last executing test programs:

11.263173518s ago: executing program 0 (id=328):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0x828, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x221, 0x0, 0x0, 0x8, 0x3fe, 0x7ffeffff, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
recvmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x10000)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r3, 0x58, &(0x7f0000000280)}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r5, 0x1, 0x46, 0x0, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x14, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x84)
r6 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r6, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRESDEC], 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000009c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000001c0)={r7}, 0xc)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="020100030a00000000000000fcdbdf25030006000010000002004e23640101000000000000000000030005003200000002004e23ac1414aa000000000000000002001300030020002abd700007350000"], 0x50}}, 0x0)
sendmsg$nl_crypto(r3, 0x0, 0x4000080)

9.525079454s ago: executing program 0 (id=333):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB="1c0000000400000000000000", @ANYRES32=r2, @ANYBLOB="f1f919"], 0x20)

9.523889732s ago: executing program 0 (id=335):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000001946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000780)=@alg={0xe0, 0x10, 0x129, 0x70bd28, 0x25dfdbfe, {{'drbg_nopr_ctr_aes256\x00'}, '\x00', '\x00', 0x400, 0x400}}, 0xe0}, 0x1, 0x0, 0x0, 0x48804}, 0x240440c0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000140)=@framed={{}, [@generic={0x71, 0x0, 0x1, 0xb1}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000058c0)={0x0, 0x0, &(0x7f0000005880)={&(0x7f0000005800)={0x4c, 0x2, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x4884)
sendmsg$NFT_BATCH(r0, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xd}}, [@NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x801, 0x0, 0x0, {0xdbfa284ca5356c, 0x0, 0x5}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}, @NFTA_RULE_POSITION_ID={0x8}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x7}]}}}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x7f}]}, @NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x8}}, @NFT_MSG_NEWTABLE={0x70, 0x0, 0xa, 0xb00, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x47, 0x6, "131cf2d981766f8cee7ef304737dba9b0ec64effc8a1fdaa89a1426f22e48a41cace53ff864580bdeac7d150ac42c69751a4887262977225aeb854a733cf93f26e680d"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELRULE={0x64, 0x8, 0xa, 0x5, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFTA_RULE_USERDATA={0x4e, 0x7, 0x1, 0x0, "0272004c2140f01847951fb1aba708e826322660288f879120f8efc8d86e98e4348913b1fa85896d8055049a0644e8845cdde8810e7c6dc309573acb5c2e2fc71f9bd374399d3784134d"}]}, @NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x8}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @dynset={{0xb}, @void}}]}, @NFT_MSG_DELRULE={0x168, 0x8, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @objref={{0xb}, @void}}, {0x40, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x39}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x8}, @NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x11}, @NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0x9}]}}}]}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_USERDATA={0xe5, 0x7, 0x1, 0x0, "c2ddf5b47f7a289d8dc739e0c8efae86297ee1cb0e9ebfb925854010ff352d353a289e49e5852f31b1541b0f997b791706c01fb0bfff2f38aeee59997144ece273aad5b85b7688d5758bd72828381c1be152ab67be43b1867e50c3d292179457643deacd9933cb60f7d64a1e5120cda69ecebc4d0854c774d3a4debf65d5c4704f166c1fd6e46349139825cbbb18c796491b75de28f69afd8ec5cc3c14e28fccaed39edd9cb06aad4ea8ec077992cbe77638dab9e72e30aa5f3705ae3f4c0fd945958628600c97451d99393eb46b57b9efaeb7d63c3c3f14af58911a15e56991cd"}]}, @NFT_MSG_NEWTABLE={0x7c, 0x0, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_USERDATA={0x27, 0x6, "8a386468e744ab866f20bb4cd11eb00ff05eab0677a8032d5c4d74bd7d07cd00c07935"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELRULE={0x284, 0x8, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_EXPRESSIONS={0x1e8, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xe}]}}}, {0x40, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0xc}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x9}, @NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x4}, @NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0x9f}]}}}, {0x38, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_LIMIT_FLAGS={0x8}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x2b0}, @NFTA_LIMIT_TYPE={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}, {0x4c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_REJECT_ICMP_CODE={0x5}, @NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x8}, @NFTA_REJECT_TYPE={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x9}]}}}, {0x10, 0x1, 0x0, 0x1, @last={{0x9}, @void}}, {0x4c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0x18}, @NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_REDIR_REG_PROTO_MAX={0x8, 0x2, 0x1, 0x0, 0x17}, @NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0x56}, @NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0x49}]}}}, {0x80, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x70, 0x2, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xa26}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x8000000000000000}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x9}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x800}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x7}, @NFTA_COUNTER_PACKETS={0xc}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x8000}]}}}]}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_FIB_RESULT={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x5, 0x0, 0x0, {0x1}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x63c}}, 0x8000)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000a00050015002200000005000500020000000500010006"], 0x64}}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000740)=r1, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000840)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@jmp={0x5, 0x1, 0x1, 0xa, 0xa, 0xfffffffffffffff5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0xb, 0x1000, &(0x7f0000001cc0)=""/4096, 0x41100, 0xd}, 0x94)

9.142133934s ago: executing program 0 (id=338):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@union={0x5, 0x0, 0x0, 0x5, 0x1, 0x8c}]}, {0x0, [0x30, 0x2e, 0x61, 0x3, 0x41, 0x3e]}}, 0x0, 0x2c, 0x0, 0x1, 0x1}, 0x28)

9.085195911s ago: executing program 0 (id=340):
socket$kcm(0x10, 0x2, 0x0)
perf_event_open(&(0x7f0000000640)={0x5, 0xffffffffffffff77, 0x8, 0x6, 0xfa, 0xa5, 0x0, 0x0, 0x40, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0xb, 0x4, @perf_bp={0x0, 0xc}, 0x318a, 0xffffffff80000002, 0x0, 0x5, 0x4121, 0x4, 0xff00, 0x0, 0x200, 0x0, 0x6}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)
socket$kcm(0xa, 0x3, 0x87)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f00000005c0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x140070, 0x0)

