last executing test programs:

1m17.940095987s ago: executing program 1 (id=1242):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a8001600a400014005000200036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)

1m17.89170214s ago: executing program 1 (id=1244):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x26, 0x1f, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

1m17.840148585s ago: executing program 1 (id=1247):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}}, &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='contention_end\x00', r1, 0x0, 0x8}, 0x18)
sendmsg$nl_generic(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)={0x14, 0x31, 0x701, 0x70bd2a, 0x0, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4044840}, 0x0)

1m17.778280937s ago: executing program 1 (id=1250):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x4, 0x3, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007baaf8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m17.77729648s ago: executing program 1 (id=1252):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8020, 0x14000, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, @perf_config_ext={0x2, 0x6}, 0x8224, 0x2, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x1, 0x28}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000010000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000340)='signal_generate\x00', r1, 0x0, 0x3}, 0x18)

1m17.689394803s ago: executing program 1 (id=1255):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000006000000040000000000000e0400000000000000000000000100000d040000000400000004000000000000000000001004000000000000000000000b030000000000000061"], 0x0, 0x5a, 0x0, 0x4, 0x80000}, 0x28)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x19c5a, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d", 0x101}], 0x1}, 0x20008010)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x9, 0x1, 0x2}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)="9e6c4d5aeb37236a123e", &(0x7f0000000240), 0xc, r4}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
r5 = openat$cgroup_int(r3, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000480)=ANY=[], 0x8)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0xe8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc1, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f3d3201c58033c88e160d2745a91b08363bcc34006d0009788455ec9ad10b24"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000002071a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010071ec7c45f2fe0000000085000000a3000000b700000000000000950001000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050505f8e6fb0fd7ddcb12b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c20500000000000000cceaede3faedc51d29a47fc8136bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b001000000a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72323cc924e627f2f4b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fda4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b0600000000000000564a2b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1a5e1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9cdf99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f9166965a53beb05142e1b1550a8cb7852f6750b6ec962802c0320f8059195729d60c534ee8e8ff0010067fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b9617432e251d14b283f7d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b0000000032a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6fd9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205111b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e800fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a086535bd07820e690d2755768612bb7330a8b285f2584892eaff1889a61ee0c2a6d1831d41805707bb43991d40feb5dd0700"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x100})
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x9, 0x5, 0xd, 0x7, 0x0, 0x6, 0x7a5d4, 0x7, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xe0000001, 0x0, @perf_config_ext={0x80000001, 0x5}, 0x1000d2, 0x77f, 0x51, 0x9, 0x4, 0x852, 0x2, 0x0, 0x398980e4, 0x0, 0x8000ffffffff}, 0x0, 0x1, 0xffffffffffffffff, 0xb)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080))

1m2.655218845s ago: executing program 32 (id=1255):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000006000000040000000000000e0400000000000000000000000100000d040000000400000004000000000000000000001004000000000000000000000b030000000000000061"], 0x0, 0x5a, 0x0, 0x4, 0x80000}, 0x28)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000640)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x480000000000000b, 0x954b, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x1, @perf_config_ext={0x76, 0x1ef7}, 0x19c5a, 0x4, 0x98, 0x0, 0x2, 0xfffff271, 0xfffc, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000e5020000000000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d", 0x101}], 0x1}, 0x20008010)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x9, 0x1, 0x2}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)="9e6c4d5aeb37236a123e", &(0x7f0000000240), 0xc, r4}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
r5 = openat$cgroup_int(r3, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000480)=ANY=[], 0x8)
perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0xe8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f00000003c0)={0x1, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc1, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x1000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf250800010000000000ba30b28e994c1a08d1ca4eb6b8b4889cdd4e786eb807e04eb88b935d785f3d3201c58033c88e160d2745a91b08363bcc34006d0009788455ec9ad10b24"], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000000bc0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000002071a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010071ec7c45f2fe0000000085000000a3000000b700000000000000950001000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050505f8e6fb0fd7ddcb12b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c20500000000000000cceaede3faedc51d29a47fc8136bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b001000000a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5b787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72323cc924e627f2f4b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fda4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b9243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b0600000000000000564a2b49b745f3bf2cf7908b6d7d748308eea09fb4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7e58ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1a5e1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9cdf99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eee46eb20c20bb82aa31771cd379ec83554cea5e6539d85b980e358d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f9166965a53beb05142e1b1550a8cb7852f6750b6ec962802c0320f8059195729d60c534ee8e8ff0010067fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b9617432e251d14b283f7d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b0000000032a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002157a3609b6fd9843ee19ec647249a9375de5858818f3c2432e6ced4380217ac51a84a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205111b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e800fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd809269f816fa748b20ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f9289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f05714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc30935455f6de5b64bcdfaf8ac04ce96c421e5dbc85e168d3559ab13df98163e39e4065e65a2f43412535d6f7c09830f3a086535bd07820e690d2755768612bb7330a8b285f2584892eaff1889a61ee0c2a6d1831d41805707bb43991d40feb5dd0700"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bridge0\x00', 0x100})
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0x9, 0x5, 0xd, 0x7, 0x0, 0x6, 0x7a5d4, 0x7, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xe0000001, 0x0, @perf_config_ext={0x80000001, 0x5}, 0x1000d2, 0x77f, 0x51, 0x9, 0x4, 0x852, 0x2, 0x0, 0x398980e4, 0x0, 0x8000ffffffff}, 0x0, 0x1, 0xffffffffffffffff, 0xb)
ioctl$PERF_EVENT_IOC_SET_FILTER(r7, 0x89f1, &(0x7f0000000080))

984.242153ms ago: executing program 3 (id=2156):
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x7, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%-5lx  \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000013000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x28, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

841.540277ms ago: executing program 3 (id=2158):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x6000, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}, {0x4}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

763.972809ms ago: executing program 3 (id=2162):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ec00000021000100feffffff000000000000000000000000000000000000000000000000007c0000000000000000000000000000000000001700a00000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c00110000000000000000000000000000000000fe8000000000000000000000000000bbac1414210000000000000000000000002001000000000000000000000000000000000000000000000000020000000000000000000000000000000000fe8000000000000000000000000000bb"], 0xec}}, 0x0)

763.570139ms ago: executing program 2 (id=2163):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0xcb47f0b37d3315eb)

721.390308ms ago: executing program 3 (id=2165):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000000000009b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), 0x0, 0x2}, 0x20)
r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000540)={0x5, 0x80, 0x6, 0x44, 0x1, 0x0, 0x0, 0x3, 0x60014, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_config_ext={0x8, 0x9}, 0x20, 0x200, 0xfffffff9, 0x4, 0xc, 0x0, 0x200, 0x0, 0x40, 0x0, 0x7}, 0x0, 0xf, r2, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unlink(&(0x7f0000000180)='./cgroup/../file0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r4, &(0x7f0000000200)='pids.current\x00', 0x275a, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_subtree(r5, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000400)=ANY=[@ANYBLOB='-cp'], 0x5)
write$cgroup_subtree(r6, &(0x7f0000000040)={[{0x2b, 'cpu'}, {0x2b, 'pids'}]}, 0xb)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote})
socketpair(0x1, 0x2, 0x0, &(0x7f00000002c0))
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
syz_clone(0x2a020600, &(0x7f0000000300)="4e159d92ce4e466744ae3704fbcbecdf6d177309d6887a9d4f6083f01ff4b38bc7e0302ffc3a39d616b8f204f4e6067102b40bf64b442dedd91fed311fefd48b50ae9b46d11c86ae78e3f153dacb1199b2571171df725d2ec1048be9f8fdf137cdd907342f06a2943b9338ccc1477223fd60082c2fa879c1b419eb567cfc2d6b1cbef6b22c9ad3910b62a564ca93c66b38d442893508c6daf8a3537fe54b130ec3d9d6ea10aba5b7f5c2d4205e74424f", 0xb0, &(0x7f0000000280), &(0x7f00000003c0), &(0x7f00000004c0)="df2239a5abfe7f736463aa3ae5541525d85b9df771aae02a28043c0e57aead8f2a4b3a139507dd43ac6862d4dca5877e23f4111791863277a703b41bea7d69d3a8a7ca074f8c3f27cffde6d291cb265ddfc009e96d29")
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x89a0, &(0x7f0000000080))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz0\x00', 0x1ff)

617.956931ms ago: executing program 0 (id=2166):
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000010000000b"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x18}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1a}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xa, 0x9}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_CREATE(0x0, 0x0, 0x50)

617.752141ms ago: executing program 2 (id=2167):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffc)

614.36963ms ago: executing program 2 (id=2168):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48)
perf_event_open(&(0x7f00000000c0)={0x5, 0x80, 0xec, 0x7, 0x40, 0x7, 0x0, 0x0, 0xd000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0xfffffffd, 0x2, @perf_bp={0x0, 0x2}, 0x986, 0xfc, 0x4, 0x0, 0x81, 0x9, 0x5, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0xd0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4610, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x1, @perf_config_ext={0x5, 0x6}, 0x0, 0x0, 0x0, 0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffbffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x200, 0x201, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x200000000, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
close(r1)
socket$inet_udplite(0x2, 0x2, 0x88)

496.396341ms ago: executing program 3 (id=2169):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="013301300108"})

288.116244ms ago: executing program 3 (id=2170):
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x18, 0x1411, 0x309, 0x70bd27, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x3b}]}, 0x18}, 0x1, 0x0, 0x0, 0x40004}, 0x4040000)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)=@generic={0x0, 0x0, 0x38}, 0x18)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x56}, 0x28)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000740)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x4010, r0}, 0x18)
bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x1a, 0x4, 0x0, 0x1, 0x8000, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, @value=r0}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x2, 0x922000000001, 0x106)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c31, 0x80003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x100c, 0x0, 0x2, 0x0, 0x0, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f1, &(0x7f0000000080))
sendmsg$NFNL_MSG_ACCT_NEW(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x7c, 0x0, 0x7, 0x3, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x3}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x8649}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x7}, @NFACCT_FILTER={0x24, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4118}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x5}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x91}, @NFACCT_FLAGS={0x8}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x24008004)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)

287.660329ms ago: executing program 2 (id=2171):
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000100), 0x1001)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
ioctl$SIOCSIFHWADDR(r0, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x8}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)

218.101525ms ago: executing program 0 (id=2172):
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000000), 0x10)

143.413462ms ago: executing program 0 (id=2173):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='4'], 0x20)

143.140596ms ago: executing program 0 (id=2174):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x5}, {0x2}]}, 0x94)
sendmsg$inet(r0, &(0x7f00000029c0)={&(0x7f0000000100)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000002780)=[{&(0x7f00000006c0)='{', 0x1}], 0x1}, 0x4000040)
sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000001040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000140)="97", 0x1}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x70}, @exit], 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x7b, &(0x7f0000000000)=r3, 0x8)
close(r0)

60.842567ms ago: executing program 0 (id=2175):
r0 = socket$kcm(0x2, 0x1000000000000005, 0x0)
sendmsg$inet(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f0000000040)=[{&(0x7f00000004c0)='.', 0x1}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f0000007940)={&(0x7f0000000080)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="20000000000000008400000002000000948404"], 0x20}, 0x0)

60.223645ms ago: executing program 2 (id=2176):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x17}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x38}]}, @NFT_MSG_NEWSETELEM={0x38, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xcc}}, 0x0)

1.398694ms ago: executing program 2 (id=2177):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000001400791048000000000069001d000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0xa3}, 0x21)

