last executing test programs: 1.295798555s ago: executing program 1 (id=245): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, 0x0, 0x0) 1.132739568s ago: executing program 3 (id=247): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000940)={0x20, 0x13, 0xa, 0x503, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x200000c0}, 0x4004) socket$nl_route(0x10, 0x3, 0x0) unshare(0x2040400) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r1, 0x0, 0x0}, 0x20) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, &(0x7f0000000080)) r2 = socket(0x2b, 0x80801, 0x1) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e23, 0x3ff, @empty, 0xfffffffe}, 0x1c) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000004c0), 0xf02, 0xf0, 0x0) ppoll(&(0x7f0000001c40)=[{r2, 0x8002}], 0x1, 0x0, 0x0, 0x0) 1.131706358s ago: executing program 2 (id=256): sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x50, 0x0, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xffffffff}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0x2000000}}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0xfe}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x50}, 0x4, 0x700000000000000}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32=r3], 0x50}, 0x4, 0x700000000000000}, 0x0) 1.03557288s ago: executing program 1 (id=248): sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0xf, 0x5, 0x7, 0xc1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20) 899.857882ms ago: executing program 1 (id=249): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000003300)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000a00)=""/16}, {&(0x7f0000002180)=""/4096}, {&(0x7f0000000a40)=""/248}, {&(0x7f0000000b40)=""/190}], 0x0, &(0x7f0000000c40)=""/114}, 0x800}, {{&(0x7f0000000cc0)=@vsock={0x28, 0x0, 0x0, @local}, 0x0, &(0x7f00000032c0)=[{&(0x7f0000000d40)=""/189}, {&(0x7f0000003180)=""/176}, {&(0x7f0000003240)=""/90}]}, 0x2}], 0xf00, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000000)=0x400000d2, 0x4) shutdown(r1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) 899.773993ms ago: executing program 2 (id=251): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0) r2 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f00000000c0)={'b', ' *:* ', 'r\x00'}, 0x8) 898.929912ms ago: executing program 0 (id=259): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000400)={r2, @in6={{0xa, 0x4e20, 0xffffffff, @private2, 0xffffffff}}, 0x0, 0xffff}, 0x90) 781.319075ms ago: executing program 2 (id=252): r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x6c}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {}, {}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000300)={0x2, 0x4, 0x0, 0x9, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0xe, @in6={0xa, 0x4e20, 0xe3d, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x31, 0x0, 0x0, @in6={0xa, 0x4e20, 0x3ff, @remote, 0x4}}]}, 0x70}}, 0x4) 781.219515ms ago: executing program 3 (id=253): r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}}, 0x24}}, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) 728.968716ms ago: executing program 0 (id=254): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) 592.452398ms ago: executing program 3 (id=255): socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRES64=0x0, @ANYBLOB="ed"], 0x20) 591.771618ms ago: executing program 2 (id=257): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000001340)=@base={0xb, 0x8, 0x2, 0x9, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x35, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) socket$packet(0x11, 0x3, 0x300) 558.262829ms ago: executing program 0 (id=258): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r0, 0x0, 0x0) 511.24781ms ago: executing program 1 (id=260): socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) socket(0x10, 0x80002, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 387.565412ms ago: executing program 3 (id=261): sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x1, 0xf, 0x5, 0x7, 0xc1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, 0x0, &(0x7f0000000100), 0x3f, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000340), &(0x7f00000004c0)=""/192}, 0x20) 387.455532ms ago: executing program 2 (id=262): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0) r2 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f00000000c0)={'b', ' *:* ', 'r\x00'}, 0x8) 365.921323ms ago: executing program 0 (id=263): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x3ff, @empty, 0xfffffffe}, 0x1c) ppoll(&(0x7f0000001c40)=[{r0, 0x8002}], 0x1, 0x0, 0x0, 0x0) 282.575305ms ago: executing program 3 (id=264): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000400)={r2, @in6={{0xa, 0x4e20, 0xffffffff, @private2, 0xffffffff}}, 0x0, 0xffff}, 0x90) 194.189226ms ago: executing program 0 (id=265): r0 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}}, 0x24}}, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000), 0x8) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8) 