7.187546218s ago: executing program 0 (id=367):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002400010325bd7000fcffffff050000000800030004"], 0x1c}, 0x1, 0x0, 0x0, 0x448d3}, 0x0)

1.307928926s ago: executing program 1 (id=424):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)=""/175, 0xaf}, {&(0x7f0000000c80)=""/230, 0xe6}, {&(0x7f0000003940)=""/4058, 0xfda}, {&(0x7f0000002940)=""/4093, 0xffd}, {&(0x7f0000000dc0)=""/173, 0xad}, {&(0x7f0000000200)=""/199, 0xc7}, {&(0x7f0000000600)=""/111, 0x6f}], 0x7}, 0x10100)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)

1.140254499s ago: executing program 2 (id=426):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021540000000c0a01030000000000000000070000080900020073797a31000000000900010073797a300000000028000380240000800800034000000001"], 0xd8}}, 0x0)

1.139327411s ago: executing program 1 (id=427):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a58000000060a0f0400000000000000000a00fffd0900010073797a31000000002c0004802800018007000100637400001c0002800500030006000000080002400000001508000140000000010900020073797a32"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

1.068988713s ago: executing program 1 (id=428):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xa}, [@call={0x85, 0x0, 0x0, 0x56}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.068688563s ago: executing program 2 (id=429):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'tunl0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f2, &(0x7f0000000080))

1.068218778s ago: executing program 1 (id=430):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac009000400a084e08b04000200000000000064bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

970.845702ms ago: executing program 2 (id=431):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000010080)={0x16, 0x5, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe2}, [@call={0x85, 0x0, 0x0, 0x11}, @call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

970.258111ms ago: executing program 1 (id=432):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x53, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x82, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7b, 0x1, @perf_bp={&(0x7f00000001c0), 0x2}, 0x14105, 0x2a, 0xfffffbff, 0x3, 0x4, 0x3, 0x6, 0x0, 0x0, 0x0, 0xa9e9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x106)
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xee, 0x0, 0x0, 0x0, 0x0, 0x400000000000000d, 0x1954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0xfffffffffffffffe, 0x1ef7}, 0x11efa, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x24}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000a00)={0x1, 0x80, 0x5, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x3}, 0x9190, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, r1, 0xb, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x4)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x21}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB], &(0x7f0000000480)='GPL\x00'}, 0x94)
socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0x1, 0x0, 0x0}, 0x10)
perf_event_open$cgroup(&(0x7f0000000200)={0x5, 0x80, 0x7, 0x9, 0x9, 0xfb, 0x0, 0x800, 0x1000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x7, 0x3}, 0x4, 0x5, 0x5d, 0x5, 0xfffffffffffffffc, 0x3ffc0, 0x649, 0x0, 0x565e, 0x0, 0x2}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0x3)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b0000000700000002"], 0x87)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r3}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000200053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff2, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407ffd, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x7, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x7, 0x9e0}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = socket$kcm(0x2, 0x1000000000000002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
sendmsg$inet(r5, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000800)="e9", 0x9500}, {&(0x7f00000017c0)="ea0189bdebb0c16d420ee9b95082abd6431cc7afc22c4a6b8adecef68f76bd81a86e89f9c80e5c868a12b09e80ba8c01eb3f4b7be71f9fc2355c336cedc15eb778e3a3b35c3f72629ea4d9ae42cf4c17255815fb8a47aafd8b8ff0c202b4e09f7c42811261b5e113fcce27b4329ccb792df14b7d6dcfaf2cf8dbb51946e89c862e9252731f680ec50326fc16386aeefe654bac24", 0x94}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}], 0x20}, 0xe900)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x5}, 0x50)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010019"], 0x0, 0x26}, 0x28)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x40000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)

870.489218ms ago: executing program 2 (id=433):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x3a79, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x21}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x4}, @NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x20}, @NFTA_TARGET_NAME={0xe, 0x1, 'IDLETIMER\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x88}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)

388.595272ms ago: executing program 2 (id=434):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="a80000000001010400000000000000000a0000003c0001802c0001801400030000000000000000000000ffff0000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300ff02000000000000000000000000000114000400fe8000000000000000000000000000aa0c000280050001000000000008000740f6df546c14000f80080001"], 0xa8}}, 0x74800)

292.084207ms ago: executing program 2 (id=435):
socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x4, 0x0, 0x0, 0x8, 0x37e, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
close(0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="bb204ce418bce1d51ccf970aea9d6c48c7e652", 0x13}], 0x1}, 0x44)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x202})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000002"], 0x0}, 0x94)
ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x3b)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'netdevsim0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x100, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
fstat(r1, &(0x7f0000000840))
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000004)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080))