0s ago: executing program 0 (id=2178):
r0 = socket$kcm(0x28, 0x5, 0x0)
setsockopt$sock_attach_bpf(r0, 0x28, 0x2, 0x0, 0x41)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:47508' (ED25519) to the list of known hosts.
syzkaller login: [   56.522037][ T5776] cgroup: Unknown subsys name 'net'
[   56.657115][ T5776] cgroup: Unknown subsys name 'cpuset'
[   56.661813][ T5776] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.524163][ T5776] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   68.946290][ T5867] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   70.461945][ T5235] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   70.493168][ T5877] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   70.497633][ T5877] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   70.501699][ T5877] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   70.505664][ T5877] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   70.516334][ T5885] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   70.519768][ T5877] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   70.526026][ T5885] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   70.531030][ T5877] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   70.543213][ T5877] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   70.551562][ T5883] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   70.555642][ T5877] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   70.559356][ T5877] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   70.564685][ T5883] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   70.572847][ T5880] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   70.972823][ T5875] chnl_net:caif_netlink_parms(): no params data found
[   71.028983][ T5878] chnl_net:caif_netlink_parms(): no params data found
[   71.063062][ T5879] chnl_net:caif_netlink_parms(): no params data found
[   71.151532][ T5875] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.155624][ T5875] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.158729][ T5875] bridge_slave_0: entered allmulticast mode
[   71.162812][ T5875] bridge_slave_0: entered promiscuous mode
[   71.169004][ T5875] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.171828][ T5875] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.174727][ T5875] bridge_slave_1: entered allmulticast mode
[   71.177819][ T5875] bridge_slave_1: entered promiscuous mode
[   71.248049][ T5875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.251602][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.256189][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.258605][ T5878] bridge_slave_0: entered allmulticast mode
[   71.262134][ T5878] bridge_slave_0: entered promiscuous mode
[   71.283600][ T5875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.287762][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.290843][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.296374][ T5878] bridge_slave_1: entered allmulticast mode
[   71.300234][ T5878] bridge_slave_1: entered promiscuous mode
[   71.321124][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[   71.323646][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[   71.342582][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.345613][ T5879] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.348283][ T5879] bridge_slave_0: entered allmulticast mode
[   71.351814][ T5879] bridge_slave_0: entered promiscuous mode
[   71.377297][ T5879] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.379533][ T5879] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.381742][ T5879] bridge_slave_1: entered allmulticast mode
[   71.386300][ T5879] bridge_slave_1: entered promiscuous mode
[   71.413216][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.433273][ T5875] team0: Port device team_slave_0 added
[   71.439586][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.446086][ T5879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.452187][ T5875] team0: Port device team_slave_1 added
[   71.481748][ T5879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.516312][ T5878] team0: Port device team_slave_0 added
[   71.531299][ T5879] team0: Port device team_slave_0 added
[   71.547804][ T5878] team0: Port device team_slave_1 added
[   71.552124][ T5879] team0: Port device team_slave_1 added
[   71.568731][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.571482][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.580413][ T5875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.607551][ T5875] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.610433][ T5875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.622466][ T5875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.640370][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.642567][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.652712][ T5879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.658787][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.661529][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.671831][ T5879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.684182][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.686288][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.695534][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.721483][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.724603][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   71.735036][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.769171][ T5875] hsr_slave_0: entered promiscuous mode
[   71.772625][ T5875] hsr_slave_1: entered promiscuous mode
[   71.817387][ T5879] hsr_slave_0: entered promiscuous mode
[   71.820413][ T5879] hsr_slave_1: entered promiscuous mode
[   71.823455][ T5879] debugfs: 'hsr0' already exists in 'hsr'
[   71.826156][ T5879] Cannot create hsr debugfs directory
[   71.843512][ T5878] hsr_slave_0: entered promiscuous mode
[   71.846931][ T5878] hsr_slave_1: entered promiscuous mode
[   71.849614][ T5878] debugfs: 'hsr0' already exists in 'hsr'
[   71.851496][ T5878] Cannot create hsr debugfs directory
[   72.224947][ T5875] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   72.238821][ T5875] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   72.246392][ T5875] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   72.254478][ T5875] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   72.316456][ T5879] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   72.326066][ T5879] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   72.354299][ T5879] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   72.362003][ T5879] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   72.423543][ T5878] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   72.439908][ T5878] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   72.452007][ T5878] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   72.470138][ T5878] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   72.535919][ T5875] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.569444][ T5875] 8021q: adding VLAN 0 to HW filter on device team0
[   72.582817][   T39] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.585827][   T39] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.596693][ T5235] Bluetooth: hci1: command tx timeout
[   72.598864][ T5880] Bluetooth: hci0: command tx timeout
[   72.599255][ T5235] Bluetooth: hci2: command tx timeout
[   72.611107][   T39] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.613910][   T39] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.628021][ T5879] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.680731][ T5879] 8021q: adding VLAN 0 to HW filter on device team0
[   72.716429][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.719305][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.726914][ T5878] 8021q: adding VLAN 0 to HW filter on device bond0
[   72.742912][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.745951][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.789024][ T5878] 8021q: adding VLAN 0 to HW filter on device team0
[   72.816263][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.819120][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   72.827196][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.830274][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   72.919317][ T5878] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   72.972906][ T5875] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.063147][ T5875] veth0_vlan: entered promiscuous mode
[   73.102962][ T5875] veth1_vlan: entered promiscuous mode
[   73.113663][ T5879] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.166832][ T5878] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.179991][ T5875] veth0_macvtap: entered promiscuous mode
[   73.190661][ T5875] veth1_macvtap: entered promiscuous mode
[   73.215985][ T5879] veth0_vlan: entered promiscuous mode
[   73.227805][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.234484][ T5875] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.246924][ T5879] veth1_vlan: entered promiscuous mode
[   73.262443][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.267425][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.278936][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.289827][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.348293][ T5878] veth0_vlan: entered promiscuous mode
[   73.364135][ T5879] veth0_macvtap: entered promiscuous mode
[   73.371538][ T5879] veth1_macvtap: entered promiscuous mode
[   73.380673][ T5878] veth1_vlan: entered promiscuous mode
[   73.422807][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.431507][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.435997][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.462853][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.490619][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.499938][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.505659][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.517003][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.520432][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.523673][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.571426][ T5878] veth0_macvtap: entered promiscuous mode
[   73.607230][ T5878] veth1_macvtap: entered promiscuous mode
[   73.641903][ T5941] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.10'.
[   73.649292][   T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.652114][   T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.666926][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.698251][ T5878] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.760141][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   73.767944][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   73.774437][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.780201][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.784161][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   73.791732][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   73.972569][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.986855][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.036919][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.041711][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.074525][ T5953] netlink: 260 bytes leftover after parsing attributes in process `syz.2.14'.
[   74.082730][ T5953] netlink: 'syz.2.14': attribute type 1 has an invalid length.
[   74.675746][ T5235] Bluetooth: hci0: command tx timeout
[   74.678999][ T5235] Bluetooth: hci1: command tx timeout
[   74.681401][ T5235] Bluetooth: hci2: command tx timeout
[   74.866550][ T5990] netlink: 60 bytes leftover after parsing attributes in process `syz.1.31'.
[   74.889848][ T5987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30'.
[   74.989397][ T5992] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.32'.
[   75.124769][ T5998] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.35'.
[   75.129030][ T5998] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[   75.369565][ T6012] netlink: 'syz.0.42': attribute type 33 has an invalid length.
[   75.372866][ T6012] netlink: 'syz.0.42': attribute type 3 has an invalid length.
[   75.382458][ T6012] netlink: 153952 bytes leftover after parsing attributes in process `syz.0.42'.
[   75.597229][    C1] hrtimer: interrupt took 49247 ns
[   75.910351][ T6023] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   76.607399][ T6052] netlink: 'syz.1.59': attribute type 10 has an invalid length.
[   76.635335][ T6052] team0: Port device dummy0 added
[   77.025581][ T5235] Bluetooth: hci2: command tx timeout
[   77.027680][ T5235] Bluetooth: hci1: command tx timeout
[   77.070202][ T5235] Bluetooth: hci0: command tx timeout
[   77.182608][ T6066] netlink: 'syz.0.67': attribute type 39 has an invalid length.
[   77.281214][ T6071] Driver unsupported XDP return value 0 on prog  (id 22) dev N/A, expect packet loss!
[   77.425375][ T6072] netlink: 188 bytes leftover after parsing attributes in process `syz.2.68'.
[   77.698930][ T6081] netlink: 'syz.2.72': attribute type 32 has an invalid length.
[   77.773208][ T6078] netlink: 1 bytes leftover after parsing attributes in process `syz.0.70'.
[   78.920712][ T6107] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.81'.
[   79.074828][ T5880] Bluetooth: hci1: command tx timeout
[   79.076727][ T5880] Bluetooth: hci2: command tx timeout
[   79.078432][ T5235] Bluetooth: hci0: command tx timeout
[   79.298220][ T6126] netlink: 14 bytes leftover after parsing attributes in process `syz.2.90'.
[   79.763395][    C1] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 1009599436 wd_nsec: 1009599414
[   79.852754][ T6126] hsr_slave_0: left promiscuous mode
[   80.050898][ T6126] hsr_slave_1: left promiscuous mode
[   90.239163][    C0] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 4828168132 wd_nsec: 4828183499
[   90.722815][ T5866] sched: DL replenish lagged too much
[   93.506005][  T974] cfg80211: failed to load regulatory.db
[   93.741638][ T6156] C: renamed from team_slave_0 (while UP)
[   93.749633][ T6156] netlink: 'syz.1.100': attribute type 3 has an invalid length.
[   93.752314][ T6156] netlink: 'syz.1.100': attribute type 1 has an invalid length.
[   93.755246][ T6156] netlink: 116 bytes leftover after parsing attributes in process `syz.1.100'.
[   94.080434][ T6164] warning: `syz.0.103' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   94.301206][ T6168] syzkaller0: entered promiscuous mode
[   94.303195][ T6168] syzkaller0: entered allmulticast mode
[   94.344579][ T6170] IPv6: Can't replace route, no match found
[   94.779033][ T5235] Bluetooth: hci2: unexpected event 0x16 length: 15 > 6
[   95.921859][ T6193] delete_channel: no stack
[   95.951850][ T6193] delete_channel: no stack
[   95.987061][ T6193] netlink: 'syz.1.116': attribute type 6 has an invalid length.
[   95.990858][ T6193] netlink: 164 bytes leftover after parsing attributes in process `syz.1.116'.
[   96.037772][ T6199] netlink: 'syz.0.118': attribute type 6 has an invalid length.
[   96.041847][ T6199] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.118'.
[   96.680727][ T6218] netlink: 'syz.1.127': attribute type 39 has an invalid length.
[   97.386405][ T6227] openvswitch: netlink: Message has 4 unknown bytes.
[   97.637848][ T6237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.135'.
[   99.231750][ T6267] lo speed is unknown, defaulting to 1000
[   99.236429][ T6267] lo speed is unknown, defaulting to 1000
[   99.263275][ T6267] lo speed is unknown, defaulting to 1000
[   99.428606][ T6267] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   99.669484][ T6267] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   99.947959][ T6267] lo speed is unknown, defaulting to 1000