194.072886ms ago: executing program 2 (id=266): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback={0xff00000000000000}, 0x10000}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="00ff00", 'bond0\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}}], 0x3e8, 0x0) 193.497816ms ago: executing program 1 (id=267): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0xfff, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) 59.720629ms ago: executing program 3 (id=268): r0 = socket$key(0xf, 0x3, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000300)={0x2, 0x4, 0x0, 0x9, 0xe, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0xe, @in6={0xa, 0x4e20, 0xe3d, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x31, 0x0, 0x0, @in6={0xa, 0x4e20, 0x3ff, @remote, 0x4}}]}, 0x70}}, 0x4) 916.29µs ago: executing program 0 (id=269): socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6(0xa, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20) 0s ago: executing program 1 (id=270): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00'}, 0x94) r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r0, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0x4c}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.111' (ED25519) to the list of known hosts. [ 80.658580][ T5776] cgroup: Unknown subsys name 'net' [ 80.794911][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.540569][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.245018][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.256474][ T5789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.264702][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.273306][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.281222][ T5789] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.288722][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.381376][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.390859][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.399479][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.407299][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.416639][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.424934][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.433310][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.438785][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.441784][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.456105][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.456140][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 84.471054][ T5799] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.471401][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.479867][ T5799] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.496942][ T5793] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.504490][ T5793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.511964][ T5789] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.520855][ T5789] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.845985][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 84.992124][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 85.073237][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.082083][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.090267][ T5785] bridge_slave_0: entered allmulticast mode [ 85.097747][ T5785] bridge_slave_0: entered promiscuous mode [ 85.113679][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.120928][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.128286][ T5785] bridge_slave_1: entered allmulticast mode [ 85.135741][ T5785] bridge_slave_1: entered promiscuous mode [ 85.281743][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.295954][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 85.320791][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.376033][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.383255][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.394595][ T5792] bridge_slave_0: entered allmulticast mode [ 85.402050][ T5792] bridge_slave_0: entered promiscuous mode [ 85.410794][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.418516][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.426096][ T5792] bridge_slave_1: entered allmulticast mode [ 85.433588][ T5792] bridge_slave_1: entered promiscuous mode [ 85.446290][ T5785] team0: Port device team_slave_0 added [ 85.484604][ T5785] team0: Port device team_slave_1 added [ 85.540955][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.550293][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 85.563721][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.570786][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.596869][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.615327][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.641875][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.648971][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.675049][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.729560][ T5792] team0: Port device team_slave_0 added [ 85.738565][ T5792] team0: Port device team_slave_1 added [ 85.809445][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.816950][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.824361][ T5790] bridge_slave_0: entered allmulticast mode [ 85.832454][ T5790] bridge_slave_0: entered promiscuous mode [ 85.868402][ T5785] hsr_slave_0: entered promiscuous mode [ 85.875105][ T5785] hsr_slave_1: entered promiscuous mode [ 85.899011][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.906750][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.913923][ T5790] bridge_slave_1: entered allmulticast mode [ 85.921318][ T5790] bridge_slave_1: entered promiscuous mode [ 85.942656][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.949872][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.976297][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.989596][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.997004][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.028545][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.088040][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.100481][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.173042][ T5790] team0: Port device team_slave_0 added [ 86.180246][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.190363][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.197705][ T5791] bridge_slave_0: entered allmulticast mode [ 86.204734][ T5791] bridge_slave_0: entered promiscuous mode [ 86.220308][ T5790] team0: Port device team_slave_1 added [ 86.251794][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.259107][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.266701][ T5791] bridge_slave_1: entered allmulticast mode [ 86.273743][ T5791] bridge_slave_1: entered promiscuous mode [ 86.336511][ T5103] Bluetooth: hci0: command tx timeout [ 86.352757][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.359899][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.385942][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.399728][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.406783][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.433584][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.451397][ T5792] hsr_slave_0: entered promiscuous mode [ 86.458195][ T5792] hsr_slave_1: entered promiscuous mode [ 86.464660][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.472741][ T5792] Cannot create hsr debugfs directory [ 86.518431][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.531084][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.575717][ T5103] Bluetooth: hci2: command tx timeout [ 86.581500][ T5103] Bluetooth: hci1: command tx timeout [ 86.583407][ T50] Bluetooth: hci3: command tx timeout [ 86.625102][ T5791] team0: Port device team_slave_0 added [ 86.666325][ T5791] team0: Port device team_slave_1 added [ 86.677530][ T5790] hsr_slave_0: entered promiscuous mode [ 86.684002][ T5790] hsr_slave_1: entered promiscuous mode [ 86.691580][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.699661][ T5790] Cannot create hsr debugfs directory [ 86.811782][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.820495][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.846850][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.860589][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.867687][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.893866][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.967520][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.005054][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.047068][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.067445][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.101922][ T5791] hsr_slave_0: entered promiscuous mode [ 87.117041][ T5791] hsr_slave_1: entered promiscuous mode [ 87.123518][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.131375][ T5791] Cannot create hsr debugfs directory [ 87.415657][ T5792] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.441220][ T5792] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.495730][ T5792] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.516291][ T5792] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.584832][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.644691][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.703690][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.743533][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.793778][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.804024][ T5791] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.823986][ T5791] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.855825][ T5791] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.871688][ T5791] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.913113][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.942051][ T2972] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.949496][ T2972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.971978][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.993087][ T2972] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.000416][ T2972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.061299][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.102039][ T2972] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.109808][ T2972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.147572][ T2927] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.154902][ T2927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.212848][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.323323][ T5792] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.353147][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.369009][ T2927] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.376267][ T2927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.389649][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.416707][ T50] Bluetooth: hci0: command tx timeout [ 88.430786][ T2927] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.438052][ T2927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.464753][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.555234][ T2927] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.562459][ T2927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.616758][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.623982][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.657540][ T50] Bluetooth: hci3: command tx timeout [ 88.658627][ T5103] Bluetooth: hci2: command tx timeout [ 88.663002][ T50] Bluetooth: hci1: command tx timeout [ 88.802716][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.891410][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.944480][ T5785] veth0_vlan: entered promiscuous mode [ 88.967368][ T5785] veth1_vlan: entered promiscuous mode [ 89.058391][ T5792] veth0_vlan: entered promiscuous mode [ 89.098217][ T5785] veth0_macvtap: entered promiscuous mode [ 89.110448][ T5792] veth1_vlan: entered promiscuous mode [ 89.127043][ T5785] veth1_macvtap: entered promiscuous mode [ 89.200413][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.213688][ T5792] veth0_macvtap: entered promiscuous mode [ 89.239614][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.250881][ T5792] veth1_macvtap: entered promiscuous mode [ 89.272364][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.283043][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.294346][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.304382][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.328794][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.340147][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.351847][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.379165][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.389810][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.401645][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.417350][ T5792] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.426301][ T5792] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.435018][ T5792] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.444045][ T5792] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.466873][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.494847][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.656578][ T2997] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.665069][ T5791] veth0_vlan: entered promiscuous mode [ 89.670757][ T2997] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.721509][ T5790] veth0_vlan: entered promiscuous mode [ 89.733696][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.743584][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.761507][ T5791] veth1_vlan: entered promiscuous mode [ 89.802551][ T5790] veth1_vlan: entered promiscuous mode [ 89.838734][ T2972] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.852945][ T2972] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.856409][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.879538][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.912620][ T5791] veth0_macvtap: entered promiscuous mode [ 89.935325][ T5790] veth0_macvtap: entered promiscuous mode [ 89.983161][ T5791] veth1_macvtap: entered promiscuous mode [ 90.000132][ T5790] veth1_macvtap: entered promiscuous mode [ 90.046446][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.058199][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.068326][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.079258][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.091892][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.103656][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.115050][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.125866][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.137122][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.150142][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.224316][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.256345][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.269404][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.291937][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.308386][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.320031][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.333008][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.342530][ T5791] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.352408][ T5791] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.362803][ T5791] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.372670][ T5791] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.478851][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.495910][ T50] Bluetooth: hci0: command tx timeout [ 90.501798][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.517662][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.549620][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.559847][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.571038][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.583961][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.627502][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.648996][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.659101][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.670490][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.737450][ T5789] Bluetooth: hci2: command tx timeout [ 90.737462][ T5103] Bluetooth: hci3: command tx timeout [ 90.748549][ T50] Bluetooth: hci1: command tx timeout [ 90.796477][ T5892] syz.3.6 uses obsolete (PF_INET,SOCK_PACKET) [ 90.861656][ T2972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.878977][ T2972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.005037][ T2997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.023385][ T2997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.049068][ T2927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.083149][ T2927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.188399][ T2997] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.217617][ T2997] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.738257][ T5913] netlink: 208 bytes leftover after parsing attributes in process `syz.3.12'. [ 92.188219][ T1187] cfg80211: failed to load regulatory.db [ 92.448031][ T5934] netlink: set zone limit has 8 unknown bytes [ 92.575880][ T50] Bluetooth: hci0: command tx timeout [ 92.665782][ T5941] netlink: 44 bytes leftover after parsing attributes in process `syz.2.27'. [ 92.684215][ T5942] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.754873][ T5944] bridge_slave_0: left allmulticast mode [ 92.765363][ T5944] bridge_slave_0: left promiscuous mode [ 92.773291][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.816737][ T50] Bluetooth: hci1: command tx timeout [ 92.823126][ T5789] Bluetooth: hci2: command tx timeout [ 92.826378][ T5103] Bluetooth: hci3: command tx timeout [ 92.839602][ T5944] bridge_slave_1: left allmulticast mode [ 92.855805][ T5944] bridge_slave_1: left promiscuous mode [ 92.861695][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.887308][ T5944] bond0: (slave bond_slave_0): Releasing backup interface [ 92.930348][ T5944] bond0: (slave bond_slave_1): Releasing backup interface [ 93.001595][ T5944] team0: Port device team_slave_0 removed [ 93.021856][ T5944] team0: Port device team_slave_1 removed [ 93.034340][ T5944] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.042331][ T5944] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.055075][ T5944] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.069956][ T5944] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.192507][ T5949] tipc: Enabling of bearer rejected, failed to enable media [ 93.798158][ T5973] syzkaller0: entered promiscuous mode [ 93.803839][ T5973] syzkaller0: entered allmulticast mode [ 94.743677][ T6007] syzkaller0: entered promiscuous mode [ 94.751383][ T6007] syzkaller0: entered allmulticast mode [ 94.803039][ T6010] tipc: Enabling of bearer rejected, failed to enable media [ 96.412328][ T6066] tipc: Enabling of bearer rejected, failed to enable media [ 97.984539][ T6108] tipc: Enabling of bearer rejected, failed to enable media [ 98.299519][ T6121] Zero length message leads to an empty skb [ 99.492239][ T6157] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.573166][ T6159] tipc: Started in network mode [ 99.579809][ T6159] tipc: Node identity 2240b14eb13c, cluster identity 4711 [ 99.592967][ T6159] tipc: Enabled bearer , priority 0 [ 99.624548][ T6160] syzkaller0: entered promiscuous mode [ 99.634963][ T6160] syzkaller0: entered allmulticast mode [ 99.676204][ T6159] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 99.747718][ T6162] netlink: 8 bytes leftover after parsing attributes in process `syz.3.110'. [ 100.401358][ T6160] tipc: Resetting bearer [ 100.588665][ T5876] tipc: Node number set to 2474422606 [ 100.599979][ T6158] tipc: Resetting