0s ago: executing program 1 (id=436):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61153c00000000006113340000000000bfa000000000000007000000ee0016055e03010000000000250500000000000069163e0000000000bf0700000000000026050700c0ffffff6706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2474ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7166c23d28c0a7101b8b09736ecd34aa9dc1b498"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:51707' (ED25519) to the list of known hosts.
syzkaller login: [   58.306909][ T5836] cgroup: Unknown subsys name 'net'
[   58.419235][ T5836] cgroup: Unknown subsys name 'cpuset'
[   58.426444][ T5836] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.642207][ T5836] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   65.973270][ T5239] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   65.978599][ T5239] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   65.981510][ T5239] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   65.984408][ T5239] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   65.987148][ T5239] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   66.008728][ T5239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   66.016679][ T5239] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   66.019619][ T5239] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   66.022923][ T5239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   66.027111][ T5239] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   66.060452][ T5239] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   66.065148][ T5239] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   66.068814][ T5239] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   66.073107][ T5239] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   66.077210][ T5239] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   66.303276][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   66.315257][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   66.407896][ T5857] chnl_net:caif_netlink_parms(): no params data found
[   66.432756][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.436068][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.438642][ T5850] bridge_slave_0: entered allmulticast mode
[   66.442085][ T5850] bridge_slave_0: entered promiscuous mode
[   66.466717][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.469623][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.472485][ T5850] bridge_slave_1: entered allmulticast mode
[   66.477376][ T5850] bridge_slave_1: entered promiscuous mode
[   66.509533][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.512468][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.515050][ T5854] bridge_slave_0: entered allmulticast mode
[   66.518844][ T5854] bridge_slave_0: entered promiscuous mode
[   66.539299][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.541916][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.544624][ T5854] bridge_slave_1: entered allmulticast mode
[   66.548069][ T5854] bridge_slave_1: entered promiscuous mode
[   66.577343][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.610420][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.638513][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.652175][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.655621][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.658590][ T5857] bridge_slave_0: entered allmulticast mode
[   66.662472][ T5857] bridge_slave_0: entered promiscuous mode
[   66.667961][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.670777][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.673886][ T5857] bridge_slave_1: entered allmulticast mode
[   66.678699][ T5857] bridge_slave_1: entered promiscuous mode
[   66.684312][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.700475][ T5850] team0: Port device team_slave_0 added
[   66.730695][ T5854] team0: Port device team_slave_0 added
[   66.734645][ T5854] team0: Port device team_slave_1 added
[   66.739223][ T5850] team0: Port device team_slave_1 added
[   66.775965][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.800035][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.804593][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.808999][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.817811][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.822737][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.827921][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.836577][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.849254][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.852132][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.861081][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.865769][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.868174][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.876267][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.896487][ T5857] team0: Port device team_slave_0 added
[   66.906974][ T5857] team0: Port device team_slave_1 added
[   66.974160][ T5854] hsr_slave_0: entered promiscuous mode
[   66.976833][ T5854] hsr_slave_1: entered promiscuous mode
[   66.979637][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.981836][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.991731][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.000336][ T5850] hsr_slave_0: entered promiscuous mode
[   67.002661][ T5850] hsr_slave_1: entered promiscuous mode
[   67.005408][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   67.007546][ T5850] Cannot create hsr debugfs directory
[   67.010229][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.012837][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.022352][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.138680][ T5857] hsr_slave_0: entered promiscuous mode
[   67.141037][ T5857] hsr_slave_1: entered promiscuous mode
[   67.143214][ T5857] debugfs: 'hsr0' already exists in 'hsr'
[   67.145465][ T5857] Cannot create hsr debugfs directory