[   99.996656][ T6267] lo speed is unknown, defaulting to 1000
[   99.999384][ T6267] lo speed is unknown, defaulting to 1000
[  100.607857][ T6278] bridge_slave_1: left allmulticast mode
[  100.610400][ T6278] bridge_slave_1: left promiscuous mode
[  100.614116][ T6278] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.677949][ T6278] bridge_slave_0: left allmulticast mode
[  100.694023][ T6278] bridge_slave_0: left promiscuous mode
[  100.696373][ T6278] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.784769][ T6267] syz.0.146 (6267) used greatest stack depth: 19256 bytes left
[  103.986164][ T6301] lo speed is unknown, defaulting to 1000
[  104.160354][ T6302] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  104.193293][ T6304] lo speed is unknown, defaulting to 1000
[  104.389541][ T6313] netlink: 152 bytes leftover after parsing attributes in process `syz.1.162'.
[  104.393414][ T6313] netlink: 6 bytes leftover after parsing attributes in process `syz.1.162'.
[  104.492996][ T6321] netlink: 56 bytes leftover after parsing attributes in process `syz.0.165'.
[  105.467581][ T6349] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.176'.
[  105.647886][ T6359] syz.2.181 uses obsolete (PF_INET,SOCK_PACKET)
[  105.941279][ T6371] sctp: [Deprecated]: syz.0.184 (pid 6371) Use of struct sctp_assoc_value in delayed_ack socket option.
[  105.941279][ T6371] Use struct sctp_sack_info instead
[  106.106243][ T6379] netlink: 8 bytes leftover after parsing attributes in process `syz.2.188'.
[  106.240582][ T6384] netlink: 'syz.2.190': attribute type 2 has an invalid length.
[  106.835456][   T39] wlan1: Trigger new scan to find an IBSS to join
[  106.857813][ T6406] netlink: 8 bytes leftover after parsing attributes in process `syz.1.199'.
[  106.898559][ T6408] netlink: 64 bytes leftover after parsing attributes in process `syz.1.200'.
[  107.427330][ T6428] netlink: 'syz.2.209': attribute type 21 has an invalid length.
[  107.672988][ T6435] netlink: 4 bytes leftover after parsing attributes in process `syz.0.212'.
[  108.231944][ T5294] udevd[5294]: worker [6271] terminated by signal 33 (Unknown signal 33)
[  108.240407][ T5294] udevd[5294]: worker [6271] failed while handling '/devices/virtual/block/loop2'
[  108.388503][ T6473] netlink: 60 bytes leftover after parsing attributes in process `syz.2.230'.
[  108.858057][ T6502] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  109.042067][ T6510] netlink: 76 bytes leftover after parsing attributes in process `syz.1.247'.
[  109.806207][   T52] wlan1: Trigger new scan to find an IBSS to join
[  109.832226][ T6537] __nla_validate_parse: 3 callbacks suppressed
[  109.832242][ T6537] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.258'.
[  109.935616][ T6545] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  110.261625][ T6563] openvswitch: netlink: Message has 4 unknown bytes.
[  110.339554][ T6567] netlink: 104 bytes leftover after parsing attributes in process `syz.2.273'.
[  110.376384][ T6559] netlink: 168 bytes leftover after parsing attributes in process `syz.0.269'.
[  110.388493][ T6559] netlink: 'syz.0.269': attribute type 4 has an invalid length.
[  110.391996][ T6559] netlink: 152 bytes leftover after parsing attributes in process `syz.0.269'.
[  110.465630][ T6559] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check.
[  110.507686][ T6577] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.278'.
[  110.962761][ T6605] netlink: 48 bytes leftover after parsing attributes in process `syz.1.291'.
[  111.519842][ T6616] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  111.523026][ T6616] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  111.795864][ T4387] wlan1: Creating new IBSS network, BSSID 72:fe:cf:71:74:c0
[  112.503449][ T6630] netlink: 60 bytes leftover after parsing attributes in process `syz.0.303'.
[  112.530158][ T6630] netlink: 60 bytes leftover after parsing attributes in process `syz.0.303'.
[  112.540919][ T6630] netlink: 60 bytes leftover after parsing attributes in process `syz.0.303'.
[  112.544049][ T6632] netlink: 'syz.1.304': attribute type 8 has an invalid length.
[  112.655747][ T6636] netlink: 'syz.0.306': attribute type 11 has an invalid length.
[  112.664155][ T6636] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.306'.
[  112.919574][ T6635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  113.426460][ T6665] netlink: 'syz.1.316': attribute type 1 has an invalid length.
[  113.654583][ T5235] Bluetooth: hci1: Unable to find connection for big 0x00
[  113.674073][ T6685] netlink: 'syz.1.327': attribute type 21 has an invalid length.
[  113.873143][ T6693] netlink: 'syz.0.331': attribute type 21 has an invalid length.
[  113.884249][ T6693] netlink: 'syz.0.331': attribute type 11 has an invalid length.
[  113.918381][ T6695] Zero length message leads to an empty skb
[  114.389974][ T6703] syz.1.334: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  114.458408][ T6703] CPU: 1 UID: 0 PID: 6703 Comm: syz.1.334 Not tainted syzkaller #0 PREEMPT(full) 
[  114.458444][ T6703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  114.458463][ T6703] Call Trace:
[  114.458471][ T6703]  <TASK>
[  114.458489][ T6703]  dump_stack_lvl+0x189/0x250
[  114.458518][ T6703]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.458537][ T6703]  ? __pfx__printk+0x10/0x10
[  114.458593][ T6703]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  114.458612][ T6703]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  114.458630][ T6703]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  114.458650][ T6703]  warn_alloc+0x214/0x310
[  114.458677][ T6703]  ? stack_depot_save_flags+0x41b/0x860
[  114.458697][ T6703]  ? __pfx_warn_alloc+0x10/0x10
[  114.458722][ T6703]  ? kasan_save_track+0x4f/0x80
[  114.458742][ T6703]  ? xskq_create+0x56/0x170
[  114.458759][ T6703]  ? xsk_init_queue+0xb0/0x110
[  114.458774][ T6703]  ? xsk_setsockopt+0x57b/0x8d0
[  114.458789][ T6703]  ? do_sock_setsockopt+0x17c/0x1b0
[  114.458811][ T6703]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  114.458825][ T6703]  ? do_syscall_64+0xfa/0x3b0
[  114.458845][ T6703]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.458867][ T6703]  __vmalloc_node_range_noprof+0x125/0x12f0
[  114.458911][ T6703]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  114.458937][ T6703]  ? __kasan_kmalloc+0x93/0xb0
[  114.458958][ T6703]  vmalloc_user_noprof+0xad/0xf0
[  114.458978][ T6703]  ? xskq_create+0xbf/0x170
[  114.458997][ T6703]  xskq_create+0xbf/0x170
[  114.459017][ T6703]  xsk_init_queue+0xb0/0x110
[  114.459038][ T6703]  xsk_setsockopt+0x57b/0x8d0
[  114.459056][ T6703]  ? __pfx_xsk_setsockopt+0x10/0x10
[  114.459072][ T6703]  ? __pfx_aa_sk_perm+0x10/0x10
[  114.459098][ T6703]  ? __fget_files+0x2a/0x420
[  114.459110][ T6703]  ? aa_sock_opt_perm+0xff/0x1b0
[  114.459126][ T6703]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  114.459141][ T6703]  ? __pfx_xsk_setsockopt+0x10/0x10
[  114.459159][ T6703]  do_sock_setsockopt+0x17c/0x1b0
[  114.459177][ T6703]  __x64_sys_setsockopt+0x13f/0x1b0
[  114.459195][ T6703]  do_syscall_64+0xfa/0x3b0
[  114.459214][ T6703]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.459231][ T6703]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.459245][ T6703]  ? exc_page_fault+0x9f/0xf0
[  114.459265][ T6703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.459278][ T6703] RIP: 0033:0x7f6f0498ebe9
[  114.459294][ T6703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.459307][ T6703] RSP: 002b:00007f6f0573e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  114.459324][ T6703] RAX: ffffffffffffffda RBX: 00007f6f04bc6090 RCX: 00007f6f0498ebe9
[  114.459336][ T6703] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000009
[  114.459346][ T6703] RBP: 00007f6f04a11e19 R08: 0000000000000004 R09: 0000000000000000
[  114.459356][ T6703] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  114.459365][ T6703] R13: 00007f6f04bc6128 R14: 00007f6f04bc6090 R15: 00007ffed181ed58
[  114.459391][ T6703]  </TASK>
[  114.459400][ T6703] Mem-Info:
[  114.653930][ T6703] active_anon:4895 inactive_anon:0 isolated_anon:0
[  114.653930][ T6703]  active_file:1287 inactive_file:38246 isolated_file:0
[  114.653930][ T6703]  unevictable:1768 dirty:350 writeback:0
[  114.653930][ T6703]  slab_reclaimable:9380 slab_unreclaimable:53055
[  114.653930][ T6703]  mapped:18035 shmem:2433 pagetables:945
[  114.653930][ T6703]  sec_pagetables:0 bounce:0
[  114.653930][ T6703]  kernel_misc_reclaimable:0
[  114.653930][ T6703]  free:302186 free_pcp:17819 free_cma:0
[  114.677112][ T6703] Node 0 active_anon:11896kB inactive_anon:0kB active_file:1800kB inactive_file:9200kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:33920kB dirty:272kB writeback:0kB shmem:5100kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5188kB pagetables:2072kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  114.701383][ T6703] Node 1 active_anon:7616kB inactive_anon:0kB active_file:3348kB inactive_file:143784kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:38220kB dirty:1128kB writeback:0kB shmem:4632kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6116kB pagetables:1708kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  114.713140][ T6703] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  114.726304][ T6703] lowmem_reserve[]: 0 811 811 811 811
[  114.728915][ T6703] Node 0 DMA32 free:428244kB boost:0kB min:33660kB low:42072kB high:50484kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11896kB inactive_anon:0kB active_file:1800kB inactive_file:9200kB unevictable:3536kB writepending:272kB present:1556484kB managed:830960kB mlocked:0kB bounce:0kB free_pcp:39584kB local_pcp:18612kB free_cma:0kB
[  114.764096][ T6703] lowmem_reserve[]: 0 0 0 0 0
[  114.765917][ T6703] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  114.779566][ T6703] lowmem_reserve[]: 0 0 854 854 854
[  114.782103][ T6703] Node 1 Normal free:306492kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:7612kB inactive_anon:0kB active_file:3348kB inactive_file:143784kB unevictable:3536kB writepending:1128kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:32512kB local_pcp:20204kB free_cma:0kB
[  114.801143][ T6703] lowmem_reserve[]: 0 0 0 0 0
[  114.827839][ T6703] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  114.833583][ T6703] Node 0 DMA32: 333*4kB (M) 118*8kB (UM) 127*16kB (UME) 258*32kB (UM) 21*64kB (UM) 5*128kB (UME) 2*256kB (UM) 3*512kB (UME) 2*1024kB (UM) 2*2048kB (ME) 99*4096kB (M) = 428244kB
[  114.841992][ T6703] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  114.861138][ T6703] Node 1 Normal: 754*4kB (UME) 625*8kB (UME) 307*16kB (UME) 54*32kB (UME) 30*64kB (UME) 17*128kB (UME) 9*256kB (UM) 9*512kB (ME) 8*1024kB (UME) 5*2048kB (ME) 64*4096kB (M) = 306240kB
[  114.882965][ T6703] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  114.888222][ T6703] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  114.891994][ T6703] 42495 total pagecache pages
[  114.894275][ T6703] 0 pages in swap cache
[  114.896013][ T6703] Free swap  = 124996kB
[  114.897760][ T6703] Total swap = 124996kB
[  114.899648][ T6703] 786301 pages RAM
[  114.901049][ T6703] 0 pages HighMem/MovableOnly
[  114.907385][ T6703] 241329 pages reserved
[  114.909176][ T6703] 0 pages cma reserved
[  116.020876][ T6714] =======================================================
[  116.020876][ T6714] WARNING: The mand mount option has been deprecated and
[  116.020876][ T6714]          and is ignored by this kernel. Remove the mand
[  116.020876][ T6714]          option from the mount to silence this warning.
[  116.020876][ T6714] =======================================================
[  117.030722][ T6731] netlink: 'syz.2.346': attribute type 8 has an invalid length.
[  117.045317][ T6731] netlink: 'syz.2.346': attribute type 6 has an invalid length.
[  117.048206][ T6731] __nla_validate_parse: 3 callbacks suppressed
[  117.048216][ T6731] netlink: 144448 bytes leftover after parsing attributes in process `syz.2.346'.
[  117.068638][ T6733] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.347'.
[  119.365863][ T6770] netlink: 'syz.1.362': attribute type 21 has an invalid length.
[  119.380541][ T6770] IPv6: NLM_F_CREATE should be specified when creating new route
[  119.386173][ T6770] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  119.389267][ T6770] IPv6: NLM_F_CREATE should be set when creating new route
[  119.392473][ T6770] IPv6: NLM_F_CREATE should be set when creating new route
[  119.395579][ T6770] IPv6: NLM_F_CREATE should be set when creating new route
[  120.553255][ T6803] netlink: 277 bytes leftover after parsing attributes in process `syz.2.376'.
[  120.703559][ T6808] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  120.710338][ T6812] netlink: 60 bytes leftover after parsing attributes in process `syz.2.381'.
[  120.719906][ T6808] netlink: 8 bytes leftover after parsing attributes in process `syz.1.379'.
[  120.724781][ T6812] netlink: 60 bytes leftover after parsing attributes in process `syz.2.381'.
[  120.735564][ T6812] netlink: 60 bytes leftover after parsing attributes in process `syz.2.381'.
[  120.925015][ T6820] netlink: 'syz.0.383': attribute type 1 has an invalid length.
[  120.929185][ T6820] netlink: 16 bytes leftover after parsing attributes in process `syz.0.383'.
[  121.248950][ T6831] netlink: 'syz.0.390': attribute type 6 has an invalid length.
[  121.312373][ T6833] netlink: 16 bytes leftover after parsing attributes in process `syz.0.391'.
[  122.032883][ T6852] netlink: 52 bytes leftover after parsing attributes in process `syz.0.398'.
[  122.233225][ T6860] netlink: 'syz.2.399': attribute type 10 has an invalid length.
[  122.238630][ T6860] netlink: 40 bytes leftover after parsing attributes in process `syz.2.399'.
[  122.245799][ T6860] team0: entered promiscuous mode
[  122.248605][ T6860] team_slave_0: entered promiscuous mode
[  122.253211][ T6860] team_slave_1: entered promiscuous mode
[  122.276452][ T6860] team0: entered allmulticast mode
[  122.280680][ T6860] team_slave_0: entered allmulticast mode
[  122.283247][ T6860] team_slave_1: entered allmulticast mode
[  122.314356][ T6860] bridge0: port 3(team0) entered blocking state
[  122.330087][ T6860] bridge0: port 3(team0) entered disabled state
[  122.406771][ T6873] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.404'.
[  122.429589][ T6860] bridge0: port 3(team0) entered blocking state
[  122.433818][ T6860] bridge0: port 3(team0) entered forwarding state
[  125.394573][ T6887] netlink: 209592 bytes leftover after parsing attributes in process `syz.2.409'.
[  125.889946][ T6915] netlink: 56 bytes leftover after parsing attributes in process `syz.2.422'.
[  126.723318][ T6924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.427'.
[  126.728655][ T6924] netlink: 'syz.0.427': attribute type 3 has an invalid length.
[  126.859334][ T6931] netlink: 16410 bytes leftover after parsing attributes in process `syz.2.430'.
[  127.375210][ T6952] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.436'.
[  127.778573][ T6966] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x37
[  127.929229][ T6976] veth0_vlan: entered allmulticast mode
[  128.012243][ T6976] veth0_vlan: left promiscuous mode
[  128.319678][    C0] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  128.701850][ T6976] veth0_vlan: entered promiscuous mode
[  129.418842][ T6997] xt_time: invalid argument - start or stop time greater than 23:59:59
[  129.550575][ T7001] netlink: 'syz.0.460': attribute type 3 has an invalid length.
[  129.553718][ T7001] netlink: 'syz.0.460': attribute type 6 has an invalid length.
[  129.562191][ T7001] netlink: 'syz.0.460': attribute type 8 has an invalid length.