bearer [ 100.675671][ T6188] IPVS: Scheduler module ip_vs_sip not found [ 100.768744][ T6158] tipc: Disabling bearer [ 101.423632][ T6216] netlink: 3 bytes leftover after parsing attributes in process `syz.2.134'. [ 101.477428][ T6216] batadv1: entered promiscuous mode [ 101.482792][ T6216] batadv1: entered allmulticast mode [ 101.587329][ T6221] tipc: Enabled bearer , priority 0 [ 101.636467][ T6221] syzkaller0: entered promiscuous mode [ 101.644938][ T6221] syzkaller0: entered allmulticast mode [ 101.764513][ T6221] tipc: Resetting bearer [ 101.820809][ T6219] tipc: Resetting bearer [ 101.884191][ T6219] tipc: Disabling bearer [ 102.574649][ T6254] netlink: 'syz.2.148': attribute type 10 has an invalid length. [ 102.634382][ T6254] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 103.140904][ T6274] syzkaller0: entered promiscuous mode [ 103.157068][ T6274] syzkaller0: entered allmulticast mode [ 103.750971][ T6299] tipc: Enabled bearer , priority 0 [ 103.807800][ T6299] syzkaller0: entered promiscuous mode [ 103.832968][ T6299] syzkaller0: entered allmulticast mode [ 103.841043][ T6299] tipc: Resetting bearer [ 103.849028][ T6303] netlink: 'syz.1.170': attribute type 5 has an invalid length. [ 103.894217][ T6296] tipc: Resetting bearer [ 105.609523][ T6296] tipc: Disabling bearer [ 105.629029][ T6308] netlink: 4 bytes leftover after parsing attributes in process `syz.2.171'. [ 105.692412][ T6317] syzkaller0: entered promiscuous mode [ 105.699145][ T6317] syzkaller0: entered allmulticast mode [ 106.220944][ T6345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.181'. [ 106.581774][ T6354] syzkaller0: entered promiscuous mode [ 106.605990][ T6354] syzkaller0: entered allmulticast mode [ 106.811928][ T6363] tipc: Started in network mode [ 106.832681][ T6363] tipc: Node identity 6eb86b518c1c, cluster identity 4711 [ 106.876664][ T6363] tipc: Enabled bearer , priority 0 [ 106.883673][ T6367] syzkaller0: entered promiscuous mode [ 106.904996][ T6367] syzkaller0: entered allmulticast mode [ 106.992644][ T6363] tipc: Resetting bearer [ 107.023946][ T6362] tipc: Resetting bearer [ 107.099831][ T6362] tipc: Disabling bearer [ 107.919228][ T6394] syzkaller0: entered promiscuous mode [ 107.955589][ T6394] syzkaller0: entered allmulticast mode [ 108.583571][ T6409] tipc: Started in network mode [ 108.599742][ T6409] tipc: Node identity 562325eff2cc, cluster identity 4711 [ 108.618077][ T6409] tipc: Enabled bearer , priority 0 [ 108.630893][ T6409] syzkaller0: entered promiscuous mode [ 108.662651][ T6409] syzkaller0: entered allmulticast mode [ 108.815928][ T6409] tipc: Resetting bearer [ 108.839291][ T6408] tipc: Resetting bearer [ 108.961391][ T6408] tipc: Disabling bearer [ 108.968986][ T6421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.213'. [ 109.003702][ T6420] syzkaller0: entered promiscuous mode [ 109.009592][ T6420] syzkaller0: entered allmulticast mode [ 109.697083][ T6439] syzkaller0: entered promiscuous mode [ 109.708723][ T6439] syzkaller0: entered allmulticast mode [ 109.840458][ T6452] netlink: 'syz.0.225': attribute type 11 has an invalid length. [ 111.350720][ T6448] syzkaller1: entered promiscuous mode [ 111.374178][ T6448] syzkaller1: entered allmulticast mode [ 111.553182][ T6462] netlink: 44 bytes leftover after parsing attributes in process `syz.2.229'. [ 111.683400][ T6466] netlink: 12 bytes leftover after parsing attributes in process `syz.0.231'. [ 112.214578][ T6487] netlink: 20 bytes leftover after parsing attributes in process `syz.0.241'. [ 112.257328][ T6487] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.266672][ T6487] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.276342][ T6487] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.285105][ T6487] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.468697][ T6497] netlink: 12 bytes leftover after parsing attributes in process `syz.3.243'. [ 113.877294][ T6553] ================================================================== [ 113.885480][ T6553] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6b2/0x8d0 [ 113.893614][ T6553] Read of size 2 at addr ffff88805e19c122 by task syz.3.268/6553 [ 113.901373][ T6553] [ 113.903752][ T6553] CPU: 1 PID: 6553 Comm: syz.3.268 Not tainted syzkaller #0 [ 113.911170][ T6553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 113.921287][ T6553] Call Trace: [ 113.924609][ T6553] [ 113.927596][ T6553] dump_stack_lvl+0x16c/0x230 [ 113.932329][ T6553] ? __lock_acquire+0x7c80/0x7c80 [ 113.937404][ T6553] ? show_regs_print_info+0x20/0x20 [ 113.942655][ T6553] ? load_image+0x3b0/0x3b0 [ 113.947209][ T6553] ? __virt_addr_valid+0x469/0x540 [ 113.952370][ T6553] print_report+0xac/0x220 [ 113.956841][ T6553] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 113.962171][ T6553] kasan_report+0x117/0x150 [ 113.966715][ T6553] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 113.972068][ T6553] __xfrm_state_lookup+0x6b2/0x8d0 [ 113.977235][ T6553] ? xfrm_state_lookup+0x1a0/0x1a0 [ 113.982395][ T6553] xfrm_state_lookup+0xef/0x1a0 [ 113.987288][ T6553] ? xfrm_state_lookup+0x36/0x1a0 [ 113.992353][ T6553] pfkey_delete+0x354/0x6d0 [ 113.996899][ T6553] ? slab_free_freelist_hook+0x130/0x1b0 [ 114.002590][ T6553] ? pfkey_add+0x2da0/0x2da0 [ 114.007230][ T6553] ? kmem_cache_free+0xf8/0x280 [ 114.012137][ T6553] pfkey_sendmsg+0xbed/0x1050 [ 114.016881][ T6553] ? pfkey_release+0x320/0x320 [ 114.021717][ T6553] ? aa_sock_msg_perm+0x94/0x150 [ 114.026718][ T6553] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 114.032063][ T6553] ? security_socket_sendmsg+0x80/0xa0 [ 114.037564][ T6553] ? pfkey_release+0x320/0x320 [ 114.042377][ T6553] ____sys_sendmsg+0x5bf/0x950 [ 114.047191][ T6553] ? __asan_memset+0x22/0x40 [ 114.051831][ T6553] ? __sys_sendmsg_sock+0x30/0x30 [ 114.056935][ T6553] ? __import_iovec+0x5f2/0x860 [ 114.061940][ T6553] ? import_iovec+0x73/0xa0 [ 114.066501][ T6553] ___sys_sendmsg+0x220/0x290 [ 114.071323][ T6553] ? __sys_sendmsg+0x270/0x270 [ 114.076161][ T6553] __se_sys_sendmsg+0x1a5/0x270 [ 114.081069][ T6553] ? __x64_sys_sendmsg+0x80/0x80 [ 114.086075][ T6553] ? lockdep_hardirqs_on+0x98/0x150 [ 114.091330][ T6553] do_syscall_64+0x55/0xb0 [ 114.095795][ T6553] ? clear_bhb_loop+0x40/0x90 [ 114.100524][ T6553] ? clear_bhb_loop+0x40/0x90 [ 114.105242][ T6553] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 114.111193][ T6553] RIP: 0033:0x7f66b3d8ebe9 [ 114.115642][ T6553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.135296][ T6553] RSP: 002b:00007f66b4cae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.143756][ T6553] RAX: ffffffffffffffda RBX: 00007f66b3fc5fa0 RCX: 00007f66b3d8ebe9 [ 114.151903][ T6553] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000003 [ 114.159921][ T6553] RBP: 00007f66b3e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 114.167939][ T6553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.175947][ T6553] R13: 00007f66b3fc6038 R14: 00007f66b3fc5fa0 R15: 00007ffd55d2e618 [ 114.177716][ T6550] IPVS: Scheduler module ip_vs_sip not found [ 114.183946][ T6553] [ 114.183958][ T6553] [ 114.183976][ T6553] Allocated by task 6490: [ 114.183987][ T6553] kasan_set_track+0x4e/0x70 [ 114.204338][ T6553] __kasan_slab_alloc+0x6c/0x80 [ 114.209234][ T6553] slab_post_alloc_hook+0x6e/0x4d0 [ 114.214397][ T6553] kmem_cache_alloc+0x11e/0x2e0 [ 114.219293][ T6553] xfrm_state_alloc+0x22/0x2a0 [ 114.224112][ T6553] __find_acq_core+0x7d8/0x19d0 [ 114.229006][ T6553] xfrm_find_acq+0x6a/0x90 [ 114.233465][ T6553] xfrm_alloc_userspi+0x57a/0xa90 [ 114.238526][ T6553] xfrm_user_rcv_msg+0x596/0x870 [ 114.243502][ T6553] netlink_rcv_skb+0x216/0x480 [ 114.248318][ T6553] xfrm_netlink_rcv+0x79/0x90 [ 114.253035][ T6553] netlink_unicast+0x751/0x8d0 [ 114.257849][ T6553] netlink_sendmsg+0x8c1/0xbe0 [ 114.262659][ T6553] ____sys_sendmsg+0x5bf/0x950 [ 114.267529][ T6553] ___sys_sendmsg+0x220/0x290 [ 114.272249][ T6553] __se_sys_sendmsg+0x1a5/0x270 [ 114.277161][ T6553] do_syscall_64+0x55/0xb0 [ 114.281615][ T6553] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 114.287561][ T6553] [ 114.289917][ T6553] Freed by task 5876: [ 114.293932][ T6553] kasan_set_track+0x4e/0x70 [ 114.298562][ T6553] kasan_save_free_info+0x2e/0x50 [ 114.303648][ T6553] ____kasan_slab_free+0x126/0x1e0 [ 114.308808][ T6553] slab_free_freelist_hook+0x130/0x1b0 [ 114.314320][ T6553] kmem_cache_free+0xf8/0x280 [ 114.319051][ T6553] xfrm_state_gc_task+0x10a/0x160 [ 114.324122][ T6553] process_scheduled_works+0xa45/0x15b0 [ 114.329719][ T6553] worker_thread+0xa55/0xfc0 [ 114.334355][ T6553] kthread+0x2fa/0x390 [ 114.338462][ T6553] ret_from_fork+0x48/0x80 [ 114.342921][ T6553] ret_from_fork_asm+0x11/0x20 [ 114.347734][ T6553] [ 114.350083][ T6553] The buggy address belongs to the object at ffff88805e19c000 [ 114.350083][ T6553] which belongs to the cache xfrm_state of size 848 [ 114.364093][ T6553] The buggy address is located 290 bytes inside of [ 114.364093][ T6553] freed 848-byte region [ffff88805e19c000, ffff88805e19c350) [ 114.377931][ T6553] [ 114.380278][ T6553] The buggy address belongs to the physical page: [ 114.386815][ T6553] page:ffffea0001786700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e19c [ 114.397015][ T6553] head:ffffea0001786700 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 114.405985][ T6553] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 114.414023][ T6553] page_type: 0xffffffff() [ 114.418400][ T6553] raw: 00fff00000000840 ffff8881406a1dc0 dead000000000122 0000000000000000 [ 114.427023][ T6553] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 114.435639][ T6553] page dumped because: kasan: bad access detected [ 114.442104][ T6553] page_owner tracks the page as allocated [ 114.447854][ T6553] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6490, tgid 6489 (syz.3.240), ts 112224781588, free_ts 112203384069 [ 114.468480][ T6553] post_alloc_hook+0x1cd/0x210 [ 114.473296][ T6553] get_page_from_freelist+0x195c/0x19f0 [ 114.478910][ T6553] __alloc_pages+0x1e3/0x460 [ 114.483595][ T6553] alloc_slab_page+0x5d/0x170 [ 114.488338][ T6553] new_slab+0x87/0x2e0 [ 114.492454][ T6553] ___slab_alloc+0xc6d/0x12f0 [ 114.497264][ T6553] kmem_cache_alloc+0x1b7/0x2e0 [ 114.502158][ T6553] xfrm_state_alloc+0x22/0x2a0 [ 114.506952][ T6553] __find_acq_core+0x7d8/0x19d0 [ 114.511837][ T6553] xfrm_find_acq+0x6a/0x90 [ 114.516292][ T6553] xfrm_alloc_userspi+0x57a/0xa90 [ 114.521364][ T6553] xfrm_user_rcv_msg+0x596/0x870 [ 114.526341][ T6553] netlink_rcv_skb+0x216/0x480 [ 114.531149][ T6553] xfrm_netlink_rcv+0x79/0x90 [ 114.535863][ T6553] netlink_unicast+0x751/0x8d0 [ 114.540680][ T6553] netlink_sendmsg+0x8c1/0xbe0 [ 114.545493][ T6553] page last free stack trace: [ 114.550195][ T6553] free_unref_page_prepare+0x7ce/0x8e0 [ 114.555709][ T6553] free_unref_page+0x32/0x2e0 [ 114.560477][ T6553] free_large_kmalloc+0x101/0x1a0 [ 114.565539][ T6553] bpf_check+0x62c6/0xe970 [ 114.569998][ T6553] bpf_prog_load+0x11cb/0x16d0 [ 114.574837][ T6553] __sys_bpf+0x55a/0x800 [ 114.579123][ T6553] __x64_sys_bpf+0x7c/0x90 [ 114.583577][ T6553] do_syscall_64+0x55/0xb0 [ 114.588042][ T6553] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 114.593994][ T6553] [ 114.596353][ T6553] Memory state around the buggy address: [ 114.602018][ T6553] ffff88805e19c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.610120][ T6553] ffff88805e19c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.618308][ T6553] >ffff88805e19c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.626404][ T6553] ^ [ 114.631550][ T6553] ffff88805e19c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.639662][ T6553] ffff88805e19c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 114.647760][ T6553] ================================================================== [ 114.675163][ T6553] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 114.682433][ T6553] CPU: 1 PID: 6553 Comm: syz.3.268 Not tainted syzkaller #0 [ 114.689755][ T6553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 114.699853][ T6553] Call Trace: [ 114.703174][ T6553] [ 114.706142][ T6553] dump_stack_lvl+0x16c/0x230 [ 114.710876][ T6553] ? show_regs_print_info+0x20/0x20 [ 114.716151][ T6553] ? load_image+0x3b0/0x3b0 [ 114.720711][ T6553] panic+0x2c0/0x710 [ 114.724672][ T6553] ? bpf_jit_dump+0xd0/0xd0 [ 114.729240][ T6553] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 114.735175][ T6553] ? _raw_spin_unlock+0x40/0x40 [ 114.740082][ T6553] ? print_memory_metadata+0x314/0x400 [ 114.745588][ T6553] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 114.750929][ T6553] check_panic_on_warn+0x84/0xa0 [ 114.755914][ T6553] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 114.761249][ T6553] end_report+0x6f/0x140 [ 114.765544][ T6553] kasan_report+0x128/0x150 [ 114.770097][ T6553] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 114.775437][ T6553] __xfrm_state_lookup+0x6b2/0x8d0 [ 114.780603][ T6553] ? xfrm_state_lookup+0x1a0/0x1a0 [ 114.785755][ T6553] xfrm_state_lookup+0xef/0x1a0 [ 114.790624][ T6553] ? xfrm_state_lookup+0x36/0x1a0 [ 114.795675][ T6553] pfkey_delete+0x354/0x6d0 [ 114.800198][ T6553] ? slab_free_freelist_hook+0x130/0x1b0 [ 114.805864][ T6553] ? pfkey_add+0x2da0/0x2da0 [ 114.810475][ T6553] ? kmem_cache_free+0xf8/0x280 [ 114.815350][ T6553] pfkey_sendmsg+0xbed/0x1050 [ 114.820051][ T6553] ? pfkey_release+0x320/0x320 [ 114.824842][ T6553] ? aa_sock_msg_perm+0x94/0x150 [ 114.829796][ T6553] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 114.835105][ T6553] ? security_socket_sendmsg+0x80/0xa0 [ 114.840583][ T6553] ? pfkey_release+0x320/0x320 [ 114.845370][ T6553] ____sys_sendmsg+0x5bf/0x950 [ 114.850165][ T6553] ? __asan_memset+0x22/0x40 [ 114.854772][ T6553] ? __sys_sendmsg_sock+0x30/0x30 [ 114.859825][ T6553] ? __import_iovec+0x5f2/0x860 [ 114.864702][ T6553] ? import_iovec+0x73/0xa0 [ 114.869228][ T6553] ___sys_sendmsg+0x220/0x290 [ 114.873925][ T6553] ? __sys_sendmsg+0x270/0x270 [ 114.878729][ T6553] __se_sys_sendmsg+0x1a5/0x270 [ 114.883599][ T6553] ? __x64_sys_sendmsg+0x80/0x80 [ 114.888567][ T6553] ? lockdep_hardirqs_on+0x98/0x150 [ 114.893787][ T6553] do_syscall_64+0x55/0xb0 [ 114.898217][ T6553] ? clear_bhb_loop+0x40/0x90 [ 114.902904][ T6553] ? clear_bhb_loop+0x40/0x90 [ 114.907605][ T6553] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 114.913526][ T6553] RIP: 0033:0x7f66b3d8ebe9 [ 114.917955][ T6553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.937583][ T6553] RSP: 002b:00007f66b4cae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.946028][ T6553] RAX: ffffffffffffffda RBX: 00007f66b3fc5fa0 RCX: 00007f66b3d8ebe9 [ 114.954016][ T6553] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000003 [ 114.962002][ T6553] RBP: 00007f66b3e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 114.969979][ T6553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.977959][ T6553] R13: 00007f66b3fc6038 R14: 00007f66b3fc5fa0 R15: 00007ffd55d2e618 [ 114.985949][ T6553] [ 114.989278][ T6553] Kernel Offset: disabled [ 114.993607][ T6553] Rebooting in 86400 seconds..