[   67.383090][ T5854] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   67.392022][ T5854] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   67.402976][ T5854] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   67.410438][ T5854] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   67.479865][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.485696][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.500509][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.507702][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.573419][ T5857] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   67.585489][ T5857] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   67.590978][ T5857] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   67.601546][ T5857] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   67.652617][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.690201][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   67.703197][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.714458][ T4407] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.717306][ T4407] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.745373][ T4407] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.747661][ T4407] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.753050][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   67.767906][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.770834][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.796926][ T4407] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.799887][ T4407] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.900396][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.952886][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[   67.986734][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.989791][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.009831][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.012669][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.035953][ T5239] Bluetooth: hci0: command tx timeout
[   68.039307][   T56] Bluetooth: hci1: command tx timeout
[   68.091051][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.116253][   T56] Bluetooth: hci2: command tx timeout
[   68.139684][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.186700][ T5854] veth0_vlan: entered promiscuous mode
[   68.199844][ T5854] veth1_vlan: entered promiscuous mode
[   68.227213][ T5854] veth0_macvtap: entered promiscuous mode
[   68.257612][ T5854] veth1_macvtap: entered promiscuous mode
[   68.269852][ T5850] veth0_vlan: entered promiscuous mode
[   68.292506][ T5850] veth1_vlan: entered promiscuous mode
[   68.329716][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.350453][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.372879][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.389045][ T5877] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.392979][ T5850] veth0_macvtap: entered promiscuous mode
[   68.400656][ T5850] veth1_macvtap: entered promiscuous mode
[   68.409463][ T5877] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.415778][ T5877] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.434272][ T5877] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.474595][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.501631][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.539433][ T5877] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.556502][ T5877] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.568620][ T5857] veth0_vlan: entered promiscuous mode
[   68.569436][ T4407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.572739][ T5877] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.578360][ T5877] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.580129][ T4407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.633977][ T5857] veth1_vlan: entered promiscuous mode
[   68.644316][ T4407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.656763][ T4407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.721063][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   68.722329][ T5857] veth0_macvtap: entered promiscuous mode
[   68.740302][ T4407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.746438][ T4407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.796807][ T5857] veth1_macvtap: entered promiscuous mode
[   68.827150][ T4407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.830327][ T4407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.859641][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.879983][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.907703][ T5877] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.911459][ T5877] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.937281][ T5877] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.948218][   T56] Bluetooth: hci1: unexpected event 0x20 length: 15 > 7
[   68.956427][ T5877] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.055305][ T4407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.058417][ T4407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.113268][ T4407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.118143][ T4407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.414700][    C0] hrtimer: interrupt took 33338 ns
[   69.686260][ T5921] netlink: 15743 bytes leftover after parsing attributes in process `syz.1.5'.
[   70.116225][   T56] Bluetooth: hci1: command tx timeout
[   70.118495][   T56] Bluetooth: hci0: command tx timeout
[   70.141553][ T5953] netlink: 17 bytes leftover after parsing attributes in process `syz.2.19'.
[   70.195368][ T5239] Bluetooth: hci2: command tx timeout
[   70.206452][ T5956] netlink: 208128 bytes leftover after parsing attributes in process `syz.0.20'.
[   70.210243][ T5956] openvswitch: netlink: Message has 4 unknown bytes.
[   70.299126][ T5961] tap0: tun_chr_ioctl cmd 1074025677
[   70.301615][ T5961] tap0: linktype set to 804
[   70.337160][ T5965] netlink: 'syz.2.24': attribute type 3 has an invalid length.
[   70.343382][ T5965] netlink: 'syz.2.24': attribute type 2 has an invalid length.
[   70.357054][ T5965] netlink: 198112 bytes leftover after parsing attributes in process `syz.2.24'.
[   70.564302][ T5978] netlink: 'syz.2.29': attribute type 22 has an invalid length.
[   70.568847][ T5978] netlink: 4 bytes leftover after parsing attributes in process `syz.2.29'.
[   70.687831][ T5982] openvswitch: netlink: Geneve option length err (len 612, max 255).
[   70.763126][ T5239] Bluetooth: hci1: Unable to find connection for big 0x00
[   70.973566][ T5992] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[   71.061700][ T5996] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.37'.
[   71.081969][ T5996] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.37'.
[   71.241804][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.244449][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   72.086732][ T6005] netlink: 'syz.2.43': attribute type 9 has an invalid length.
[   72.089935][ T6005] netlink: 61951 bytes leftover after parsing attributes in process `syz.2.43'.
[   72.196455][   T56] Bluetooth: hci1: command tx timeout
[   72.198691][ T5239] Bluetooth: hci0: command tx timeout
[   72.218507][ T6013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.46'.
[   72.222265][ T6013] netlink: 24 bytes leftover after parsing attributes in process `syz.0.46'.
[   72.275833][ T5239] Bluetooth: hci2: command tx timeout
[   72.386209][ T6028] =======================================================