[  129.566096][ T7001] netlink: 'syz.0.460': attribute type 10 has an invalid length.
[  129.569924][ T7001] netlink: 'syz.0.460': attribute type 11 has an invalid length.
[  129.573140][ T7001] netlink: 198236 bytes leftover after parsing attributes in process `syz.0.460'.
[  129.708887][ T7003] netlink: 36 bytes leftover after parsing attributes in process `syz.0.461'.
[  131.748249][ T7052] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  131.757699][ T7054] netlink: 4083 bytes leftover after parsing attributes in process `syz.1.479'.
[  131.761675][  T974] lo speed is unknown, defaulting to 1000
[  131.791238][ T7052] syz.0.480 (7052) used greatest stack depth: 19192 bytes left
[  131.841756][ T7062] netlink: 'syz.2.483': attribute type 21 has an invalid length.
[  131.856430][ T7066] netlink: 'syz.0.485': attribute type 29 has an invalid length.
[  131.860431][ T7066] netlink: 'syz.0.485': attribute type 29 has an invalid length.
[  131.867091][ T7066] netlink: 'syz.0.485': attribute type 29 has an invalid length.
[  131.871299][ T7066] netlink: 'syz.0.485': attribute type 29 has an invalid length.
[  131.954032][ T7071] netlink: 'syz.1.487': attribute type 1 has an invalid length.
[  132.280741][ T7082] netlink: 72 bytes leftover after parsing attributes in process `syz.2.491'.
[  132.757678][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  132.760219][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  132.982897][ T7101] netlink: 60 bytes leftover after parsing attributes in process `syz.2.499'.
[  132.986677][ T7101] netlink: 60 bytes leftover after parsing attributes in process `syz.2.499'.
[  133.300235][ T7127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.508'.
[  133.389937][ T7127] : entered promiscuous mode
[  133.445830][ T7128] netlink: 12 bytes leftover after parsing attributes in process `syz.2.510'.
[  133.546037][ T7128] netlink: 12 bytes leftover after parsing attributes in process `syz.2.510'.
[  134.743672][ T7158] delete_channel: no stack
[  135.365388][ T7181] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  135.368703][ T7181] IPv6: NLM_F_CREATE should be set when creating new route
[  135.372759][ T7181] IPv6: NLM_F_CREATE should be set when creating new route
[  135.957334][ T7192] netlink: 'syz.1.539': attribute type 27 has an invalid length.
[  135.960533][ T7192] netlink: 2418 bytes leftover after parsing attributes in process `syz.1.539'.
[  136.020866][ T7196] netlink: 160 bytes leftover after parsing attributes in process `syz.0.541'.
[  136.060940][ T7196] netlink: 'syz.0.541': attribute type 10 has an invalid length.
[  136.250002][ T7196] batman_adv: batadv0: Adding interface: netdevsim0
[  136.253270][ T7196] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  136.274222][ T7196] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  136.708695][ T7224] netlink: 177 bytes leftover after parsing attributes in process `syz.0.553'.
[  137.066896][ T7241] netlink: 24 bytes leftover after parsing attributes in process `syz.2.561'.
[  137.250035][ T7250] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  137.369572][ T7245] : renamed from vlan0 (while UP)
[  137.431263][ T7252] wg2: entered promiscuous mode
[  137.444289][ T7252] wg2: entered allmulticast mode
[  137.604651][ T7261] netlink: 2 bytes leftover after parsing attributes in process `syz.2.570'.
[  137.648699][ T7262] netlink: 'syz.1.569': attribute type 2 has an invalid length.
[  138.892421][ T7299] netlink: 'syz.2.586': attribute type 13 has an invalid length.
[  138.895184][ T7299] __nla_validate_parse: 1 callbacks suppressed
[  138.895193][ T7299] netlink: 24859 bytes leftover after parsing attributes in process `syz.2.586'.
[  139.223435][ T7311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.591'.
[  140.304651][ T7332] netlink: 'syz.0.599': attribute type 21 has an invalid length.
[  140.946835][ T7360] : renamed from bond0 (while UP)
[  141.720143][ T7365] netlink: 18187 bytes leftover after parsing attributes in process `syz.1.613'.
[  142.115734][ T7386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.622'.
[  142.124578][ T7383] netlink: 10 bytes leftover after parsing attributes in process `syz.2.623'.
[  142.262298][ T7394] netlink: 'syz.0.627': attribute type 3 has an invalid length.
[  142.265962][ T7394] netlink: 'syz.0.627': attribute type 1 has an invalid length.
[  142.584955][ T7409] IPv6: NLM_F_CREATE should be specified when creating new route
[  142.601023][ T7409] netlink: 'syz.1.634': attribute type 2 has an invalid length.
[  142.617570][ T7409] netlink: 199816 bytes leftover after parsing attributes in process `syz.1.634'.
[  142.834567][ T7416] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.638'.
[  143.107230][ T7429] bridge0: port 4(ip6gretap0) entered blocking state
[  143.115281][ T7429] bridge0: port 4(ip6gretap0) entered disabled state
[  143.117694][ T7429] ip6gretap0: entered allmulticast mode
[  143.120950][ T7429] ip6gretap0: entered promiscuous mode
[  143.123583][ T7429] bridge0: port 4(ip6gretap0) entered blocking state
[  143.126174][ T7429] bridge0: port 4(ip6gretap0) entered forwarding state
[  143.586984][ T5235] Bluetooth: hci0: unexpected event 0x03 length: 151 > 11
[  143.700362][ T7451] netlink: 132 bytes leftover after parsing attributes in process `syz.2.653'.
[  144.914354][ T7485] netlink: 104 bytes leftover after parsing attributes in process `syz.2.668'.
[  145.471027][ T7497] netlink: 12 bytes leftover after parsing attributes in process `syz.0.673'.
[  145.678800][ T7507] netlink: 'syz.0.677': attribute type 21 has an invalid length.
[  145.681474][ T7507] netlink: 132 bytes leftover after parsing attributes in process `syz.0.677'.
[  145.704723][ T7501] netlink: 16 bytes leftover after parsing attributes in process `syz.2.675'.
[  146.428507][ T7537] netlink: 830 bytes leftover after parsing attributes in process `syz.0.691'.
[  146.872316][ T7556] netlink: 32 bytes leftover after parsing attributes in process `syz.0.699'.
[  147.327841][ T7577] netlink: 40227 bytes leftover after parsing attributes in process `syz.1.708'.
[  148.082542][ T7606] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.721'.
[  148.123185][ T7606] netlink: 14593 bytes leftover after parsing attributes in process `syz.0.721'.
[  148.344661][ T7623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.728'.
[  148.501628][ T7626] bond_slave_0: entered promiscuous mode
[  148.504419][ T7626] bond_slave_1: entered promiscuous mode
[  148.639672][ T7625] netlink: 'syz.0.730': attribute type 39 has an invalid length.
[  155.153513][ T7658] netlink: 'syz.2.741': attribute type 39 has an invalid length.
[  155.832858][ T7666] netlink: 'syz.2.745': attribute type 10 has an invalid length.
[  155.835577][ T7666] __nla_validate_parse: 2 callbacks suppressed
[  155.835588][ T7666] netlink: 2 bytes leftover after parsing attributes in process `syz.2.745'.
[  155.840679][ T7666] bond0: entered promiscuous mode
[  155.843508][ T7666] bridge0: port 5(bond0) entered blocking state
[  155.850443][ T7666] bridge0: port 5(bond0) entered disabled state
[  155.852661][ T7666] bond0: entered allmulticast mode
[  155.856638][ T7666] bond_slave_0: entered allmulticast mode
[  155.859210][ T7666] bond_slave_1: entered allmulticast mode
[  155.867421][ T7666] bridge0: port 5(bond0) entered blocking state
[  155.870226][ T7666] bridge0: port 5(bond0) entered forwarding state
[  156.124669][ T7684] netlink: 'syz.1.754': attribute type 12 has an invalid length.
[  156.128658][ T7684] netlink: 132 bytes leftover after parsing attributes in process `syz.1.754'.
[  156.247703][ T7692] netlink: 'syz.2.758': attribute type 3 has an invalid length.
[  156.798913][ T7704] netlink: 'syz.0.764': attribute type 16 has an invalid length.
[  156.801556][ T7704] netlink: 168 bytes leftover after parsing attributes in process `syz.0.764'.
[  156.918792][ T7720] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  156.922671][ T7720] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  156.967727][ T7723] netlink: 132 bytes leftover after parsing attributes in process `syz.2.772'.
[  157.001615][ T7725] netlink: 16 bytes leftover after parsing attributes in process `syz.1.771'.
[  157.049040][ T7729] netlink: 104 bytes leftover after parsing attributes in process `syz.0.774'.
[  157.097004][ T7725] netlink: 128 bytes leftover after parsing attributes in process `syz.1.771'.
[  157.100994][ T7725] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  157.645253][ T7763] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  158.110687][ T7775] team0: Port device C removed
[  158.113492][ T7775] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  158.241085][ T7779] netlink: 16 bytes leftover after parsing attributes in process `syz.1.796'.
[  158.473464][ T7787] netlink: 8 bytes leftover after parsing attributes in process `syz.1.798'.
[  158.684740][ T7796] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.803'.
[  159.307308][ T7821] openvswitch: netlink: Message has 6 unknown bytes.
[  159.445297][ T7817] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  159.454678][ T7817] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  159.963263][ T7853] netlink: 'syz.1.828': attribute type 3 has an invalid length.
[  160.131809][ T7861] netlink: 'syz.2.832': attribute type 2 has an invalid length.
[  160.143859][ T7861] netlink: 'syz.2.832': attribute type 1 has an invalid length.
[  164.370566][ T5235] Bluetooth: hci0: unexpected event 0x12 length: 151 > 8
[  165.547142][ T7953] __nla_validate_parse: 5 callbacks suppressed
[  165.547154][ T7953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.870'.
[  165.861306][ T7964] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.865198][ T7964] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.869563][ T7964] bridge0: entered allmulticast mode
[  165.952180][ T7964] bridge_slave_1: left allmulticast mode
[  165.960909][ T7964] bridge_slave_1: left promiscuous mode
[  165.973283][ T7964] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.052137][ T7964] bridge_slave_0: left allmulticast mode
[  166.055267][ T7964] bridge_slave_0: left promiscuous mode
[  166.062428][ T7964] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.288746][ T7978] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.881'.
[  166.351042][ T7979] lo speed is unknown, defaulting to 1000
[  167.225440][ T8015] netlink: 4 bytes leftover after parsing attributes in process `syz.2.895'.
[  167.375727][ T8021] netlink: 'syz.2.898': attribute type 23 has an invalid length.
[  167.453172][ T8025] netlink: 132 bytes leftover after parsing attributes in process `syz.0.900'.
[  167.463324][ T8025] netlink: 132 bytes leftover after parsing attributes in process `syz.0.900'.
[  168.585986][ T8048] netlink: 72 bytes leftover after parsing attributes in process `syz.1.909'.
[  168.757127][ T8065] netlink: 'syz.1.917': attribute type 1 has an invalid length.
[  168.806555][ T8067] netlink: 'syz.1.918': attribute type 28 has an invalid length.
[  169.316934][ T8080] netlink: 132 bytes leftover after parsing attributes in process `syz.1.924'.
[  170.386033][ T8093] netlink: 16 bytes leftover after parsing attributes in process `syz.1.928'.
[  170.390012][ T8093] netlink: 60 bytes leftover after parsing attributes in process `syz.1.928'.
[  172.225483][ T8146] netlink: 72 bytes leftover after parsing attributes in process `syz.2.951'.
[  172.256230][ T8149] netlink: 4 bytes leftover after parsing attributes in process `syz.1.952'.
[  172.263411][ T8146] netlink: 72 bytes leftover after parsing attributes in process `syz.2.951'.
[  172.361103][ T8146] netlink: 72 bytes leftover after parsing attributes in process `syz.2.951'.
[  173.922670][ T8187] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.967'.
[  174.377494][ T8206] netlink: 60 bytes leftover after parsing attributes in process `syz.2.975'.
[  174.402500][ T8206] netlink: 60 bytes leftover after parsing attributes in process `syz.2.975'.
[  174.421146][ T8206] netlink: 60 bytes leftover after parsing attributes in process `syz.2.975'.
[  174.434044][ T8210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.976'.
[  174.437710][ T8210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.976'.
[  175.357981][ T8244] netlink: 'syz.0.992': attribute type 21 has an invalid length.
[  175.361399][ T8244] netlink: 'syz.0.992': attribute type 1 has an invalid length.
[  176.413314][ T8266] netlink: 'syz.2.1001': attribute type 1 has an invalid length.
[  177.806316][ T8329] netlink: 'syz.1.1029': attribute type 1 has an invalid length.
[  178.744181][ T8394] netlink: 'syz.2.1058': attribute type 13 has an invalid length.
[  178.746793][ T8394] netlink: 'syz.2.1058': attribute type 17 has an invalid length.
[  179.561686][ T8416] __nla_validate_parse: 4 callbacks suppressed
[  179.561705][ T8416] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1068'.
[  179.593074][ T8416] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1068'.
[  180.251041][ T8434] netlink: 'syz.2.1076': attribute type 21 has an invalid length.
[  180.670537][ T8449] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.1083'.
[  180.754898][ T8457] netlink: 'syz.2.1085': attribute type 4 has an invalid length.
[  181.099673][ T8461] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1087'.
[  181.126543][ T8461] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1087'.
[  181.170711][ T8466] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1089'.
[  181.824787][ T8503] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1106'.
[  181.861096][ T8506] netlink: 825 bytes leftover after parsing attributes in process `syz.0.1107'.
[  181.867601][ T8506] netlink: 130144 bytes leftover after parsing attributes in process `syz.0.1107'.
[  181.996236][ T8494] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1102'.
[  182.348301][ T8532] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  182.353277][ T8532] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  182.841595][ T8551] C: renamed from team_slave_0 (while UP)
[  182.931846][ T8551] netlink: 'syz.0.1126': attribute type 3 has an invalid length.
[  182.936227][ T8551] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  184.455711][ T8593] netlink: zone id is out of range
[  184.457620][ T8593] netlink: zone id is out of range
[  184.459917][ T8593] netlink: zone id is out of range
[  184.462178][ T8593] netlink: zone id is out of range
[  184.470557][ T8593] netlink: zone id is out of range
[  184.472267][ T8593] netlink: zone id is out of range
[  184.475863][ T8593] netlink: zone id is out of range
[  184.477554][ T8593] netlink: zone id is out of range
[  184.479429][ T8593] netlink: zone id is out of range
[  184.751122][ T8624] C: renamed from team_slave_0 (while UP)
[  184.761392][ T8624] netlink: 'syz.2.1159': attribute type 3 has an invalid length.
[  184.771700][ T8624] netlink: 'syz.2.1159': attribute type 1 has an invalid length.
[  184.775238][ T8624] __nla_validate_parse: 3 callbacks suppressed
[  184.775253][ T8624] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1159'.
[  184.890567][ T8634] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1164'.
[  184.978370][ T8636] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1165'.
[  185.010334][ T8642] syzkaller0: entered promiscuous mode
[  185.012719][ T8642] syzkaller0: entered allmulticast mode
[  186.568867][ T8665] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1176'.
[  186.736090][ T8672] netlink: 'syz.2.1181': attribute type 39 has an invalid length.
[  186.929890][ T8677] raw_sendmsg: syz.0.1183 forgot to set AF_INET. Fix it!
[  187.432244][ T8686] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.1185'.
[  187.457694][ T8685] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.1185'.
