[  126.950337][T11596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.952191][T11596] RIP: 0033:0x7f8d6458e9a9
[  126.953524][T11596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.959569][T11596] RSP: 002b:00007f8d65383038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  126.962697][T11596] RAX: ffffffffffffffda RBX: 00007f8d647b5fa0 RCX: 00007f8d6458e9a9
[  126.965215][T11596] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  126.967914][T11596] RBP: 00007f8d64610d69 R08: 0000000000000000 R09: 0000000000000000
[  126.970774][T11596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  126.973746][T11596] R13: 0000000000000000 R14: 00007f8d647b5fa0 R15: 00007ffe1e13a638
[  126.976737][T11596]  </TASK>
[  126.978570][T11596] Kernel Offset: disabled
[  126.980150][T11596] Rebooting in 86400 seconds..

VM DIAGNOSIS:
23:00:41  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000074 RBX=0000000000000074 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000012e0 RDI=00000000000012e1 RBP=00000000000003f8 RSP=ffffc900073b6970
R8 =ffff888108128237 R9 =1ffff11021025046 R10=dffffc0000000000 R11=ffffffff85464660
R12=dffffc0000000000 R13=ffffffff99af18c3 R14=ffffffff99df64c0 R15=0000000000000000
RIP=ffffffff854646dc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f8d653836c0 ffffffff 00c00000
GS =0000 ffff8880b8623000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005555604875c8 CR3=000000003ae4a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f8d64786478 00007f8d64786450 XMM03=00007f8d64786488 00007f8d64786480
XMM04=00007f8d652ed100 00007f8d64786440 XMM05=00007f8d64786458 00007f8d647864a0
XMM06=00007f8d64786498 00007f8d64786490 XMM07=00007f8d64786488 00007f8d64786480
XMM08=0000000000000000 00007f8d64611de3 XMM09=0000000000000000 00007f8d64611ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81b4be10 RBX=ffff88813663b180 RCX=ffff8881000fb980 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc9000060f800 RSP=ffffc9000060f6a0
R8 =ffffffff8fa1f6f7 R9 =1ffffffff1f43ede R10=dffffc0000000000 R11=fffffbfff1f43edf
R12=1ffff1100960837d R13=dffffc0000000000 R14=0000000000000000 R15=ffff88804b041be8
RIP=ffffffff81b4bdf9 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c23000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000180 CR3=000000000df38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=000000000000001b 00000000010000e0
XMM02=00000009003b8086 17b46f25139b8291 XMM03=35075c0015000c00 ff000ad504000000
XMM04=00007f8d652ed100 00007f8d64786440 XMM05=00007f8d64786458 00007f8d647864a0
XMM06=00007f8d64786498 00007f8d64786490 XMM07=00007f8d64786488 00007f8d64786480
XMM08=0000000000000000 00007f8d64611de3 XMM09=0000000000000000 00007f8d64611ec1
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