[   72.386209][ T6028] WARNING: The mand mount option has been deprecated and
[   72.386209][ T6028]          and is ignored by this kernel. Remove the mand
[   72.386209][ T6028]          option from the mount to silence this warning.
[   72.386209][ T6028] =======================================================
[   72.509877][ T6034] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   72.737852][ T5877] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.828321][ T5877] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.891194][ T5877] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.900101][ T6050] netlink: 'syz.2.64': attribute type 11 has an invalid length.
[   73.010955][ T5877] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   73.172585][   T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   73.178684][   T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   73.184120][   T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   73.193775][   T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   73.198609][   T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   73.206042][ T5877] bridge_slave_1: left allmulticast mode
[   73.208351][ T5877] bridge_slave_1: left promiscuous mode
[   73.223081][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.240916][ T5877] bridge_slave_0: left allmulticast mode
[   73.243125][ T5877] bridge_slave_0: left promiscuous mode
[   73.262081][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.623436][ T5877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   73.629439][ T5877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   73.637939][ T5877] bond0 (unregistering): Released all slaves
[   74.006531][ T6058] chnl_net:caif_netlink_parms(): no params data found
[   74.097938][ T5877] hsr_slave_0: left promiscuous mode
[   74.105233][ T5877] hsr_slave_1: left promiscuous mode
[   74.117155][ T5877] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   74.119795][ T5877] batman_adv: batadv0: Removing interface: batadv_slave_0
[   74.124550][ T5877] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   74.128068][ T5877] batman_adv: batadv0: Removing interface: batadv_slave_1
[   74.144271][ T5877] veth1_macvtap: left promiscuous mode
[   74.150481][ T5877] veth0_macvtap: left promiscuous mode
[   74.152737][ T5877] veth1_vlan: left promiscuous mode
[   74.156333][ T5877] veth0_vlan: left promiscuous mode
[   74.275692][   T56] Bluetooth: hci1: command tx timeout
[   74.397475][   T56] Bluetooth: hci2: command tx timeout
[   74.743146][ T5877] team0 (unregistering): Port device team_slave_1 removed
[   74.789570][ T5877] team0 (unregistering): Port device team_slave_0 removed
[   74.798222][ T6106] netlink: 'syz.1.80': attribute type 39 has an invalid length.
[   75.122010][ T6101] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   75.132918][ T6106] veth0_macvtap: left promiscuous mode
[   75.244820][   T56] Bluetooth: hci0: command tx timeout
[   75.276893][ T6058] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.289909][ T6058] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.292866][ T6058] bridge_slave_0: entered allmulticast mode
[   75.319940][ T6058] bridge_slave_0: entered promiscuous mode
[   75.343743][ T6058] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.347873][ T6058] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.353295][ T6058] bridge_slave_1: entered allmulticast mode
[   75.370563][ T6058] bridge_slave_1: entered promiscuous mode
[   75.833533][ T6058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.839095][ T6058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.161009][ T6058] team0: Port device team_slave_0 added
[   76.164359][ T6058] team0: Port device team_slave_1 added
[   76.324507][ T6145] __nla_validate_parse: 3 callbacks suppressed
[   76.324518][ T6145] netlink: 48 bytes leftover after parsing attributes in process `syz.1.90'.
[   76.400435][ T6058] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.403093][ T6058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.416490][ T6058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.433073][ T6058] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.445212][ T6058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   76.463352][ T6058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.788912][ T6058] hsr_slave_0: entered promiscuous mode
[   76.792420][ T6058] hsr_slave_1: entered promiscuous mode
[   76.797950][ T6058] debugfs: 'hsr0' already exists in 'hsr'
[   76.800561][ T6058] Cannot create hsr debugfs directory
[   76.860638][ T6158] warning: `syz.2.94' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   77.321874][   T56] Bluetooth: hci0: command tx timeout
[   77.446451][ T6185] nftables ruleset with unbound chain
[   77.489060][ T6058] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   77.499214][ T6058] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   77.535328][ T6058] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   77.538314][ T6188] netlink: 228 bytes leftover after parsing attributes in process `syz.1.101'.
[   77.547675][ T6058] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   77.690974][ T6058] 8021q: adding VLAN 0 to HW filter on device bond0
[   77.734191][ T6058] 8021q: adding VLAN 0 to HW filter on device team0
[   77.759213][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.762024][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[   77.796971][   T40] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.800473][   T40] bridge0: port 2(bridge_slave_1) entered forwarding state
[   77.909354][ T6215] netlink: 'syz.2.107': attribute type 4 has an invalid length.
[   77.912824][ T6215] netlink: 'syz.2.107': attribute type 4 has an invalid length.
[   77.939974][ T6215] netlink: 199756 bytes leftover after parsing attributes in process `syz.2.107'.
[   78.068000][ T6058] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.144528][ T6058] veth0_vlan: entered promiscuous mode
[   78.196114][ T6058] veth1_vlan: entered promiscuous mode
[   78.219476][ T6058] veth0_macvtap: entered promiscuous mode
[   78.225640][ T6058] veth1_macvtap: entered promiscuous mode
[   78.242902][ T6058] batman_adv: batadv0: Interface activated: batadv_slave_0
[   78.253027][ T6058] batman_adv: batadv0: Interface activated: batadv_slave_1
[   78.263104][ T5877] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   78.266896][ T5877] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   78.273021][ T5877] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   78.280818][ T5877] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   78.361531][ T4407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.366253][ T4407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.406490][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   78.411958][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   78.574229][ T6247] tap0: tun_chr_ioctl cmd 1074025678