[  187.463488][ T8687] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.1185'.
[  187.537096][ T8689] netlink: 63503 bytes leftover after parsing attributes in process `syz.0.1186'.
[  187.778502][ T8691] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1187'.
[  188.697247][ T8726] netlink: 'syz.2.1204': attribute type 10 has an invalid length.
[  188.700635][ T8726] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1204'.
[  188.705354][ T8726] ipvlan1: entered promiscuous mode
[  188.707332][ T8726] ipvlan1: entered allmulticast mode
[  188.713228][ T8726] bridge0: port 6(ipvlan1) entered blocking state
[  188.716177][ T8726] bridge0: port 6(ipvlan1) entered disabled state
[  188.721632][ T8726] net_ratelimit: 74 callbacks suppressed
[  188.721671][ T8726] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  188.826426][ T8729] syzkaller0: entered promiscuous mode
[  188.828440][ T8729] syzkaller0: entered allmulticast mode
[  189.321421][ T8735] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  189.966380][ T8754] __nla_validate_parse: 1 callbacks suppressed
[  189.966402][ T8754] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.1217'.
[  190.140344][ T8757] netlink: 'syz.1.1209': attribute type 10 has an invalid length.
[  190.149623][ T8757] team0: Port device dummy0 removed
[  190.155917][ T8757] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  190.306944][ T8765] netlink: 'syz.0.1221': attribute type 10 has an invalid length.
[  190.313030][ T8765] macvlan0: entered promiscuous mode
[  190.317295][ T8765] macvlan0: entered allmulticast mode
[  190.338576][ T8765] veth1_vlan: entered allmulticast mode
[  190.346412][ T8765] : (slave macvlan0): Enslaving as an active interface with an up link
[  190.418894][ T8776] netlink: 'syz.2.1226': attribute type 1 has an invalid length.
[  190.561689][ T8785] netlink: 'syz.1.1230': attribute type 1 has an invalid length.
[  190.571162][ T8785] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1230'.
[  190.579183][ T8787] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1231'.
[  190.594217][ T8785] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1230'.
[  190.598274][ T8787] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1231'.
[  190.852830][ T8811] netlink: 'syz.1.1242': attribute type 21 has an invalid length.
[  190.938366][ T8819] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  191.135106][ T8838] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1254'.
[  191.291697][ T8843] lo speed is unknown, defaulting to 1000
[  191.296664][ T8843] lo speed is unknown, defaulting to 1000
[  191.299886][ T8843] lo speed is unknown, defaulting to 1000
[  191.326009][ T8843] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  191.408668][ T8843] lo speed is unknown, defaulting to 1000
[  191.412254][ T8843] lo speed is unknown, defaulting to 1000
[  191.443345][ T8843] lo speed is unknown, defaulting to 1000
[  191.892200][ T8854] netlink: 'syz.0.1259': attribute type 10 has an invalid length.
[  192.068388][ T8858] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  192.137347][ T8864] netlink: 62967 bytes leftover after parsing attributes in process `syz.0.1264'.
[  192.910100][ T8879] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1271'.
[  193.158566][ T8889] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1276'.
[  193.420938][ T8881] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1272'.
[  194.206803][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  194.209637][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  194.245400][ T8916] netlink: 'syz.2.1287': attribute type 10 has an invalid length.
[  194.248905][ T8916] dummy0: entered promiscuous mode
[  194.253399][ T8916] bridge0: port 6(dummy0) entered blocking state
[  194.260440][ T8916] bridge0: port 6(dummy0) entered disabled state
[  194.269019][ T8916] dummy0: entered allmulticast mode
[  194.276492][ T8916] bridge0: port 6(dummy0) entered blocking state
[  194.279400][ T8916] bridge0: port 6(dummy0) entered forwarding state
[  194.910013][ T8924] netlink: 'syz.0.1290': attribute type 39 has an invalid length.
[  196.274063][ T5877] Bluetooth: hci1: command 0x0406 tx timeout
[  196.276124][   T54] Bluetooth: hci0: command 0x0406 tx timeout
[  196.354415][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  196.715704][ T8946] netlink: 'syz.2.1298': attribute type 21 has an invalid length.
[  196.718947][ T8946] __nla_validate_parse: 2 callbacks suppressed
[  196.718963][ T8946] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1298'.
[  196.726128][ T8946] netlink: 'syz.2.1298': attribute type 6 has an invalid length.
[  196.734060][ T8946] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1298'.
[  196.788916][ T8950] netlink: 'syz.0.1301': attribute type 29 has an invalid length.
[  196.973428][ T8961] netlink: 'syz.0.1305': attribute type 1 has an invalid length.
[  196.978889][ T8961] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1305'.
[  197.129553][ T8972] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1310'.
[  197.133391][ T8972] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1310'.
[  197.267035][ T8976] tap0: tun_chr_ioctl cmd 1074025677
[  197.269502][ T8976] tap0: linktype set to 0
[  197.526252][ T5235] Bluetooth: hci0: unexpected event 0x23 length: 15 > 13
[  197.803264][ T9007] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1327'.
[  197.840074][ T9009] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1328'.
[  197.844882][ T9009] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1328'.
[  197.848174][ T9009] netlink: 'syz.2.1328': attribute type 5 has an invalid length.
[  197.851256][ T9009] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1328'.
[  197.912516][ T9013] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1330'.
[  198.538298][ T9041] netlink: 'syz.2.1343': attribute type 40 has an invalid length.
[  198.546739][ T9041] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.057943][ T9057] netlink: 'syz.2.1350': attribute type 21 has an invalid length.
[  200.176706][ T9091] netlink: 'syz.0.1364': attribute type 29 has an invalid length.
[  200.183399][ T9089] bridge0: port 6(dummy0) entered disabled state
[  200.188873][ T9089] bridge0: port 5(bond0) entered disabled state
[  200.198016][ T9089] bridge0: port 4(ip6gretap0) entered disabled state
[  200.203547][ T9089] bridge0: port 3(team0) entered disabled state
[  200.211392][ T9089] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.240119][ T9089] bridge0: entered allmulticast mode
[  200.277040][ T9091] netlink: 'syz.0.1364': attribute type 29 has an invalid length.
[  200.281010][ T9093] netlink: 'syz.0.1364': attribute type 29 has an invalid length.
[  200.285169][ T9092] bridge0: port 6(dummy0) entered blocking state
[  200.287975][ T9092] bridge0: port 6(dummy0) entered forwarding state
[  200.290964][ T9092] bridge0: port 5(bond0) entered blocking state
[  200.293646][ T9092] bridge0: port 5(bond0) entered forwarding state
[  200.296483][ T9092] bridge0: port 4(ip6gretap0) entered blocking state
[  200.299459][ T9092] bridge0: port 4(ip6gretap0) entered forwarding state
[  200.302605][ T9092] bridge0: port 3(team0) entered blocking state
[  200.305997][ T9092] bridge0: port 3(team0) entered forwarding state
[  200.308296][ T9092] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.310695][ T9092] bridge0: port 1(bridge_slave_0) entered forwarding state
[  200.316355][ T9092] bridge0: entered promiscuous mode
[  200.319182][ T9091] netlink: 'syz.0.1364': attribute type 29 has an invalid length.
[  200.946314][ T9115] netlink: 'syz.0.1375': attribute type 39 has an invalid length.
[  203.172608][ T9149] netlink: 'syz.2.1390': attribute type 3 has an invalid length.
[  203.176476][ T9149] __nla_validate_parse: 3 callbacks suppressed
[  203.176491][ T9149] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1390'.
[  203.222555][ T9151] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1391'.
[  203.291674][ T9155] netlink: 'syz.0.1393': attribute type 12 has an invalid length.
[  203.296434][ T9155] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1393'.
[  204.291783][ T9170] netlink: 'syz.0.1399': attribute type 6 has an invalid length.
[  204.294808][ T9170] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1399'.
[  204.713030][ T9178] netlink: 17279 bytes leftover after parsing attributes in process `syz.2.1404'.
[  204.732515][ T9178] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  204.964723][ T9187] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1408'.
[  204.969129][ T9187] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1408'.
[  205.372185][ T5235] Bluetooth: hci0: adv larger than maximum supported
[  205.372226][ T5235] Bluetooth: hci0: Unknown advertising packet type: 0x18
[  205.376759][ T5235] Bluetooth: hci0: Malformed LE Event: 0x0d
[  206.044829][ T9218] netlink: 'syz.2.1423': attribute type 1 has an invalid length.
[  206.048534][ T9218] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1423'.
[  206.480122][ T5880] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  206.486761][ T5880] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  206.490819][ T5880] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  206.494592][ T5880] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  206.498888][ T5880] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  206.555302][ T9237] lo speed is unknown, defaulting to 1000
[  206.619415][ T9240] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1432'.
[  206.656900][ T9241] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1431'.
[  206.795759][ T9237] chnl_net:caif_netlink_parms(): no params data found
[  207.015090][ T9237] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.017904][ T9237] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.020739][ T9237] bridge_slave_0: entered allmulticast mode
[  207.029928][ T9237] bridge_slave_0: entered promiscuous mode
[  207.035987][ T9237] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.042694][ T9237] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.046799][ T9237] bridge_slave_1: entered allmulticast mode
[  207.052251][ T9237] bridge_slave_1: entered promiscuous mode
[  207.109938][ T9237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  207.116882][ T9237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  207.176129][ T9237] team0: Port device team_slave_0 added
[  207.182914][ T9237] team0: Port device team_slave_1 added
[  207.222468][ T9237] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.226607][ T9237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.241357][ T9237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  207.256958][ T9237] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.264107][ T9237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.276257][ T9237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  207.332749][ T9237] hsr_slave_0: entered promiscuous mode
[  207.336776][ T9237] hsr_slave_1: entered promiscuous mode
[  207.477303][ T9261] netlink: 'syz.2.1437': attribute type 10 has an invalid length.
[  207.522935][ T9261] batman_adv: batadv0: Adding interface: netdevsim0
[  207.527949][ T9261] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.539403][ T9261] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  207.623601][ T9237] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  207.635530][ T9237] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  207.644967][ T9237] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  207.656960][ T9237] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  207.760029][ T9237] 8021q: adding VLAN 0 to HW filter on device bond0
[  207.795748][ T9237] 8021q: adding VLAN 0 to HW filter on device team0
[  207.816232][ T4387] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.819450][ T4387] bridge0: port 1(bridge_slave_0) entered forwarding state
[  207.833970][ T4387] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.837040][ T4387] bridge0: port 2(bridge_slave_1) entered forwarding state
[  208.056706][ T9237] 8021q: adding VLAN 0 to HW filter on device batadv0
[  208.105954][ T9237] veth0_vlan: entered promiscuous mode
[  208.116901][ T9237] veth1_vlan: entered promiscuous mode
[  208.141192][ T9237] veth0_macvtap: entered promiscuous mode
[  208.157447][ T9237] veth1_macvtap: entered promiscuous mode
[  208.177606][ T9237] batman_adv: batadv0: Interface activated: batadv_slave_0
[  208.193686][ T9237] batman_adv: batadv0: Interface activated: batadv_slave_1
[  208.206706][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  208.211399][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  208.222422][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  208.227196][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  208.306414][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  208.318031][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  208.368743][ T4387] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  208.376635][ T4387] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  208.517241][ T5235] Bluetooth: hci3: command tx timeout
[  209.013955][ T9292] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1445'.
[  209.230901][ T9300] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1449'.
[  209.475449][ T9312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1453'.
[  209.562186][ T9316] netlink: 'syz.3.1455': attribute type 1 has an invalid length.
[  209.733562][ T9328] netlink: 'syz.2.1461': attribute type 10 has an invalid length.
[  209.738464][ T9328] veth1_macvtap: left promiscuous mode
[  210.137795][ T9343] netlink: 'syz.2.1467': attribute type 10 has an invalid length.
[  210.141359][ T9343] batman_adv: batadv0: Removing interface: netdevsim0
[  210.157130][ T9343] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  210.160464][ T9343] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  210.376131][ T9354] mac80211_hwsim hwsim7 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  210.594715][ T5235] Bluetooth: hci3: command tx timeout
[  210.597717][ T5235] Bluetooth: hci3: unexpected event 0x32 length: 15 > 9
[  211.158452][ T9380] netlink: 'syz.3.1485': attribute type 3 has an invalid length.
[  211.185984][ T9380] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1485'.
[  212.599208][ T9391] netlink: 1057 bytes leftover after parsing attributes in process `syz.3.1490'.
[  212.800670][ T9399] netlink: 'syz.2.1493': attribute type 11 has an invalid length.
[  212.804057][ T9399] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1493'.
[  212.949059][ T9398] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  214.916427][ T5235] Bluetooth: hci3: command tx timeout
[  216.284626][ T9407] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1497'.
[  216.304535][ T9407] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  216.479616][ T9421] netlink: 'syz.2.1504': attribute type 10 has an invalid length.
[  216.482489][ T9421] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1504'.
[  216.490036][ T9421] batman_adv: batadv0: Adding interface: hsr_slave_1
[  216.492280][ T9421] batman_adv: batadv0: The MTU of interface hsr_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.503431][ T9421] batman_adv: batadv0: Interface activated: hsr_slave_1
[  216.994452][ T5235] Bluetooth: hci3: command tx timeout
[  217.820451][ T9459] netlink: 'syz.0.1519': attribute type 3 has an invalid length.
[  217.832004][ T9459] netlink: 'syz.0.1519': attribute type 2 has an invalid length.
[  217.837997][ T9459] netlink: 198112 bytes leftover after parsing attributes in process `syz.0.1519'.
[  218.080988][ T9468] openvswitch: netlink: Flow key attr not present in new flow.
[  218.209103][ T9463] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  218.222080][ T9479] ]X: renamed from veth0_vlan (while UP)
[  218.257681][ T9481] netlink: 'syz.2.1529': attribute type 1 has an invalid length.
[  218.412159][ T9484] lo speed is unknown, defaulting to 1000
[  219.112225][ T9524] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1548'.
[  219.372776][ T9539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1553'.
[  219.410976][ T9542] netlink: 'syz.3.1555': attribute type 1 has an invalid length.
[  219.564330][ T9550] vcan0 speed is unknown, defaulting to 1000
[  219.570907][ T9550] vcan0 speed is unknown, defaulting to 1000
[  219.587255][ T9550] vcan0 speed is unknown, defaulting to 1000
[  219.890195][ T9555] netlink: 'syz.0.1561': attribute type 10 has an invalid length.
[  220.219629][ T9558] netlink: 'syz.0.1562': attribute type 29 has an invalid length.
[  220.234683][ T9558] netlink: 'syz.0.1562': attribute type 29 has an invalid length.
[  220.241524][ T9558] netlink: 'syz.0.1562': attribute type 29 has an invalid length.
[  220.419727][ T9562] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16)
[  220.422940][ T9562] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  220.541862][ T9550] infiniband syz1: set active
[  220.545151][ T5924] vcan0 speed is unknown, defaulting to 1000
[  220.547616][ T9550] infiniband syz1: added vcan0
[  220.605125][ T9550] RDS/IB: syz1: added
[  220.607651][ T9550] smc: adding ib device syz1 with port count 1
[  220.610598][ T9550] smc:    ib device syz1 port 1 has pnetid 
[  220.616866][ T5924] vcan0 speed is unknown, defaulting to 1000
[  220.620250][ T9550] vcan0 speed is unknown, defaulting to 1000
[  220.784492][ T9550] vcan0 speed is unknown, defaulting to 1000
[  220.960598][ T9550] vcan0 speed is unknown, defaulting to 1000
[  221.180854][ T9550] vcan0 speed is unknown, defaulting to 1000
[  221.442902][ T9588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1576'.
[  221.462259][ T9588] : entered promiscuous mode
[  221.598292][ T9599] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  221.922822][ T5235] Bluetooth: hci1: unexpected event 0x06 length: 15 > 3
[  222.122060][ T9632] netlink: 'syz.2.1595': attribute type 1 has an invalid length.
[  222.188728][ T9635] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1596'.
[  222.192829][ T9635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1596'.
[  222.390960][ T9643] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1599'.
[  223.395327][ T9672] netlink: 'syz.2.1611': attribute type 10 has an invalid length.
[  223.480835][ T9670] netlink: 'syz.2.1611': attribute type 11 has an invalid length.
[  223.494056][ T9670] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1611'.
[  223.597992][ T9672] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode
[  223.604115][ T9672] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  223.610968][ T9672] team0: Port device wlan1 added
[  223.709180][ T9680] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1615'.
[  223.726333][ T9680] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1615'.
[  223.813408][ T9688] netlink: 34 bytes leftover after parsing attributes in process `syz.0.1619'.
[  223.818166][ T9669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  224.016710][ T9703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1626'.
[  224.055999][ T9705] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1627'.
[  224.641896][ T9731] netlink: 'syz.2.1640': attribute type 21 has an invalid length.
[  224.646615][ T9731] netlink: 'syz.2.1640': attribute type 20 has an invalid length.
[  224.998629][ T9755] netlink: 'syz.3.1651': attribute type 6 has an invalid length.
[  225.001054][ T9755] IPv6: NLM_F_CREATE should be specified when creating new route
[  225.152189][ T9766] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  225.156795][ T9765] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  225.156874][ T9765] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  225.863876][   T68] wlan1: Trigger new scan to find an IBSS to join
[  226.376694][ T9805] netlink: 'syz.0.1664': attribute type 2 has an invalid length.
[  226.383543][ T9805] netlink: 'syz.0.1664': attribute type 1 has an invalid length.
[  226.388657][ T9805] nbd: couldn't find a device at index 149
[  226.710440][   T33] audit: type=1107 audit(1757087626.909:2): pid=9821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  227.392480][ T9842] netlink: 'syz.0.1681': attribute type 10 has an invalid length.
[  227.671879][ T9842] team0: Device ipvlan1 failed to register rx_handler
[  227.757314][ T5880] Bluetooth: hci0: Malformed LE Event: 0x0d
[  227.915531][ T9842] syz.0.1681 (9842) used greatest stack depth: 18960 bytes left
[  228.016718][ T9860] syzkaller0: entered promiscuous mode
[  228.019076][ T9860] syzkaller0: entered allmulticast mode
[  228.035811][ T5880] Bluetooth: hci1: command 0x0406 tx timeout
[  228.086935][ T9859] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  228.091683][ T9859] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  228.835600][ T3623] wlan1: Trigger new scan to find an IBSS to join
[  230.262290][ T9871] mac80211_hwsim hwsim14 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  230.362789][ T9879] netlink: 'syz.2.1697': attribute type 10 has an invalid length.
[  230.380112][ T9879] team0: Device ipvlan1 is up. Set it down before adding it as a team port
[  230.553097][ T9892] __nla_validate_parse: 6 callbacks suppressed
[  230.553151][ T9892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1703'.
[  230.571471][ T9892] netlink: 763 bytes leftover after parsing attributes in process `syz.3.1703'.
[  230.659831][ T9899] netlink: 'syz.0.1706': attribute type 21 has an invalid length.
[  230.663871][ T9899] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1706'.
[  230.761379][ T9907] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1710'.
[  230.766873][ T9907] tc_dump_action: action bad kind
[  230.848815][ T4387] wlan1: Creating new IBSS network, BSSID b2:39:04:8c:85:1b
[  231.790307][ T9948] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1728'.
[  231.846856][ T9954] netlink: 'syz.2.1729': attribute type 10 has an invalid length.
[  231.852015][ T9954] geneve0: entered promiscuous mode
[  231.877381][ T9950] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1727'.
[  231.898256][ T9954] geneve0: entered allmulticast mode
[  231.903026][ T9954] bond0: (slave geneve0): Enslaving as an active interface with an up link
[  232.341251][ T9969] lo speed is unknown, defaulting to 1000
[  232.348901][ T9969] vcan0 speed is unknown, defaulting to 1000
[  232.493315][ T9989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1744'.
[  232.530996][ T9994] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1746'.
[  232.542583][ T9994] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1746'.
[  232.751549][T10004] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1750'.
[  232.834447][ T4387] wlan1: Trigger new scan to find an IBSS to join
[  232.846832][ T9989] siw: device registration error -23
[  232.971635][T10014] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  233.232912][T10024] netlink: 'syz.3.1758': attribute type 1 has an invalid length.
[  233.238626][T10024] netlink: 'syz.3.1758': attribute type 1 has an invalid length.
[  233.352888][T10028] netlink: 'syz.3.1760': attribute type 11 has an invalid length.
[  233.546998][T10033] syzkaller0: entered promiscuous mode
[  233.549120][T10033] syzkaller0: entered allmulticast mode
[  233.951139][T10036] netlink: 'syz.2.1763': attribute type 28 has an invalid length.
[  233.957675][T10036] netlink: 'syz.2.1763': attribute type 29 has an invalid length.
[  235.549188][T10053] netlink: 'syz.3.1770': attribute type 11 has an invalid length.
[  235.608987][T10057] __nla_validate_parse: 4 callbacks suppressed
[  235.609009][T10057] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1771'.
[  235.621893][T10058] netlink: 'syz.2.1772': attribute type 1 has an invalid length.
[  235.626557][T10057] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1771'.
[  235.668140][T10062] macvlan0: entered promiscuous mode
[  235.670547][T10062] macvlan0: entered allmulticast mode
[  235.672780][T10062] veth1_vlan: entered allmulticast mode
[  236.315979][T10091] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  237.489425][T10125] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1802'.
[  237.539589][T10129] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1804'.
[  237.545955][T10129] openvswitch: netlink: nsh attr 165 is out of range max 3
[  237.549320][T10129] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  237.615998][T10133] netlink: 'syz.3.1807': attribute type 21 has an invalid length.
[  237.794755][ T1186] wlan1: Trigger new scan to find an IBSS to join
[  238.018431][T10150] netlink: 14556 bytes leftover after parsing attributes in process `syz.2.1813'.
[  238.075465][T10152] netlink: 15999 bytes leftover after parsing attributes in process `syz.3.1814'.
[  238.369651][T10167] netlink: 'syz.3.1821': attribute type 11 has an invalid length.
[  238.372309][T10167] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1821'.
[  238.393474][T10167] netlink: 'syz.3.1821': attribute type 11 has an invalid length.
[  238.397624][T10167] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1821'.
[  238.405541][T10166] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  238.412901][T10171] netlink: 'syz.2.1822': attribute type 31 has an invalid length.
[  240.241722][ T1186] wlan1: Creating new IBSS network, BSSID 42:88:4a:ad:be:64
[  240.451892][T10209] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1839'.
[  240.475294][T10209] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1839'.
[  240.575795][T10223] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  240.760111][T10237] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  240.762832][T10237] IPv6: NLM_F_CREATE should be set when creating new route
[  240.765595][T10237] IPv6: NLM_F_CREATE should be set when creating new route
[  242.045815][T10270] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1867'.
[  242.256842][T10284] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1871'.
[  242.369898][T10290] netlink: 'syz.2.1874': attribute type 21 has an invalid length.
[  242.372586][T10290] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1874'.
[  245.028388][T10305] netlink: 809 bytes leftover after parsing attributes in process `syz.2.1882'.
[  245.032350][T10305] netlink: 130160 bytes leftover after parsing attributes in process `syz.2.1882'.
[  245.037111][T10305] netlink: 809 bytes leftover after parsing attributes in process `syz.2.1882'.
[  245.289041][T10307] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  245.301051][T10307] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  245.762024][T10327] proc: Bad value for 'gid'
[  246.091385][T10351] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  247.111309][T10373] netlink: 'syz.3.1913': attribute type 5 has an invalid length.
[  247.116936][T10373] netlink: 'syz.3.1913': attribute type 7 has an invalid length.
[  247.119777][T10373] netlink: 137592 bytes leftover after parsing attributes in process `syz.3.1913'.
[  247.245229][ T5235] Bluetooth: hci1: unexpected subevent 0x12 length: 150 > 5
[  247.718107][T10402] netlink: 'syz.0.1927': attribute type 29 has an invalid length.
[  247.721547][T10402] netlink: 'syz.0.1927': attribute type 29 has an invalid length.
[  247.726264][T10402] netlink: 'syz.0.1927': attribute type 29 has an invalid length.
[  247.729362][T10402] netlink: 'syz.0.1927': attribute type 29 has an invalid length.
[  247.759833][T10404] netlink: 'syz.0.1928': attribute type 25 has an invalid length.
[  247.762448][T10404] netlink: 2418 bytes leftover after parsing attributes in process `syz.0.1928'.
[  248.219199][T10438] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1945'.
[  248.410921][T10448] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  248.608304][T10434] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1943'.
[  248.760132][T10465] netlink: 'syz.2.1956': attribute type 2 has an invalid length.
[  250.579609][T10489] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  251.346499][T10526] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  251.650919][T10531] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1985'.
[  252.281734][T10539] netlink: 'syz.2.1988': attribute type 29 has an invalid length.
[  252.295528][T10539] netlink: 'syz.2.1988': attribute type 29 has an invalid length.
[  252.328105][T10539] netlink: 572 bytes leftover after parsing attributes in process `syz.2.1988'.
[  253.468389][T10564] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1996'.
[  253.701375][T10577] netlink: 'syz.0.2002': attribute type 2 has an invalid length.
[  253.707526][T10577] netlink: 130532 bytes leftover after parsing attributes in process `syz.0.2002'.
[  253.806273][T10584] netlink: 116572 bytes leftover after parsing attributes in process `syz.2.1998'.
[  254.079259][T10594] net veth1_virt_wifi : renamed from virt_wifi0
[  254.151740][T10600] netlink: 731 bytes leftover after parsing attributes in process `syz.3.2012'.
[  254.193071][T10603] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2013'.
[  254.262999][T10607] netlink: 'syz.0.2015': attribute type 3 has an invalid length.
[  254.915645][T10622] netlink: 'syz.2.2020': attribute type 6 has an invalid length.
[  255.048417][T10630] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2024'.
[  255.096542][T10630] sock: sock_timestamping_bind_phc: sock not bind to device
[  255.379431][T10649] netlink: 'syz.2.2033': attribute type 8 has an invalid length.
[  255.381968][T10649] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2033'.
[  255.636934][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  255.639976][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  255.651314][T10666] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2041'.
[  255.839894][T10676] netlink: 'syz.2.2046': attribute type 33 has an invalid length.
[  255.843234][T10676] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2046'.
[  255.848373][T10676] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check.
[  255.982716][T10677] netlink: 'syz.3.2045': attribute type 1 has an invalid length.
[  259.684598][T10711] netlink: 211 bytes leftover after parsing attributes in process `syz.3.2060'.
[  259.690865][T10707] lo speed is unknown, defaulting to 1000
[  259.701063][T10707] vcan0 speed is unknown, defaulting to 1000
[  259.931488][T10722] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2066'.
[  260.007253][T10725] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2067'.
[  260.498810][T10749] netlink: 'syz.2.2077': attribute type 16 has an invalid length.
[  260.502124][T10749] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2077'.
[  261.622111][T10767] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2081'.
[  261.901197][T10775] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  261.910671][T10777] netlink: 'syz.2.2085': attribute type 25 has an invalid length.
[  261.916814][T10777] netlink: 2418 bytes leftover after parsing attributes in process `syz.2.2085'.
[  262.069929][T10789] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  262.287462][T10804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2098'.
[  262.371255][T10809] netlink: 'syz.3.2100': attribute type 39 has an invalid length.
[  264.232099][T10815] netlink: 'syz.3.2103': attribute type 29 has an invalid length.
[  264.295593][T10815] netlink: 'syz.3.2103': attribute type 29 has an invalid length.
[  264.317177][T10815] netlink: 'syz.3.2103': attribute type 29 has an invalid length.