[   78.576513][ T6247] tap0: group set to 0
[   79.036920][ T6256] netlink: 132 bytes leftover after parsing attributes in process `syz.0.119'.
[   79.295243][ T6267] netlink: 80 bytes leftover after parsing attributes in process `syz.2.124'.
[   79.395203][   T56] Bluetooth: hci0: command tx timeout
[   79.547976][ T6283] netlink: 'syz.1.132': attribute type 10 has an invalid length.
[   79.611257][ T6283] team0: Cannot enslave team device to itself
[   79.632743][ T6295] netlink: 24 bytes leftover after parsing attributes in process `syz.2.138'.
[   80.790170][ T6339] netlink: 'syz.1.157': attribute type 3 has an invalid length.
[   80.792782][ T6339] netlink: 4264 bytes leftover after parsing attributes in process `syz.1.157'.
[   80.804328][ T6339] netlink: 'syz.1.157': attribute type 3 has an invalid length.
[   80.807236][ T6339] netlink: 4264 bytes leftover after parsing attributes in process `syz.1.157'.
[   81.495439][ T6377] netlink: 22 bytes leftover after parsing attributes in process `syz.2.172'.
[   81.503414][   T56] Bluetooth: hci0: command tx timeout
[   81.831104][ T6381] netlink: 4 bytes leftover after parsing attributes in process `syz.2.174'.
[   82.797504][ T6389] syzkaller0: refused to change device tx_queue_len
[   84.423196][ T6399] openvswitch: netlink: Tunnel attr 72 out of range max 16
[   84.461960][ T6401] netlink: 48 bytes leftover after parsing attributes in process `syz.2.183'.
[   84.565073][   T56] Bluetooth: hci0: Malformed LE Event: 0x0b
[   85.607370][ T6434] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.199'.
[   85.723901][   T56] Bluetooth: hci0: ISO packet too small
[   85.953143][ T6462] netlink: 'syz.1.212': attribute type 21 has an invalid length.
[   86.003125][ T6462] netlink: 'syz.1.212': attribute type 15 has an invalid length.
[   86.009978][ T6462] netlink: 156 bytes leftover after parsing attributes in process `syz.1.212'.
[   86.019402][ T6462] IPv6: NLM_F_CREATE should be specified when creating new route
[   86.022843][ T6462] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   86.025945][ T6462] IPv6: NLM_F_CREATE should be set when creating new route
[   86.028868][ T6462] IPv6: NLM_F_CREATE should be set when creating new route
[   86.031484][ T6462] IPv6: NLM_F_CREATE should be set when creating new route
[   86.258008][ T6474] netlink: 'syz.1.217': attribute type 3 has an invalid length.
[   86.260950][ T6474] netlink: 13435 bytes leftover after parsing attributes in process `syz.1.217'.
[   86.322672][ T6480] netlink: 40 bytes leftover after parsing attributes in process `syz.1.221'.
[   86.326466][ T6480] netlink: 40 bytes leftover after parsing attributes in process `syz.1.221'.
[   86.602716][   T24] cfg80211: failed to load regulatory.db
[   86.692429][ T6499] bridge_slave_1: left allmulticast mode
[   86.694943][ T6499] bridge_slave_1: left promiscuous mode
[   86.698288][ T6499] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.291027][ T6499] bridge_slave_0: left allmulticast mode
[   87.293302][ T6499] bridge_slave_0: left promiscuous mode
[   87.295821][ T6499] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.482317][ T6500] netlink: 4 bytes leftover after parsing attributes in process `syz.0.225'.
[   87.488676][ T6500] netlink: 52 bytes leftover after parsing attributes in process `syz.0.225'.
[   87.628648][ T6509] netlink: 8 bytes leftover after parsing attributes in process `syz.1.230'.
[   87.715784][ T6515] netlink: 'syz.2.233': attribute type 27 has an invalid length.
[   87.718806][ T6515] netlink: 'syz.2.233': attribute type 3 has an invalid length.
[   87.721821][ T6515] netlink: 132 bytes leftover after parsing attributes in process `syz.2.233'.
[   87.783646][ T6513] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   88.697994][ T6539] netlink: 'syz.0.243': attribute type 15 has an invalid length.
[   88.810014][ T6547] netlink: 'syz.1.246': attribute type 1 has an invalid length.
[   88.951153][ T6558] netlink: 28 bytes leftover after parsing attributes in process `syz.0.253'.
[   88.953887][ T6558] netlink: 24 bytes leftover after parsing attributes in process `syz.0.253'.
[   88.972420][ T6558] netlink: 28 bytes leftover after parsing attributes in process `syz.0.253'.
[   88.977313][ T6558] netlink: 24 bytes leftover after parsing attributes in process `syz.0.253'.
[   89.074155][ T6567] netlink: 'syz.2.257': attribute type 4 has an invalid length.
[   89.078024][ T6567] netlink: 152 bytes leftover after parsing attributes in process `syz.2.257'.
[   89.098580][ T6567] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[   89.447138][ T6586] netlink: 'syz.2.267': attribute type 2 has an invalid length.
[   89.455200][ T6586] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.267'.
[   89.468007][ T6586] nbd: must specify an index to disconnect
[   91.876402][ T6628] openvswitch: netlink: IPv4 frag type 101 is out of range max 2
[   91.962931][   T56] Bluetooth: hci2: unexpected event 0x2c length: 82 > 17
[   91.962957][   T56] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[   92.789313][ T6663] netlink: 'syz.1.291': attribute type 3 has an invalid length.
[   92.792467][ T6663] __nla_validate_parse: 1 callbacks suppressed
[   92.792481][ T6663] netlink: 199752 bytes leftover after parsing attributes in process `syz.1.291'.
[   93.479977][ T6711] Zero length message leads to an empty skb
[   93.522203][ T6711] netlink: 128 bytes leftover after parsing attributes in process `syz.0.313'.
[   93.531309][ T6711] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[   93.769929][ T6720] netlink: 'syz.0.317': attribute type 6 has an invalid length.
[   93.772942][ T6720] netlink: 'syz.0.317': attribute type 1 has an invalid length.
[   93.776005][ T6720] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.317'.
[   94.015970][ T6742] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.611542][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.2.345'.
[   96.681740][ T6792] syz.2.347 uses obsolete (PF_INET,SOCK_PACKET)
[   96.876891][ T6798] netlink: 60 bytes leftover after parsing attributes in process `syz.2.350'.
[   96.883225][ T6798] netlink: 60 bytes leftover after parsing attributes in process `syz.2.350'.
[   96.889716][ T6798] netlink: 60 bytes leftover after parsing attributes in process `syz.2.350'.
[   97.046609][ T6804] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   97.061814][ T6804] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   97.883449][ T6804] syz.2.353 (6804) used greatest stack depth: 18768 bytes left
[   98.097285][ T6844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.364'.
[   98.103691][ T6844] netlink: 33 bytes leftover after parsing attributes in process `syz.1.364'.