[  264.322578][T10815] netlink: 'syz.3.2103': attribute type 29 has an invalid length.
[  264.333220][T10825] netlink: 'syz.2.2107': attribute type 21 has an invalid length.
[  264.343061][T10825] netlink: 14548 bytes leftover after parsing attributes in process `syz.2.2107'.
[  264.380789][T10828] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2108'.
[  264.531215][T10836] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.2112'.
[  264.859764][T10852] netlink: 204 bytes leftover after parsing attributes in process `syz.3.2120'.
[  265.147892][T10862] openvswitch: netlink: IP tunnel dst address not specified
[  265.576412][T10876] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2132'.
[  266.890951][T10911] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2147'.
[  267.030145][T10918] siw: device registration error -23
[  267.072680][T10920] netlink: 'syz.2.2150': attribute type 13 has an invalid length.
[  267.093292][T10920] netlink: 'syz.2.2150': attribute type 17 has an invalid length.
[  267.263658][T10920] bridge0: left promiscuous mode
[  267.278579][T10920] bridge0: left allmulticast mode
[  267.341535][T10920] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  267.982749][T10938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2159'.
[  268.292991][T10958] : renamed from bond_slave_0 (while UP)
[  268.305818][T10954] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  268.370874][T10962] netlink: 'syz.3.2170': attribute type 13 has an invalid length.
[  268.388026][T10962] netlink: 'syz.3.2170': attribute type 17 has an invalid length.
[  268.893355][T10985] netlink: 292 bytes leftover after parsing attributes in process `syz.0.2179'.
[  268.901248][T10985] ==================================================================
[  268.904555][T10985] BUG: KASAN: slab-use-after-free in __xfrm_state_delete+0x666/0xca0
[  268.907875][T10985] Write of size 8 at addr ffff88810dad2428 by task syz.0.2179/10985
[  268.912277][T10985] 
[  268.913223][T10985] CPU: 1 UID: 0 PID: 10985 Comm: syz.0.2179 Not tainted syzkaller #0 PREEMPT(full) 
[  268.913243][T10985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  268.913254][T10985] Call Trace:
[  268.913263][T10985]  <TASK>
[  268.913272][T10985]  dump_stack_lvl+0x189/0x250
[  268.913292][T10985]  ? __kasan_check_byte+0x12/0x40
[  268.913313][T10985]  ? __pfx_dump_stack_lvl+0x10/0x10
[  268.913328][T10985]  ? lock_release+0x4b/0x3e0
[  268.913346][T10985]  ? __virt_addr_valid+0x4a5/0x5c0
[  268.913364][T10985]  print_report+0xca/0x240
[  268.913377][T10985]  ? __xfrm_state_delete+0x666/0xca0
[  268.913408][T10985]  kasan_report+0x118/0x150
[  268.913427][T10985]  ? __xfrm_state_delete+0x666/0xca0
[  268.913446][T10985]  __xfrm_state_delete+0x666/0xca0
[  268.913470][T10985]  xfrm_state_flush+0x45f/0x770
[  268.913492][T10985]  xfrm_flush_sa+0xea/0x2a0
[  268.913509][T10985]  ? __pfx_xfrm_flush_sa+0x10/0x10
[  268.913521][T10985]  ? apparmor_capable+0x137/0x1b0
[  268.913537][T10985]  ? __nla_parse+0x40/0x60
[  268.913555][T10985]  xfrm_user_rcv_msg+0x7a3/0xab0
[  268.913571][T10985]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  268.913592][T10985]  ? __pfx___mutex_trylock_common+0x10/0x10
[  268.913605][T10985]  ? rcu_is_watching+0x15/0xb0
[  268.913617][T10985]  ? trace_contention_end+0x39/0x120
[  268.913628][T10985]  ? __mutex_lock+0x335/0x1360
[  268.913647][T10985]  netlink_rcv_skb+0x208/0x470
[  268.913668][T10985]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  268.913685][T10985]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  268.913708][T10985]  ? netlink_deliver_tap+0x2e/0x1b0
[  268.913726][T10985]  ? netlink_deliver_tap+0x2e/0x1b0
[  268.913746][T10985]  xfrm_netlink_rcv+0x79/0x90
[  268.913762][T10985]  netlink_unicast+0x82f/0x9e0
[  268.913781][T10985]  ? __pfx_netlink_unicast+0x10/0x10
[  268.913797][T10985]  ? netlink_sendmsg+0x642/0xb30
[  268.913815][T10985]  ? skb_put+0x11b/0x210
[  268.913827][T10985]  netlink_sendmsg+0x805/0xb30
[  268.913848][T10985]  ? __pfx_netlink_sendmsg+0x10/0x10
[  268.913867][T10985]  ? aa_sock_msg_perm+0xf1/0x1d0
[  268.913879][T10985]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  268.913893][T10985]  ? __pfx_netlink_sendmsg+0x10/0x10
[  268.913913][T10985]  __sock_sendmsg+0x21c/0x270
[  268.913930][T10985]  ____sys_sendmsg+0x505/0x830
[  268.913944][T10985]  ? __pfx_____sys_sendmsg+0x10/0x10
[  268.913960][T10985]  ? import_iovec+0x74/0xa0
[  268.913977][T10985]  ___sys_sendmsg+0x21f/0x2a0
[  268.913993][T10985]  ? __pfx____sys_sendmsg+0x10/0x10
[  268.914022][T10985]  ? __fget_files+0x2a/0x420
[  268.914036][T10985]  ? __fget_files+0x3a0/0x420
[  268.914052][T10985]  __x64_sys_sendmsg+0x19b/0x260
[  268.914067][T10985]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  268.914084][T10985]  ? rcu_is_watching+0x15/0xb0
[  268.914097][T10985]  ? do_syscall_64+0xbe/0x3b0
[  268.914117][T10985]  do_syscall_64+0xfa/0x3b0
[  268.914172][T10985]  ? lockdep_hardirqs_on+0x9c/0x150
[  268.914191][T10985]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.914204][T10985]  ? exc_page_fault+0x9f/0xf0
[  268.914222][T10985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.914237][T10985] RIP: 0033:0x7f4e4d38ebe9
[  268.914251][T10985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.914264][T10985] RSP: 002b:00007f4e4e290038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  268.914280][T10985] RAX: ffffffffffffffda RBX: 00007f4e4d5c5fa0 RCX: 00007f4e4d38ebe9
[  268.914291][T10985] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  268.914302][T10985] RBP: 00007f4e4d411e19 R08: 0000000000000000 R09: 0000000000000000
[  268.914313][T10985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  268.914319][T10985] R13: 00007f4e4d5c6038 R14: 00007f4e4d5c5fa0 R15: 00007ffd4cddd978
[  268.914334][T10985]  </TASK>
[  268.914339][T10985] 
[  269.055505][T10985] Allocated by task 9948:
[  269.056913][T10985]  kasan_save_track+0x3e/0x80
[  269.058444][T10985]  __kasan_slab_alloc+0x6c/0x80
[  269.060003][T10985]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  269.061760][T10985]  xfrm_state_alloc+0x24/0x2f0
[  269.063406][T10985]  xfrm_add_acquire+0xf7/0xb20
[  269.064945][T10985]  xfrm_user_rcv_msg+0x7a3/0xab0
[  269.066551][T10985]  netlink_rcv_skb+0x208/0x470
[  269.068098][T10985]  xfrm_netlink_rcv+0x79/0x90
[  269.069597][T10985]  netlink_unicast+0x82f/0x9e0
[  269.069609][T10985]  netlink_sendmsg+0x805/0xb30
[  269.069619][T10985]  __sock_sendmsg+0x21c/0x270
[  269.069631][T10985]  ____sys_sendmsg+0x505/0x830
[  269.069638][T10985]  ___sys_sendmsg+0x21f/0x2a0
[  269.069646][T10985]  __x64_sys_sendmsg+0x19b/0x260
[  269.069654][T10985]  do_syscall_64+0xfa/0x3b0
[  269.069665][T10985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.069674][T10985] 
[  269.069676][T10985] Freed by task 9948:
[  269.069683][T10985]  kasan_save_track+0x3e/0x80
[  269.069696][T10985]  kasan_save_free_info+0x46/0x50
[  269.069706][T10985]  __kasan_slab_free+0x5b/0x80
[  269.069716][T10985]  kmem_cache_free+0x18f/0x400
[  269.069731][T10985]  xfrm_add_acquire+0x9cc/0xb20
[  269.069741][T10985]  xfrm_user_rcv_msg+0x7a3/0xab0
[  269.069750][T10985]  netlink_rcv_skb+0x208/0x470
[  269.069760][T10985]  xfrm_netlink_rcv+0x79/0x90
[  269.069770][T10985]  netlink_unicast+0x82f/0x9e0
[  269.073888][T10985]  netlink_sendmsg+0x805/0xb30
[  269.073921][T10985]  __sock_sendmsg+0x21c/0x270
[  269.073939][T10985]  ____sys_sendmsg+0x505/0x830
[  269.073953][T10985]  ___sys_sendmsg+0x21f/0x2a0
[  269.073966][T10985]  __x64_sys_sendmsg+0x19b/0x260
[  269.073981][T10985]  do_syscall_64+0xfa/0x3b0
[  269.074001][T10985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.074016][T10985] 
[  269.074021][T10985] The buggy address belongs to the object at ffff88810dad2400
[  269.074021][T10985]  which belongs to the cache xfrm_state of size 928
[  269.074035][T10985] The buggy address is located 40 bytes inside of
[  269.074035][T10985]  freed 928-byte region [ffff88810dad2400, ffff88810dad27a0)
[  269.074052][T10985] 
[  269.074059][T10985] The buggy address belongs to the physical page:
[  269.074069][T10985] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88810dad2880 pfn:0x10dad0
[  269.074085][T10985] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  269.074099][T10985] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  269.148764][T10985] page_type: f5(slab)
[  269.150633][T10985] raw: 057ff00000000040 ffff88801bf8dc80 dead000000000122 0000000000000000
[  269.154492][T10985] raw: ffff88810dad2880 00000000800e0008 00000000f5000000 0000000000000000
[  269.158379][T10985] head: 057ff00000000040 ffff88801bf8dc80 dead000000000122 0000000000000000
[  269.162307][T10985] head: ffff88810dad2880 00000000800e0008 00000000f5000000 0000000000000000
[  269.166238][T10985] head: 057ff00000000002 ffffea000436b401 00000000ffffffff 00000000ffffffff
[  269.170157][T10985] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  269.173985][T10985] page dumped because: kasan: bad access detected
[  269.176897][T10985] page_owner tracks the page as allocated
[  269.179434][T10985] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5966, tgid 5965 (syz.0.20), ts 74339809646, free_ts 74291234815
[  269.187597][T10985]  post_alloc_hook+0x240/0x2a0
[  269.189679][T10985]  get_page_from_freelist+0x21e4/0x22c0
[  269.192064][T10985]  __alloc_frozen_pages_noprof+0x181/0x370
[  269.194712][T10985]  alloc_pages_mpol+0x232/0x4a0
[  269.196916][T10985]  allocate_slab+0x8a/0x370
[  269.198901][T10985]  ___slab_alloc+0xbeb/0x1410
[  269.201071][T10985]  kmem_cache_alloc_noprof+0x283/0x3c0
[  269.203555][T10985]  xfrm_state_alloc+0x24/0x2f0
[  269.205755][T10985]  pfkey_add+0x6e4/0x2e00
[  269.207758][T10985]  pfkey_sendmsg+0xbfe/0x1090
[  269.209823][T10985]  __sock_sendmsg+0x21c/0x270
[  269.211911][T10985]  ____sys_sendmsg+0x505/0x830
[  269.214061][T10985]  ___sys_sendmsg+0x21f/0x2a0
[  269.216170][T10985]  __x64_sys_sendmsg+0x19b/0x260
[  269.218458][T10985]  do_syscall_64+0xfa/0x3b0
[  269.220563][T10985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.223094][T10985] page last free pid 5854 tgid 5854 stack trace:
[  269.225857][T10985]  __free_frozen_pages+0xbc4/0xd30
[  269.228151][T10985]  __slab_free+0x303/0x3c0
[  269.230216][T10985]  qlist_free_all+0x97/0x140
[  269.232352][T10985]  kasan_quarantine_reduce+0x148/0x160
[  269.234846][T10985]  __kasan_slab_alloc+0x22/0x80
[  269.237075][T10985]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  269.239618][T10985]  getname_flags+0xb8/0x540
[  269.241678][T10985]  __x64_sys_rename+0x5d/0x90
[  269.243828][T10985]  do_syscall_64+0xfa/0x3b0
[  269.246017][T10985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.248572][T10985] 
[  269.249617][T10985] Memory state around the buggy address:
[  269.251996][T10985]  ffff88810dad2300: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  269.255353][T10985]  ffff88810dad2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  269.258567][T10985] >ffff88810dad2400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  269.261946][T10985]                                   ^
[  269.264248][T10985]  ffff88810dad2480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  269.267610][T10985]  ffff88810dad2500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  269.270970][T10985] ==================================================================
[  269.274678][T10985] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  269.277589][T10985] CPU: 1 UID: 0 PID: 10985 Comm: syz.0.2179 Not tainted syzkaller #0 PREEMPT(full) 
[  269.281384][T10985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  269.285482][T10985] Call Trace:
[  269.286905][T10985]  <TASK>
[  269.288126][T10985]  dump_stack_lvl+0x99/0x250
[  269.290076][T10985]  ? __asan_memcpy+0x40/0x70
[  269.291978][T10985]  ? __pfx_dump_stack_lvl+0x10/0x10
[  269.294132][T10985]  ? __pfx__printk+0x10/0x10
[  269.296138][T10985]  vpanic+0x281/0x750
[  269.297863][T10985]  ? __pfx_vpanic+0x10/0x10
[  269.299772][T10985]  ? irqentry_exit+0x74/0x90
[  269.301660][T10985]  panic+0xb9/0xc0
[  269.303260][T10985]  ? __pfx_panic+0x10/0x10
[  269.305157][T10985]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  269.307554][T10985]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  269.310026][T10985]  ? __xfrm_state_delete+0x666/0xca0
[  269.312278][T10985]  check_panic_on_warn+0x89/0xb0
[  269.314315][T10985]  ? __xfrm_state_delete+0x666/0xca0
[  269.316580][T10985]  end_report+0x78/0x160
[  269.318432][T10985]  kasan_report+0x129/0x150
[  269.320372][T10985]  ? __xfrm_state_delete+0x666/0xca0
[  269.322635][T10985]  __xfrm_state_delete+0x666/0xca0
[  269.324803][T10985]  xfrm_state_flush+0x45f/0x770
[  269.326829][T10985]  xfrm_flush_sa+0xea/0x2a0
[  269.328774][T10985]  ? __pfx_xfrm_flush_sa+0x10/0x10
[  269.330885][T10985]  ? apparmor_capable+0x137/0x1b0
[  269.332930][T10985]  ? __nla_parse+0x40/0x60
[  269.334796][T10985]  xfrm_user_rcv_msg+0x7a3/0xab0
[  269.336949][T10985]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  269.339201][T10985]  ? __pfx___mutex_trylock_common+0x10/0x10
[  269.341664][T10985]  ? rcu_is_watching+0x15/0xb0
[  269.343592][T10985]  ? trace_contention_end+0x39/0x120
[  269.345824][T10985]  ? __mutex_lock+0x335/0x1360
[  269.347905][T10985]  netlink_rcv_skb+0x208/0x470
[  269.349902][T10985]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  269.352142][T10985]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  269.354414][T10985]  ? netlink_deliver_tap+0x2e/0x1b0
[  269.356635][T10985]  ? netlink_deliver_tap+0x2e/0x1b0
[  269.358855][T10985]  xfrm_netlink_rcv+0x79/0x90
[  269.360847][T10985]  netlink_unicast+0x82f/0x9e0
[  269.362895][T10985]  ? __pfx_netlink_unicast+0x10/0x10
[  269.365163][T10985]  ? netlink_sendmsg+0x642/0xb30
[  269.367275][T10985]  ? skb_put+0x11b/0x210
[  269.369078][T10985]  netlink_sendmsg+0x805/0xb30
[  269.371095][T10985]  ? __pfx_netlink_sendmsg+0x10/0x10
[  269.373434][T10985]  ? aa_sock_msg_perm+0xf1/0x1d0
[  269.375570][T10985]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  269.377822][T10985]  ? __pfx_netlink_sendmsg+0x10/0x10
[  269.380078][T10985]  __sock_sendmsg+0x21c/0x270
[  269.382143][T10985]  ____sys_sendmsg+0x505/0x830
[  269.384144][T10985]  ? __pfx_____sys_sendmsg+0x10/0x10
[  269.386318][T10985]  ? import_iovec+0x74/0xa0
[  269.388307][T10985]  ___sys_sendmsg+0x21f/0x2a0
[  269.390341][T10985]  ? __pfx____sys_sendmsg+0x10/0x10
[  269.392565][T10985]  ? __fget_files+0x2a/0x420
[  269.394535][T10985]  ? __fget_files+0x3a0/0x420
[  269.396579][T10985]  __x64_sys_sendmsg+0x19b/0x260
[  269.398685][T10985]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  269.401012][T10985]  ? rcu_is_watching+0x15/0xb0
[  269.403064][T10985]  ? do_syscall_64+0xbe/0x3b0
[  269.405071][T10985]  do_syscall_64+0xfa/0x3b0
[  269.407020][T10985]  ? lockdep_hardirqs_on+0x9c/0x150
[  269.409235][T10985]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.411840][T10985]  ? exc_page_fault+0x9f/0xf0
[  269.413769][T10985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.416323][T10985] RIP: 0033:0x7f4e4d38ebe9
[  269.418238][T10985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.426132][T10985] RSP: 002b:00007f4e4e290038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  269.429535][T10985] RAX: ffffffffffffffda RBX: 00007f4e4d5c5fa0 RCX: 00007f4e4d38ebe9
[  269.432881][T10985] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  269.436046][T10985] RBP: 00007f4e4d411e19 R08: 0000000000000000 R09: 0000000000000000
[  269.439237][T10985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  269.442597][T10985] R13: 00007f4e4d5c6038 R14: 00007f4e4d5c5fa0 R15: 00007ffd4cddd978
[  269.446006][T10985]  </TASK>
[  269.448126][T10985] Kernel Offset: disabled
[  269.449948][T10985] Rebooting in 86400 seconds..