[   98.114158][ T6844] netlink: 33 bytes leftover after parsing attributes in process `syz.1.364'.
[   98.920304][ T6870] netlink: 64019 bytes leftover after parsing attributes in process `syz.1.379'.
[   99.057372][ T6874] netlink: 132 bytes leftover after parsing attributes in process `syz.1.381'.
[  100.712281][ T6898] netlink: 16410 bytes leftover after parsing attributes in process `syz.1.390'.
[  101.170791][ T6887] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.386'.
[  102.512907][ T6934] netlink: 14556 bytes leftover after parsing attributes in process `syz.1.405'.
[  103.429401][ T6964] netlink: 40 bytes leftover after parsing attributes in process `syz.2.418'.
[  104.061412][   T56] Bluetooth: hci2: unexpected event 0x09 length: 15 > 3
[  104.107081][ T6978] netlink: 60 bytes leftover after parsing attributes in process `syz.1.424'.
[  104.125296][ T6978] netlink: 60 bytes leftover after parsing attributes in process `syz.1.424'.
[  104.139804][ T6978] netlink: 60 bytes leftover after parsing attributes in process `syz.1.424'.
[  104.212159][ T6985] netlink: 24 bytes leftover after parsing attributes in process `syz.2.426'.
[  104.215474][ T6985] netlink: 24 bytes leftover after parsing attributes in process `syz.2.426'.
[  104.469753][ T6996] netlink: 146936 bytes leftover after parsing attributes in process `syz.1.432'.
[  104.474190][ T6996] openvswitch: netlink: Message has 6 unknown bytes.
[  104.588034][ T7003] netlink: 4 bytes leftover after parsing attributes in process `syz.1.432'.
[  104.982164][ T7007] netlink: 8 bytes leftover after parsing attributes in process `syz.2.434'.
[  105.137293][ T5877] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  105.391521][ T7011] ------------[ cut here ]------------
[  105.393395][ T7011] verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000)
[  105.403561][ T7011] WARNING: CPU: 1 PID: 7011 at kernel/bpf/verifier.c:2721 reg_bounds_sanity_check+0x6e6/0xc20
[  105.407797][ T7011] Modules linked in:
[  105.409424][ T7011] CPU: 1 UID: 0 PID: 7011 Comm: syz.1.436 Not tainted syzkaller #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
[  105.416041][ T7011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  105.419513][ T7011] RIP: 0010:reg_bounds_sanity_check+0x6e6/0xc20
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  105.421749][ T7011] Code: 24 20 4c 8b 44 24 60 4c 8b 4c 24 58 41 ff 75 00 53 41 57 55 ff 74 24 38 ff 74 24 70 ff 74 24 40 e8 7f f8 a9 ff 48 83 c4 38 90 <0f> 0b 90 90 48 bb 00 00 00 00 00 fc ff df 4d 89 f7 4c 8b 74 24 08
[  105.430385][ T7011] RSP: 0018:ffffc90003416ee8 EFLAGS: 00010286
[  105.432524][ T7011] RAX: ea52f49f6a415400 RBX: 00000000ffffdfcc RCX: 0000000000080000
[  105.435466][ T7011] RDX: ffffc900035c9000 RSI: 0000000000031a12 RDI: 0000000000031a13
[  105.438272][ T7011] RBP: 00000000ffffdfcd R08: 0000000000000003 R09: 0000000000000004
[  105.441794][ T7011] R10: dffffc0000000000 R11: fffffbfff1bfa23c R12: ffff888039fd9230
[  105.444644][ T7011] R13: ffff888039fd9250 R14: ffff888039fd9268 R15: 00000000ffffdfcc
[  105.447497][ T7011] FS:  00007fd2c2b796c0(0000) GS:ffff8881a3c12000(0000) knlGS:0000000000000000
[  105.450704][ T7011] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  105.453072][ T7011] CR2: 00007fd2c1fd7dac CR3: 0000000109392000 CR4: 00000000000006f0
[  105.455988][ T7011] Call Trace:
[  105.457281][ T7011]  <TASK>
[  105.458330][ T7011]  reg_set_min_max+0x214/0x300
[  105.460178][ T7011]  check_cond_jmp_op+0x1985/0x2d50
[  105.461894][ T7011]  ? __pfx_check_cond_jmp_op+0x10/0x10
[  105.463782][ T7011]  ? bpf_reset_stack_write_marks+0x1eb/0x260
[  105.466322][ T7011]  ? incomplete_read_marks+0x143/0x1f0
[  105.468120][ T7011]  do_check+0x5a8e/0xed30
[  105.469477][ T7011]  ? __pfx_do_check+0x10/0x10
[  105.471098][ T7011]  ? init_func_state+0x1ab2/0x28d0
[  105.472755][ T7011]  do_check_common+0x1938/0x24e0
[  105.474448][ T7011]  bpf_check+0x183d4/0x1d720
[  105.476141][ T7011]  ? is_bpf_text_address+0x26/0x2b0
[  105.478028][ T7011]  ? is_bpf_text_address+0x292/0x2b0
[  105.479937][ T7011]  ? is_bpf_text_address+0x26/0x2b0
[  105.481836][ T7011]  ? __kernel_text_address+0xd/0x40
[  105.483889][ T7011]  ? __lock_acquire+0xab9/0xd20
[  105.485709][ T7011]  ? __mutex_trylock_common+0x153/0x260
[  105.487646][ T7011]  ? __pfx___mutex_trylock_common+0x10/0x10
[  105.489586][ T7011]  ? css_rstat_updated+0x23a/0x4f0
[  105.491387][ T7011]  ? __lock_acquire+0xab9/0xd20
[  105.492887][ T7011]  ? __pfx_bpf_check+0x10/0x10
[  105.494367][ T7011]  ? ktime_get_with_offset+0x8c/0x2a0
[  105.496456][ T7011]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  105.498778][ T7011]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.500526][ T7011]  ? ktime_get_with_offset+0x8c/0x2a0
[  105.502465][ T7011]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  105.504463][ T7011]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  105.506739][ T7011]  ? __asan_memset+0x22/0x50
[  105.508360][ T7011]  ? bpf_obj_name_cpy+0x194/0x1e0
[  105.510216][ T7011]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[  105.512054][ T7011]  ? security_bpf_prog_load+0x7f/0x310
[  105.515078][ T7011]  bpf_prog_load+0x13ba/0x19e0
[  105.516931][ T7011]  ? __pfx_bpf_prog_load+0x10/0x10
[  105.518846][ T7011]  ? bpf_lsm_bpf+0x9/0x20
[  105.520463][ T7011]  ? security_bpf+0x7e/0x300
[  105.522236][ T7011]  __sys_bpf+0x507/0x860
[  105.523864][ T7011]  ? __pfx___sys_bpf+0x10/0x10
[  105.526701][ T7011]  ? exc_page_fault+0x76/0xf0
[  105.528524][ T7011]  __x64_sys_bpf+0x7c/0x90
[  105.530229][ T7011]  do_syscall_64+0xfa/0x3b0
[  105.531951][ T7011]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.533923][ T7011]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.536201][ T7011]  ? exc_page_fault+0x9f/0xf0
[  105.537814][ T7011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.540059][ T7011] RIP: 0033:0x7fd2c1d8ec29
[  105.541749][ T7011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.548727][ T7011] RSP: 002b:00007fd2c2b79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  105.551804][ T7011] RAX: ffffffffffffffda RBX: 00007fd2c1fd5fa0 RCX: 00007fd2c1d8ec29
[  105.554461][ T7011] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  105.558196][ T7011] RBP: 00007fd2c1e11e41 R08: 0000000000000000 R09: 0000000000000000
[  105.560874][ T7011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.563776][ T7011] R13: 00007fd2c1fd6038 R14: 00007fd2c1fd5fa0 R15: 00007ffde99a43e8
[  105.566648][ T7011]  </TASK>
[  105.567770][ T7011] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  105.570306][ T7011] CPU: 1 UID: 0 PID: 7011 Comm: syz.1.436 Not tainted syzkaller #0 PREEMPT(full) 
[  105.573243][ T7011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  105.577011][ T7011] Call Trace:
[  105.578244][ T7011]  <TASK>
[  105.579376][ T7011]  dump_stack_lvl+0x99/0x250
[  105.581110][ T7011]  ? __asan_memcpy+0x40/0x70
[  105.582882][ T7011]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.584849][ T7011]  ? __pfx__printk+0x10/0x10
[  105.586607][ T7011]  vpanic+0x281/0x750
[  105.588057][ T7011]  ? __pfx__printk+0x10/0x10
[  105.589705][ T7011]  ? __pfx_vpanic+0x10/0x10
[  105.591323][ T7011]  ? is_bpf_text_address+0x26/0x2b0
[  105.593094][ T7011]  panic+0xb9/0xc0
[  105.594485][ T7011]  ? __pfx_panic+0x10/0x10
[  105.596184][ T7011]  __warn+0x31b/0x4b0
[  105.597707][ T7011]  ? reg_bounds_sanity_check+0x6e6/0xc20
[  105.599804][ T7011]  ? reg_bounds_sanity_check+0x6e6/0xc20
[  105.601864][ T7011]  report_bug+0x2be/0x4f0
[  105.603486][ T7011]  ? reg_bounds_sanity_check+0x6e6/0xc20
[  105.605531][ T7011]  ? reg_bounds_sanity_check+0x6e6/0xc20
[  105.607658][ T7011]  ? reg_bounds_sanity_check+0x6e8/0xc20
[  105.609812][ T7011]  handle_bug+0x84/0x160
[  105.611433][ T7011]  exc_invalid_op+0x1a/0x50
[  105.613178][ T7011]  asm_exc_invalid_op+0x1a/0x20
[  105.615058][ T7011] RIP: 0010:reg_bounds_sanity_check+0x6e6/0xc20
[  105.617390][ T7011] Code: 24 20 4c 8b 44 24 60 4c 8b 4c 24 58 41 ff 75 00 53 41 57 55 ff 74 24 38 ff 74 24 70 ff 74 24 40 e8 7f f8 a9 ff 48 83 c4 38 90 <0f> 0b 90 90 48 bb 00 00 00 00 00 fc ff df 4d 89 f7 4c 8b 74 24 08
[  105.624491][ T7011] RSP: 0018:ffffc90003416ee8 EFLAGS: 00010286
[  105.626823][ T7011] RAX: ea52f49f6a415400 RBX: 00000000ffffdfcc RCX: 0000000000080000
[  105.629827][ T7011] RDX: ffffc900035c9000 RSI: 0000000000031a12 RDI: 0000000000031a13
[  105.632768][ T7011] RBP: 00000000ffffdfcd R08: 0000000000000003 R09: 0000000000000004
[  105.635723][ T7011] R10: dffffc0000000000 R11: fffffbfff1bfa23c R12: ffff888039fd9230
[  105.638720][ T7011] R13: ffff888039fd9250 R14: ffff888039fd9268 R15: 00000000ffffdfcc
[  105.641558][ T7011]  reg_set_min_max+0x214/0x300
[  105.643135][ T7011]  check_cond_jmp_op+0x1985/0x2d50
[  105.645022][ T7011]  ? __pfx_check_cond_jmp_op+0x10/0x10
[  105.647084][ T7011]  ? bpf_reset_stack_write_marks+0x1eb/0x260
[  105.649558][ T7011]  ? incomplete_read_marks+0x143/0x1f0
[  105.651609][ T7011]  do_check+0x5a8e/0xed30
[  105.653428][ T7011]  ? __pfx_do_check+0x10/0x10
[  105.655240][ T7011]  ? init_func_state+0x1ab2/0x28d0
[  105.657181][ T7011]  do_check_common+0x1938/0x24e0
[  105.659041][ T7011]  bpf_check+0x183d4/0x1d720
[  105.660823][ T7011]  ? is_bpf_text_address+0x26/0x2b0
[  105.662826][ T7011]  ? is_bpf_text_address+0x292/0x2b0
[  105.664805][ T7011]  ? is_bpf_text_address+0x26/0x2b0
[  105.666832][ T7011]  ? __kernel_text_address+0xd/0x40
[  105.668854][ T7011]  ? __lock_acquire+0xab9/0xd20
[  105.670799][ T7011]  ? __mutex_trylock_common+0x153/0x260
[  105.672913][ T7011]  ? __pfx___mutex_trylock_common+0x10/0x10
[  105.675145][ T7011]  ? css_rstat_updated+0x23a/0x4f0
[  105.677114][ T7011]  ? __lock_acquire+0xab9/0xd20
[  105.678979][ T7011]  ? __pfx_bpf_check+0x10/0x10
[  105.680841][ T7011]  ? ktime_get_with_offset+0x8c/0x2a0
[  105.682888][ T7011]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  105.685216][ T7011]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.687221][ T7011]  ? ktime_get_with_offset+0x8c/0x2a0
[  105.689250][ T7011]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[  105.691376][ T7011]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  105.693826][ T7011]  ? __asan_memset+0x22/0x50
[  105.695604][ T7011]  ? bpf_obj_name_cpy+0x194/0x1e0
[  105.697499][ T7011]  ? bpf_lsm_bpf_prog_load+0x9/0x20
[  105.699460][ T7011]  ? security_bpf_prog_load+0x7f/0x310
[  105.701507][ T7011]  bpf_prog_load+0x13ba/0x19e0
[  105.703175][ T7011]  ? __pfx_bpf_prog_load+0x10/0x10
[  105.704953][ T7011]  ? bpf_lsm_bpf+0x9/0x20
[  105.706387][ T7011]  ? security_bpf+0x7e/0x300
[  105.707903][ T7011]  __sys_bpf+0x507/0x860
[  105.709346][ T7011]  ? __pfx___sys_bpf+0x10/0x10
[  105.711011][ T7011]  ? exc_page_fault+0x76/0xf0
[  105.712627][ T7011]  __x64_sys_bpf+0x7c/0x90
[  105.714063][ T7011]  do_syscall_64+0xfa/0x3b0
[  105.715541][ T7011]  ? lockdep_hardirqs_on+0x9c/0x150
[  105.717253][ T7011]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.719378][ T7011]  ? exc_page_fault+0x9f/0xf0
[  105.721147][ T7011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.723327][ T7011] RIP: 0033:0x7fd2c1d8ec29
[  105.725038][ T7011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.732065][ T7011] RSP: 002b:00007fd2c2b79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  105.735170][ T7011] RAX: ffffffffffffffda RBX: 00007fd2c1fd5fa0 RCX: 00007fd2c1d8ec29
[  105.738095][ T7011] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  105.740922][ T7011] RBP: 00007fd2c1e11e41 R08: 0000000000000000 R09: 0000000000000000
[  105.743649][ T7011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.746342][ T7011] R13: 00007fd2c1fd6038 R14: 00007fd2c1fd5fa0 R15: 00007ffde99a43e8
[  105.748900][ T7011]  </TASK>
[  105.750533][ T7011] Kernel Offset: disabled
[  105.752115][ T7011] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:47:25  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffffc90004777780 RCX=1ffff920008eee81 RDX=ffffffff9040d89a
RSI=0000000000000002 RDI=ffffffff8be343a0 RBP=1ffff920008eee82 RSP=ffffc90004777338
R8 =000000000000000a R9 =ffffffff8172d195 R10=ffffc90004777458 R11=ffffffff81ac5140
R12=ffffc90004778000 R13=1ffff920008eee83 R14=ffffc90004777408 R15=ffffc90004770000
RIP=ffffffff8172dc27 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055556c780500 ffffffff 00c00000
GS =0000 ffff8880b8612000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f18d1de5264 CR3=0000000023f96000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 ff000000000000ff XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fbf2f212e7b
XMM06=0000000000000000 00007fbf2f212e75 XMM07=0000000000000000 00007fbf2f212e89
XMM08=0000000000000000 00007fbf2f212f0f XMM09=0000000000000000 00007fbf2f212fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000044 RBX=0000000000000044 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000034590 RDI=0000000000034591 RBP=00000000000003f8 RSP=ffffc90003416690
R8 =ffff88801fa48237 R9 =1ffff11003f49046 R10=dffffc0000000000 R11=ffffffff85504740
R12=dffffc0000000000 R13=ffffffff99b048e1 R14=ffffffff99df9420 R15=0000000000000000
RIP=ffffffff855047bc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fd2c2b796c0 ffffffff 00c00000
GS =0000 ffff8881a3c12000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fd2c1fd7dac CR3=0000000109392000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fd2c1e12e7b
XMM06=0000000000000000 00007fd2c1e12e75 XMM07=0000000000000000 00007fd2c1e12e89
XMM08=0000000000000000 00007fd2c1e12f0f XMM09=0000000000000000 00007fd2c1e12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