VM DIAGNOSIS:
15:54:29  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000101 RBX=0000000000000035 RCX=ffffffff99ab9303 RDX=00000000ffffffff
RSI=0000000000000035 RDI=0000000000000001 RBP=00000000ffffffff RSP=ffffc900000079d0
R8 =0000000000000000 R9 =ffffffff822bd3a5 R10=dffffc0000000000 R11=fffffbfff1f47007
R12=0000000000000025 R13=ffffea00048d98f8 R14=ffff888105fa8d00 R15=dffffc0000000000
RIP=ffffffff818ffbe2 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa5be6366c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b34420ff8 CR3=0000000030758000 CR4=000006f0
DR0=0000000000000000 DR1=0000200000000300 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff81c939bc ffffffff81c939bc
XMM02=00007fa5bd997498 ffffffff81cb07eb XMM03=00007fa5bd9974a8 00007fa5bd9974a0
XMM04=00007fa5be4fd100 00007fa5bd997460 XMM05=00007fa5bd997478 00007fa5bd9974c0
XMM06=00007fa5bd9974b8 00007fa5bd9974b0 XMM07=00007fa5bd9974a8 00007fa5bd9974a0
XMM08=0000000000000000 00007fa5bd812ee7 XMM09=0000000000000000 00007fa5bd812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000031 RBX=0000000000000031 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001922 RDI=0000000000001923 RBP=00000000000003f8 RSP=ffffc90003afea90
R8 =ffff888107d48237 R9 =1ffff11020fa9046 R10=dffffc0000000000 R11=ffffffff854ef9f0
R12=dffffc0000000000 R13=ffffffff99af9914 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854efa6c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f4e4e2906c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000040 CR3=0000000113262000 CR4=000006f0
DR0=0000000000000000 DR1=0000200000000300 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fa5bd812e53
XMM06=0000000000000000 00007fa5bd812e4d XMM07=0000000000000000 00007fa5bd812e61
XMM08=0000000000000000 00007fa5bd812ee7 XMM09=0000000000000000 00007fa5bd812fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
